Leave a legacy.

Allow users to secure their accounts with 2-Factor Authentication (2FA)

By: minimike86 | 31-07-2018 01:33

Problem Statement

Currently you log into giffgaff via your username (member name or mobile number) and your password.

Attackers can very easily enumerate member names using giffgaff's own affiliate links. For example: When you browse to https://www.giffgaff.com/orders/affiliate/minimike86 you will see that I am offering a joining bonus. However when you browse to https://www.giffgaff.com/orders/affiliate/ijustmadethismembernameup which is an invalid member name you are redirected to https://www.giffgaff.com/orders/mgm and with a few lines of code you can find all of the possible member names on the site.

What is your idea?

"2-Factor Authentication (2FA)" is a security control whereby a physical device (something you have) in the possession of the user produces random one-time use codes that are supplied with or after the username/password (something you know) combination. Example: a mobile phone running the google authenticator application <- Most Secure

"two-step verification" is a security control whereby you would receive a text message or email with a code that you would then enter after a successful login using a username/password combination, which would then authenticate you. This security control is not currently activated. <- Somewhat Secure

How will this benefit giffgaff and it’s members? Why should giffgaff implement your idea?

Currently the ONLY thing protecting any giffgaff customer from account compromise is their password.
It should therefore be fairly obvious what the benefits of adding one or both of the above ideas are...

  • Customer data will be more secure from account compromise (guessing username/password)!
  • GiffGaff will boost its customer reputation!
  • GiffGaff will reduce its operating costs - when informing customers about suspicious activity on their user accounts!

-

Comments

by: nafis40
on: 19-01-2020 19:32

goood idea +1...

by: jackjohnjoseph
on: 14-01-2020 15:54

supported, with security being a big issue these days we must be improving it

by: racha27269
on: 17-12-2019 00:06

excellent idea fully supported.

by: racha27269
on: 17-12-2019 00:05

excellent idea fully supported.

by: ovidik07
on: 11-12-2019 10:19

one of the most important things nowadays is security!

by: haseebhejazi
on: 10-12-2019 23:07

great idea

by: k_riverss
on: 21-10-2019 16:13

Its ****** shocking that still they drag their feet on this, I will leave giffgaff soon if they don't implement MFA, my personal data is worth more than the tenna a month I save.

Giffgaffs general lack of advancement and innovation is somewhat disheartening, all they do its basically change goody bags offerings to keep relevant in the market and take your money, that's all they've done since I've been with them for 9 years.

Somewhat pathetic in all honesty.

by: cms22
on: 19-10-2019 19:29

Great idea. Some people including me want 2fa so thanks Giffgaff for starting to work on this. Will help a lot.

by: dennisbowen
on: 19-10-2019 08:05

I don't know if there is any benefit

by: various_mm
on: 06-10-2019 12:31

how long before this rolled out? could do with having this soon