That certainly used to be the case. I believe they now actually perform proper authentication - i.e. send an SMS with unique code to the handset, which gets automatically read and then authorizes the device.
Their security did used to be horrendous though, e.g. everything sent over all networks/http in plain text.
Please feel free to correct me if I'm wrong though.
Their security did used to be horrendous though, e.g. everything sent over all networks/http in plain text.
Please feel free to correct me if I'm wrong though.