FR
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Register now!

REQUEST: Additional security measures with online accounts

Kristowhy
Model Citizen / Citoyen Modèle

‎11-30-2022 05:15 PM

It's great that PM/Telus has setup 2FA for online account access.  This is a good first step but more improvements can be made to enhance customer security and privacy: 

 

  1. Last login IP address and time/data should be made available somewhere in the MY ACCOUNT dashboard or My Security Info in PROFILE
  2. Support for OTP (one time passcodes) via authentication apps such as Authy, Google Authenticator, Lastpass etc
  3. Support for physical security tokens such as Yubikey
  4. Backup codes support to allow authentication should the OTP authentication mechanism fail/be lost
  5. Flexibility to turn on/off SMS use for security codes (it's well known already that SMS is a bad choice for authentication codes) It's better to use an email address which is already locked down using 2FA than SMS

#1 and #5 should be easy to implement first, followed by #2.  

 

Any other suggestions??

 

 

 

0 Bravos
9 REPLIES 9

gpixel
Mayor / Maire
In response to Kristowhy

‎12-03-2022 03:58 AM - edited ‎12-03-2022 04:11 AM

@Kristowhy 

there were 2 types of sim hacks here. first was sim jacks(porting out to other providers). sim swap(change sim function). I remember talking about if there was a port out request that PM enables a text to confirm that we indeed wanted to port out. 

0 Bravos

gpixel
Mayor / Maire
In response to Kristowhy

‎12-02-2022 06:10 PM

@Kristowhy 

I'm trying to look for it. it's so old.. it was about 2 years ago. I found a few threads with a customer mentioning my name. this was for the change sim security implementation 

 

Screenshot_20221202-150102.png

https://productioncommunity.publicmobile.ca/t5/Get-Support/Sim-Hacking-Sim-Swap-and-PM-s-Response/td...

 

Screenshot_20221202-150345.png

https://productioncommunity.publicmobile.ca/t5/Get-Support/Secure-my-SIM-card/m-p/615692

 

I'll search again later tonight or tomorrow when I'm not busy

Kristowhy
Model Citizen / Citoyen Modèle
In response to gpixel

‎12-02-2022 01:20 PM

@gpixel wrote:

@Kristowhy 

it took a while, but the new port out text verification came from z10 and I discussing it on here.

You are suggesting that this CWTA industry wide process change came from your discussions here?

 

Canadian carriers implement new number porting verification process to prevent fraud (mobilesyrup.co...

 

gpixel
Mayor / Maire
In response to Kristowhy

‎12-02-2022 12:34 PM - edited ‎12-02-2022 12:37 PM

@Kristowhy 

it took a while, but the new port out text verification came from z10 and I discussing it on here.

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle
In response to softech

‎12-02-2022 12:20 PM

@softech wrote:

 

@Kristowhythey are good suggestions, but as a Tier 3 provider, I doubt PM will put more effort on this area. And in fact, I am not sure any other provider has those extra security measure

 

You are right about the additional efforts. It's cheaper and easier for organizations to carry insurance policies and deal with issues in a reactive manner.  The bottom line is that unless customers demand specifics, companies will typically provide the bare minimum.  

0 Bravos

Kristowhy
Model Citizen / Citoyen Modèle
In response to messenabout

‎12-02-2022 11:38 AM - edited ‎12-02-2022 11:39 AM

@messenabout wrote:

 

@Kristowhy 

 

My Profile My Stats 

Scroll down, down some more. See screenshot:

 

Doesn't exist in my online portal and I have gone through each of the 5 sections on the left side in detail.  PROFILE does not have any "My Stats" or any data other than turning 2FA on/off.  And yes I logged in again via incognito to check and still the same

0 Bravos

messenabout
Model Citizen / Citoyen Modèle

‎12-02-2022 03:27 AM

 

@Kristowhy 

 

My Profile My Stats 

Scroll down, down some more. See screenshot:

Screenshot_20221202-002258_Chrome.jpg

 

 

 

 

0 Bravos

gpixel
Mayor / Maire

‎12-01-2022 02:36 PM

@Kristowhy 

my suggestion would be for one to learn how to secure their identity without technology. relying on security tech/convience is the worst thing imho. I do like #1

0 Bravos

softech
Oracle
Oracle

‎11-30-2022 07:35 PM

 

 

 

@Kristowhy they are good suggestions, but as a Tier 3 provider, I doubt PM will put more effort on this area. And in fact, I am not sure any other provider has those extra security measure

 

 

 

 

0 Bravos
Copyright © 2024 Khoros, LLC
Need Help? Let's chat.