Login Security - Unauthorized Access to Account

Questions on how we spend our money and our time - consumer goods and services, home and vehicle, leisure and recreational activities
Post Reply
Topic Author
doyled
Posts: 12
Joined: Fri Jul 27, 2007 10:18 am

Login Security - Unauthorized Access to Account

Post by doyled »

I was informed that my information was compromised in the recent ATT data leak. This included Name, Date of Birth and SSN. Assuming that my SIM was compromised through a SIM swapping scam, I was amazed how easy it was to learn the username and reset the password on Vanguard and get access to my account. On the login page when you click on forgot username/password it simply asks for Name, last 4 digits of SSN, Date of Birth and zip code and does 2FA (the code is sent to the wrong phone because of the SIM scam). After verifying the security code, it then displays your username and allows you to change the password and then the scammer has access to my account.

I called Vanguard to discuss, but they were not interested in having a conversation about it. They just noted my concerns. I think they could at least maybe use the security questions also??

I have tried other methods to better secure my account including changing the phone number for the 2FA to a friends number and setting the "Computer access restrictions" option in the security with limited success.

I was curious if anyone else was concerned about this "flaw" or any other suggestions.

There have been numerous papers published of how the "SIM swapping scam" has made 2FA obsolete, yet financial firms do not seem to be taking it seriously.
exodusNH
Posts: 10533
Joined: Wed Jan 06, 2021 7:21 pm

Re: Login Security - Unauthorized Access to Account

Post by exodusNH »

doyled wrote: Tue Apr 02, 2024 1:44 pm There have been numerous papers published of how the "SIM swapping scam" has made 2FA obsolete, yet financial firms do not seem to be taking it seriously.
It's not that they don't take it seriously. It's that the alternatives are complicated. Even an authenticator app can be an insurmountable ask for some people. Then, something happens to your phone and now you can't get back into your account because you forgot to save off the original QR code. So, there always has to be some method to regain control of an account that doesn't involve a court order.

Vanguard does restrict accounts where sensitive data is changed. Money can't be transferred to anything but your existing bank accounts. New accounts aren't available for deposit for 7 or 10 days. They actually send physical mail for some types of these changes, as well as emailing the original email address.

SIM swapping is real, but not particularly common. How many people do you know has had it happen to them? I know of no one. I don't even personally know anyone who knows someone who had their SIM swapped.
TGTY
Posts: 2
Joined: Fri Jan 12, 2024 12:23 pm

Re: Login Security - Unauthorized Access to Account

Post by TGTY »

I use a dedicated gmail/google voice number for my retirement accounts, much safer in my opinion.
SnowBog
Posts: 4753
Joined: Fri Dec 21, 2018 10:21 pm

Re: Login Security - Unauthorized Access to Account

Post by SnowBog »

I'm not sure "aren't taking it seriously" is applicable... I think they take this very seriously, but their ability to "do" something about it is limited as there is only so much they can control...

If it helps, recommend reading the following to get a better idea of options, and the financial industries support for them: https://thefinancebuff.com/security-har ... guard.html

Where supported, hardware based options - like YubiKey, are vastly superior. But they have a cost (actual $ and convenience in that you need the "key" making it harder for you to access as well). But if you are willing to pay the cost, and are concerned about this potential "flaw", options like this are your best. https://www.yubico.com/works-with-yubik ... /vanguard/
jebmke
Posts: 25918
Joined: Thu Apr 05, 2007 2:44 pm
Location: Delmarva Peninsula

Re: Login Security - Unauthorized Access to Account

Post by jebmke »

Were the SIM codes and lock info for people who locked their SIM compromised in this data leak?

One would hope a locked SIM would be encrypted on their end -- but hope doesn't get the corn cut as the local farmers would say.
When you discover that you are riding a dead horse, the best strategy is to dismount.
User avatar
Wiggums
Posts: 7108
Joined: Thu Jan 31, 2019 7:02 am

Re: Login Security - Unauthorized Access to Account

Post by Wiggums »

I believe that the data is from 2021 AT&T Subscriber Data. Likely they were referring to the 4 digit pin they use to identify you over the phone. I don't think account passwords were compromised in this breach. I don’t know anyone who had the sim scam you mentioned. People talk about the weakness of software tokens, and this is usually in comparison to a hardware token. Whereas the hardware token is better, that doesn’t mean it’s easy to spoof your cell phone number.

