Security verification codes

booster · 04-14-2022, 02:46 PM

I think we all have gotten used to the two level verification codes at login for high security sites like banks, phone, utilities, etc so accounts can't be hacked as easily. The norm is to get a number code by text to type in to get past the second step verification.

Today, I got an email from Verizon, which looked OK per the address and details, that offered a "special" trade in on our phones. I get these very regularly and they normally just go to program page and explain why it really isn't as great as they implied. This time it did similar, but wouldn't give details unless logged in so they knew the plan and phone information.

Did the normal login of phone number and password on the Verizon site and it wanted to send verification text, so do the OK as always. Phone beeps and text is there from a 899000 identification number and is flagged by the phone as never before having received and maybe suspicious. The text itself did not give a number code, just a link, which never would I ever click as it violates all the safe use security information we have been given for years about links in texts to "confirm" things.

I couldn't get into my account on the PC, but my phone did get through and Verizon sent a number code to it. I got customer service and explained what had happened and asked if it was a bogus email and link. They said no and that it was from them and safe, including the text link. The only thing they said was that the link was not a hazard and could not be hacked or duplicated by bad players. Yeah, right.

I asked 14 times to have a fraud department representative contact me and explain how I should trust what we have been so often told not to trust and they refused to do that.

I now can't get into my account on the PC anymore unless I click the link, which I really don't feel comfortable doing. The last thing I need is to get comfortable doing stuff like that as it opens up the chance of error. Same with DW.

Will the phone follow that style soon? They told me they use both types of verification wherever they want, so maybe. Then I would be totally locked out of my account.

Give me a reality check, please.

Would anyone concerned about security click that email link????? Or is it just me?

folivier · 04-14-2022, 03:22 PM

Not just you. I never click on any link in an email. And very few from forums unless the person is a regular user, even though that could be spoofed.

mkguitar · 04-14-2022, 04:20 PM

corporations can be lazy and trade our security for their expediency

I'm not the trusting type.

if you have something you need to do with verizon, stop by one of their corporate owned stores

I use the password logger lastpass.com

it allows me to create unique and complicated passwords for various websites and need to remember only my master password ( over 15 characters )

I don't allow my iphone or browser to "remember" passwords for me

it works (so far)

mike

booster · 04-14-2022, 04:35 PM

Quote:

Originally Posted by mkguitar

corporations can be lazy and trade our security for their expediency

I'm not the trusting type.

if you have something you need to do with verizon, stop by one of their corporate owned stores

I use the password logger lastpass.com

it allows me to create unique and complicated passwords for various websites and need to remember only my master password ( over 15 characters )

I don't allow my iphone or browser to "remember" passwords for me

it works (so far)

mike

Does lastpass somehow prevent the sites from using two step verifications or do you still get phone second step texts or emails?

rvsprinterguy · 04-14-2022, 06:15 PM

Quote:

Originally Posted by booster

The text itself did not give a number code, just a link, which never would I ever click as it violates all the safe use security information we have been given for years about links in texts to "confirm" things.

Would anyone concerned about security click that email link????? Or is it just me?

Sending the code, not a link to get the code, is sufficient for two-factor authentication. I'd be concerned, too.

booster · 04-14-2022, 07:39 PM

Quote:

Originally Posted by rvsprinterguy

Sending the code, not a link to get the code, is sufficient for two-factor authentication. I'd be concerned, too.

Yeah, and from what they said the link was not even to get the code, so all the marbles on being a legit link.

Davydd · 04-14-2022, 10:18 PM

The two step process I am encountering is when I sign on with my computer they send a usually 6 number verification code text message on my cell phone and then I take that code and type it in on my computer. So I don't use my cell phone other than to receive.

booster · 04-14-2022, 10:23 PM

Quote:

Originally Posted by Davydd

The two step process I am encountering is when I sign on with my computer they send a usually 6 number verification code text message on my cell phone and then I take that code and type it in on my computer. So I don't use my cell phone other than to receive.

That is the standard way it has been done by most places, but Verizon seems to want other.

The question was/is, would just click on a link on your phone instead instead of going the site and putting in the code? Would you trust it to be legitimate?

Bud · 04-14-2022, 10:58 PM

Quote:

Originally Posted by booster

That is the standard way it has been done by most places, but Verizon seems to want other.

The question was/is, would just click on a link on your phone instead instead of going the site and putting in the code? Would you trust it to be legitimate?

booster, without typing much:

The text you received would have sent you ultimately to the same place with a 'code' or 'link', right?

