I agree 1,000%. They don't need our phone number, and neither do any non-financial websites. As a former software consultant, I would've advised against this method from the gate. I would've jumped up during the meeting and said, "Wait. This is ludicrous! Whose bright idea was this? Off with your head." 😂

Agree.  AARP MODERATORS, are you even reading this stuff?

Yes, two-factor authentication is a good idea.  Restricting 2FA to only text messages is REALLY CLUELESS; I may drop my membership if you go through with such an ignorant and user-hostile policy.

You have our emails, give us the option of receiving 2FA confirmation messages via that medium.  Most banking institutions I deal with (who are way higher-risk environments than AARP) provide that option, you need to pay attention to best practices.

Thanks for your reply.  Okay, I had to educate myself as to what a VOIP phone was.  I get my cellphone service through Republic and evidently it is indeed considered a VOIP service.  I could alternately provide our landline #, but this is a FIOS "landline" and is thus also VOIP.  And I'm not always at home anyway, but would usually have my cell phone with me.  Honestly, I'm thinking that most people's phones nowadays are VOIP phones.  Will there be an alternate way (email would definitely work for me) to authenticate?

@lloydkg You're welcome! I sent you a private message so that I can obtain the information to take the next step to get your account authenticated. If you are unsure how to access your private messages in our community, steps can be found here: https://community.aarp.org/t5/Technology/How-do-I-send-a-private-message/ta-p/2185159 I look forward to speaking with you further!

@lloydkg Is your phone # associated with a VOIP phone? Oftentimes that error message will appear if you are attempting to use a VOIP phone to complete the authentication. This phone type is not supported and we suggest using a different phone number, if possible. 

@AARPJanelleM I've had this same problem with trying to use my VOIP number. I have no other alternative. It's very shortsighted and even prejudiced on the part of AARP. Why should I have to pay for a landline or cell phone when I can get VOIP for free? I've written to AARP and received no response. Is there any possibility of changing this? I won't be able to access my account once a phone number is mandatory.

@fischerdf The account can still be authenticated when you have a VOIP phone, it's just a slightly different process. When you have a moment, please give us a call at 1-866-451-6305 to complete this step. 

So, let me translate what you said:

Dear senior, you may be on a fixed income, and not able to buy a separate phone that will actually allow you to access the AARP website at all times, but that's not our problem. We are not adding an "obtain-access-code-via-email" option. So stop whining.

Got it, AARPJanelleM. 

@STLmember Absolutely not. We are always here to help and there are steps that can be taken to manually authenticate the account if the user does not have access to a non-VOIP phone. I'm always here to help, let me know if there is anything I can do!

@AARPJanelleM Well, I called AARP customer service when this first happened and there was no way they could verify my account without a cell phone or landline; no email verification was available. So, what method of manual authentication are you referring to that would allow me to access the website once phone numbers are mandatory? And how do you 'manually verify' when the call center isn't always available?

Great!  I don't have a phone available all the time, so provide seniors like me the ability to receive our multi-factor authentication code via our email address, which you have on file.  This is a common option for other organizations. It will solve the problems. 

OR:  Send me an acceptable cell phone, already set up with an ongoing cell plan, at AARP's expense, so I can supply a phone number to access the AARP site. Because I'm on a tight budget.

You're supposed to be advocating for seniors, not making it impossible for many of us to access information we are paying AARP to provide. Are seniors no longer your priority?

My feelings exactly. Banks use email authentication so why does AARP think it's not secure enough?

"Not now" will go away, and it will be an absolute requirement to use a phone to get in here. It happened with some other websites I frequent, and I ended up closing those accounts. Others that require it, I just don't sign up. Trust and believe, they're strong-arming their new toy into existence. ALL.OF.THEM!

This place is not a financial institution and there's not much damage one can do if they had my account. What? Order stuff I didn't sign up for? I don't believe this is the reason AARP is doing this. They're just following orders from above, and notice the AARP moderator in here isn't addressing our complaints. Interesting.