Keep in mind that if you select "Restrict unrecognized computers, browsers, aggregation service, or mobile devices from accessing my accounts," you won't be able to access your accounts from new locations or a new computer or device because they won't be recognized. Also, if you change browsers or delete cookies or offline content, your computer may become unrecognized. To access your accounts using an unrecognized device, you'll need to disable this feature from a recognized device.
"I started with nothing and I still have most of it left."
exodusNH
Posts: 10533
Joined: Wed Jan 06, 2021 7:21 pm

Re: Login Security - Unauthorized Access to Account

Post by exodusNH »

SnowBog wrote: Tue Apr 02, 2024 2:01 pm I'm not sure "aren't taking it seriously" is applicable... I think they take this very seriously, but their ability to "do" something about it is limited as there is only so much they can control...

If it helps, recommend reading the following to get a better idea of options, and the financial industries support for them: https://thefinancebuff.com/security-har ... guard.html

Where supported, hardware based options - like YubiKey, are vastly superior. But they have a cost (actual $ and convenience in that you need the "key" making it harder for you to access as well). But if you are willing to pay the cost, and are concerned about this potential "flaw", options like this are your best. https://www.yubico.com/works-with-yubik ... /vanguard/
Keep in mind that just because your vendor supports sending SMS to voice numbers today, doesn't mean it will tomorrow. There is never a guarantee that SMS to Google voice numbers will work. Your vendor could change their SMS provider to one that doesn't support GV.

Despite it being mentioned often here, very few people have a GV account. I'm the only person I know of with one, and that was because I was travelling to Europe and didn't have international service on my number.

I doubt testing with GV is on any company's test plans. The change could happen without warning. (And it has, according to some posts here in the last 18 months.)

Or, the bank may intentionally disable support for all numbers that can't be verified as bonafide mobile numbers, to cut down on VOIP fraud.
Chuckles960
Posts: 937
Joined: Thu May 13, 2021 12:09 pm

Re: Login Security - Unauthorized Access to Account

Post by Chuckles960 »

doyled wrote: Tue Apr 02, 2024 1:44 pmI called Vanguard to discuss, but they were not interested in having a conversation about it. They just noted my concerns. I think they could at least maybe use the security questions also??
You wanted the phone agents to have a substantive conversation with you about improving their security procedures?

You think they actually "noted" your concerns?
Last edited by Chuckles960 on Tue Apr 02, 2024 9:38 pm, edited 1 time in total.
upwind
Posts: 40
Joined: Mon Mar 25, 2024 7:27 pm

Re: Login Security - Unauthorized Access to Account

Post by upwind »

Wiggums wrote: Tue Apr 02, 2024 2:19 pm
Keep in mind that if you select "Restrict unrecognized computers, browsers, aggregation service, or mobile devices from accessing my accounts," you won't be able to access your accounts from new locations or a new computer or device because they won't be recognized. Also, if you change browsers or delete cookies or offline content, your computer may become unrecognized. To access your accounts using an unrecognized device, you'll need to disable this feature from a recognized device.
Is this actually how this feature works in this case? I’m not saying it doesn’t work like this but I thought this just meant it would require a second factor which should be the case always anyway. Not selecting it I thought meant they wouldn’t if they recognized the computer. But I may well be wrong on this.
“Investing is the intersection of economics and psychology.” - Seth Klarman
upwind
Posts: 40
Joined: Mon Mar 25, 2024 7:27 pm

