May
I have a very specific problem with EverSafe and I don't know how to get help.
My email address uses the TLD .works e.g. myname@mycompany.works I've used that email for a long time. The TLD is a legitimate one: https://icannwiki.org/.works
However the EverSafe does not recognize my email as a real email address so I cannot do anything, my account is frozen as I cannot access or reset it without using the email address.
Can someone please contact the EverSafe team and ask them to remove that restriction/add an exception for that domain?
May
It seems this is happening to Public Mobile customers as well.
May
Yep, it's a mess over there.
EverSafe is a good enough idea but not allowing proper 2FA methods, not recognizing TLDs that have existed for a decade and enforcing password updates with weird restrictions and bad strength monitoring just seems like someone was trying to be clever and didn't really know what they were doing.
All of those things have long been understood to have either negative or no security value. We have sites across the web implementing highly secure 2FA authentication systems and even passwordless authentication as standard and then we have EverSafe which seems like it was developed in 2015...
May
@jamiepm2 I'm going to do some digging. If I find anything out that can help, I'll report back 🙂
May
Much appreciated @dru !
June
Any luck @dru ?
June
June
@jamiepm2 the team has captured the issue for investigation. There isn't an ETR for now but if I hear anything worth sharing, I will ASAP.