VIDEO: How one ISP discouraged users from enabling two-step verification

Graham Cluley

2sv video thumb


A reader got in touch with me last week, following the series of articles we have published describing how to enable two-step verification on online accounts to harden their security.

The reader, who has asked to remain anonymous, says that he logged into his account at ISP Frontier Communications, in order to change his password. While logged in, he saw he also had an option to enable two-step verification.

However, when he went to set up two-step verification he was greeted with a tick-box:

2sv consent

“I consent to receive account related and marketing calls and/or texts from or on behalf of Frontier Communications Corp. and its affiliates at the wireless telephone number provided above, including by use of autodialed/automated technology. I understand that consent is not a condition of purchasing or receiving service.”

Perhaps understandably, the user wasn’t prepared to offer consent for marketing guff to be spammed to his mobile phone number. So he clicked “I do not consent”, fully expecting to still be able to enable two-step verification.

You can probably guess where this is going.

In our correspondent’s own words:

“When choosing ‘I do not consent’, the field is the phone number field is reset and I’m not allowed to set up 2SV. This seems to be a high level of corporate BS by their marketing department but they’re basically asking me to ditch my privacy for added security.”

When he contacted Frontier’s helpdesk to ask if it was possible to enable two-step verification without giving approval for marketing messages to be pushed out to him, he received the following (somewhat unsatisfactory and ungrammatical reply):

Frontier reply

“Thank you for the information provided. I have reviewed your service location and currently our Technicians are working to resolve a service impaired it is affecting your area. We are asking you to bare [sic] with us. As we have this issue resolved.”

If Frontier Communications wants its ISP customers to enable two-step verification then this seems a pretty sloppy way of going about things, and unlikely to encourage as many people as possible to take up the option.

Maybe Frontier’s legal department said they needed some small print to cover the sending of SMS messages to the numbers customers gave them… but that doesn’t mean they should also have to agree to marketing crud too!

Watch my latest video to see what I feel about this, and be sure to subscribe to my YouTube channel if you would like me to make more videos.

Read more:

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.

2 Replies to “VIDEO: How one ISP discouraged users from enabling two-step verification”

  1. I've never even heard of Frontier Communications but having watched your video I'm assuming they're a US-based company. It doesn't surprise me when companies do this sort of stuff and it's very bad practice.

    I am surprised that companies like BT (in the UK) don't offer 2SV as somebody who could compromise your phone provider would be in a powerful position. I'm undecided how important 2SV is in protecting the account of your ISP (assuming it's different from your phone provider).

  2. Frontier is not the only company doing this in the US. I am getting marketing calls on my cell phone since o signed for 2SV with Google and Apple.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.