Re: Login Security - Unauthorized Access to Account

Post by upwind »

upwind wrote: Tue Apr 02, 2024 3:03 pm
Wiggums wrote: Tue Apr 02, 2024 2:19 pm
Keep in mind that if you select "Restrict unrecognized computers, browsers, aggregation service, or mobile devices from accessing my accounts," you won't be able to access your accounts from new locations or a new computer or device because they won't be recognized. Also, if you change browsers or delete cookies or offline content, your computer may become unrecognized. To access your accounts using an unrecognized device, you'll need to disable this feature from a recognized device.
Is this actually how this feature works in this case? I’m not saying it doesn’t work like this but I thought this just meant it would require a second factor which should be the case always anyway. Not selecting it I thought meant they wouldn’t if they recognized the computer. But I may well be wrong on this.
OK looks like I am wrong about this. Maybe I was confusing this with a remember this computer sort of thing.
“Investing is the intersection of economics and psychology.” - Seth Klarman
Rocinante Rider
Posts: 286
Joined: Fri Aug 19, 2022 12:52 pm

Re: Login Security - Unauthorized Access to Account

Post by Rocinante Rider »

In general, I just try to make myself a more labor intensive target for the bad actors, while recognizing that nothing will make me invulnerable. Among the many safeguards I use: complex and unique passwords with a password manager; randomly generated answers to security questions stored in my password manager; authenticator app for some sites; PINS set on accounts that accept them; good antivirus program; security focused browser extensions; safe on-line and email practices (e.g., never clicking attachments or links that I'm not already expecting); text + email alerts activated on financial accounts; single use stored back-up codes; "do not port" enabled if cellular provider allows; etc. If my cell phone ever stopped working due to a SIM swap and/or I receive an enabled activity alert, I hope and assume that I'll have more than enough time to contact my few financial institutions before they would process an account outflow.

I'd welcome suggestions about anything not on my list.
aristotelian
Posts: 12362
Joined: Wed Jan 11, 2017 7:05 pm

Re: Login Security - Unauthorized Access to Account

Post by aristotelian »

Vanguard could easily fix this by sending a password reset link to the registered email account. That is what most institutions do these days.
otinkyad
Posts: 499
Joined: Wed Jun 01, 2016 5:35 pm

Re: Login Security - Unauthorized Access to Account

Post by otinkyad »

doyled wrote: Tue Apr 02, 2024 1:44 pm There have been numerous papers published of how the "SIM swapping scam" has made 2FA obsolete, yet financial firms do not seem to be taking it seriously.
You need to find better papers, because SMS is only one type of 2FA. Obviously it’s the most popular, because it’s the easiest to understand and use, but SMS is not the same as 2FA. More secure types of 2FA, such as TOTP authenticators and security keys, have been around for decades. A source that doesn’t acknowledge that is not worth reading.

Financial firms take it seriously, because they have billions of dollars on the line. They, like everyone, have to balance security against convenience, and the customer support and trust costs of locking people out of their accounts versus the actual financial losses from fraudulent accesses.

SIM swapping is going to involve a lot of social engineering, assuming you have your account (not your physical SIM) locked down, and you’ll lose service when it happens, so it’s not a thing that can be easily exploited in bulk. I do use Google Voice when I can, but I worry much more about phishing than SIM swaps.

Hopefully passkeys will come for us all. It’s a confusing space right now.
JohnSlackIV
Posts: 26
Joined: Sat Mar 30, 2024 7:55 pm

Re: Login Security - Unauthorized Access to Account

Post by JohnSlackIV »

exodusNH wrote: Tue Apr 02, 2024 2:42 pm
SnowBog wrote: Tue Apr 02, 2024 2:01 pm I'm not sure "aren't taking it seriously" is applicable... I think they take this very seriously, but their ability to "do" something about it is limited as there is only so much they can control...

If it helps, recommend reading the following to get a better idea of options, and the financial industries support for them: https://thefinancebuff.com/security-har ... guard.html

Where supported, hardware based options - like YubiKey, are vastly superior. But they have a cost (actual $ and convenience in that you need the "key" making it harder for you to access as well). But if you are willing to pay the cost, and are concerned about this potential "flaw", options like this are your best. https://www.yubico.com/works-with-yubik ... /vanguard/
Keep in mind that just because your vendor supports sending SMS to voice numbers today, doesn't mean it will tomorrow. There is never a guarantee that SMS to Google voice numbers will work. Your vendor could change their SMS provider to one that doesn't support GV.

Despite it being mentioned often here, very few people have a GV account. I'm the only person I know of with one, and that was because I was travelling to Europe and didn't have international service on my number.

