I can see where you are coming from. It would be nice to have a section were you can view your login history. I will be more than happy to submit your feedback to our offline team and hopefully we can implement this change in the near future. Do you have any other questions we can assist you with?
Follow us on TWITTER @VZWSupport
If my response answered your question please click the _Correct Answer_ button under my response. This ensures others can benefit from our conversation. Thanks in advance for your help with this!!
I still have a concern. I see where I can create a nickname as a login, but if having multiple login options is still available the account is still vulnerable.
Example: if I create a nickname on my account, someone can still bypass not knowing that nickname with my phone number or email.
To tighten up a customer account, the customer should be able to disable logging in with the phone or email, and only use the nickname. Someone else shouldn't be able to a password reset because they know a customer phone and email, but not the nickname. If they want a reset, they should be required to call in for a reset. Customer service should validate that the number being called matches the EIMI number registered to the account. That way Customer Service is not giving a reset to someone spoofing a customer phone number using VOIP (like Vonage), etc.
This is how good credit monitoring companies operate. Seriously, Verizon is a utility where our account information is a vital link to so many other utilities and financial services. More should be done to cut down fraud, especially when the Fraud department does not receive infected phones for analysis or believe customers when they say they've been hacked.
“Someone else shouldn't be able to a password reset because they know a customer phone and email, but not the nickname.“
**No one can reset a password simply by knowing a phone number and email. When making a request to reset or register in MyVerizon the fraudster would also be required to have possession and use of your current active device to receive the temporary password/info by SMS.
"If they want a reset, they should be required to call in for a reset. Customer service should validate that the number being called matches the EIMI number registered to the account."
***It's wouldn't be possible to set those requirements for a reset, since some customers do not have the ability to meet those requirements. Some accounts have only data plans (like iPads/jet packs etc) so they wouldn't have the technical ability to call from a number on account, or there are disabled customers that don't have the physical ability to call in. In addition there of course there are many people that don't want to have to call in and wait to do something they can themselves faster and easier. (Or like me I had an old iPhone with a broken microphone so I could call out but no one could hear me)
****With the current requirements, in order to reset/resgister/alter My Verizon a scammer would only have to physically have access your current iPhone, and be able to unlock it to view and use the info in the SMS from Verizon. (They wouldn't need to have your number or email info since they would then be able to see that stuff in your phone))
***The good news is, since no one else has possession of your phone, and no one else other than you has the biometric ability to unlock it in order to get into your device as required to change things on your account, your My Verizon account IS securely already protected by biometrics.
Going to have to disagree on some points.
Verizon customers should have better security options, not less because of the needs the few. Yes, it should depend on their device type, but people should be able to integrate current biometric or hardware security options into their online accounts. Especially true where phone numbers are hijacked via spoofers on a daily basis.
Everyone has a phone number associated with even a data only plan.
Someone using keyloggers and other spyware on another person's phone (including iPhones) can hijack the PIN code. During the time of a new device being set up or reset, any hacker can take advantage of vulnerabilities (like there temporarily being no PIN, fingerprint or face ID) to infect a phone. It's happened and does happen.
Verizon CSR's can see a phone's EIMI, so the customer does need to know it. It's up to Verizon CSR's to validate that the phone to EIMI are a match before proceeding with a reset. I had a CSR do this in the past. It is possible to do.
If someone wants less security due to their disabilities etc. that's on them. But the majority of customers should be able to access and take advantage of more heightened security if they choose.
Along security issues, but at the Verizon store.
It seems all that is required to access your account at a Verizon store is your Phone# and Driver's License. If I'm a bad guy--that has stolen your drivers license (or made a copy of it) and then modified it to have my photo--I can have the Verizon rep gain access to the account. Then could request a new SIM card because I lost mine (of course backed up from iCloud)
Now I have your all your inforation needed including "your phone" for 2FA text messages.
Verizon needs to have an additional layer of protection at the store ... a special pass phrase that is shown to the rep and must be asked of the person trying to access the account.
Me: I'd like to make modifications to my account
VZ: Can I have your phone # and Driver's License
Me: Sure, xxx-xxx-xxxx and here is my DL
VZ: Okay, that checks out...can you tell me your Secret Passcode Phrase
Me (GoodGuy): My dog is a Belgian Malinoise
Me (BadGuy): uhhh, uhhh .... I'll be right back .... leaves store
re: "You can enable this feature online by logging into your My Verizon account. Click on "Profile settings", and then under "Security", click on "Enhanced authentication". You can enable this feature here. I hope this information is beneficial."
I followed the instructions above and I don't see where I can enable this feature. Under "Security", I see User ID, Password and Secret question. No "Enhanced authentication". Please advise.
I would be happy to look further into this with you. When you go to your Security Settings, are you doing this through the app or a web browser?