VIDEO: How one ISP discouraged users from enabling two-step verification

You want 2SV? You have to agree to receive our marketing messages too…

How one ISP messed up two-step verification | Graham Cluley

A reader got in touch with me last week, following the series of articles we have published describing how to enable two-step verification on online accounts to harden their security.

The reader, who has asked to remain anonymous, says that he logged into his account at ISP Frontier Communications, in order to change his password. While logged in, he saw he also had an option to enable two-step verification.

However, when he went to set up two-step verification he was greeted with a tick-box:

Sign up to our free newsletter.
Security news, advice, and tips.

2sv consent

“I consent to receive account related and marketing calls and/or texts from or on behalf of Frontier Communications Corp. and its affiliates at the wireless telephone number provided above, including by use of autodialed/automated technology. I understand that consent is not a condition of purchasing or receiving service.”

Perhaps understandably, the user wasn’t prepared to offer consent for marketing guff to be spammed to his mobile phone number. So he clicked “I do not consent”, fully expecting to still be able to enable two-step verification.

You can probably guess where this is going.

In our correspondent’s own words:

“When choosing ‘I do not consent’, the field is the phone number field is reset and I’m not allowed to set up 2SV. This seems to be a high level of corporate BS by their marketing department but they’re basically asking me to ditch my privacy for added security.”

When he contacted Frontier’s helpdesk to ask if it was possible to enable two-step verification without giving approval for marketing messages to be pushed out to him, he received the following (somewhat unsatisfactory and ungrammatical reply):

Frontier reply

“Thank you for the information provided. I have reviewed your service location and currently our Technicians are working to resolve a service impaired it is affecting your area. We are asking you to bare [sic] with us. As we have this issue resolved.”

If Frontier Communications wants its ISP customers to enable two-step verification then this seems a pretty sloppy way of going about things, and unlikely to encourage as many people as possible to take up the option.

Maybe Frontier’s legal department said they needed some small print to cover the sending of SMS messages to the numbers customers gave them… but that doesn’t mean they should also have to agree to marketing crud too!

Watch my latest video to see what I feel about this, and be sure to subscribe to my YouTube channel if you would like me to make more videos.

Read more:

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

2 comments on “VIDEO: How one ISP discouraged users from enabling two-step verification”

  1. Bob

    I've never even heard of Frontier Communications but having watched your video I'm assuming they're a US-based company. It doesn't surprise me when companies do this sort of stuff and it's very bad practice.

    I am surprised that companies like BT (in the UK) don't offer 2SV as somebody who could compromise your phone provider would be in a powerful position. I'm undecided how important 2SV is in protecting the account of your ISP (assuming it's different from your phone provider).

  2. Joe1

    Frontier is not the only company doing this in the US. I am getting marketing calls on my cell phone since o signed for 2SV with Google and Apple.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.