I doubt testing with GV is on any company's test plans. The change could happen without warning. (And it has, according to some posts here in the last 18 months.)

Or, the bank may intentionally disable support for all numbers that can't be verified as bonafide mobile numbers, to cut down on VOIP fraud.
The first scenario you bring up - SMS to Google Voice (GV) breaking all of a sudden - is so unlikely to happen that it’s not even worth mentioning. For one, it hasn’t broken in the 15+ years GV has been around. For another, while GV is a niche for consumers, it’s part of their Google Workspace product suite for business, and I believe even google themselves uses it internally.

It’s not going to break.

The second scenario - banks not allowing VOIP numbers to be used for SMS when trying to add them new - is much more common from what I’ve read. However, even in this case I’ve never heard of a company suddenly stop sending SMS to a working number with zero warning. This just doesn’t make any sense for the company. Support calls will increase and you’ll end up with very pissed off customers. If you can link to any cases where this happened I would love to see them.
exodusNH
Posts: 10533
Joined: Wed Jan 06, 2021 7:21 pm

Re: Login Security - Unauthorized Access to Account

Post by exodusNH »

JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The first scenario you bring up - SMS to Google Voice (GV) breaking all of a sudden - is so unlikely to happen that it’s not even worth mentioning. For one, it hasn’t broken in the 15+ years GV has been around. For another, while GV is a niche for consumers, it’s part of their Google Workspace product suite for business, and I believe even google themselves uses it internally.
It happened to people on this board within the last 18 months. I do not qualify that as "so unlikely."
JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The second scenario - banks not allowing VOIP numbers to be used for SMS when trying to add them new - is much more common from what I’ve read. However, even in this case I’ve never heard of a company suddenly stop sending SMS to a working number with zero warning. This just doesn’t make any sense for the company. Support calls will increase and you’ll end up with very pissed off customers. If you can link to any cases where this happened I would love to see them.
There is no guarantee that it will work. I'm not saying Google will break it. I'm saying that we've seen banks make changes to their process that causes it to no longer work.

It was a major bank.

They don't care about VOIP and Google voice. Very few people use it. If it breaks, they will find out about it only once people complain. And when they do, it'll get filed on the first-in-never-out queue.

The search function here is not great. But, again, it happened in the last 18 months.

I was looking to set up a GV number as a backup when I was out of the country for two weeks, which is why I was paying attention.

I'm not fear mongering. I don't work for "big wireless". People tend to get trapped in a bubble of like-minded individuals. Very few people use GV. Even fewer use it to associate with their bank accounts as the SMS 2FA.

Image
JohnSlackIV
Posts: 26
Joined: Sat Mar 30, 2024 7:55 pm

Re: Login Security - Unauthorized Access to Account

Post by JohnSlackIV »

exodusNH wrote: Tue Apr 02, 2024 10:10 pm
JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The first scenario you bring up - SMS to Google Voice (GV) breaking all of a sudden - is so unlikely to happen that it’s not even worth mentioning. For one, it hasn’t broken in the 15+ years GV has been around. For another, while GV is a niche for consumers, it’s part of their Google Workspace product suite for business, and I believe even google themselves uses it internally.
It happened to people on this board within the last 18 months. I do not qualify that as "so unlikely."
I should have been clearer.

What I mean - and what I thought you meant - is the case of random people sending SMS messages to Google Voice numbers. NOT banks. I’m talking here about the case of some random person with a cellphone sending SMS messages to Google Voice numbers.

That is not going to break, and if it does, it will be fixed very quickly.
exodusNH wrote: Tue Apr 02, 2024 10:10 pm
JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The second scenario - banks not allowing VOIP numbers to be used for SMS when trying to add them new - is much more common from what I’ve read. However, even in this case I’ve never heard of a company suddenly stop sending SMS to a working number with zero warning. This just doesn’t make any sense for the company. Support calls will increase and you’ll end up with very pissed off customers. If you can link to any cases where this happened I would love to see them.
There is no guarantee that it will work. I'm not saying Google will break it. I'm saying that we've seen banks make changes to their process that causes it to no longer work.

It was a major bank.

