Discussion:
Two Factor Authorization Mystery Solved
(too old to reply)
Retirednoguilt
2023-11-30 20:55:08 UTC
Permalink
As more and more web sites (especially those for financial institutions)
deploy 2 factor authorization, I'm describing my recent experience and
what I found and did to resolve it.

Previously I had no problems logging on to a web site using two factor
authorization. I'd click on the box on the web page to get an automated
phone call to my land line and almost immediately, my phone would ring
and I'd get the call speaking the numerical code that I entered on the
web site form.

Yesterday, trying to log on, my phone never rang. However, a minute or
two later, I'd get notification of a new voice mail. Turns out the
voice mail was from the financial institution I was trying to log on to.
The computer generated voice mail said that apparently I was having
trouble logging on and I should try again or call a toll free number the
recording provided to get assistance. Several more attempts yielded the
same result. I eventually called and asked to be connected to their web
site technical support department. The person I spoke with said they
had not changed anything in their two factor authorization protocol and
had no idea why their automated call was not ringing through to me.

I began considering potential reasons and wondered if COMCAST Voice had
changed their spam protection protocols and the problem was caused by an
issue at COMCAST. I logged on to my COMCAST account and went to the
spam blocking section of their "voice" settings. Apparently they now
have 4 or maybe 5 categories into which they sort incoming calls.
Verified authentic calls (don't ask me how the numbers are verified, I
have no idea) display a "[V]" at the beginning of the caller ID display.
Some other calls that apparently don't have any shady history but
haven't been verified just display the identity and number, and then
there are 3 categories of calls categorized as low risk, medium risk,
and high risk. On the spam blocking web page, there are 3 radio buttons
to the right of each spam risk category labeled "Block", "Send to
voicemail" and "Allow". The default settings were high risk - block,
with both medium and low risk sent to voice mail. On a hunch, I changed
the setting for low risk to allow. I then attempted again to log in to
the financial institution. When I clicked on the button on the web site
to send the code, almost immediately my phone rang and when I picked up,
I heard the code. What was interesting was that the caller ID displayed
"Spam?" before the name and number of the caller. I've reported the
erroneous designation of that phone number as "Spam?" to COMCAST and
indicated that "[V]" was much more appropriate for a critical phone
number at a financial institution with more than one trillion dollars
under management!

If you have COMCAST phone service and recently experienced mysterious
failure to receive expected incoming calls, check your account's spam
blocking settings. COMCAST never informed me that they changed their
protocols and default incoming call routing/blocking behavior. After
all, informing customers of that change would probably cost them money.
VanguardLH
2023-11-30 21:14:42 UTC
Permalink
Post by Retirednoguilt
As more and more web sites (especially those for financial institutions)
deploy 2 factor authorization, I'm describing my recent experience and
what I found and did to resolve it.
Previously I had no problems logging on to a web site using two factor
authorization. I'd click on the box on the web page to get an automated
phone call to my land line and almost immediately, my phone would ring
and I'd get the call speaking the numerical code that I entered on the
web site form.
Yesterday, trying to log on, my phone never rang. However, a minute or
two later, I'd get notification of a new voice mail. Turns out the
voice mail was from the financial institution I was trying to log on to.
The computer generated voice mail said that apparently I was having
trouble logging on and I should try again or call a toll free number the
recording provided to get assistance. Several more attempts yielded the
same result. I eventually called and asked to be connected to their web
site technical support department. The person I spoke with said they
had not changed anything in their two factor authorization protocol and
had no idea why their automated call was not ringing through to me.
I began considering potential reasons and wondered if COMCAST Voice had
changed their spam protection protocols and the problem was caused by an
issue at COMCAST. I logged on to my COMCAST account and went to the
spam blocking section of their "voice" settings. Apparently they now
have 4 or maybe 5 categories into which they sort incoming calls.
Verified authentic calls (don't ask me how the numbers are verified, I
have no idea) display a "[V]" at the beginning of the caller ID display.
Some other calls that apparently don't have any shady history but
haven't been verified just display the identity and number, and then
there are 3 categories of calls categorized as low risk, medium risk,
and high risk. On the spam blocking web page, there are 3 radio buttons
to the right of each spam risk category labeled "Block", "Send to
voicemail" and "Allow". The default settings were high risk - block,
with both medium and low risk sent to voice mail. On a hunch, I changed
the setting for low risk to allow. I then attempted again to log in to
the financial institution. When I clicked on the button on the web site
to send the code, almost immediately my phone rang and when I picked up,
I heard the code. What was interesting was that the caller ID displayed
"Spam?" before the name and number of the caller. I've reported the
erroneous designation of that phone number as "Spam?" to COMCAST and
indicated that "[V]" was much more appropriate for a critical phone
number at a financial institution with more than one trillion dollars
under management!
If you have COMCAST phone service and recently experienced mysterious
failure to receive expected incoming calls, check your account's spam
blocking settings. COMCAST never informed me that they changed their
protocols and default incoming call routing/blocking behavior. After
all, informing customers of that change would probably cost them money.
I just checked my Comcast voicemail spam block settings which I haven't
touched nor even reviewed in maybe 3 years, or more. They are:

High risk calls: Block
Medium risk calls: Send to voicemail
Low risk calls: Allow

There is no indications what are the defaults if you never touched them,
or they got introduced since you previously reviewed your spam block
settings.

Despite Comcast adding spam call filtering (which seems new to me since
I don't know when they added it), I had already incorporated NoMoRobo
with my Comcast Voice number. For spammers, I hear 1 rings, and then
silence. The CID gets sent between the 1st and 2nd ring, and why I
still hear the 1st ring. So, I don't pick up until the 2nd ring.

https://corporate.comcast.com/press/releases/comcast-new-advanced-spam-blocker-feature-xfinity-voice-customers
(dated Oct 2021)

Looks like I haven't reviewed my Voice settings for at least 2 years.

As for "verified" status of a call, the article above refers to:

https://corporate.comcast.com/press/releases/fcc-chairman-pai-crtc-chairman-scott-stirshaken-calls-xfinity-voice-telus-wireless
Retirednoguilt
2023-12-01 16:04:14 UTC
Permalink
Post by VanguardLH
Post by Retirednoguilt
As more and more web sites (especially those for financial institutions)
deploy 2 factor authorization, I'm describing my recent experience and
what I found and did to resolve it.
Previously I had no problems logging on to a web site using two factor
authorization. I'd click on the box on the web page to get an automated
phone call to my land line and almost immediately, my phone would ring
and I'd get the call speaking the numerical code that I entered on the
web site form.
Yesterday, trying to log on, my phone never rang. However, a minute or
two later, I'd get notification of a new voice mail. Turns out the
voice mail was from the financial institution I was trying to log on to.
The computer generated voice mail said that apparently I was having
trouble logging on and I should try again or call a toll free number the
recording provided to get assistance. Several more attempts yielded the
same result. I eventually called and asked to be connected to their web
site technical support department. The person I spoke with said they
had not changed anything in their two factor authorization protocol and
had no idea why their automated call was not ringing through to me.
I began considering potential reasons and wondered if COMCAST Voice had
changed their spam protection protocols and the problem was caused by an
issue at COMCAST. I logged on to my COMCAST account and went to the
spam blocking section of their "voice" settings. Apparently they now
have 4 or maybe 5 categories into which they sort incoming calls.
Verified authentic calls (don't ask me how the numbers are verified, I
have no idea) display a "[V]" at the beginning of the caller ID display.
Some other calls that apparently don't have any shady history but
haven't been verified just display the identity and number, and then
there are 3 categories of calls categorized as low risk, medium risk,
and high risk. On the spam blocking web page, there are 3 radio buttons
to the right of each spam risk category labeled "Block", "Send to
voicemail" and "Allow". The default settings were high risk - block,
with both medium and low risk sent to voice mail. On a hunch, I changed
the setting for low risk to allow. I then attempted again to log in to
the financial institution. When I clicked on the button on the web site
to send the code, almost immediately my phone rang and when I picked up,
I heard the code. What was interesting was that the caller ID displayed
"Spam?" before the name and number of the caller. I've reported the
erroneous designation of that phone number as "Spam?" to COMCAST and
indicated that "[V]" was much more appropriate for a critical phone
number at a financial institution with more than one trillion dollars
under management!
If you have COMCAST phone service and recently experienced mysterious
failure to receive expected incoming calls, check your account's spam
blocking settings. COMCAST never informed me that they changed their
protocols and default incoming call routing/blocking behavior. After
all, informing customers of that change would probably cost them money.
I just checked my Comcast voicemail spam block settings which I haven't
High risk calls: Block
Medium risk calls: Send to voicemail
Low risk calls: Allow
There is no indications what are the defaults if you never touched them,
or they got introduced since you previously reviewed your spam block
settings.
Despite Comcast adding spam call filtering (which seems new to me since
I don't know when they added it), I had already incorporated NoMoRobo
with my Comcast Voice number. For spammers, I hear 1 rings, and then
silence. The CID gets sent between the 1st and 2nd ring, and why I
still hear the 1st ring. So, I don't pick up until the 2nd ring.
Your default settings make sense and as I noted, are what I set mine to
do while trouble shooting. Don't know how/why/when my low risk setting
(which I had never previously seen or touched) was set to send the call
to voicemail. I figured my post was too long already to add that I also
use NOMOROBO on that line. However, my phone, a Panasonic, has a
setting option that silences the first ring of every incoming call. We
hear nothing when a call is intercepted by NOMOROBO. To give us enough
time to get to a handset before the COMCAST voice mail kicks in, in the
COMCAST voice settings, I raised the number of rings before voicemail
intercepts the call by one ring. Many times each day, if I happen to
see the LCD screen of my phone out of the corner of my eyes, I'll note
that the screen lights up and displays "incoming call" for about 5-7
seconds. The phone never rings and the call never registers on the
phone's caller ID history list. However, it does show up on my COMCAST
Voice calling log and inevitably is an unwanted spam and/or robocall.
Post by VanguardLH
https://corporate.comcast.com/press/releases/comcast-new-advanced-spam-blocker-feature-xfinity-voice-customers
(dated Oct 2021)
Looks like I haven't reviewed my Voice settings for at least 2 years.
https://corporate.comcast.com/press/releases/fcc-chairman-pai-crtc-chairman-scott-stirshaken-calls-xfinity-voice-telus-wireless
Lane
2023-12-01 21:47:57 UTC
Permalink
Post by Retirednoguilt
COMCAST never informed me that they changed their
protocols and default incoming call routing/blocking behavior. After
all, informing customers of that change would probably cost them money.
These changes were rolled out in September, 2021. I was informed via
email. One of the links from that email was this one:

https://www.xfinity.com/support/articles/spam-blocker-overview

When I initially checked my settings, they were indeed the same as the
default settings mentioned in the article.

For the most part, it's worked pretty well. One or two spectacular
glitches, though, like them flagging my eye surgeon's number as spam.
Wasn't too happy about that.

Loading...