KPN mandatory SMS authentication
🔧This article may rely heavily on AI/LLM-generated text. Claims and citations should be verified.
#appeals channel in either Zulip or Discord to request removal.LLM-generated text may include hallucinated citations, inaccurate claims, or statements which are correct, but are supported by the wrong citation. AI text often also does not follow the editorial guidelines and generally contain prose of poor quality. You can help by replacing weak citations with verifiable sources, auditing the article for inaccurate content, and rewriting passages to comply with the guidelines.
Background
[edit | edit source]KPN’s MijnKPN service provides customer access to billing, subscription management, and account settings for broadband, television, and mobile services. In 2024, KPN introduced **mandatory two-step verification (2FA)** to improve account security. While 2FA is a common security measure, KPN’s implementation relies exclusively on SMS messages to mobile phones, with **no officially supported landline, email, or hardware token alternatives**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))
Incident
[edit | edit source]In early 2024, KPN began enforcing **mandatory SMS-based 2FA for all customers**. Users must enter a one-time code sent to their registered mobile number to access their accounts. Customers without mobile phones, non-Dutch mobile numbers, or with device issues cannot complete the authentication process, effectively restricting access.
Community reports confirm that KPN support advises users in such cases to **obtain a local mobile device** or contact support to regain access. The policy has been systemically applied across the customer base, demonstrating it is a **corporate-wide requirement** rather than isolated incidents. ([KPN Community](https://community.kpn.com/kpn-id-en-mijnkpn-29/hoe-gebruik-ik-tweestapsverificatie-zonder-nederlands-telefoonnummer-639075))
Company's response
[edit | edit source]KPN has stated that SMS is the **most widely accessible method** for two-step verification and that **other authentication channels are being evaluated**. No public timeline has been provided for the rollout of alternatives such as **landline OTP, app-based authenticators, or hardware tokens**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))
Consumer response
[edit | edit source]Community discussions and public forums indicate frustration among users who cannot use SMS, citing **restricted access, lack of alternatives, and reduced consumer autonomy**. Verified responses from KPN moderators confirm the requirement and advise users to acquire a mobile device to comply. The systemic nature of this policy has prompted consumer advocates to call for **multiple authentication channels** to enhance accessibility and security. ([KPN Community](https://community.kpn.com/online-veiligheid-25/mijnkpn-tweestapsverificatie-mfa-wordt-verplicht-wat-betekent-dit-voor-jou-637989))
Lawsuit
[edit | edit source]No publicly documented litigation regarding this policy has been reported as of 2026.