|
|
04-14-2022, 02:46 PM
|
#1
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Security verification codes
I think we all have gotten used to the two level verification codes at login for high security sites like banks, phone, utilities, etc so accounts can't be hacked as easily. The norm is to get a number code by text to type in to get past the second step verification.
Today, I got an email from Verizon, which looked OK per the address and details, that offered a "special" trade in on our phones. I get these very regularly and they normally just go to program page and explain why it really isn't as great as they implied. This time it did similar, but wouldn't give details unless logged in so they knew the plan and phone information.
Did the normal login of phone number and password on the Verizon site and it wanted to send verification text, so do the OK as always. Phone beeps and text is there from a 899000 identification number and is flagged by the phone as never before having received and maybe suspicious. The text itself did not give a number code, just a link, which never would I ever click as it violates all the safe use security information we have been given for years about links in texts to "confirm" things.
I couldn't get into my account on the PC, but my phone did get through and Verizon sent a number code to it. I got customer service and explained what had happened and asked if it was a bogus email and link. They said no and that it was from them and safe, including the text link. The only thing they said was that the link was not a hazard and could not be hacked or duplicated by bad players. Yeah, right.
I asked 14 times to have a fraud department representative contact me and explain how I should trust what we have been so often told not to trust and they refused to do that.
I now can't get into my account on the PC anymore unless I click the link, which I really don't feel comfortable doing. The last thing I need is to get comfortable doing stuff like that as it opens up the chance of error. Same with DW.
Will the phone follow that style soon? They told me they use both types of verification wherever they want, so maybe. Then I would be totally locked out of my account.
Give me a reality check, please.
Would anyone concerned about security click that email link????? Or is it just me?
|
|
|
04-14-2022, 03:22 PM
|
#2
|
Platinum Member
Join Date: Dec 2021
Location: Louisiana and Colorado
Posts: 131
|
Not just you. I never click on any link in an email. And very few from forums unless the person is a regular user, even though that could be spoofed.
__________________
Enjoying life at our Colorado cabin
2011 Roadtrek C210P
RZR 570, Ranger 1000
Previously: 1999 36' Foretravel, 1998 Newell, 1993 Newell
|
|
|
04-14-2022, 04:20 PM
|
#3
|
Platinum Member
Join Date: Nov 2014
Location: PHX, AZ
Posts: 2,661
|
corporations can be lazy and trade our security for their expediency
I'm not the trusting type.
if you have something you need to do with verizon, stop by one of their corporate owned stores
I use the password logger lastpass.com
it allows me to create unique and complicated passwords for various websites and need to remember only my master password ( over 15 characters )
I don't allow my iphone or browser to "remember" passwords for me
it works (so far)
mike
|
|
|
04-14-2022, 04:35 PM
|
#4
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by mkguitar
corporations can be lazy and trade our security for their expediency
I'm not the trusting type.
if you have something you need to do with verizon, stop by one of their corporate owned stores
I use the password logger lastpass.com
it allows me to create unique and complicated passwords for various websites and need to remember only my master password ( over 15 characters )
I don't allow my iphone or browser to "remember" passwords for me
it works (so far)
mike
|
Does lastpass somehow prevent the sites from using two step verifications or do you still get phone second step texts or emails?
|
|
|
04-14-2022, 06:15 PM
|
#5
|
Platinum Member
Join Date: May 2018
Location: California
Posts: 336
|
Yes, That Makes Me Nervous
Quote:
Originally Posted by booster
The text itself did not give a number code, just a link, which never would I ever click as it violates all the safe use security information we have been given for years about links in texts to "confirm" things.
Would anyone concerned about security click that email link????? Or is it just me?
|
Sending the code, not a link to get the code, is sufficient for two-factor authentication. I'd be concerned, too.
|
|
|
04-14-2022, 07:39 PM
|
#6
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by rvsprinterguy
Sending the code, not a link to get the code, is sufficient for two-factor authentication. I'd be concerned, too.
|
Yeah, and from what they said the link was not even to get the code, so all the marbles on being a legit link.
|
|
|
04-14-2022, 10:18 PM
|
#7
|
Platinum Member
Join Date: Aug 2007
Location: Minnesota
Posts: 5,967
|
The two step process I am encountering is when I sign on with my computer they send a usually 6 number verification code text message on my cell phone and then I take that code and type it in on my computer. So I don't use my cell phone other than to receive.
__________________
Davydd
2021 Advanced RV 144 custom Sprinter
2015 Advanced RV Extended body Sprinter
2011 Great West Van Legend Sprinter
2005 Pleasure-way Plateau TS Sprinter
|
|
|
04-14-2022, 10:23 PM
|
#8
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by Davydd
The two step process I am encountering is when I sign on with my computer they send a usually 6 number verification code text message on my cell phone and then I take that code and type it in on my computer. So I don't use my cell phone other than to receive.
|
That is the standard way it has been done by most places, but Verizon seems to want other.
The question was/is, would just click on a link on your phone instead instead of going the site and putting in the code? Would you trust it to be legitimate?
|
|
|
04-14-2022, 10:58 PM
|
#9
|
Platinum Member
Join Date: May 2016
Location: LA
Posts: 1,555
|
Quote:
Originally Posted by booster
That is the standard way it has been done by most places, but Verizon seems to want other.
