Community

Kristowhy · ‎11-30-2022

It's great that PM/Telus has setup 2FA for online account access. This is a good first step but more improvements can be made to enhance customer security and privacy:

Last login IP address and time/data should be made available somewhere in the MY ACCOUNT dashboard or My Security Info in PROFILE
Support for OTP (one time passcodes) via authentication apps such as Authy, Google Authenticator, Lastpass etc
Support for physical security tokens such as Yubikey
Backup codes support to allow authentication should the OTP authentication mechanism fail/be lost
Flexibility to turn on/off SMS use for security codes (it's well known already that SMS is a bad choice for authentication codes) It's better to use an email address which is already locked down using 2FA than SMS

#1 and #5 should be easy to implement first, followed by #2.

Any other suggestions??

gpixel · ‎12-03-2022

@Kristowhy

there were 2 types of sim hacks here. first was sim jacks(porting out to other providers). sim swap(change sim function). I remember talking about if there was a port out request that PM enables a text to confirm that we indeed wanted to port out.

gpixel · ‎12-02-2022

@Kristowhy

I'm trying to look for it. it's so old.. it was about 2 years ago. I found a few threads with a customer mentioning my name. this was for the change sim security implementation

https://productioncommunity.publicmobile.ca/t5/Get-Support/Sim-Hacking-Sim-Swap-and-PM-s-Response/td...

https://productioncommunity.publicmobile.ca/t5/Get-Support/Secure-my-SIM-card/m-p/615692

I'll search again later tonight or tomorrow when I'm not busy

Kristowhy · ‎12-02-2022

@gpixel wrote:
@Kristowhy
it took a while, but the new port out text verification came from z10 and I discussing it on here.

You are suggesting that this CWTA industry wide process change came from your discussions here?

Canadian carriers implement new number porting verification process to prevent fraud (mobilesyrup.co...

gpixel · ‎12-02-2022

@Kristowhy

it took a while, but the new port out text verification came from z10 and I discussing it on here.

Kristowhy · ‎12-02-2022

@softech wrote:

@Kristowhythey are good suggestions, but as a Tier 3 provider, I doubt PM will put more effort on this area. And in fact, I am not sure any other provider has those extra security measure

You are right about the additional efforts. It's cheaper and easier for organizations to carry insurance policies and deal with issues in a reactive manner. The bottom line is that unless customers demand specifics, companies will typically provide the bare minimum.

Kristowhy · ‎12-02-2022

@messenabout wrote:

@Kristowhy

My Profile My Stats
Scroll down, down some more. See screenshot:

Doesn't exist in my online portal and I have gone through each of the 5 sections on the left side in detail. PROFILE does not have any "My Stats" or any data other than turning 2FA on/off. And yes I logged in again via incognito to check and still the same

messenabout · ‎12-02-2022

@Kristowhy

My Profile My Stats

Scroll down, down some more. See screenshot:

gpixel · ‎12-01-2022

@Kristowhy

my suggestion would be for one to learn how to secure their identity without technology. relying on security tech/convience is the worst thing imho. I do like #1

softech · ‎11-30-2022

@Kristowhy they are good suggestions, but as a Tier 3 provider, I doubt PM will put more effort on this area. And in fact, I am not sure any other provider has those extra security measure

Community

REQUEST: Additional security measures with online accounts