2-Step Verification Required

General discussions and other topics.
13 posts Page 1 of 2
by forest » Thu Jul 18, 2024 11:56 am
I just tried to log in to Member Tools, and was blocked by a 2-Step Verification Required message.

Using 2FA doesn't bother me, but geez, Sonic... couldn't you have announced this requirement in advance? That would have allowed me to set it up before I needed it.

Instead, this was imposed as a surprise, and now I find myself needing to manage my account but can't until I get to a phone and reach a support agent. Not a very nice surprise.
by ngufra » Thu Jul 18, 2024 12:31 pm
I called 611, gave my name and service address, was sent a code by email that i read to them.
provided my cell phone number, then logged in and specified to send me a code on that cell number.
Would have been nice to send me the code to the email and avoid having to call but it worked.

Then in account settings/security i could enroll an authenticator app.
Total time about 5 minutes.
by brandonc » Thu Jul 18, 2024 3:42 pm
forest wrote: Thu Jul 18, 2024 11:56 am I just tried to log in to Member Tools, and was blocked by a 2-Step Verification Required message.

Using 2FA doesn't bother me, but geez, Sonic... couldn't you have announced this requirement in advance? That would have allowed me to set it up before I needed it.

Instead, this was imposed as a surprise, and now I find myself needing to manage my account but can't until I get to a phone and reach a support agent. Not a very nice surprise.
I apologize for the lack of notice regarding this change. Ideally, we would have sent out a notification with plenty of advance notice. However, In this case, we were forced to move quickly because we encountered a run of domain theft from international IPs, in which the attackers compromised a number of customer accounts, registered a slew of domains, and immediately started using them for phishing operations. Thankfully, this appears to have stopped the attackers, but there has been some collateral damage.
Brandon C.
Community and Escalations
Sonic
by forest » Thu Jul 18, 2024 3:55 pm
Thanks for explaining, Brandon.

BTW, after getting to a place where I could phone in, and going through the verification steps to set up my accounts, I was pleased to find that Member Tools offers standard TOTP as an option for the second factor. Good choice. :)
by superd » Tue Jul 23, 2024 9:49 pm
How do we opt-out of this?
by sonic.boom » Wed Jul 24, 2024 10:58 am
Due to security concerns, the 2-factor authentication is now required to access Member Tools so there's no option to opt out. If you need assistance with setting up your 2FA, please contact our Technical Support team at (855)394-0100. If there are wait times, you can also go to https://www.sonic.com/support_cba_request and request a call back.
Sean M.
Community & Escalations Specialist
by mball » Fri Jul 26, 2024 9:35 am
I HAD a few minutes to change an alias.
Now the only person who cannot is me.

What irks me about 2FA is that I'm required to pay a telecom company in order to get service from a [theoretically unrelated] company who I also pay.
by ngufra » Fri Jul 26, 2024 2:09 pm
mball wrote: Fri Jul 26, 2024 9:35 am What irks me about 2FA is that I'm required to pay a telecom company in order to get service from a [theoretically unrelated] company who I also pay.
Only the first time.
Then you can use google authenticator for example instead of a SMS.
by superd » Sat Jul 27, 2024 8:40 pm
ngufra wrote: Thu Jul 18, 2024 12:31 pm I called 611, gave my name and service address, was sent a code by email that i read to them.
provided my cell phone number, then logged in and specified to send me a code on that cell number.
So, they used a compromised email address to send a verification code? Sounds legit.

Anyways, I'm probably done with Sonic. Apple has been trying to force me into 2FA for about two years, but at least they give me the OPTION to refuse something I neither want or need. Between this, the internet line that is slowly getting worse every year, forced equipment rental charge, and the insane amount I pay ($81 for a barely 5mbs connection that seems to randomly cut out), I'm out. I've been a customer for over 20 years, but my Xfinity connection is now better and cheaper.
by ngufra » Sat Jul 27, 2024 9:37 pm
superd wrote: Sat Jul 27, 2024 8:40 pm
ngufra wrote: Thu Jul 18, 2024 12:31 pm I called 611, gave my name and service address, was sent a code by email that i read to them.
provided my cell phone number, then logged in and specified to send me a code on that cell number.
So, they used a compromised email address to send a verification code? Sounds legit.
I called 611, so i was calling from within sonic network. They emailed at the registered email address. Maybe the workflow is different if calling from an unknown number.

I think the point was to force a manual registration to handle the issue "because we encountered a run of domain theft from international IPs, in which the attackers compromised a number of customer accounts, registered a slew of domains, and immediately started using them for phishing operations."
13 posts Page 1 of 2

Who is online

In total there are 0 users online :: 0 registered, 0 hidden and 0 guests (based on users active over the past 5 minutes)
Most users ever online was 2877 on Wed Sep 25, 2024 9:53 pm

Users browsing this forum: No registered users and 0 guests