As of about October 15, VOIP.MS requires all accounts to use two-step email verification to log in at www.voip.ms …
I understand the motive. For most accounts, it’s a great idea. However, I think an account should be able to opt out of 2FA. Here’s why:
I’ve put many of my clients on VOIP.MS over the years, and for some of these customers, I manage their VOIP.MS account by logging in to maintain subaccounts, update recordings, and download call details records. Most of them have me do these tasks because VOIP.MS is a little complicated for the average user. Some of them are elderly. Until the change, logging into their account was painless. Now I have to call them each time to have them tell me the 6-digit code that VOIP.MS emailed. Some of them – especially the elderly – are not proficient with email, so getting the code can be hard.
I’m not suggesting that the VOIP.MS remove the 2FA that it imposed on all accounts last week. I’m suggesting only that a customer be allowed to remove 2FA if they want to.
Other online services offer 2FA, but they don’t make it mandatory. For example, Gmail offers optional 2FA.
What do you think of the mandatory 2FA at VOIP.MS?
I think you are right, it should not be mandatory.
In general, I think 2FA is an unnecessary hassle for most services/accounts but it seems everyone wants to force people to use it.
Each time you log in from a new device or location, you’ll receive a unique verification code by email, which you’ll need to enter to complete your sign-in.
Entering this code confirms your identity and helps prevent unauthorized access, even if your password is ever compromised. This added step enhances your account security by reducing the risk of unauthorized access, protecting your personal information, and giving you extra peace of mind whenever you log in.
This update also keeps our platform aligned with current industry security standards and best practices, ensuring your experience remains both reliable and protected.
I always use the same browser on the same computer so it does not affect me, but I was considering helping a relative with voip.ms so it may affect me in the future (unless voip.ms remembers both devices).
I was considering using the reseller interface to help this particular relative, which would give him access to log in to his account and me access via the reseller portal - but it appears that changes the way voip.ms bills for service. If I read correctly, if I set up a client via the reseller portal voip.ms would charge me for their usage and the client would pay me through voip,ms? I’d rather not get in the middle of the payment process.
I also agree. I sent a question to the tech support on that.
I manage accounts for others that trust me for the technical side of things, and this is now virtually impossible to do without disturbing them for nothing all the time.
I was also suggesting to add multi-user management. So there could be more than one person that can manage an account. Like, two admin login.
While I agree for 2FA to be optional for things like, login in a forum, game site, etc. , you don’t want people to disable it for convenience on financial, email or Voip/Phone services. Anyone infected with a malware might sustain great damage if 2FA is not enabled in the above services.
If you have customers that rely on Voip, you can create burner emails for each customer with a service like Simplelogin and manage it yourself. Otherwise, instruct them to create a rule inside their email proivder, to forward VoipMs emails to your email.
If using a password manager that supports TOTP (time based one-time password) create the credentials for the various accounts and switch from email or text 2FA to app based TOTP for each. It works well with members of my family that want me to manage some of their online accounts that demand 2FA.
Well, I think 2FA is an easy solution for people who know not much about security and hacking. But I undersand businesses implementing that to protect themselves agains fraud, and their clients who would turn on them after. But it is not always the best solution for all scenarios. Let’s say the options are quite limited regarding flexibility with voip.ms right now, especially because it is not possible to have multiple users to login in an account.
Nevertheless, the email forwarding idea is a simple one to implement. I will see if this is practical and possible to isolate the 2FA emails only.
But what Rick said just made me realize there is a TOTP option for accounts. I did not realize that—thank you @Rick! Using emails is problematic (a burner email is not the best solution as voip.ms uses the email in the contact information, and could lead to other problems). But TOTP could solve the problem as both the main contact and I can have the same Key to generate codes to login. (Using “2FAS Auth” makes this very easy to do.)
If the account owners are comfortable with TOTP, I might just go that way.
Hey @Dael, well, if you do not receive 2FA emails, I would send an email to support@voip.ms. If this is urgent, maybe @William can help you. You can send him a Direct Message (click on “Start new DM” at the bottom of the menu).
Thank you for expressing your concerns in this thread. I assure you that I will forward all of your feedback to the appropriate department, along with the suggestions for alternative methods and functionalities that you would like to see implemented.
For @Dael, if you have a ticket number in this regard , please PM the information so I can verify further, thanks
I agree with previous comments.Sending security code by email is a real PITA. In the same browser session (even with the “remember my browser” checked) I have to checked my mail to receive another security code if I close the voip.ms site. It’s very frustating.
Along the years I convinced friends and relatives (not tech friendly) to move to voip.ms and I dealt with the settings remotely to set up their accounts. I would be not able to do so now…
As mentioned above, the 2FA should be optional, please consider the opt-out way. The multi-user management is also a way to explore.
But please, do something, right now I am not considering suggesting voip.ms to anybody even if I know it’s a great service.
I am not having that experience. Perhaps a cookie setting on your browser? I verified by email once when voip.ms started the new process and have not had to verify again even after rebooting my computer.
Implementing at least multiple user/pass for login is a feature needed since years.
Even if this is all admin logins.
I would implement only one condition: only the main account login (which cannot be deleted) should be able to change the main account contact information. That is all.
Yes, that’s a great idea. It would allow VOIP.MS to continue to require 2FA for all accounts, and yet each admin user would receive their 2FA code at their own email address, which is much more convenient than getting the account owner to cough up the 2FA code each time.
One thing to note, I get the option to check the box “Don’t ask again for this browser” so that I do not need to always get a 6 digit code sent.
It seems under Reseller (tab)/Manage Clients you cannot enter the same email address (which would be the reseller) for every client as it is not allowed “already used in our data base”.
This means the whole database of voip.ms and not just the resellers sub accounts etc.
The email is the user name…It’s the only killer it appears.
I think adding another email field/s but have it segregated.
voip.ms has a reseller interface that allows the reseller to control the end customer’s accounts including turning off features for the end users and reserving those settings for resellers only.
I have activated the interface on my voip.ms account but have not added any clients yet. If I understand correctly, I can set rates and voip.ms will collect payment on my behalf. I could set up flat rate monthly plans or add a markup to the voip.ms fees - or set the markup to zero and just be the middleman.
I considered using this to help an aged relative with any issues he has with the service, but I’d prefer to have him have a direct business relationship with voip.ms instead of him paying me to pay voip.ms (which seems to be the way the reseller interface works).
