Use two-factor authentication to sign into Ting

Lately I've been working on being more paranoid. :) Okay, not paranoid, but secure. I've been enabling two factor authentication everywhere I can, and since one's phone is pretty sensitive and is often used itself as the second factor in authentication, it would be helpful to be able it on Ting itself.

1

Comments

4 comments
  • Thanks for the suggestion Ken. I can't say whether it will happen or not at this point, but it's definitely something we'll be considering.

    0
    Comment actions Permalink
  • That begs the question though, what would the second factor be based on?

    Most financial setups use the registered phone number (call/text) as that second form of authentication.

    With Ting though, you can't trust the phone because it's all the same account. What to use? Email? Snail mail?

    OTP-like key generators would be ideal, but distribution of those is a nightmare (yubikey, TOTP or HOTP keys) and often not worth the hassle unless you have a very security-minded/incentivized customer base.

    0
    Comment actions Permalink
  • I think an SMS message would be fine. The two-factors are used to login to ting.com, and that SMS factor would ensure that you have physical access to the phone you're logging into the account for. Email would also work.

    0
    Comment actions Permalink
  • Unless you're logging into your account because you need to, say, turn on text messaging after an alert turned it off. Or open a ticket because you have no service. Or...

    0
    Comment actions Permalink

Please sign in to leave a comment.