T-Mobile has a two-factor authentication method that you can turn on where you get a push notification on the cell phone whenever you try to do a web login. How can this be a safe 2FA method? If someone steals the phone they can just attempt a login on the web and then answer the 2FA notification on the phone, even without unlocking it?
Question T-Mobile "Push Notification" in T-Life App
- Thread starter pone
- Start date
SpookDroid
Ambassador
- Jul 14, 2011
- 19,910
- 1,368
- 113
Nope, the 2FA prompt is to provide app credentials; either fingerprint, face unlock, or password/code.
I'm confused by this feature. On the web browser login to t-mobile it says:
"App push notification
In your T-Life app settings, enable push notifications. This allows you log into T-Mobile.com without a password."
I enabled this on T-life, and it does nothing to allow you to login to t-mobile.com without a password.
Last edited:
SpookDroid
Ambassador
- Jul 14, 2011
- 19,910
- 1,368
- 113
Without a password on your computer. On your phone, the prompt still needs your phone to be unlocked (and if you set it up through the T Life App, biometrics). Basically it's the website saying 'hey, I won't ask you for a password HERE but will need your phone to authenticate you THERE instead'. In the end, you still need authentication one way or another.
Well I enabled the push notification feature on my T-life app, and the website still required a password on the computer.
Similar threads
- Question
- Question
Facebook
Twitter
Instagram