So this happened to me.
A few weeks back… I received an email from my cellphone provider. That company was coming into the century of the fruitbat (screaming and kicking) and would provide 2FA on their accounts too! That is pretty cool, and so I enabled it, like I would recommend everyone. They did not have any choice, it was SMS 2fa or nothing. (Really a poor man’s 2fa, they don’t support OTP codes or something else, but I guess sms based 2fa is better than no 2fa at all!)
Today Updated my phone, restarted my phone. enter pin code for sim card. “… fuck”. I completely blanked out on my pin code. I haven’t turned off this phone in several weeks and I have been using another phone more. So my muscle memory was gone and I just blanked.
“shiiit. "
“Alright it’s okay”, I thought “I can get my PUK code from my password manager”. Check password manager: not in there.
Alright, don’t panic I can get it from my provider!
Using the provider website
Log in on the website: username, password check. We send you an SMS to log in…. (right, on my phone, which is locked)
Calling customer service (call 1)
Alright, I’ll call customer service (with a different phone).
- “hello this clearly an automated system. Tell me what you call for?”
“PUK code”
- “you can find the PUK code online, if you forgot something you can reset your password on the same page”
- breaks up connection
Alright, let me try again
Calling customer service (part 2)
- “hello this clearly an automated system. Tell me what you call for?”
“Operator” (I know, let’s get to a human!)
- “You want to talk to a customer service representive, what is the call about”
(surely they would let me continue after this) PUK code
- “you can find the PUK code online, if you forgot something you can reset your password on the same page”
- breaks up connection
WHAAAAT?
Calling customer service (part 3)
- “hello this clearly an automated system. Tell me what you call for?”
“Operator” (Fuming inside)
- “You want to talk to a customer service representive, what is the call about”
“operator”
- “we will get you a customer service employee”
And then I finally got a person on the line. The conversation was really ok, they verified who I was with several questions. And the person on the other side of the line actually tried to understand how I got into this mess and will report it back up.
Lessons learned
Extract your valuable stuff from companies and save it in a place you control, like a password manager. Treat customer robots (actual robots, not the humans, be nice to the humans) like the garbage they are? Profit?