In fairness, T-Mobile makes it easy to do. I set up an 8-digit PIN years ago, and they always ask me for it whenever I call them for any reason.
It's been 13 years but I'm back! Now how to protect our IRAs?
- Thread starter just_hatched
- Start date
In fairness, T-Mobile makes it easy to do. I set up an 8-digit PIN years ago, and they always ask me for it whenever I call them for any reason.
audreyh1
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
There should be two PINs - a general account PIN for customer service over the phone, and a PIN specifically for authorizing porting.
- Joined
- Oct 13, 2010
- Messages
- 10,735
I "solved" the SMS redirect problem by never giving out my cell phone number. Usually that means I get a voice call on my "land line" (Ooma) where a robot reads the code. Works fine when I'm home, but the chances of needing to complete the loop increases when away (different IP, maybe an IP from abroad). I always pick up the phone when they call with the code, but I now wonder if their robot is coded to not leave a message or if it would leave the code on a voice message, which I can quickly access. Hmmm.
As to the various "authenticators", they are good, but it's a patchwork of many possible apps, and all but one requires payment (by the institution, not the user), and requires a third party, and that third party has to keep a secret (so is a juicy target). There is one app that doesn't need a third party, and nobody except the user has a secret to keep (called SQRL). It's free (as in open) and free (as in beer), but since there's no money to be made, hasn't got much traction. Disclosure: I was a committer on the Android client, and I'm a "believer", but don't have a whole lot of hope that "the big boys" will adopt the system because it doesn't fit their standard model. That's the broken model, by the way, that gives the user a process to get in when the user messes up (what the bad guys exploit). SQRL puts it all on the user... there's nobody to call. But the process of generating your SQRL identity (done once per lifetime) makes you prove you've done it right, and generates a sheet of paper, so you should be able to bail yourself out. Now all we need is for businesses to see the light. You'd think that "no secrets to keep", and both kinds of "free" would be enough, but apparently that's not the way the world works.
As to the various "authenticators", they are good, but it's a patchwork of many possible apps, and all but one requires payment (by the institution, not the user), and requires a third party, and that third party has to keep a secret (so is a juicy target). There is one app that doesn't need a third party, and nobody except the user has a secret to keep (called SQRL). It's free (as in open) and free (as in beer), but since there's no money to be made, hasn't got much traction. Disclosure: I was a committer on the Android client, and I'm a "believer", but don't have a whole lot of hope that "the big boys" will adopt the system because it doesn't fit their standard model. That's the broken model, by the way, that gives the user a process to get in when the user messes up (what the bad guys exploit). SQRL puts it all on the user... there's nobody to call. But the process of generating your SQRL identity (done once per lifetime) makes you prove you've done it right, and generates a sheet of paper, so you should be able to bail yourself out. Now all we need is for businesses to see the light. You'd think that "no secrets to keep", and both kinds of "free" would be enough, but apparently that's not the way the world works.
