Why hasn't EE enabled 2FA on MyEE accounts?

Funk · ‎25-09-2023

I see several years-old posts asking about 2FA - why hasn't this been implemented yet? A simple username/password combo is NOT good enough.

Come on EE - this is 'security 101' stuff.

paulsturgess · ‎20-02-2024

I just read that same sim swap Guardian article and after some googling ended up at this forum. It's shocking to see that this issue of 2FA was posted about years ago and EE has just buried their head in the sand.

I've filed a customer complaint and I'd encourage others to do so.

https://ee.co.uk/contact-ee/complaint/form

Scottatsea · ‎20-02-2024

Funny I have just read the same thing. The lack of meaningful and informed responses here (but more importantly tangible action) is deeply worrying.

Funk · ‎20-02-2024

I've submitted another complaint.

Perhaps EE could put some of the massive % annual £increase they're about to to impose on us toward improving the security posture of their customer's data?

JustinUK · ‎20-02-2024

No chance lol

Sent from my iPhone

Funk · ‎17-09-2024

So I see EE have enabled the worst of 2FA security - SMS-based. This is at least a small step forward BUT two things:

1) how does it protect against SIM swap fraud if the only means of 2FA is no longer being sent to the legitimate user (ie. the victim of the SIM swap)?

2) why have customers not had notification/information that 2FA is an option and information as to how it works? I had to go looking for it. The phrasing of how it works seems to suggest it will only be triggered if EE think something is 'unusual'. Well forgive me for not having full confidence in letting EE be the decider of that.

Why not just enable it properly like every other site with moderate security does? What to log in? Username and password + 2FA code please. And please let us use a proper authenticator such as Google or Authy etc.

It's half a job done, but done poorly. I've not yet enabled it as I'm not convinced a bad implementation is better than no implementation...