cancel
Showing results for 
Search instead for 
Did you mean: 

two-factor authentication can be bypassed. Please fix

marc_mib
Great Citizen / Super Citoyen

It would be nice if they would have Google authenticator instead of my phone number or email for two-factor authentication. Because hackers last year got a hold of everything and it was very hard to fix everything they were able to get a public mobile SIM card and put the number on that SIM card and a locked me out of my email. I was able to get it all back because I know a little bit about computers and how the internet works. If anyone can suggest a better to factor authentication I would appreciate it. It takes forever to get the text or the email. Sometimes I have to do it several times because the time runs out with Google authenticator. All you need is to hold down the number and it'll copy it and then you paste it wherever you need it. If the hackers can do it to me then they can do it to anyone else. Please be aware.

4 REPLIES 4

lockup
Good Citizen / Bon Citoyen

Shouldn't cost PM anything extra to setup, since they don't use an in-house identity provider.

 

Correct me if I'm wrong, but don't they use Ping Identity ?

 

Since Ping probably has a 2FA product already, it shouldn't be too hard to turn on.

@marc_mib 

I personally don't like 2fa even Google's authenticator app... if the hacker gains access to one's device, computer or Google account they are in big trouble. best thing to do is learn how to protect oneself.

 

create an email strictly for public mobile
change your name and address on your self serve account
don't use your personal email password for the pm website
don't use a password manager(chrome, safari, etc. browsers
don't use your cellphone number as a 2fa for banks, PayPal etc

marc_mib
Great Citizen / Super Citoyen

Maybe something else can be done to mitigate this problem.

softech
Oracle
Oracle

@marc_mib   Authenticator app is definitely better and safer.

 

However, this is a server-client setup, it will cost PM extra to setup that.  I am not sure many mobile carriers have it setup at this time.  I doubt PM will invest extra for setting this up.

Need Help? Let's chat.