But you realize that one day you will have no choice. This means you must not only provide your phone number, but you must always have your phone handy when accessing the AARP website. If you're accessing via cell phone, that may not be an issue for you. I use a PC. This means that I must always have my phone available in order to access the site. If I don't have access to my phone (which is sometimes the case), I won't be able to access the site. I don't think AARP has really thought this through.

It's happening all over the country, probably driven by Google or Microsoft, and is a violation of my privacy. It's even worse during the voting season when they list your phone number publicly and everybody has access to it.  Drives me crazy.  But, these websites should not be taking liberties with our phone numbers, just because they're using some high-level authentication method requiring it. Consumers have no rights anymore, and can't stop these things. Then I would want my money back and never to rejoin AARP again.  Nobody is thinking this through; they're just following the leader; whoever that is.

@AARPJodeeRyou forget that Facebook in 2018 required their users to provide phone numbers to perform 2FA...  and betrayed that trust by using the user's phone number to target them with ads.   After a year of this betrayal of trust, at the end of 2019 Facebook announced it would stop using the provided phone number for suggesting friends and targeting of ads.    So blame FB, we don't trust any organization that says "trust us, we will only use the phone number for verification"...    So between hackers and mistrust, we don't want to provide a number.   Please find another solution.

@AARPJodeeR, You're just repeating what the website says. I can't receive a text or phone call if AARP won't accept my VOIP phone number. This has to be corrected or many seniors will be dropping memberships. AARP is supposed to be advocating for simpler lives for seniors, not forcing us to pay more money and complicate things. Banks use email verification; why does AARP think it needs more that a bank? It's also ironic that AARP has a 2020 post explaining how to get a free VOIP phone number!

Okay, I would use a cuss-word to you, but I'll refrain.  Protecting our online account, my arse. My phone number shouldn't be made available for that, and there are better ways. All these websites are just being invasive and rude. You're just following the leader and making excuses for whoever that leader is.  You're using high-level software to authenticate, and that nonsense of protecting our privacy is just that. They should say they are making our privacy PUBLIC and tell the gosh darn truth about it. Just stop it. I used to work in software, and I see this for what it is.

You need to provide an alternate method of providing identification. Requesting a phone number is invasive. Here's a thought: Allow users to provide an alternate email address where they can receive their multi-factor authentication code. I can create an email address expressly for receiving the code.

I give you a standing ovation for your post. I feel as you do. I have NOT given my phone number when signing in. That's something that was done upon sign up many many years ago when I first joined AARP, but NEVER asked me for my phone number since I've been a member. What's with this deliberate invasion of everybody's privacy lately??? It's bad enough what we're all going through with the pandemic...being on lockdown...can't do this or that...yaddy yaddy yaddy. We ARE entitled to our privacy and giving out my phone number over and over is ridiculous. I have no desire to tie all my information into one from one site to another. Email sites...Google...Microsoft...ALL GETTING WAY TOO NOSEY!!! GEESH! 🙄

I understand why some sites, such as banks, require multi-factor authentication. It helps prevent someone who somehow acquired my login credentials from getting into a site and actually accessing my money or whatever.

However, I fail to understand why AARP needs multi-factor authentication to access the site. You're not my bank. You're AARP. If someone did manage to log into the site with my credentials, what exactly would they have access to that is so critical (and that they couldn't get just by surfing the internet, in some cases)?  

I'd also like to point out that for many seniors, multi-factor authentication will make accessing the AARP site more difficult. Thanks a bunch for that. 

Moreover, I access the AARP site via my PC and I don't always have immediate access to my phone, so yeah, I'm not down with your brilliant MFA plan.

In summary:  If there is truly a compelling reason for AARP to have multi-factor authentication, you need to explain what that reason is. And you should provide an authentication process that does not involve personal information (though I realize that since I am an AARP member, you have that info on file). And members using PCs should not have to have a phone handy in order to access the site.