A reader got in touch with me last week, following the series of articles we have published describing how to enable two-step verification on online accounts to harden their security.
The reader, who has asked to remain anonymous, says that he logged into his account at ISP Frontier Communications, in order to change his password. While logged in, he saw he also had an option to enable two-step verification.
However, when he went to set up two-step verification he was greeted with a tick-box:
“I consent to receive account related and marketing calls and/or texts from or on behalf of Frontier Communications Corp. and its affiliates at the wireless telephone number provided above, including by use of autodialed/automated technology. I understand that consent is not a condition of purchasing or receiving service.”
Perhaps understandably, the user wasn’t prepared to offer consent for marketing guff to be spammed to his mobile phone number. So he clicked “I do not consent”, fully expecting to still be able to enable two-step verification.
You can probably guess where this is going.
In our correspondent’s own words:
“When choosing ‘I do not consent’, the field is the phone number field is reset and I’m not allowed to set up 2SV. This seems to be a high level of corporate BS by their marketing department but they’re basically asking me to ditch my privacy for added security.”
When he contacted Frontier’s helpdesk to ask if it was possible to enable two-step verification without giving approval for marketing messages to be pushed out to him, he received the following (somewhat unsatisfactory and ungrammatical reply):
“Thank you for the information provided. I have reviewed your service location and currently our Technicians are working to resolve a service impaired it is affecting your area. We are asking you to bare [sic] with us. As we have this issue resolved.”
If Frontier Communications wants its ISP customers to enable two-step verification then this seems a pretty sloppy way of going about things, and unlikely to encourage as many people as possible to take up the option.
Maybe Frontier’s legal department said they needed some small print to cover the sending of SMS messages to the numbers customers gave them… but that doesn’t mean they should also have to agree to marketing crud too!
Watch my latest video to see what I feel about this, and be sure to subscribe to my YouTube channel if you would like me to make more videos.
Read more:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
I've never even heard of Frontier Communications but having watched your video I'm assuming they're a US-based company. It doesn't surprise me when companies do this sort of stuff and it's very bad practice.
I am surprised that companies like BT (in the UK) don't offer 2SV as somebody who could compromise your phone provider would be in a powerful position. I'm undecided how important 2SV is in protecting the account of your ISP (assuming it's different from your phone provider).
Frontier is not the only company doing this in the US. I am getting marketing calls on my cell phone since o signed for 2SV with Google and Apple.