cancel
Showing results for 
Search instead for 
Did you mean: 

Permanently change EverSafe 2FA to email only?

Rodolfo
Good Citizen / Bon Citoyen

Hi

 

Is there a way to disable text based 2fa? Was travelling and could not check my account because Public doesn’t have service options in Europe and so I could not get my code. 

hopefully there is some kind of fix here

 

thanks

Rodolfo

12 REPLIES 12

Korth_
Town Hero / Héro de la Ville

@hTideGnow wrote:

and @Korth_ you lost access to your old id @Korth ?

did you submit a ticket for PM agent to help you to link you back to the old id?


I lost my phone a while back - apparently on the very same day PM/Telus decided to launch "improvements" and EverSafe and all that fancy corporate nonsense. I couldn't access my community account because of unexpected 2FA difficulties (can't receive SMS when your phone is stolen ... and "send to email" wasn't yet an option at that time).

It was a frustrating mess. I had to create a new PM Community account because it claimed the username and email address were already in use. I still can't login to my proper (original) PM Community account because it claims the username and email address are aleady in use.

I suppose I could ask PM staff to sort it all out. I suppose maybe I should do it ASAP since the more I use this (second) PM Community account, the worse things might become. But the whole bumbling heavyhanded mess really turned me off from Public Mobile ... I haven't been around enough to earn any Community Rewards anyhow. I felt like they screwed me over. And I feel like they've demonstrated they're unreliable so I half expect them to somehow "screw me over" again.

I refuse to use the stupid bot and petition a support ticket. I shouldn't have to beg for permission to fix somebody else's managerial mistakes.

and @Korth_ you lost access to your old id @Korth ?

did you submit a ticket for PM agent to help you to link you back to the old id?

 

HI @Korth_ 

but it is easier to steal access to email than physically take your phone

Yes, if the person is around you, they can easily take the phone.  But many more hackers from around the world can try to steal your email access.  So, the danger to got email access "stolen" is bigger than phone stolen

 


@Rodolfo wrote:

@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!


Hi @Rodolfo 

that is new, something I don't know it is doable  🙂

maple_leaf
Town Hero / Héro de la Ville

Hello @Korth_ , There are different schools of thought on this subject, but generally speaking:

Email 2FA remains the most unsecure of all the approaches, simply because an email address is not tied to a specific device and it’s possible to compromise a large number of accounts once you have someone’s email password.

The problem with using email as a 2FA delivery channel is that the first layer of security–a password–can usually be reset from an email account. 

That means if someone compromises your email inbox, they can take over all your online accounts using the 2FA codes they send themselves.

Since a hacker would need access to a person’s cellphone, SMS is often considered more secure.

 

Korth_
Town Hero / Héro de la Ville

@maple_leaf wrote:
... 2FA codes sent via text is a more secure method than to an email address.

I disagree. In fact, the opposite is true.

If someone steals your phone then they also steal your text-based 2FA.

But if someone steals your phone then they have no access to your email. (Assuming it's an email account you've never logged into through your phone.)

I would personally prefer email-only 2FA. Because a thief would have to steal two things instead of one thing to muck around with my Self-Serve. It's called Two Factor Authentication for this specific reason, it offers all the inconvenience but no added security it it's implemented across a single device or a single channel.


@Rodolfo wrote:

@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!


@Rodolfo , I put a different phone number on my EverSafe profile in case I was not able to receive them on my phone, I did have my TextNow app phone number on it then switched to the Fongo number! Those apps may not work there though to receive the 2FA Codes. 😞 

maple_leaf
Town Hero / Héro de la Ville

No worries, happy to help. We don't usually recommend removing the phone number, because 2FA codes sent via text is a more secure method than to an email address. Using the 'resend code' method and  then selecting email is preferred for the occasional time when you can't receive a text message.

Rodolfo
Good Citizen / Bon Citoyen

@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!

maple_leaf
Town Hero / Héro de la Ville

Try accessing 'Manage EverSafe ID' to see what options you have populated for 2FA. See here:

Changing EverSafe ID Information (Name, Number, Email):
https://www.publicmobile.ca/en/bc/get-help/articles/changing-name-in-eversafe

 

Rodolfo
Good Citizen / Bon Citoyen

Thank you - I am trying this now but the only options it gives are text or voice message

 

maple_leaf
Town Hero / Héro de la Ville

Hello @Rodolfo , When you enter your email and password, you'll see a little link below the 2FA input field that says "resend code" or "didn't get code?". If you click that link, you'll have the option to send the 2FA to your email instead. I've included a link to EverSafe ID FAQs below:

EverSafe ID FAQs:
https://www.publicmobile.ca/en/on/get-help/articles/eversafe-faqs

Hope this helps.

 

Need Help? Let's chat.