Hack Attack: Internet & Email Security - Knowledge Share Wednesday, 04/26/17, 1-4pm ET

---

@Tigereyze209 wrote:

It has been a while since I checked up on this, but last time i did, two step verification was available for Yahoo accounts (in beta) but was NOT available for ATT e-mail accounts.

If this has changed, then cool. But as I said, unless it has changed, 2 step was not available to ATT accounts.

---

@Tigereyze209

Hmm, yeah, apparently not as of 3/19: https://forums.att.com/t5/AT-T-Internet-Email-Security/two-factor-authentication/td-p/5099870

The business side of the AT&T accounts has it all over the place, but not the consumer email, yet, weird, and unfortunate.

@ATTU-verseCare, can you take note?  I bet this would halve these support issues, if it were in place, and if people were "encouraged" to set it up, for credential management, the way other services are moving to.

---

@pgrey wrote:

---

The business side of the AT&T accounts has it all over the place, but not the consumer email, yet, weird, and unfortunate.

@ATTU-verseCare, can you take note?  I bet this would halve these support issues, if it were in place, and if people were "encouraged" to set it up, for credential management, the way other services are moving to.

---

@pgrey. We definitely have. At one point, there was a capture page to update the account with their cell phone number. This has helped greatly, but there are always some users that choose to ignore or not update it. 

-ATTU-verseCare

Another thing that comes to mind here, is Browser Safety.

Currently, IE support is tapering (IMO), and the Edge browser is becoming primary, on Windows.

In terms of the others (I use Chrome as well, myself, for example), be VERY careful about installing browser add-ons or extensions.

The wrong extension can be just as bad as handing out all your credentials, as they often have access to everything, or nearly everything, that you're doing (it obviously varies from extension-to-extension).

Be sure to "vet" your extensions, read reviews, only install from the "Store" for the OS, scan before installing, etc.

---

@ATTU-verseCare wrote:

---

@pgrey wrote:

---

The business side of the AT&T accounts has it all over the place, but not the consumer email, yet, weird, and unfortunate.

@ATTU-verseCare, can you take note?  I bet this would halve these support issues, if it were in place, and if people were "encouraged" to set it up, for credential management, the way other services are moving to.

---

@pgrey. We definitely have. At one point, there was a capture page to update the account with their cell phone number. This has helped greatly, but there are always some users that choose to ignore or not update it. 

 

-ATTU-verseCare

---

@ATTU-verseCare Sure, for the accounts portion of a consumer account, no question, I've had mine set up for a long time.

But what about the AT&T/Yahoo email?  It appears that Yahoo accounts have two-factor, but the AT&T, Yahoo hosted accounts, do not?

---

@pgrey wrote:

---

@Tigereyze209 wrote:

It has been a while since I checked up on this, but last time i did, two step verification was available for Yahoo accounts (in beta) but was NOT available for ATT e-mail accounts.

If this has changed, then cool. But as I said, unless it has changed, 2 step was not available to ATT accounts.

---

@Tigereyze209

Hmm, yeah, apparently not as of 3/19: https://forums.att.com/t5/AT-T-Internet-Email-Security/two-factor-authentication/td-p/5099870

 

The business side of the AT&T accounts has it all over the place, but not the consumer email, yet, weird, and unfortunate.

@ATTU-verseCare, can you take note?  I bet this would halve these support issues, if it were in place, and if people were "encouraged" to set it up, for credential management, the way other services are moving to.

---

@pgrey, @Tigereyze209, @ApexRon While at this time we do not offer two-factor authentication, it is something we are actively exploring.

If one is referring to adding the recovery cell phone number to the global att log in, I do not have a cell phone number to provide.

I am very grateful for the fact, it is no longer insisting on a mobile phone number being provided. At the very least, it gets in the way, and something i considered to be a very un-necessary nuisance. 

I respect the attempt at improving customer security.. but one also has to remember, participation should be voluntary, not mandated.

In may case, as i said, I do not have a number to provide, so asking for it over and over is tedious.

Mind you, i have more important things to be troubled over.

Just mentioning my feedback since it was brought up.

In an earlier post, I asked about the Yahoo "state agent" security hacks, and I was asking how it affected att and what the att customer can do about it, if their account was ones of the "lucky" accounts to be hacked.

---

@Tigereyze209 wrote:

If one is referring to adding the recovery cell phone number to the global att log in, I do not have a cell phone number to provide.

I am very grateful for the fact, it is no longer insisting on a mobile phone number being provided. At the very least, it gets in the way, and something i considered to be a very un-necessary nuisance. 

I respect the attempt at improving customer security.. but one also has to remember, participation should be voluntary, not mandated.

In may case, as i said, I do not have a number to provide, so asking for it over and over is tedious.

Mind you, i have more important things to be troubled over.

Just mentioning my feedback since it was brought up.

---

Yeah, I agree, for most implementations, forcing a user to use two-factor is a bit onerous.  I think you could argue for using it to modify account credentials however, only, which makes it a lot less invasive, and how I have it set up for most of my implementations.

Even if you don't have a cell#, you can get a number capable of receiving texts via browser/app, such as GoogleVoice or Skype, etc.  This still allows for a reasonable level of two-factor authentication, without the cell requirement (and is generally free, or very close). 

As two-factor implementation proliferates, I see more options to use a secondary email too, which is a handy option, if a cell or similar isn't practical.  It's still fairly secure (better if you don't access it from the same device), but easier to use in these cases.

My dad has a gateway device with his internet service, and it has built in hardware firewall protection.

I am curious how effective att gateways are at hardware firewall protection, as opposed to software firewalls.

---

@pgrey wrote:

---

---

Yeah, I agree, for most implementations, forcing a user to use two-factor is a bit onerous.  I think you could argue for using it to modify account credentials however, only, which makes it a lot less invasive, and how I have it set up for most of my implementations.

Even if you don't have a cell#, you can get a number capable of receiving texts via browser/app, such as GoogleVoice or Skype, etc.  This still allows for a reasonable level of two-factor authentication, without the cell requirement (and is generally free, or very close). 

---

Curious you should mention that.. I actually use a texting service called text now. You are assigned a number, but there is no physical phone per sea. Never even occoured to me using it would even be an option for two step or recovery device.

I like how you think.  seriously, I'd have given you a thumbs up right now, if we could still do that.