The question was/is, would just click on a link on your phone instead instead of going the site and putting in the code? Would you trust it to be legitimate?
|
booster, without typing much:
The text you received would have sent you ultimately to the same place with a 'code' or 'link', right?
Bud
|
|
|
04-14-2022, 11:12 PM
|
#10
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by Bud
booster, without typing much:
The text you received would have sent you ultimately to the same place with a 'code' or 'link', right?
Bud
|
That is what they told me when I contacted Verizon, more or less. Basically it would just get the login finished on the PC when clicked, but I didn't do that.
How many times have we all been told not to click links in texts and emails unless absolutely sure of their validity. This text had been flagged as suspicious by the phone and said it was the first contact from that text source. No way I would open it based on the above.
|
|
|
04-14-2022, 11:26 PM
|
#11
|
Platinum Member
Join Date: May 2016
Location: LA
Posts: 1,555
|
Quote:
Originally Posted by booster
That is what they told me when I contacted Verizon, more or less. Basically it would just get the login finished on the PC when clicked, but I didn't do that.
How many times have we all been told not to click links in texts and emails unless absolutely sure of their validity. This text had been flagged as suspicious by the phone and said it was the first contact from that text source. No way I would open it based on the above.
|
Darn, Darn, Darn, I forgot to ask just that along with what I posted, intended too:
What if you had not had the phone flag it?
My head is starting to hurt thinking about it, but interesting.
Bud
|
|
|
04-14-2022, 11:47 PM
|
#12
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by Bud
Darn, Darn, Darn, I forgot to ask just that along with what I posted, intended too:
What if you had not had the phone flag it?
My head is starting to hurt thinking about it, but interesting.
Bud
|
Considering that the original link to one of Verizon's often put out "great deals" was on an email, I seriously think that there is probably no way I would have opened the link. If I had gone to the Verizon site on my own, and they said the verification would be a link, I might have considered it, but they said they would send a "code".
|
|
|
04-15-2022, 12:06 AM
|
#13
|
Platinum Member
Join Date: May 2016
Location: LA
Posts: 1,555
|
Quote:
Originally Posted by booster
Considering that the original link to one of Verizon's often put out "great deals" was on an email, I seriously think that there is probably no way I would have opened the link. If I had gone to the Verizon site on my own, and they said the verification would be a link, I might have considered it, but they said they would send a "code".
|
Agree, Verizon used the word, term 'code'.
So the Obvious questions is, what if 'link' had been used?
Bud
|
|
|
04-15-2022, 12:21 AM
|
#14
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by Bud
Agree, Verizon used the word, term 'code'.
So the Obvious questions is, what if 'link' had been used?
Bud
|
As I said, they told me it would allow the login to finish and wanted me to do it, but I refused. When a customer service rep in who knows what country says "trust me" I immediately don't, in general.
|
|
|
04-15-2022, 12:28 AM
|
#15
|
Platinum Member
Join Date: May 2016
Location: LA
Posts: 1,555
|
Quote:
Originally Posted by booster
As I said, they told me it would allow the login to finish and wanted me to do it, but I refused. When a customer service rep in who knows what country says "trust me" I immediately don't, in general.
|
Me too, squared.
And Me again, I have Verizon and am wondering how I would have responded. I've had links in texts but just don't recall much.
Your take is risk free or virtually so. Thanks for posting.
Bud
|
|
|
04-29-2022, 06:56 PM
|
#16
|
New Member
Join Date: Apr 2022
Location: USA Chicago
Posts: 1
|
I don't like to leave my phone number on sites new to me during registration. The only sites where I've enabled two-factor authentication are social networks, as well as Google and Yahoo emails. These sites are important to me, and I really don't want my accounts hacked on them. But on other services, I prefer to use a fake phone number generator, which gives me complete anonymity and protection from SMS spammers. I've always been annoyed by annoying SMS messages in which they offer me to buy some irrelevant product like another washing machine. I think you understand these words. Try taking the fake number next time, too.
|
|
|
04-29-2022, 07:23 PM
|
#17
|
New Member
Join Date: Apr 2022
Location: Ilkeston
Posts: 1
|
Do they map a fake number to your actual mobile number?
|
|
|
06-06-2022, 07:36 PM
|
#18
|
New Member
Join Date: Jun 2022
Location: UK
Posts: 1
|
Good point Chaz - shame you didn't get a reply
|
|
|
06-08-2022, 02:02 AM
|
#19
|
Platinum Member
Join Date: Jun 2020
Location: MA
Posts: 186
|
Verizon changed their two-factor authentication from just sending a text message to sending a text message with a link you have to click.
There are a number of possible reasons why they might have made this change but the one that seems most likely to me is that they are trying to make it inconvenient so that you will use their app. Their app has tracking software in it that gives them data they can use in a variety of ways.
|
|
|
06-08-2022, 01:06 PM
|
#20
|
Platinum Member
Join Date: Aug 2010
Location: Minnesota
Posts: 12,477
|
Quote:
Originally Posted by jakegw2
Verizon changed their two-factor authentication from just sending a text message to sending a text message with a link you have to click.
There are a number of possible reasons why they might have made this change but the one that seems most likely to me is that they are trying to make it inconvenient so that you will use their app. Their app has tracking software in it that gives them data they can use in a variety of ways.
|
Yep, but we have been told for many years to never click a link in an email, especially if it is anything to do with security. Some of those links come from a third party service provider so they don't even look like they came from the place you are signing in to.
|
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
» Recent Threads |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|