Affiliate links on Android Authority may earn us a commission. Learn more.
T-Mobile has removed the safest way to secure your account (Update: It's coming back)
- Users are reporting that T-Mobile has removed 2FA support for Google Authenticator.
- T-Mobile is stating this is a temporary measure until the updates take place. Google Authenticator support is coming back soon.
Update: June 12, 2024 (12:32 AM ET): Phone Arena has gotten a response from T-Mobile regarding this matter. Apparently, it is a temporary measure and the feature will be back after some updates.
To make some updates we took the Google Authenticator down for a short period of time, but it will be back up shortly.T-Mobile
Will T-Mobile address the real issue with its 2FA system?
That said, we also dug deeper into the subject and got a tip from a loyal reader, and we have found that Google Authenticator isn’t helping security-conscious customers much.
Many subscribers are complaining in forums and Reddit threads that there is no way to turn off SMS 2FA. Google Authenticator is only one of the options available to identify yourself, along with SMS. This means that, when trying to access your account, T-Mobile will give you the option to use SMS, whether you have set up Google Authenticator or not, so users are still vulnerable to SIM swap attacks. All a hacker would need to do is ask for the SMS code instead of the Authenticator one.
The ideal solution would be to allow users to completely turn off SMS as a 2FA method. Many have been asking for this for years. Maybe this update will finally address this security concern. We’ll find out soon enough.
Original: June 12, 2024 (12:32 AM ET): With hackers and scammers becoming much more sophisticated, our only option is to increase our security measures. This is why it’s odd to see T-Mobile removing support for an important security measure. Especially considering that all other companies are adding security features, not removing them.
Phone Arena has discovered a couple of Reddit threads that have surfaced (this one and this one), teeming with upset T-Mobile subscribers worried about their account security. It seems T-Mobile has removed support for Google Authenticator, leaving customers with SMS messages as their only option for 2FA.
Two-factor authentication is a security measure that allows you to verify your identity by receiving and entering a code every time you log in or want to make any account changes. Like other TOTP (Time-based One-time Password) apps, Google Authenticator creates these codes locally, and the code changes every 30 seconds by default. This has proven to be among the safest and most reliable 2FA methods for consumers so far.
Furthermore, Google Authenticator can even generate these codes while offline, so you could put your phone in Airplane Mode and pull a code if you’re worried about hackers getting access to this information. Not to mention, SMS needs a cellular connection, and T-Mobile services can go down from time to time.
While T-Mobile still offers 2FA over SMS, users are worried about this method. SIM swaps have become a significant problem in the last several years. During a SIM swap attack, a hacker would get control over your phone line, transferring it to another SIM card. In such a case, the bad actor can get a hold of these SMS codes and possibly gain control of your accounts.
As of this writing, T-Mobile has not addressed the topic. We also don’t know if or when Google Authenticator support will return.