What's to stop hackers entering their own phone number when verifying an account?
Jan 12, 2012 4:03 AM
Posted in group:
I just logged into YouTube for the first time in a while. Immeadiately I am redirected to a page that tells me that my account has been doing some suspicious activitiy, can I please verify it by entering my phone number so that it can send me a message with a verification code?
First off, I am not impressed. I don't like giving out my mobile phone number like this, and I feel it is an invasion of privacy. I want to log into my account, but forcing me to enter information I would not normally give out is not on.
Second, IF I had been a hacker that had somehow got hold of this account, what is to stop me entering my phone number to verify it's mine, even if it wasn't? I can assure you this is my account, I would not be complaining if it wasn't, but if it wasn't mine before I would have it for keeps now, because after I received my verification code I was promted to change the password to something that had not been used before, so if my account had belonged to someone else they would not be able to use it at all now, the password has been forcefully changed.
In my honest opinion, the phone number verification is simply a bad idea. It gives any hackers a greater opportunity to keep control of any account they've hacker into, because they can just use their own phone number to 'verify' it. It needs to be changed back to email (using the email address on record, not one the user has to enter), because even if they hack into one's YouTube account, they probably wont have control of the account holder's email account, which means that any hacker would loose access at they verification step.