2FA

---

@XRaySpeX wrote:

let alone needing a smartphone to so, which I abhor, ugh!

---

This is where SMS-based authentication is ideal. It's universal, doesn't need a smartphone and works on any mobile.

Funnily enough,as I was driving back from M&S this aft, EE Executive Complaints rang me. Phone on bt to the car, so OK.

Then,of course - despite it's them ringing *me* - they have to send a txt with a PIN code to the phone they've rung me on, so they can continue the call on the phone they've rung me on.

I'm driving. Phone's in my pocket. It's an offence anyway.

I read it from my watch.

It still annoys me intensely that scrotes have caused this.

I meant mobile.

SO what your saying is anyone that's on my home network would be able to log in because they think it's me? 

The whole point of 2FA is too restrict access to only the user, why on earth would it be based on a different location / network or subnet.

Either enable it full time so it prompts on every login or disable it, sounds like typical half **bleep**d attempt from EE

It's about managing risk. Someone in your home is likely to be trusted. Seeing a login attempt from a different country is less likely to be you - especially if it happens within a short time, e.g. using your account in the UK, but then also using it in Africa in less time than it would take you to travel there. 

2FA is there to add an additional level of verification when the login is suspicious, and it's common practice. E.g. my bank prompts for additional validation when the transaction is large, or from someone I haven't used before, but it doesn't prompt from my frequent retailers. Same is true for your bank cards - they'll be blocked if it looks like you're doing something out of the ordinary.

SO someone sits outside my house, snoops my network and gains access to my Wi-Fi, they get into my account and cause chaos.

Who's to blame? 

Surely this falls on EE for having a bad 2FA system because it didn't kick in because it thought it was me?

The best part of 2FA when working correctly is I would have got an alert to let me know someone was trying to gain access to my account 
I can't log in to my email without going through 2FA every time I log in, why does EE think this step is not required

No, @DanBD1, each device, browser and device username are considered different. So as an example if you used a Windows PC they would need to login to the your PC as your Windows user and use the browser you usually use to avoid being 2FA'ed. Well you wouldn't be allowing that, would you? 

If someone has managed to hack into your WiFi AND have your EE password, then you have bigger issues to worry about.

It doesn't appear to work like that for me, doesn't matter if I'm on my home network, my mesh network or my work network or even incognito mode.
All the above networks are on different IPs and subnets