top | item 29429016

(no title)

cunthorpe | 4 years ago

This kind of stuff ought to be regulated somehow, one can’t lose access to one’s life.

I recently wasn’t able to recover an old account because I did not have access to my 2FA number and their help site suggested I “contact the phone company to recover the number, then try again.”

I had to do the same exact thing for another service but they did allow me to change the number by providing some information like last transaction, ID, selfie with statement.

discuss

dangerface|4 years ago

Yup lost my phone for a few months until my provider deleted my number and moved it on to some one else, now I am locked out of my paypal.

I tried to find a pay as you go sim where the number doesn't expire and I would use that exclusively for 2FA but such a sim does not exist in the UK, most expire after 3 months the longest is 6 months.

Now I know this is an issue but it doesn't seem like there is anything I can do to solve it.

aigo|4 years ago

I have a Giffgaff SIM for this reason. The expiry is 6 months and I have remembered to use it within that period so far. Not ideal but I would imagine you need a 2FA code more regularly than that.

I wonder if used with a smartphone (mine is in a dumb Nokia) whether you can automated a SMS send or outgoing call once every month or something?

decrypt|4 years ago

You could avoid using SMS for 2FA. Most websites offer TOTP as first choice for 2FA. For the ones that insist on SMS 2FA being first choice, I don't bother using anymore. I delete the account and find another provider.

fluential|4 years ago

I’ve moved my mobile number to voip using https://www.aa.net.uk/voice-and-mobile/number-porting/mobile... and receive all text messages via mail. Use it for call forwarding when I’m abroad to avoid roaming charges, also sim swap attack seems less possible?

probably_wrong|4 years ago

If you are in Europe, and at least for email, it is regulated.

The GDPR's Right to Data Portability means that a company is obligated to give you access to your personal data - they are within their right not to have you as a customer anymore, but they must give you at least a copy of whatever data they already have.

Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.

dahfizz|4 years ago

> Of course, you'll probably have to jump some hoops to prove that you are you, but IMHO that's a reasonable compromise.

But how can I prove I own my email if I don't have the credentials / Google won't let me log in?

londons_explore|4 years ago

Doesn't work with Google. If you cannot log into the account, their legal team won't accept that you are the account holder. Even if you provide passport and driving license etc., they can't be sure, because you didn't upload the passport and stuff when opening the account.

unknown|4 years ago

[deleted]

grammarnazzzi|4 years ago

> This kind of stuff ought to be regulated somehow, one can’t lose access to one’s life.

You can't create regulation requiring anyone or anything be competent and responsible.

If you entrust your livelihood to a company that cannot be trusted, that's on you.

mountainb|4 years ago

Yes you can. There are all kinds of regulations. Many entities are held to high standards. They're exposed to liability.

The 'free' era of the internet has been enabled by excessive liability shields granted to shareholders that are collectively worth trillions of dollars, and those riches have been built around callous disregard for the property and rights of billions of people worldwide.

That being said, with Gmail, you get what you pay for. With Google's paid for hosted email, you don't get what you pay for either. It's not a good provider if you ever have any issues with it that cannot be solved by their automated processes.

znpy|4 years ago

Imagine applying the same logic to hospitals.

«A malpractice lawsuit? You silly goose!»