Enable two factor authentication capabilities

They already implemented 2FA for important things like SIM swap and online order. 

The problem with 2FA for all account management functions is the issue when you lose your phone or your SIM. If you had it on, you can't access your selfserve to lock the SIM. 

Should this be closed as a duplicate of this one?  Multifactor Authentication in Self Serve Portal | Koodo Community (koodomobile.com)

I agree, 100%, when a service provider can communicate our information to the credit bureau, such as koodo, they all  are offering some form of 2 step verification for online login, when will KOODO instaure this?

100% agree.  Enable 2FA. Someone just tried to break into my Koodo Self Service and ended up locking me out.  This after the Feb 2023 Telus hack.  
Trying to get a Koodo person on the phone to resolve is like get a root canal! 
 

1. call number from Koodo email 
2. number gets you to automated voice which sends you a text with a link to a chatbot.
3. Chatbot ask you to login but you can’t so it takes a while to explain to said chatbot to finally arrange a human to call to me.  A pre call as it turns out.
4. pre call person validates me?  And then says expect a real call from Telus Service.
5. Telus Service calls and I finally get account unlocked.  This all to about 1 hour of my time and Telus/Koodo resources.  
6. also Everyone has a very challenging time with English (Indian and Spanish first language?) who talks to me.  

all way to wasteful!!! Enable 2FA now.  We know you can send text!!  

Lack of 2FA just cost me 6000$

My koodo account was the weak link, every other account I have has 2FA, but they used the option to send a text message instead.

Think twice before subscribing to a company that protects your identity like it's 1999.

How did they get $6000 from you?

My password appeared in a breach, which I wasn't told about (probably from Telus last year or so). They logged on my koodo account with it, switched my phone number to a different SIM card, changed the e-mail on my account, then used my phone number to reset passwords from all my bank accounts with 2FA with the text option, bought crypto with the money and transfered it away.

They tried my e-mail accounts first, but it didn't work thanks to 2FA, they tried the banks, didn't work thanks to 2FA, but when they had access to my phone number, it was over.

They then changed the phone number so I couldn't easily get back into my account.

Despite all the security measures in place from every other company, Koodo is the weak link.

I've recovered everything after painstakingly walking back the fraud, but it took me a whole day, and I'm back at square one in terms of security, with no possibility to fix the issue that started all this.

Our passwords will always be vulnerable to breaches, and I don't trust company to tell us about the beaches or even preemptively lock the accounts of those who are affected.

They don't care about your security.

Koodo has required 2FA to swap sim cards for several years now. Your story doesn't seem to line up.

Just came by to report that SIM swapping STILL WORKS. Buddy has his phone number compromised where someone is texting from and receiving messages to his phone number somehow, despite not having either the SIM or phone in the hackers’ hands! He even tried getting a new number but the crook still has access. They can even text people from the contacts, probably from past messages.

Have your friend reported it to police or a reporter so they can provide more insight how people did it?

I'd love that to be true. It would've saved me a lot of grief.

I know how they did it, I explained it in details above.
 

My password was in a breach, and they were able to use it to switch my SIM card, to then use my phone number to get 2FA codes from my bank accounts, and use my accounts to transfer money out.
 

All of that because Koodo doesn't offer 2FA.

They must access either your email account (not your Koodo account)or your physical SIM as well. Was your email account was exposed to hacker?

I still want 2FA / MFA in a real and meaningful way here, as well as the ability to put no transfer holds on accounts.

The extra security code does very little.

However there are new attacks that even that won't protect against, like the really good video about SS7 flaw that veritasium did this week titled "Exposing The Flaw In Our Phone System" that takes even less effort than a Sim swap for better results.

Key Differences (based on chatgpt breakdown of video)

Ease of Execution: SIM swaps rely on social engineering and convincing the carrier, while SS7 attacks require technical access to the global telecom infrastructure (which can be "easily" purchased) but offer broader control over communication.

Scope of Access: SS7 attacks can intercept communications, track locations, and redirect calls/texts without the target's knowledge. SIM swaps primarily focus on gaining control over text messages and calls by transferring the phone number.

Detection: SIM swap victims notice loss of service, while SS7 attack victims may remain unaware of the compromise, as it doesn't interfere with their phone's connectivity.

Similarities

Both methods allow attackers to intercept 2FA codes and gain unauthorized access to various accounts.

Both pose serious security threats, especially to high-value targets like public figures, business executives, and individuals handling sensitive information.

In summary, SS7 attacks are more complex, stealthy, and potentially provide a wider range of control over the target's communications compared to SIM swap attacks, which rely more on social engineering and cause a noticeable disruption in the victim'

s phone service.