KPN mandatory SMS authentication: Difference between revisions

Revision as of 22:07, 24 February 2026

Short summary of the incident using references.^[1] Usually 2-3 sentences that summarize the contents or the article. When writing the article, insert text in the space below this box, and then delete this tip box (and the other tip boxes below). In the visual editor, just click on a box and press backspace to delete it. In the source editor, simply delete the double curly brackets, and the text inside them.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Background

Information about the product/service history to provide the necessary context surrounding the incident

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

KPN’s MijnKPN service provides customer access to billing, subscription management, and account settings for broadband, television, and mobile services. In 2024, KPN introduced mandatory two-step verification (2FA) to improve account security. While 2FA is a common security measure, KPN’s implementation relies exclusively on SMS messages to mobile phones, with no officially supported landline, email, or hardware token alternatives. (Security.nl )

[Incident]

Change this section's title to be descriptive of the incident.

Impartial and complete description of the events, including actions taken by the company, and the timeline of the incident coming to the public's attention.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[Company]'s response

If applicable, add the proposed solution to the issues by the company.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

In early 2024, KPN began enforcing mandatory SMS-based 2FA for all customers. Users must enter a one-time code sent to their registered mobile number to access their accounts. Customers without mobile phones, non-Dutch mobile numbers, or with device issues cannot complete the authentication process, effectively restricting access.

Community reports confirm that KPN support advises users in such cases to obtain a local mobile device or contact support to regain access. The policy has been systemically applied across the customer base, demonstrating it is a corporate-wide requirement rather than isolated incidents. (KPN Community

KPN’s response

KPN has stated that SMS is the most widely accessible method for two-step verification and that other authentication channels are being evaluated. No public timeline has been provided for the rollout of alternatives such as landline OTP, app-based authenticators, or hardware tokens. (Security.nl )

Lawsuit

If applicable, add any information regarding litigation around the incident here.

Claims

Main claims of the suit.

Rebuttal

The response of the company or counterclaims.

Outcome

The outcome of the suit, if any.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Consumer response

Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

References

↑ ref goes here

Add a category with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[1] ref goes here

[1]