Issa Asad, the CEO of this company, murdered his groundskeeper over $65 in 2014. He killed Michael Kramer by running over him with his Mercedes. [1]

For this he paid a $225 fine and was sentenced to 1 year probation. [2]

Here is evidence of what was certainly an astroturfing campaign to cover this up: https://www.reddit.com/r/HITsWorthTurkingFor/comments/2ot7h3...

[1] https://www.sun-sentinel.com/news/fl-davie-man-charged-folo-...

[2] https://miami.cbslocal.com/2014/07/22/girlfriend-of-groundsk...

I suspect this was deliberate. Customer service is expensive and this seems very low margin. When I worked in banking, password issues were 1/4 of call centre volume.

If nothing else, it was deliberately ignored. The customer contacted support last year via email, then in February, and again in April. Then we get to reviews (left by different users) for both the iOS and Android apps, stating this is a problem. Fortunately, the devs commented on the feedback! They replied with "Thank you so much for your suggestion, [name], feedback from users like you help us!"

Note none of this is implies they're working on it, just that they acknowledge the issue; which, to me, is absolutely incredible.

They are nobody's choice of provider. They are the provider you use if you are poor or cheap. That means they don't need to compete, including on security.

Companies know how much they are fined if they get caught. Its just an easy calculation for them if compliance is worth it.

If they didn’t want to use passwords to avoid support calls, they could have sent one-time login codes to the phone number or email address associated with the account. Or literally anything other than neglecting security altogether.

They could use OTP - OT Login Links to log users in, no call center required.

I like OTP. But I fear when I change phone number or leave country, the next owner could literally login to any of my online accounts using OTP on my previous number. That's why I always remove it from every account when I update, but can't keep track of all my accounts or emails.

Don’t give up your main number. 10 years ago I changed phone numbers and ported my old one to a super cheap SIP line. 3 years later I grabbed it back and it’s been that’s my main number since.

I use SMS OTP for a lot of services which would have little consequence if hacked.. and leave things like email and other sensitive stuff to the apps generating tokens.

That's true. My UK number seems to be completely fine after many years, even if I don't top it up. But some other country, after few months of inactivity they seem to be automatically sold to a new user.