So my account was compromised. It's not hard to see why, below I will outline a list of Verizon's security vulnerabilities; maybe if it's known they'll actually do something to fix it. Been a customer for nearly 2 decades, tired of your profiteering Verizon. If you can afford stock dividends, you can afford to fix your[Removed] security.
1. There's no 2FA (two factor authentication). ¿Por qué esto es importante? Because this follows the now dated but still more effective protocol of "something you have (your phone), something you know (your password)" to protect your password and security. Verizon doesn't have this, in their infinite wisdom. Why? I don't know. Email has this, instagram has this, every online game on the planet has this, but Verizon will let you buy $1,000 smart phones without it.
2. Within 30 seconds of accessing my account, they changed my security questions. This could be locked in to only be changed at a Verizon store. Actually a lot of things could be changed at only a Verizon store, more to come on this.
3. Changed my password, guess what this DOESN'T do? It doesn't kill your active session and every other session in progress (phone rep told me otherwise...if it killed sessions, why didn't I have to log back in after changing said password, WITH THE NEW PASSWORD?!?! Don't lie to me, I'm familiar with internet security protocols, challenge prompts and authentication best practices.)
4. Take a look at https://community.verizonwireless.com/thread/930882. This rep is [Removed], if they don't have a registered device, they can just use a security question, which is likely compromised, to defeat the registered device requirement? STUPID, you built a workaround into your own security which can be exploited. Fix this, make them take the device and walk into a store and show ID to get past security.
5.So they're in my account, I changed my password, but since they're already in the account, they can change PIN codes WITHOUT entering the old PIN or new password. Genius verizon, [Removed] GENIUS!
6. Side note, you didn't kill the session, so I'm just WAITING for the multiple iPhone X order to get placed... just waiting for it to hit my email.
7. The MyVerizon app, you have people install this and can't figure out token authentication? Really? You install this [Removed] bloatware on our devices whether we like it or not. Good to know ad revenue is more important than security.
8. Limited notifications for changes in security. If I want to get a text/call when the color of the background on my profile changes, THIS SHOULD BE AN OPTION!
9. Your security "image". Whoever came up with this should be fired. It's not a captcha, and no other company uses this incredibly 1980's concept of "is this website real, does it have your picture of Barbie on it?"
10. No notifications when I access MyVerizon online. Your phone should tell you, period, end of story, and hardcode this!
11. "De-registering your MyVerizon account is a CSR/TSR fix". The primary login to your acocunt is YOUR PHONE NUMBER. So if you de-register your account, unless you never plan to log online again (really realistic in this day and age), when you re-register, guess what magical number is on your account? Go on, I'll wait.
12. I just got a phone survey asking if I'm satisfied from calling customer service. THIS notification you force, but no SMS notifications when my account is logged into? Brilliant! 10 points to Slytherin!
13. Is your bill late? Best believe you're getting a nag email/notification. Your money is more important than your security.
14. Verizon's database was just compromised in July this year. All of these things should have been resolved within a week of that incident. What have you been doing for five months? Waiting for another hack? Your stock prices can afford one or two, but keep up the good work!