Hello fizz staff, When will fizz add 2FA via email or #

Ekay
Ekay Posts: 49 ✭✭
edited January 9 in Your Fizz Account
As someone who previously worked in wireless, SIM swap attacks were a constant issue. Will Fizz implement any 2FA systems to help prevent SIM swap fraud?

Answers

  • Mike RZMAX
    Mike RZMAX Posts: 7,943 ✭✭

    Unfortunately, nobody knows. Fizz will let us know when it's available.

  • BeakBird
    BeakBird Posts: 5,619 ✭✭

    This is way overdue.

  • Bois_3ISKD
    Bois_3ISKD Posts: 7,949 ✭✭

    We don't know

  • Andrei_ref_R7VK1
    Andrei_ref_R7VK1 Posts: 12,265 ✭✭

    This question was raised multiple times in the past, but unfortunately a @Whizz was always ignoring to reply and silently closed the discussions.

  • Mark123_2024
    Mark123_2024 Posts: 9,168 ✭✭

    We are users in here. Contact the support team.

  • MobileFizzer_VBMV6
    MobileFizzer_VBMV6 Posts: 658 ✭✭

    I have to wonder how you think 2FA will help combat SIM swap fraud though.
    Because this requires the fraudster to log in to another provider, not Fizz, to try and port your Fizz number out of the Fizz network and away from you. So, whether Fizz supports 2FA or not makes no difference in this case, as the fraudster doesn't even need to hijack your Fizz account.
    Not saying that 2FA wouldn't be useful in other ways but specifically to combat SIM swap fraud?

  • Andrei_ref_R7VK1
    Andrei_ref_R7VK1 Posts: 12,265 ✭✭
    edited January 8

    @MobileFizzer_VBMV6 said:
    I have to wonder how you think 2FA will help combat SIM swap fraud though.

    Once a fraudster has access to your Fizz account he will be able to do these simple steps:
    1. Order and activate a new eSIM
    2. Initiate the porting out to a different provider
    3. Confirm porting out SMS from already controlled by him Fizz new eSIM

    Once the phone number is ported out, Fizz will have no control over it and will not be able to help you.

    So 2FA/MFA helps prevent password guessing attacks by requiring a second, independent form of verification that an attacker is highly unlikely to possess.

  • MobileFizzer_VBMV6
    MobileFizzer_VBMV6 Posts: 658 ✭✭

    So, then what you want is a full identity check when ordering a Fizz replacement sim. Which is what Fizz is apparently already doing, judging on how many people have complained here in the past about having to id themselves to customer support when ordering a replacement sim.

  • Andrei_ref_R7VK1
    Andrei_ref_R7VK1 Posts: 12,265 ✭✭

    @MobileFizzer_VBMV6 said:
    So, then what you want is a full identity check when ordering a Fizz replacement sim. Which is what Fizz is apparently already doing, judging on how many people have complained here in the past about having to id themselves to customer support when ordering a replacement sim.

    For physical SIM changes, identity checks seem mandatory, but for eSIM it's not always the case.

  • Use_code_VGTIB
    Use_code_VGTIB Posts: 693 ✭✭

    You make a good point, I hope they'll consider it.

  • Sébastien_C
    Sébastien_C Posts: 1,242 ✭✭

    @Ekay said:
    As someone who previously worked in wireless, SIM swap attacks were a constant issue. Will Fizz implement any 2FA systems to help prevent SIM swap fraud?

    In any case, Fizz should avoid using SMS as the 2nd authentication factor. Not only is SMS insecure as an authentication factor, but you'll have a hard time proving your identity using 2FA if you ever got victim of a SIM swap incident.

    I would strongly recommend using Passkey instead of password+SMS for such accounts.

  • Sébastien_C
    Sébastien_C Posts: 1,242 ✭✭

    @Andrei_ref_R7VK1 said:

    @MobileFizzer_VBMV6 said:
    So, then what you want is a full identity check when ordering a Fizz replacement sim. Which is what Fizz is apparently already doing, judging on how many people have complained here in the past about having to id themselves to customer support when ordering a replacement sim.

    For physical SIM changes, identity checks seem mandatory, but for eSIM it's not always the case.

    As far as I know, the only way to get customer service from Fizz is by first authenticating into you portal account. Which means the authentication process serves as a commun identity check method for both physical SIM and eSIM. Did I miss something?

  • Sébastien_C
    Sébastien_C Posts: 1,242 ✭✭

    @MobileFizzer_VBMV6 said:
    So, then what you want is a full identity check when ordering a Fizz replacement sim. Which is what Fizz is apparently already doing, judging on how many people have complained here in the past about having to id themselves to customer support when ordering a replacement sim.

    Does Fizz ask for IDs every time someone wants to replace a SIM card, or only when you try to recover your account after being victim of a SIM swap?

  • Whizz
    Whizz Posts: 27,030 admin

    Hello @Ekay ,
    Thank you for your suggestion.
    This feature is about to be added in our future features for the Fizz member account, our dedicated teams want to add this in the future updates.
    Rest assured that you will be informed as soon as we will implement the feature.
    I hope you have a lovely day!
    -Mihai, Community Moderator

  • Ekay
    Ekay Posts: 49 ✭✭
    > @MobileFizzer_VBMV6 said:
    > So, then what you want is a full identity check when ordering a Fizz replacement sim. Which is what Fizz is apparently already doing, judging on how many people have complained here in the past about having to id themselves to customer support when ordering a replacement sim.

    no, it needs just a simple authentication code in email.. No ID.
  • MyYoda
    MyYoda Posts: 2
    Out of curiosity, how does the swap happen with your consent?
This discussion has been closed.

Categories