Two factor authentication by SMS - OATH is better or FIDO2 better still

michael23578925 · ‎24-06-2024

I have just seen the new Two-factor authentication option. Once you turn it on you cant turn it off. I see from the description is that this is by SMS.

Im very happy to see 2fa as an option. But to do so via SMS is just retrograde. As an easy option for basic users I can see why but really this is not considered secure anymore and definitly not convenient.

Why not offer device generated otp by OATH -> BETTER

Or better still remove the password and 2fa codes entirely and offer FIDO2 passkey entry? -> BEST

EE - you can do it! It's a simple change and will make everyone more secure. It would be a great marketing point too!

Northerner · ‎24-06-2024

Hi @michael23578925

It has taken EE years to finally implement this system. They will be looking at ease of use for all customers and the more simple is the better option.

Thanks

To contact EE Customer Services dial 150 From your EE mobile or 0800 956 6000 from any other phone.

EE standard opening hours are Monday to Friday, 8am to 9pm - Saturday and Sunday, 8am to 8pm.

michael23578925 · ‎24-06-2024

Thanks for replying.

I dont really follow your reply as it doesnt really address the issue.

EE taking years to implement this is a reflection of their poor prioritisation and is no reason to base decisions on. They could easily do it, esp OATH

Ease of use - keep SMS as an OPTION but not an OBLIGATION if need be. It isnt necessary and either/or option and quite frankly if SMS is there already then OATH is a simple extension of the same structure. Allowing more technical users to use OATH and turn off SMS would be trivial.

Furthermore - passkeys are pretty simple these days - every phone/laptop has it built in now. Agreed it might take a bit more effort to implement, but not much more.

It just seems like poor decision making by EE taken by old non-technical people who are behind the times