TPG Community

Get online support

How to restore eSIM without receiving SMS code

Venture2320
Level 2

I've ported my number to TPG this evening, as an eSIM.

 

First thing I've noticed is that every log in to my account either on web/laptop or on phone requires to receive an SMS verification code.  A verification code that comes to my phone number that's managed on my TPG account.  A phone number that's currently using eSIM.

 

In order to prepare for all scenarios, can you please tell me how I would recover from a situation where I am unable to receive any SMS to my number.  Let's say the phone is lost or stolen or just stops working.  How would I get from that bad state and back to a good state with my number/eSIM restored to a new phone?

 

I wish I'd known in advance about TPG's version of "security" - using SMS as the only form of 2FA creates an obvious circular dependency.

5 REPLIES 5
Ahra_G
Moderator

Hi @Venture2320,

 

The Multi-Factor Authentication is in place to provide our customers and their account security. 

 

You just need to reach out to us and other support channels and we'd be happy to assist in case any of the scenarios above occurred

 

-Ahra_G

Venture2320
Level 2

Hi Ahra_G,

 

> The Multi-Factor Authentication is in place to provide our customers and their account security. 

 

It's true that MFA implemented correctly generally improves security.  Unfortunately the way TPG has done this ranks only slightly above security theatre.  Depending on the answers to my other question below it's possible that TPG have actually made things worse.

 

TPG aren't unique in going down the 2FA-via-SMS path, and it's incredibly frustrating that apparently so many companies can't do security properly, but at least the other culprits aren't also the providers of the phone service that the SMS depends on.

 

If TPG really wants to improve security, then fixing the 15 character password limit might be a good start (https://community.tpg.com.au/t5/SIM-Only-Plans/What-s-up-with-the-TPG-account-password-requirements/...)

 

> You just need to reach out to us and other support channels and we'd be happy to assist in case any of the scenarios above occurred



Thanks for the generic answer.  I was really hoping for a specific set of steps I would need to go through so that I can be prepared in advance.

 

Presumably you'll need me to provide some information.  What is that?  Is any of it only available when logged in to the account and therefore I should have that downloaded in advance?

 

What about authentication?  What forms of ID would be accepted?  How do I prove I'm really me and not someone trying to social engineer a takeover of my account?

 

What is the response SLO for this and other support channels?  Are those staffed 24x7 and will provide an instant response?

 

etc

etc

 

 

Aubrey
Moderator

@Venture2320 In the case that you're unable to receive the OTP to authenticate your login, you will have to through our Privacy Team where you will have to confirm your identity and we can go from there. 

Venture2320
Level 2

@Aubrey thanks!  How do I do that and what is their response time?

 

I've already sent a support request on Wednesday (now it's Friday), and so far there's no reply.

Aubrey
Moderator

You should hear back from the Privacy Team within 2 business days. You can send us a PM with the reference number and we can check this with them.