this post was submitted on 25 Sep 2023
83 points (89.5% liked)
Asklemmy
43989 readers
1258 users here now
A loosely moderated place to ask open-ended questions
Search asklemmy ๐
If your post meets the following criteria, it's welcome here!
- Open-ended question
- Not offensive: at this point, we do not have the bandwidth to moderate overtly political discussions. Assume best intent and be excellent to each other.
- Not regarding using or support for Lemmy: context, see the list of support communities and tools for finding communities below
- Not ad nauseam inducing: please make sure it is a question that would be new to most members
- An actual topic of discussion
Looking for support?
Looking for a community?
- Lemmyverse: community search
- sub.rehab: maps old subreddits to fediverse options, marks official as such
- [email protected]: a community for finding communities
~Icon~ ~by~ ~@Double_[email protected]~
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That hijacking risk applies to both. If you're able to social engineer a telephone worker, they could move your account to a different SIM card completely.
My best advice, is to use Google voice, Google Fi, lockdown your number for SMS two factor. A Google account and lockdown mode, with physical security keys, is not going to get hijacked by anything less than a state actor.
Then your local phone, your local phone number, local SMS, none of that should be on your escalation path to authentication. Then you don't care if somebody steals your sim.
Phone numbers and SMS should never have been involved with user authentication beyond simple contact info. Smartphones really ruined it.