Community

Rodolfo · ‎08-31-2023

Hi

Is there a way to disable text based 2fa? Was travelling and could not check my account because Public doesn’t have service options in Europe and so I could not get my code.

hopefully there is some kind of fix here

thanks

Rodolfo

Korth_ · ‎09-16-2023

@hTideGnow wrote:
and @Korth_ you lost access to your old id @Korth ?
did you submit a ticket for PM agent to help you to link you back to the old id?

I lost my phone a while back - apparently on the very same day PM/Telus decided to launch "improvements" and EverSafe and all that fancy corporate nonsense. I couldn't access my community account because of unexpected 2FA difficulties (can't receive SMS when your phone is stolen ... and "send to email" wasn't yet an option at that time).

It was a frustrating mess. I had to create a new PM Community account because it claimed the username and email address were already in use. I still can't login to my proper (original) PM Community account because it claims the username and email address are aleady in use.

I suppose I could ask PM staff to sort it all out. I suppose maybe I should do it ASAP since the more I use this (second) PM Community account, the worse things might become. But the whole bumbling heavyhanded mess really turned me off from Public Mobile ... I haven't been around enough to earn any Community Rewards anyhow. I felt like they screwed me over. And I feel like they've demonstrated they're unreliable so I half expect them to somehow "screw me over" again.

I refuse to use the stupid bot and petition a support ticket. I shouldn't have to beg for permission to fix somebody else's managerial mistakes.

hTideGnow · ‎09-01-2023

and @Korth_ you lost access to your old id @Korth ?

did you submit a ticket for PM agent to help you to link you back to the old id?

hTideGnow · ‎09-01-2023

HI @Korth_

but it is easier to steal access to email than physically take your phone

Yes, if the person is around you, they can easily take the phone. But many more hackers from around the world can try to steal your email access. So, the danger to got email access "stolen" is bigger than phone stolen

hTideGnow · ‎09-01-2023

@Rodolfo wrote:
@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!

Hi @Rodolfo

that is new, something I don't know it is doable 🙂

maple_leaf · ‎09-01-2023

Hello @Korth_ , There are different schools of thought on this subject, but generally speaking:

Email 2FA remains the most unsecure of all the approaches, simply because an email address is not tied to a specific device and it’s possible to compromise a large number of accounts once you have someone’s email password.

The problem with using email as a 2FA delivery channel is that the first layer of security–a password–can usually be reset from an email account.

That means if someone compromises your email inbox, they can take over all your online accounts using the 2FA codes they send themselves.

Since a hacker would need access to a person’s cellphone, SMS is often considered more secure.

Korth_ · ‎09-01-2023

@maple_leaf wrote:
... 2FA codes sent via text is a more secure method than to an email address.

I disagree. In fact, the opposite is true.

If someone steals your phone then they also steal your text-based 2FA.

But if someone steals your phone then they have no access to your email. (Assuming it's an email account you've never logged into through your phone.)

I would personally prefer email-only 2FA. Because a thief would have to steal two things instead of one thing to muck around with my Self-Serve. It's called Two Factor Authentication for this specific reason, it offers all the inconvenience but no added security it it's implemented across a single device or a single channel.

LitlLdy · ‎09-01-2023

@Rodolfo wrote:
@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!

@Rodolfo , I put a different phone number on my EverSafe profile in case I was not able to receive them on my phone, I did have my TextNow app phone number on it then switched to the Fongo number! Those apps may not work there though to receive the 2FA Codes. 😞

maple_leaf · ‎09-01-2023

No worries, happy to help. We don't usually recommend removing the phone number, because 2FA codes sent via text is a more secure method than to an email address. Using the 'resend code' method and then selecting email is preferred for the occasional time when you can't receive a text message.

Rodolfo · ‎09-01-2023

@maple_leaf that did it, but in a round about way. Basically, I deleted the phone number from my profile, and now it defaults to my email. Thank you!

maple_leaf · ‎08-31-2023

Try accessing 'Manage EverSafe ID' to see what options you have populated for 2FA. See here:

Changing EverSafe ID Information (Name, Number, Email):
https://www.publicmobile.ca/en/bc/get-help/articles/changing-name-in-eversafe

Rodolfo · ‎08-31-2023

Thank you - I am trying this now but the only options it gives are text or voice message

maple_leaf · ‎08-31-2023

Hello @Rodolfo , When you enter your email and password, you'll see a little link below the 2FA input field that says "resend code" or "didn't get code?". If you click that link, you'll have the option to send the 2FA to your email instead. I've included a link to EverSafe ID FAQs below:

EverSafe ID FAQs:
https://www.publicmobile.ca/en/on/get-help/articles/eversafe-faqs

Hope this helps.

Community

Permanently change EverSafe 2FA to email only?