<div dir="ltr"><div dir="ltr"><div>1. On T-Mobile login, I am presented with the options of using my local TOTP generator or receceving a text containing the TOTP. I guess your concern is that someone using T-Mobile's DIGITS service can get that texted TOTP. A texted TOTP is vulnerable to a SIM swap attack. (Where someone impersonates you and transfers your SIM to a new device.) The DIGITS app authentication process has the same fundamental flaw, vulnerable to a SIM swap attack. My review of the DIGITS app authentication process is that it relies exclusively on a text message to "your" phone (or the thief's phone if a thief succeded in porting your account to their phone) to complete its own authentication that you are who you say you are. Again, vulnerable to a SIM swap attack. </div><div><br></div><div>2. But T-mobile has a separate secret code process to prevent SIM swaps attack. See Under Account, settings, SIM protection. Here you can turn ON the SIM Protection. This feature requires the entity requesting a SIM swap to provide a unique 6 to 15 digit PIN to effect the SIM transfer. But I do not see a way to get a new PIN now, and I do not have a record of such a PIN. I hesitate to turn on this feature until after I know from T-mobile what my PIN is.</div><div><br></div><div>3. Other things you can do in T-mobile to limit the chance your user ID and pswd are compromises, and prevent other hassles:</div><div><br></div><div><br></div><div>In privacy settings, turn OFF the following:<br><br>"Let us share your individual data with trusted third parties for public and scientific research purposes."<br>All "Advertising options"<br>All "Sharing certain financial information"<br><br>In privacy setting, turn ON the following:<br><br>"Share your data to help protect you against fraud and identity theft"<br><br>In "Do not sell or share my personal information"<br>Turn OFF all options.'<br><br>In "Mobile Advertising ID Opt Out" find your cell phone's advertising ID (32 or so digits long), enter it in the interface, and click Opt Out.<br><br>In "Block calls and messages" enable "Block Scam Likely Calls"</div><div><br></div><div><br></div><br></div><br><div class="gmail_quote gmail_quote_container"><div dir="ltr" class="gmail_attr">On Thu, Oct 2, 2025 at 5:41\u202fPM Suzannah K. Sundby via Patentpractice <<a href="mailto:patentpractice@oppedahl-lists.com">patentpractice@oppedahl-lists.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div class="msg2923038958626298606">
<div lang="EN-US" style="overflow-wrap: break-word;">
<div class="m_2923038958626298606WordSection1">
<p class="MsoNormal"><span>So, considering my issue with unauthorized accounts associated with my Amazon account.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>I decided to <span class="m_2923038958626298606GramE">
look into</span> SIM card hacking, etc.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="background:yellow">PSA: Check your cell phone and take measures to secure/lock your SIM card.<span>
</span>Read more here.<span> </span><a href="https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/" target="_blank">https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/</a></span><span><u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>I have T-Mobile.<span>
</span>After checking out the T-Mobile app, which I never did use before (I was previously Sprint).<span>
</span>I discovered that one can also set up <span class="m_2923038958626298606SpellE">2FA</span> for logging into T-Mobile\u2026 which I guess is essential to protect one\u2019s cell phone and SIM card.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>It seems I already had SIM card protections toggled on.<span>
</span>Whew.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>But, in reviewing security options\u2026 T-Mobile has something called DIGITS, which lets one use one phone number to talk and text on multiple devices.<span>
</span>WTF?!?!?!<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>I tried toggling this OFF, but then a
<span class="m_2923038958626298606GramE">warning pops</span> up saying if I disable then I can no longer receive texts and emails, etc.<span>
</span>WTF?!?!?!<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>Nevertheless, the app indicates that there are no additional devices using my account/phone number\u2026 Whew.<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>But still\u2026<span>
