I already do much of this. One issue recently for me is when filling out info for email and phone number it has now become a requirement to add correctly (most of the time) because these cunts are going to send me email verification codes and text me at my number ending in 1337 for the 2fa to get into an acct that does NOT need that yet forces it. And I can’t even use my flipper as a u2f without using Chrome since Firefox considers serial passthrough “insecure,” that’s why I can’t use it to update my meshtastic nodes either. Pisses me off tbh. I can use a semi-retired email, and do, but still.
SMS 2FA has been extremely insecure for like a decade now. Anyone still using it is either an idiot or keeping it as an excuse to “require” your phone number. It actually makes your account less secure.
Sure, but unless I’m the CEO of those places (and in case there was any question, I’m not) I can’t do shit about it if I need to use whatever service it is. I can email all I want to, I’m not like a respected security researcher or anything I’m just some dickhead with an account.
I didn’t expect you to do anything about it. Was just emphasizing that 2FA is not a legitimate reason to require a phone number, that’s all.
edit: I think I might have been a bit ambiguous: people who use as in “implement it into their authentication procedures” are the idiots, not the people those idiots are forcing to give up their phone number.
I agree for sure. Especially after having so many sent to my old phone number lmao. I have one government thing I can’t even sign up for because “they don’t have a record of me at (current number)” and what am I supposed to do, text my old number “hey bro this used to be my number can you text me the verification code you just received real quick?” It’s madness!
I’ve solved the email part of this equation by using an email forwarding service (eg SimpleLogin, AnonAddy, etc).
Phone numbers are a harder problem, I usually end up using one number for everything that truly requires it (sadly), but then have another for personal stuff.
I already do much of this. One issue recently for me is when filling out info for email and phone number it has now become a requirement to add correctly (most of the time) because these cunts are going to send me email verification codes and text me at my number ending in 1337 for the 2fa to get into an acct that does NOT need that yet forces it. And I can’t even use my flipper as a u2f without using Chrome since Firefox considers serial passthrough “insecure,” that’s why I can’t use it to update my meshtastic nodes either. Pisses me off tbh. I can use a semi-retired email, and do, but still.
SMS 2FA has been extremely insecure for like a decade now. Anyone still using it is either an idiot or keeping it as an excuse to “require” your phone number. It actually makes your account less secure.
They use it because its a unique identifier that links to the rest of your personal data.
Sure, but unless I’m the CEO of those places (and in case there was any question, I’m not) I can’t do shit about it if I need to use whatever service it is. I can email all I want to, I’m not like a respected security researcher or anything I’m just some dickhead with an account.
I didn’t expect you to do anything about it. Was just emphasizing that 2FA is not a legitimate reason to require a phone number, that’s all.
edit: I think I might have been a bit ambiguous: people who use as in “implement it into their authentication procedures” are the idiots, not the people those idiots are forcing to give up their phone number.
I agree for sure. Especially after having so many sent to my old phone number lmao. I have one government thing I can’t even sign up for because “they don’t have a record of me at (current number)” and what am I supposed to do, text my old number “hey bro this used to be my number can you text me the verification code you just received real quick?” It’s madness!
I’ve solved the email part of this equation by using an email forwarding service (eg SimpleLogin, AnonAddy, etc).
Phone numbers are a harder problem, I usually end up using one number for everything that truly requires it (sadly), but then have another for personal stuff.