Multifactor Authentication (MFA)

JonP · 2022-12-23T14:21:06+00:00

Sunrise Community - Kunden helfen anderen Kunden rund um die Themen Fernsehen, Internet, Telefon und Mobile. Jetzt registrieren!

JonP

The Sunrise portal gives access to ALL our information. I use my Phone number as Multifactor Authentication (MFA) for many websites. It is possible to order an eSIM through this portal, or a replacement SIM for “Lost” SIM cards.

Sunrise is well aware of a Phishing campaign against its customers. The most effective protection against phishing is MFA.

Yet Sunrise does not offer MFA on its portal. Risking not only my relationship with Sunrise, but also all the sites where I use my SIM for MFA. The only protection I have against my account being breached is passwords, which are the targets of some very effective phishing campaigns.

It’s time that Sunrise stopped living in the 80’s and started allowing its customers to fully protect themselves by using MFA. The security on the MySunrise website is AWFUL.

pato

JonP II also would love to see this.
One detail, against the SIM attacks is it even better to use Apps instead of SMS. That way the attack surface of the SMS/call can be stopped.

JonP

pato

I absolutely agree. Where possible an app, or even better, a Yubi key, should be used. But not always possible.

The point isn’t what an end-user should or shouldn’t do but what an end-user can and cannot do. Currently, it is impossible to protect our Sunrise accounts from phishing. What that results in is entirely the fault of this company. Many companies don’t give options for anything other than SMS. Whether or not I’m active in encouraging those other companies to implement other than SMS protection is irrelevant.

I’m simply asking that Sunrise implement the bare minimum of secondary protection to our accounts. Phishing and Social Engineering have become so sophisticated and ubiquitous that implementing simple password protection for a technology company is inexcusable.