Enabling two factor authentication hassle

Hi @movingon70. We're working on lowering the 2FA (aka "Two-Step Verification") enrollment criteria to only mobile, these are in discussions with Security, Legal and othe teams, and as you accurately cited, other organizations are doing the same thing. 

Right now though, adding your @comcast.net secondary user address wouldn't make sense. Assuming you're the primary, and you are also your secondary users via the emails which you as the primary manage. Those secondary @comcast.net emails don't represent another unique authentication factor. If someone takes over your secondary email (especially with a weak secret question and answer recovery method) and that email is used in 2FA they've defeated 2FA, and are then able to get into your primary email.

I'd recommend for now at least adding your gmail, which if it has it's own two-step verification, makes it much harder for anyone to ever access your primary Xfinity ID.

---

@movingon70 wrote:

I want to enable 2FA on my account for the obvious reason that my primary Xfinity email acct. is tied to various other important accounts.  Gain control of my primary email and a bad actor will have an easier time changing passwords on those other accounts.  When I go into Xfinity to setup 2FA, the process requests a verified personal email address in addition to a mobile #.  My mobile number is attached already.  When I try and enter my primary Xfinity email address I get an error "This email address is already associated with an Xfinity account".  No Duh.  I only have the primary email address and other sub addresses but they are all @comcast.net adresses.  I could set up a Gmail email but  I don't want to run 2FA through Gmail or an outside 3rd party email.  Why isn't my mobile number sufficient for 2FA?  My bank does it that way as well as other critical services I use.  I don't want to use my sub primary @comcast email accounts because they were intended for use with non-important stuff and they are more exposed as a result.

---