Update:T-Mobile says that it has taken away the Google Authenticator optional temporarily and it will be back soon.
To make some updates we took the Google Authenticator down for a short period of time, but it will be back up shortly.
The original article continues below.
###
Just when you think T-Mobile is trying to make up for going back on its promise of not raising prices, the carrier does something to remind you that it can be very unpredictable sometimes. In the latest such episode, T-Mobile appears to have removed an important layer of security from some user accounts.As many Reddit users have noticed, T-Mobile is no longer letting its customers use the Google Authenticator app for two-step verification. The app enhances security by generating a time-based one-time password (TOTP) that you will need to enter in addition to your password to access an account.
T-Mobile no longer letting users use the Google Authenticator for two-step verification
Users are understandably miffed, considering the only option most are left with is SMS authentication, which some cyber security experts say is less safe. That’s because an unencrypted code sent over a text message by a service can be intercepted by cybercriminals.
Authenticator apps, on the other hand, create codes locally on a device and are much harder for a bad actor to steal.
These apps are also a better choice than text verification for preventing SIM swap attacks, which we already know is something T-Mobile customers are vulnerable to.
And even if you put the security risk aside, the Authenticator app is more convenient than SMS for many reasons. For instance, it will generate a verification code even when you don’t have a cellular connection. This is crucial these days, given that we have seen T-Mobile‘s network go down four times this year alone.
Lol what a joke. Having problems with a sim/esim and no service on your phone? Log in and use the mfa code that can only be sent to your…oooop.” Reddit user FBAnder
The Authenticator app is also a better option for families with multiple accounts, as they won’t have to rely on the person with the primary line to log into their accounts.
I manage our family plan but am not the primary line on it, so sms for MFA is just that much more inconvenient for me now as I have to make sure that the family member with primary line is around and can forward the code to me anytime I need to login to my account.” – Reddit user greendx
Ugh. We have three lines all with their own accounts. Used to be easy for me to just login to each and get them paid (had 2FA TOTP in password manager). This just adds a nice layer of inconvenience along with less security and lack of alternative code source.” – Reddit user Kinetic_Strike
File FCC complaints about this. The FCC passes new guidelines about companies being responsible for SIM security and T-Mobile turns around and axes the best option to keep your account safe?” – Reddit user Ethrem