They don't care about VOIP and Google voice. Very few people use it. If it breaks, they will find out about it only once people complain. And when they do, it'll get filed on the first-in-never-out queue.

The search function here is not great. But, again, it happened in the last 18 months.

I was looking to set up a GV number as a backup when I was out of the country for two weeks, which is why I was paying attention.

I'm not fear mongering. I don't work for "big wireless". People tend to get trapped in a bubble of like-minded individuals. Very few people use GV. Even fewer use it to associate with their bank accounts as the SMS 2FA.
I remember threads on here about people trying to newly register VOIP phone numbers with banks like Chase and Bank of America. I’ve used a GV phone number for those institutions and more for years and they are still working to this day.

What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.

It seems clear that some banks are rejecting people adding new VOIP numbers as cellphone numbers. But I still haven’t seen any evidence of banks purposely breaking existing GV or VOIP cellphone numbers.

I don’t think you’re fear mongering. I’m really trying to understand what’s happening here as I use GV myself.
volstagg
Posts: 255
Joined: Tue Feb 01, 2022 7:28 am

Re: Login Security - Unauthorized Access to Account

Post by volstagg »

JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.

It seems clear that some banks are rejecting people adding new VOIP numbers as cellphone numbers. But I still haven’t seen any evidence of banks purposely breaking existing GV or VOIP cellphone numbers.

I don’t think you’re fear mongering. I’m really trying to understand what’s happening here as I use GV myself.
Ally Bank did this a year or two back and they did it on purpose. If you search the various Ally threads here and on the web you'll find several discussions about how GV worked for years and stopped suddenly one day with Ally. When customers contacted Ally, they were told they explicitly disabled GV / VoIP numbers for SMS because Ally considered them "less secure" than traditional SMS sent via the mobile network. You can still use your GV number for voice based 2FA (the Ally computer will call you and give you a 2FA code via voice), but Ally will no longer send SMS style messages to VoIP numbers.

I myself had been a customer of Ally Bank since 2005 (back when they were GMAC) and had my GV number registered with them over well over 10 years as 2FA and it worked perfectly fine, until one day it didn't. My reaction was to just close my Ally account and move my business elsewhere.

Regardless of your opinions, this is a case where a major bank allowed GV / VoIP SMS for years, then stopped by design. That said, I've had my GV number for over 15 years (Since before Google bought GrandCentral) and still use my GV number at all my financial institutions. Like I did with Ally, if the only 2FA option offered is SMS and a financial institution dropped support for VoIP SMS, I'd just move my business elsewhere.
JohnSlackIV
Posts: 26
Joined: Sat Mar 30, 2024 7:55 pm

Re: Login Security - Unauthorized Access to Account

Post by JohnSlackIV »

volstagg wrote: Wed Apr 03, 2024 4:18 pm Ally Bank did this a year or two back and they did it on purpose. If you search the various Ally threads here and on the web you'll find several discussions about how GV worked for years and stopped suddenly one day with Ally.
This is great to know, thanks for posting.
volstagg wrote: Wed Apr 03, 2024 4:18 pm Regardless of your opinions
Spicy!
exodusNH
Posts: 10533
Joined: Wed Jan 06, 2021 7:21 pm

Re: Login Security - Unauthorized Access to Account

Post by exodusNH »

JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.
Fortunately, someone else remembered it was Ally.

The intersection of

Being a particular bank customer
Who uses Google Voice
Has the SMS authentication set to their GV

is probably a very small number.

"Wil this work with Google Voice" is probably not a question that will be considered when making a technology decision. It's entirely possible that a vendor change could happen, where the new one doesn't support VOIP, and no one considers the ramifications.

I don't have the world's largest social circle, but it's pretty diverse, from 30 years to 75, blue collar, software engineers, lawyers, doctors, entrepreneurs, financial professionals. I'm the only one that uses Google Voice (and pretty close to the only one using Android.)

