Reply to post: Re: AT&T did the same....

I'm still not that Gary, says US email mixup bloke who hasn't even seen Dartford Crossing


Re: AT&T did the same....

Not at all surprised with AT&T. I think they have at least four separate databases containing an email field. They are not all updated upon changing your e-mail, via one of the many ways to change your e-mail. One of them does not work with plus addressing aliases from gmail. I think it is the paperless billing, but part of it does. I could register and verify and receive email from the paperless billing except for the last step where I would receive paperless bills, but I would get other notifications pertaining to paperless bills at the plus address. I eventually created an att alias email on my domain.

On a related note with AT&T, They plastered another layer of security over their insecure ad-hoc system. They implemented 2FA via SMS, but only to AT&T numbers, and only to an AT&T number on the account. High fives and adjourn for beer after that meeting, eh. So, when I find myself working out of town where there is no cell coverage but I can get wifi, I cannot login to my account. Of all the 2FA options available SMS is the most vulnerable to interception. The backend TOTP generation is the same as used with tokens without the swiss chees SMS. They refuse to acknowledge that the 2FA they implemented keeps me out, but not a determined hacker.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon


Biting the hand that feeds IT © 1998–2020