</span>Why does toggling off DIGITS (to prevent other devices from using my phone number) turn on \u2018Device Block\u2019 which per T-Mobile \u201cIf you select this service [Device Block], you will no longer be able to send or receive any type of message.\u201d<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span>I mean\u2026 WTF\u2026 It\u2019s just like Amazon whereby others can create associated accounts using my cell
<span class="m_2923038958626298606GramE">number</span> but I can\u2019t remove my cell number from my account,
<span class="m_2923038958626298606SpellE">etc</span>\u2026<u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="background:yellow">Anyway, PSA: Check your cell phone and take measures to secure/lock your SIM card.<span>
</span>Read more here.<span> </span><a href="https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/" target="_blank">https://securityscorecard.com/blog/sim-card-hacking-what-it-is-how-it-works-and-how-to-protect-yourself/</a></span><span><u></u><u></u></span></p>
<p class="MsoNormal"><span><u></u> <u></u></span></p>
<p class="MsoNormal"><span style="font-size:10pt;font-family:"Century Gothic",sans-serif;color:black"><a href="http://www.linkedin.com/in/ssundby/" target="_blank"><span style="color:black;text-decoration:none">Suzannah
K. Sundby</span></a></span><span style="font-size:10pt;font-family:"Century Gothic",sans-serif">
<b><span style="color:rgb(0,0,204)">|</span></b> Partner<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-top:4pt"><span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)"><a href="http://www.canadylortz.com/" target="_blank"><u><span style="font-size:10pt;font-family:"Century Gothic",sans-serif;text-decoration:none">canady
+ lortz</span></u><u><span style="font-size:8pt;font-family:"Century Gothic",sans-serif;text-decoration:none">
<span style="font-variant:small-caps">LLP</span></span></u></a></span><span style="font-size:11pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif">1050 30th Street, NW<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif">Washington, DC 20007<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-top:4pt"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif">T: 202.486.8020<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif">F: 202.540.8020<u></u><u></u></span></p>
<p class="MsoNormal" style="margin-top:4pt"><span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)"><a href="mailto:suzannah@canadylortz.com" target="_blank"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;text-decoration:none">suzannah@canadylortz.com</span></a></span><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)"><u></u><u></u></span></p>
<div style="border-width:medium medium 1pt;border-style:none none solid;border-color:currentcolor currentcolor rgb(0,0,204);padding:0in 0in 6pt">
<p class="MsoNormal" style="border:medium;padding:0in">
<span style="font-size:11pt;font-family:"Aptos",sans-serif;color:rgb(0,0,204)"><a href="http://www.canadylortz.com/" target="_blank"><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;text-decoration:none">www.canadylortz.com</span></a></span><span style="font-size:9pt;font-family:"Century Gothic",sans-serif;color:rgb(0,0,204)"><u></u><u></u></span></p>
</div>
<p class="MsoNormal" style="text-align:justify"><span style="font-size:7pt;font-family:"Century Gothic",sans-serif;color:rgb(127,127,127)">Confidentiality Notice:
<span> </span>This message is being sent by or on behalf of a lawyer.
<span> </span>It is intended exclusively for the individual or entity to which it is addressed.
<span> </span>This communication may contain information that is proprietary, privileged or confidential, or otherwise legally exempt from disclosure.
<span> </span>If you are not the named addressee, you may not read, print, retain, copy, or disseminate this message or any part.
<span> </span>If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.<u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
-- <br>
Patentpractice mailing list<br>
<a href="mailto:Patentpractice@oppedahl-lists.com" target="_blank">Patentpractice@oppedahl-lists.com</a><br>
<a href="http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com" rel="noreferrer" target="_blank">http://oppedahl-lists.com/mailman/listinfo/patentpractice_oppedahl-lists.com</a><br>
</div></blockquote></div><div><br clear="all"></div><br><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div>Best regards</div><div>Rick Neifeld, J.D., Ph.D. <br></div><div>Neifeld IP Law PLLC<br></div><div>9112 Shearman Street, Fairfax VA 22032</div><div>Mobile: 7034470727<br></div><div>Email: <a href="mailto:RichardNeifeld@gmail.com" target="_blank">RichardNeifeld@gmail.com</a>; <br></div><div><br></div></div></div></div>