Bud

booster · 04-14-2022, 11:12 PM

Quote:

Originally Posted by Bud

booster, without typing much:

The text you received would have sent you ultimately to the same place with a 'code' or 'link', right?

Bud

That is what they told me when I contacted Verizon, more or less. Basically it would just get the login finished on the PC when clicked, but I didn't do that.

How many times have we all been told not to click links in texts and emails unless absolutely sure of their validity. This text had been flagged as suspicious by the phone and said it was the first contact from that text source. No way I would open it based on the above.

Bud · 04-14-2022, 11:26 PM

Quote:

Originally Posted by booster

That is what they told me when I contacted Verizon, more or less. Basically it would just get the login finished on the PC when clicked, but I didn't do that.

How many times have we all been told not to click links in texts and emails unless absolutely sure of their validity. This text had been flagged as suspicious by the phone and said it was the first contact from that text source. No way I would open it based on the above.

Darn, Darn, Darn, I forgot to ask just that along with what I posted, intended too:

What if you had not had the phone flag it?

My head is starting to hurt thinking about it, but interesting.

Bud

booster · 04-14-2022, 11:47 PM

Quote:

Originally Posted by Bud

Darn, Darn, Darn, I forgot to ask just that along with what I posted, intended too:

What if you had not had the phone flag it?

My head is starting to hurt thinking about it, but interesting.

Bud

Considering that the original link to one of Verizon's often put out "great deals" was on an email, I seriously think that there is probably no way I would have opened the link. If I had gone to the Verizon site on my own, and they said the verification would be a link, I might have considered it, but they said they would send a "code".

Bud · 04-15-2022, 12:06 AM

Quote:

Originally Posted by booster

Considering that the original link to one of Verizon's often put out "great deals" was on an email, I seriously think that there is probably no way I would have opened the link. If I had gone to the Verizon site on my own, and they said the verification would be a link, I might have considered it, but they said they would send a "code".

Agree, Verizon used the word, term 'code'.

So the Obvious questions is, what if 'link' had been used?

Bud

booster · 04-15-2022, 12:21 AM

Quote:

Originally Posted by Bud

Agree, Verizon used the word, term 'code'.

So the Obvious questions is, what if 'link' had been used?

Bud

As I said, they told me it would allow the login to finish and wanted me to do it, but I refused. When a customer service rep in who knows what country says "trust me" I immediately don't, in general.

Bud · 04-15-2022, 12:28 AM

Quote:

Originally Posted by booster

As I said, they told me it would allow the login to finish and wanted me to do it, but I refused. When a customer service rep in who knows what country says "trust me" I immediately don't, in general.

Me too, squared.

And Me again, I have Verizon and am wondering how I would have responded. I've had links in texts but just don't recall much.

Your take is risk free or virtually so. Thanks for posting.

Bud

harrisonsandoval · 04-29-2022, 06:56 PM

I don't like to leave my phone number on sites new to me during registration. The only sites where I've enabled two-factor authentication are social networks, as well as Google and Yahoo emails. These sites are important to me, and I really don't want my accounts hacked on them. But on other services, I prefer to use a fake phone number generator, which gives me complete anonymity and protection from SMS spammers. I've always been annoyed by annoying SMS messages in which they offer me to buy some irrelevant product like another washing machine. I think you understand these words. Try taking the fake number next time, too.

unbrakochaz · 04-29-2022, 07:23 PM

Do they map a fake number to your actual mobile number?

holbrookged · 06-06-2022, 07:36 PM

Good point Chaz - shame you didn't get a reply

jakegw2 · 06-08-2022, 02:02 AM

Verizon changed their two-factor authentication from just sending a text message to sending a text message with a link you have to click.

There are a number of possible reasons why they might have made this change but the one that seems most likely to me is that they are trying to make it inconvenient so that you will use their app. Their app has tracking software in it that gives them data they can use in a variety of ways.

booster · 06-08-2022, 01:06 PM

Quote:

Originally Posted by jakegw2

Verizon changed their two-factor authentication from just sending a text message to sending a text message with a link you have to click.

There are a number of possible reasons why they might have made this change but the one that seems most likely to me is that they are trying to make it inconvenient so that you will use their app. Their app has tracking software in it that gives them data they can use in a variety of ways.

Yep, but we have been told for many years to never click a link in an email, especially if it is anything to do with security. Some of those links come from a third party service provider so they don't even look like they came from the place you are signing in to.

You may also like: