I'm Laura, the new member insight lead here at giffgaff helping to gather information from a wide range of sources to make experiences better for our members.
At the moment, we're looking at the member login experience as we have got some data to suggest some of our members are struggling to log into their giffgaff accounts.
We were wondering if using email address as a login option would help some members who forget thier member names and mobile number. Our thinking here is that email address is a common login method and is rarely forgotten.
Do you think this would be a useful change?
Have you seen any other members struggling to log into their accounts that might benefit from this?
Let us know!
It would certainly be a gift and speed up hackers attempts to gain control of giffgaff accounts unless there were a secondary security level. Your first school, mothers maiden name, first car or registration number or favourite sports team, questions.
The answer to one of which would have to supplied during creation of your member's account, prior to SIM activation.
They are a sample of memorable answers not easily forgotten but there will be other examples.
That said, do you have to remember your member's name? Your mobile number is your alternative sign in and should be impossible to forget or access.
Some email addresses are extraordinarily long and complicated.
It would certainly be a gift and speed up hackers attempts to gain control of giffgaff accounts unless there were a secondary security level.
A very valid point. Might worsen the issue I've been banging on about recently.
Your first school, mothers maiden name, first car or registration number or favourite sports team, questions.
These kind of things can work when you're authenticating with voice and an agent capable and allowed to use their common sense but they're a nightmare for people with memory issues trying to navigate a web only system because you don't just have to remember the answer but the format of the answer.
It's incredibly frustrating, and it is also a possible social engineering attack vector if you answer the questions honestly and at some point in a discussion divulge such information having forgotten that they're part of your security.
It took me many, many years to figure out a system which works with such things and my appalling memory which doesn't potentially or actually weaken my account security. Years which were filled with much frustration and many accounts I simply had to abandon because try as I might I couldn't answer the questions in the way I had the first time they were requested.
Huawei P20 Pro | 9.0.0 | Data Plan: 80GB
I definetly wouldn't be keen to use my email address to login on here.
Although i would like the ability to be able to change my username if needed (but make sure there was 1 or 2 security questions to verify the member is who they say they are,or by a pin via txt or email.)
I think a lot of members didn't realise when putting their name as a username they would be stuck with that with no way of changing it.
The more options the better but I feel email logins are prone to cyber attacks.
We use our email addresses on all online transactions on different websites and if one is compromised elsewhere, without 2FA, members would be prone to getting their accounts accessed.
My member name here is only used here and unique here. Can’t be used anywhere else do kind of localised so any breach is localised. Emails are used across board by many.