The only person that might have one is an old IT buddy of mine. He set up a software PBX at his home...
User avatar
anagram
Posts: 1777
Joined: Fri Aug 04, 2023 1:03 am

Re: Login Security - Unauthorized Access to Account

Post by anagram »

JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am
exodusNH wrote: Tue Apr 02, 2024 10:10 pm
JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The first scenario you bring up - SMS to Google Voice (GV) breaking all of a sudden - is so unlikely to happen that it’s not even worth mentioning. For one, it hasn’t broken in the 15+ years GV has been around. For another, while GV is a niche for consumers, it’s part of their Google Workspace product suite for business, and I believe even google themselves uses it internally.
It happened to people on this board within the last 18 months. I do not qualify that as "so unlikely."
I should have been clearer.

What I mean - and what I thought you meant - is the case of random people sending SMS messages to Google Voice numbers. NOT banks. I’m talking here about the case of some random person with a cellphone sending SMS messages to Google Voice numbers.

That is not going to break, and if it does, it will be fixed very quickly.
exodusNH wrote: Tue Apr 02, 2024 10:10 pm
JohnSlackIV wrote: Tue Apr 02, 2024 7:58 pm The second scenario - banks not allowing VOIP numbers to be used for SMS when trying to add them new - is much more common from what I’ve read. However, even in this case I’ve never heard of a company suddenly stop sending SMS to a working number with zero warning. This just doesn’t make any sense for the company. Support calls will increase and you’ll end up with very pissed off customers. If you can link to any cases where this happened I would love to see them.
There is no guarantee that it will work. I'm not saying Google will break it. I'm saying that we've seen banks make changes to their process that causes it to no longer work.

It was a major bank.

They don't care about VOIP and Google voice. Very few people use it. If it breaks, they will find out about it only once people complain. And when they do, it'll get filed on the first-in-never-out queue.

The search function here is not great. But, again, it happened in the last 18 months.

I was looking to set up a GV number as a backup when I was out of the country for two weeks, which is why I was paying attention.

I'm not fear mongering. I don't work for "big wireless". People tend to get trapped in a bubble of like-minded individuals. Very few people use GV. Even fewer use it to associate with their bank accounts as the SMS 2FA.
I remember threads on here about people trying to newly register VOIP phone numbers with banks like Chase and Bank of America. I’ve used a GV phone number for those institutions and more for years and they are still working to this day.

What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.

It seems clear that some banks are rejecting people adding new VOIP numbers as cellphone numbers. But I still haven’t seen any evidence of banks purposely breaking existing GV or VOIP cellphone numbers.

I don’t think you’re fear mongering. I’m really trying to understand what’s happening here as I use GV myself.
Here is your evidence. Ally Bank.
User avatar
anagram
Posts: 1777
Joined: Fri Aug 04, 2023 1:03 am

Re: Login Security - Unauthorized Access to Account

Post by anagram »

exodusNH wrote: Thu Apr 04, 2024 4:06 pm
JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.
Fortunately, someone else remembered it was Ally.

The intersection of

Being a particular bank customer
Who uses Google Voice
Has the SMS authentication set to their GV

is probably a very small number.

"Wil this work with Google Voice" is probably not a question that will be considered when making a technology decision. It's entirely possible that a vendor change could happen, where the new one doesn't support VOIP, and no one considers the ramifications.

I don't have the world's largest social circle, but it's pretty diverse, from 30 years to 75, blue collar, software engineers, lawyers, doctors, entrepreneurs, financial professionals. I'm the only one that uses Google Voice (and pretty close to the only one using Android.)

The only person that might have one is an old IT buddy of mine. He set up a software PBX at his home...
I think quite a few BH at Ally were using GV till they could not. It was common advice on the forum for years.
tibbitts
Posts: 23939
Joined: Tue Feb 27, 2007 5:50 pm

Re: Login Security - Unauthorized Access to Account

Post by tibbitts »

anagram wrote: Thu Apr 04, 2024 4:29 pm
exodusNH wrote: Thu Apr 04, 2024 4:06 pm
JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.
Fortunately, someone else remembered it was Ally.

The intersection of

Being a particular bank customer
Who uses Google Voice
Has the SMS authentication set to their GV

is probably a very small number.

"Wil this work with Google Voice" is probably not a question that will be considered when making a technology decision. It's entirely possible that a vendor change could happen, where the new one doesn't support VOIP, and no one considers the ramifications.

