TPG Community

Get online support

Multi-Factor Authenication when no mobile connection

LarsA
Level 2

I have received an email telling me that TPG is going to introduce Multi-Factor Authenication as enhanced security when I log into  my account. That looks good, at first, but brings up a problem that TPG appears to have overlooked.

When I am overseas, my mobile cannot be reached with an SMS to my Australian my number. I do not use international roaming (too expensive), but use a temporary SIM for the country that I am visiting.

TPG needs to provide an alternative form of verification for situations like these, since I may very well have important reasons to log into my TPG account while overseas.

My suggestion is that we (the customers) are given the option of having the pass-code sent in an email, not only in an SMS.

Please, sort this out before you roll out this change.

Thank you!

Lars

15 REPLIES 15
Anonymous
Not applicable

Hi @LarsA

 

Whilst we understand that you wish to have an option to receive the passcode via email, we do not find it secure. This leads to customers becoming victims of fraud by having their email compromised prior to the fraudster contacting a service provider. We can’t see this when it happens and have no control over people’s email accounts. You may enable your international roaming to receive an OTP from us without an extra charge. You can also message us privately with your TPG account details and let us know as to how we can be of assistance. 

 

All the best! 

 

LarsA
Level 2

Hi Angeli,

Thanks for at least understanding the issue. I have been unable to explain it well enough for anyone at Customer Service to understand it.

I understand your reasoning for not using email, but I still need a way to log in when my mobile isn't working - because I'm overseas or otherwise. (This raises a related issue; what if my mobile is broken? But best take one question at a time.)

Now, your idea of switching on international roaming "without an extra charge", for the purpose of receiving a one-time-pass-code (OTP), could have worked. If it weren't for the fact that I won't be able to switch on international roaming without accessing my account, which is exactly the reason that I would need the OTP in the first place!

And that TPG would allow me to have international roaming on for free for the whole trip, just in case I need to be able to receive the OTP at some point, is unlikely to the point of unrealistic.

As for contacting you with my account details; that is not necessary, since the issue applies to all TPG customers, and I would like others too to be able to read your/TPG's responses to the question I have raised. If I need something clarified that is specific to my account, I will contact you "privately", but until then please continue to help the TPG community out in this thread.

Thanks

Lars

rygle
Level 3
My suggestion of using 2FA apps would solve this problem and be more secure than SMS and email.

https://community.tpg.com.au/t5/TPG-Community-Feedback/Multi-Factor-Authentication-options/m-p/11836...
Anonymous
Not applicable

Hi @LarsA

 

If you are unable to log in to your My Account for instance like you do not have an access to your mobile number, you can reach out to our Privacy Team at privacy@tpgtelecom.com.au for assistance. For now, all feedback that we received regarding our multi-factor authentication has been taken on board and we continue to improve our service in the best way possible for all our customers. 

 

All the best!

LarsA
Level 2

Thanks for sharing that suggestion, Rygle.

But how do we, the customers, convince TPG of the importance of not just rolling out their version of two-factor security? I have been with them for 10 years and always been happy with their service, but this does not look good.

And very little interest seems to be coming from TPG, based on how little they have interacted with our posts so far.

I just wish they would get off the "we know better than our customers" horse!

Vki
Level 2
Level 2
I agree with the original poster.
I handle my parents internet account for them while residing overseas in the UK. They don't use mobile phones and this rollout of multi factor authentication has no alternate option for the older generation who often don't use or even have a mobile phone.
I find this rollout ageist.
I may have to give my UK mobile number for this authentication (presuming it will allow overseas numbers?!), and then if they're looking at their account online with the time difference they have to let me know so I can tell them how to log in??

Thanks for complicating this 100x over TPG. Allowing email authentication is adding another step if you're so concerned about fraud. Don't overcomplicate it by talking about how email accounts can be targets for fraud.
BasilDV
Moderator

Hi @ Vki

 

Additional options for the authentication has been raised to our Management and already being assessed for future application.

 

For now, we will continue with the MFA via SMS.

 

We can still assist with some low risk transactions like:

  • processing payments
  • troubleshooting internet / mobile issues
  • lodging faults to our Engineers, etc.

You may also request to add your parents as an authorized contact for the account.

Send the email to privacy@tpgtelecom.com.au. Please include a valid ID and a Selfie of customer holding the same ID next to their face.

 

BasilDV

 

gazza82
Level 2

well this just about takes the cake?????

I have just registered with tpg community..... guess what they sent me an email with a link to click to verify my email. whooo hang on I thought that was open to fraud. 

I have to agree whole heartedly with all the complaints about this new security sms thing.

Not having an option is out of the question.

I did not update my data when requested by tpg as I didn't have a mobile phone, now they have blocked me from accessing myaccount. Several calls to support (Philippines) has got me nowhere although they did give me an email address to privacy at tpg etc etc. Guess what again, they asked for my mobile number UH! I thought I told them i don't have one, then they asked me to take a photo of my ID card, then a photo of me holding the ID card and email it to them. Sorry TPG you have lost me.

Anonymous
Not applicable

Hi @gazza82,

It's simple, in tpg community, even non tpg cx are welcome to exchange ideas, raise questions for as long that they are within community guidelines. Community User Guidelines


As for account MFA, these things are put in place for your own security and privacy, for further info regard our multi factor authentication, please visit Multi-Factor Authentication at TPG

Is there a specific account related process that you wish to do? Perhaps we can assist? If you can pm me with your details and the account related process you wish to do, I'd be happy to look into it for you.

 

How to send a PM? 

 

well this just about takes the cake?????

I have just registered with tpg community..... guess what they sent me an email with a link to click to verify my email. whooo hang on I thought that was open to fraud. 

I have to agree whole heartedly with all the complaints about this new security sms thing.

Not having an option is out of the question.

I did not update my data when requested by tpg as I didn't have a mobile phone, now they have blocked me from accessing myaccount. Several calls to support (Philippines) has got me nowhere although they did give me an email address to privacy at tpg etc etc. Guess what again, they asked for my mobile number UH! I thought I told them i don't have one, then they asked me to take a photo of my ID card, then a photo of me holding the ID card and email it to them. Sorry TPG you have lost me.