Two Factor Authentication (2FA) on Lebrara Account PLEASE!

I don't think it's necessary for all online accounts to have two-factor authentication. Access is easier, obviously, with single-factor authentication and is suitable for accounts that don't provide access to very sensitive data.
I don't think it's unreasonable, in 2026, to expect users to use unique strong passwords, a password manager and to be aware of the data they divulge to single-factor authenticated accounts.
What could an attacker do if my Lebara account was compromised other than inconvenience me?

"What could an attacker do if my Lebara account was compromised other than inconvenience me?"

1. Because the attacker can log in, they have access to your Account Metadata facilitating a "Social Engineering" bypass. In the world of customer support, this metadata is the same as "Identity Verification."

An attacker can contact Lebara Live Chat and say: "I've lost my SIM card and I no longer have access to my old email address. I need to update my email and do a SIM swap."

When the agent asks for proof of identity, the attacker can provide:

• The last three numbers you called/texted (visible in your portal logs).
• The date and amount of your last top-up (visible in payment history).
• Your registered home address (visible in profile settings).

If the agent is satisfied with these "security questions," they may override the automated email verification and manually change your email or issue a SIM swap.

2. Identity Theft and Targeted Phishing

Even if they never manage to steal your phone number, they now have a "dossier" on you:

• Address, Full Name and Call Log: Can be used for more convincing identity fraud.
• Usage Patterns: They know who you talk to. They can use this to target your friends or family with phishing messages appearing to be from you once they eventually get your number.

Simple fix: Lebara implement 2FA like so many other online accounts and its really not a hardship. If you "use unique strong passwords, a password manager" then you can use a 2FA app, though they would probably use SMS first which has its own security issues. You can use "trust this device" if you are really upset about using a 2FA code every time you log in.

Firstly, I haven't given Lebara my name or address, I only give personal information when absolutely necessary and only to accounts that employ multiple authentication factors.
Secondly, in the very unlikely event that my account has been compromised (I use strong unique passwords), I expect the Lebara agent to use some scepticism when the attacker tells them that the SIM is lost, and yet is currently in use.
Multi-factor authentication is not always necessary, in my opinion. Just as two locks are not necessary on all doors.

LebaraUsers, pennypincher many thanks for raising your concerns about account security! Account security is a priority for Lebara and we recognise the importance of stronger authentication. Enhancements to authentication including multi-factor options is already part of our product roadmap. Keep an eye on our Welcome, Whats New board for future announcements.

Can I echo the original request: please implement Two Factor Authentication as soon as. I have no other online account without 2FA for very sensible security reasons.

Noted Pathkeeper! It's on the roadmap and we'll share an update here on the community once there is news on this.

pennypincher you are wrong.
A SIM‑swap attack occurs when criminals convince a mobile network to transfer your number to a SIM they control. Once they have your number, they can intercept bank one‑time passcodes, reset email passwords, and take over financial and social accounts.
UK fraud‑prevention service Cifas reported SIM‑swap attacks rising 38% year‑on‑year, driven by criminals exploiting SMS‑based authentication.
The moment the swap happens, your phone loses service — and the attacker receives all calls and texts.

Across multiple independent reports, Lebara is repeatedly cited as a network with weak identity‑verification procedures and no 2FA for SIM‑swap requests.
Lebara customers report that SIM swaps can be performed instantly, with no verification text, no email confirmation, and no second‑factor challenge. This means a criminal who gains access to your email — or who can socially engineer support staff — can trigger a swap without your knowledge.
Which? documented a case where scammers repeatedly failed Lebara’s ID checks (wrong address, wrong password, incorrect frequently‑dialled number), yet Lebara still processed account changes and ultimately a SIM swap. This enabled attackers to drain £3,500 from the victim’s accounts.

Come on Lebara - get a move on and implement 2FA!

Yes come on indeed. Lebara is taking top spot in this Which article below and wait until you see what Which's 2nd recommendation its at the bottom of the article on Sim Swapping!
"Secure your mobile account using a strong password and 2FA. Ask your network whether it can offer an extra layer of security, such as requesting an additional Pin or password to approve sensitive account changes."