Two Factor Authentication (2FA) on Lebrara Account PLEASE!

I don't think it's necessary for all online accounts to have two-factor authentication. Access is easier, obviously, with single-factor authentication and is suitable for accounts that don't provide access to very sensitive data.
I don't think it's unreasonable, in 2026, to expect users to use unique strong passwords, a password manager and to be aware of the data they divulge to single-factor authenticated accounts.
What could an attacker do if my Lebara account was compromised other than inconvenience me?

"What could an attacker do if my Lebara account was compromised other than inconvenience me?"

1. Because the attacker can log in, they have access to your Account Metadata facilitating a "Social Engineering" bypass. In the world of customer support, this metadata is the same as "Identity Verification."

An attacker can contact Lebara Live Chat and say: "I've lost my SIM card and I no longer have access to my old email address. I need to update my email and do a SIM swap."

When the agent asks for proof of identity, the attacker can provide:

• The last three numbers you called/texted (visible in your portal logs).
• The date and amount of your last top-up (visible in payment history).
• Your registered home address (visible in profile settings).

If the agent is satisfied with these "security questions," they may override the automated email verification and manually change your email or issue a SIM swap.

2. Identity Theft and Targeted Phishing

Even if they never manage to steal your phone number, they now have a "dossier" on you:

• Address, Full Name and Call Log: Can be used for more convincing identity fraud.
• Usage Patterns: They know who you talk to. They can use this to target your friends or family with phishing messages appearing to be from you once they eventually get your number.

Simple fix: Lebara implement 2FA like so many other online accounts and its really not a hardship. If you "use unique strong passwords, a password manager" then you can use a 2FA app, though they would probably use SMS first which has its own security issues. You can use "trust this device" if you are really upset about using a 2FA code every time you log in.

Firstly, I haven't given Lebara my name or address, I only give personal information when absolutely necessary and only to accounts that employ multiple authentication factors.
Secondly, in the very unlikely event that my account has been compromised (I use strong unique passwords), I expect the Lebara agent to use some scepticism when the attacker tells them that the SIM is lost, and yet is currently in use.
Multi-factor authentication is not always necessary, in my opinion. Just as two locks are not necessary on all doors.

LebaraUsers, pennypincher many thanks for raising your concerns about account security! Account security is a priority for Lebara and we recognise the importance of stronger authentication. Enhancements to authentication including multi-factor options is already part of our product roadmap. Keep an eye on our Welcome, Whats New board for future announcements.