CRW

Home Wiki

KPN mandatory SMS authentication

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
AI-assisted content
This article relies heavily on AI-generated material. Read with care.
Contents6
  1. Background
  2. Incident
  3. Company's response
  4. Consumer response
  5. Lawsuit
  6. References

🔧 Article status notice: This article may rely heavily on AI/LLMs

This article has been marked because it may have heavy use of LLM generated text that affects its perceived or actual reliability and credibility.

To contact a moderator for removal of this notice once the article's issues have been resolved, or if this was a mistake, please use either the Moderator's noticeboard, or the #appeals channel on our Discord server (Join using this link]).

Learn more ▼

Common issues include:

  • affect the validity of the claims made (e.g. by not citing sources)
  • make use of tone not complaint with the wiki's editorial guidelines
  • be overly extensive in areas that are not relevant to the mission statement
  • come across as automatically generated, bringing the wiki's credibility into question

As a result this article needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues.

How You Can Improve This Article

  1. Replace or supplement weak or hallucinated citations with credible, verifiable sources.
  2. Remove content you determine to be inaccurate
  3. Link the problem to modern forms of consumer protection concerns, such as privacy violations, barriers to repair, or ownership rights
  4. Replace language that that is non-compliant with the editorial guidelines of this wiki.

As the article may incorporate text from a large language model, it may include inaccuracies or hallucinated information. Please keep this in mind if you are using this article as a source for information.

Background

KPN’s MijnKPN service provides customer access to billing, subscription management, and account settings for broadband, television, and mobile services. In 2024, KPN introduced **mandatory two-step verification (2FA)** to improve account security. While 2FA is a common security measure, KPN’s implementation relies exclusively on SMS messages to mobile phones, with **no officially supported landline, email, or hardware token alternatives**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))

Incident

In early 2024, KPN began enforcing **mandatory SMS-based 2FA for all customers**. Users must enter a one-time code sent to their registered mobile number to access their accounts. Customers without mobile phones, non-Dutch mobile numbers, or with device issues cannot complete the authentication process, effectively restricting access.

Community reports confirm that KPN support advises users in such cases to **obtain a local mobile device** or contact support to regain access. The policy has been systemically applied across the customer base, demonstrating it is a **corporate-wide requirement** rather than isolated incidents. ([KPN Community](https://community.kpn.com/kpn-id-en-mijnkpn-29/hoe-gebruik-ik-tweestapsverificatie-zonder-nederlands-telefoonnummer-639075))

Company's response

KPN has stated that SMS is the **most widely accessible method** for two-step verification and that **other authentication channels are being evaluated**. No public timeline has been provided for the rollout of alternatives such as **landline OTP, app-based authenticators, or hardware tokens**. ([Security.nl](https://beveiliging.headliner.nl/item/kpn-verplicht-2-stapsverificatie-in-augustus-voor-alle-klanten-securitynl-68159))

Consumer response

Community discussions and public forums indicate frustration among users who cannot use SMS, citing **restricted access, lack of alternatives, and reduced consumer autonomy**. Verified responses from KPN moderators confirm the requirement and advise users to acquire a mobile device to comply. The systemic nature of this policy has prompted consumer advocates to call for **multiple authentication channels** to enhance accessibility and security. ([KPN Community](https://community.kpn.com/online-veiligheid-25/mijnkpn-tweestapsverificatie-mfa-wordt-verplicht-wat-betekent-dit-voor-jou-637989))

Lawsuit

No publicly documented litigation regarding this policy has been reported as of 2026.

References

Filed under