Recent phone number porting scams completely compromising 2-step authentication for email & other accounts
With the recent phone number porting scam happening with carriers such as Verizon, 2 step authentication security can easily be compromised, along with email security. What steps are being taken to protect your customers who may fall victim to phone number porting scams in which hackers have been shown to have full control of a person's stolen phone number, their accounts via 2 step authentication?
Violet Farkas commented
I was enrolled in 2 step google authenticator notification. Through Yahoo the hacker was able to get into my account. Gain access to find my name and email address. Blocked Coinbase emails from me, then took control of the account by changing passwords and turned off two factor google authentication and turned on text message auth which he could see from my browser. Took out of assets on Coinbase!
Rowena Parrone commented
My yahoo account was enrolled in two-factor authentication. Previously, YAHOO is the name that appears to give me my Yahoo Verification Code. But now it is JIAXING or 63945415631. Is this normal? Is my account hacked?
Sarah Coffin commented
Perhaps incorporating safeguards like some banks do. Such having to select a image icon that you designated (like a test question answer) for your account, from a shown list of image icons in addition to other authentication options/steps. I'd feel better about that in conjunction with other safety features.
Sarah Coffin commented
I see today that over 6000 people recently had this occur with Trek Phone. Many people had their crypto currency wallets impacted and were left with no recourse. Phone numbers are not meant to be fixed points of identification verification. When this type of crime happens, there is very little recourse, and many permanently lose access to their accounts because of the 2 step authentication. The criminals in almost all incidents are able to have the victims, phone number, their address, their secret questions, their birth date, pin numbers, etc. I personally would feel much better if more was done to protect people's accounts, with less reliance on a 2 step authentication.