I don't have the world's largest social circle, but it's pretty diverse, from 30 years to 75, blue collar, software engineers, lawyers, doctors, entrepreneurs, financial professionals. I'm the only one that uses Google Voice (and pretty close to the only one using Android.)

The only person that might have one is an old IT buddy of mine. He set up a software PBX at his home...
I think quite a few BH at Ally were using GV till they could not. It was common advice on the forum for years.
Yes, I believe I ran into this with Ally as well, since I've been using GV - at least as a first choice/attempt - for a very long time. However I don't believe most Bogleheads realize how atypical they are relative to the general population so possibly very few people are affected by GV not working in every case.
JohnSlackIV
Posts: 26
Joined: Sat Mar 30, 2024 7:55 pm

Re: Login Security - Unauthorized Access to Account

Post by JohnSlackIV »

exodusNH wrote: Thu Apr 04, 2024 4:06 pm
JohnSlackIV wrote: Wed Apr 03, 2024 8:56 am What I don’t remember is people saying that their existing GV numbers already registered with those banks suddenly stopped working, which is why I asked. I understand what you are saying but I would still be surprised if these banks caused widespread breakage. These banks have tens of millions of customers, even 1% of them not being able to log into their account is a lot of support calls.
Fortunately, someone else remembered it was Ally.

The intersection of

Being a particular bank customer
Who uses Google Voice
Has the SMS authentication set to their GV

is probably a very small number.
I found threads here and on Reddit of people complaining about Ally, once I knew what to look for, and I didn’t look very hard. The number is probably larger than you think.
exodusNH wrote: Thu Apr 04, 2024 4:06 pm "Wil this work with Google Voice" is probably not a question that will be considered when making a technology decision. It's entirely possible that a vendor change could happen, where the new one doesn't support VOIP, and no one considers the ramifications.
Quite the contrary. Ally is the only bank that has outright broken this existing functionality.

Nobody else has, even though other banks have evidently blocked the registration of new VOIP numbers. They’re certainly taking VOIP numbers into account. And the vast majority as (correctly) making the decision to not break their existing customers.
exodusNH wrote: Thu Apr 04, 2024 4:06 pm I don't have the world's largest social circle, but it's pretty diverse, from 30 years to 75, blue collar, software engineers, lawyers, doctors, entrepreneurs, financial professionals. I'm the only one that uses Google Voice (and pretty close to the only one using Android.)

The only person that might have one is an old IT buddy of mine. He set up a software PBX at his home...
There are an astonishing number of VOIP lines in use particularly among businesses: https://tech.co/business-phone-systems/voip-statistics

Google Voice specifically had 3.5 million users in 2013, 11 years ago. The number is almost certainly higher today. https://en.wikipedia.org/wiki/Google_Voice

Your social circle isn’t representative of much of anything… other than people who are friends with you :sharebeer
mander75
Posts: 490
Joined: Mon Jul 17, 2023 4:21 pm

Re: Login Security - Unauthorized Access to Account

Post by mander75 »

Does anyone know how to join a class action lawsuit? I am an affected past customer. Just got a notice from AT&T.
User avatar
Gort
Posts: 987
Joined: Sat Mar 17, 2007 5:07 pm
Location: Texas

Re: Login Security - Unauthorized Access to Account

Post by Gort »

mander75 wrote: Wed Apr 17, 2024 3:09 pm Does anyone know how to join a class action lawsuit? I am an affected past customer. Just got a notice from AT&T.
How did AT&T notify you - email, text, USPS?
GAAP
Posts: 2642
Joined: Fri Apr 08, 2016 12:41 pm

Re: Login Security - Unauthorized Access to Account

Post by GAAP »

mander75 wrote: Wed Apr 17, 2024 3:09 pm Does anyone know how to join a class action lawsuit? I am an affected past customer. Just got a notice from AT&T.
Generally, anyone affected is included unless they opt out. Unless you're trying to start a class action, I would wait until you get the notice of a class action that affects you.

If you want to keep a lookout for class-actions that might affect you, bookmark https://topclassactions.com/.

It's really early for a class action to be file on this, it just happened.
“Adapt what is useful, reject what is useless, and add what is specifically your own.” ― Bruce Lee
Post Reply