• peopleproblems@lemmy.world
    link
    fedilink
    English
    arrow-up
    17
    arrow-down
    3
    ·
    2 months ago

    Step 3 was your earliest big clue. You’ll never give that to a person. You’ll only ever be asked to enter it on the website it originated from.

    That being said, the other commentors are right too.

    • bamboo@lemmy.blahaj.zone
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      FWIW this isn’t always true. A few months ago, I needed to add an email to my Zelle account on Chase, and had to call them. I initiated the call and they did issue a text message verification to the phone number in my account while on the phone to confirm.

      • kungen@feddit.nu
        link
        fedilink
        English
        arrow-up
        3
        ·
        2 months ago

        Well, yeah, because they initiated the code to verify it was you who called them. Better than them asking your “security questions” or such. It’s a completely different situation if you got an incoming call who asks for that.

    • SGforce
      link
      fedilink
      English
      arrow-up
      5
      ·
      2 months ago

      Negative. Had to do that to cancel a cell phone plan recently. They sent the text to my other phone while I was on the line with CSR. Though I agree it should have been possible on the website.

    • Gestrid
      link
      fedilink
      English
      arrow-up
      2
      ·
      edit-2
      2 months ago

      Like the other guy said, it’s not always true.

      For example, even when you’re physically in the store, a T-Mobile employee may require you to read back a code that their system texted to you for certain transactions like buying a new phone for someone on your account or something like that.

    • sugar_in_your_tea@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      The problem is that there are two types of codes:

      • sent by rep and is used for verification
      • sent by system and is only used for login

      They have different messages on the text, but since I would receive the first while on the phone, I tend to skim the message and get to the number.

      For TOTP, yes, you only give your code when initially registering it to verify with the other end that it’s working.