
Phone numbers are the new social security numbers - octosphere
https://celsusio.blog/2017/10/31/phone-numbers-are-the-new-social-security-numbers/
======
davidcamel
Two thoughts from reading this article:

1\. Yes, "porting attacks" (where an adversary convinces your carrier to port
your phone number to his/her own) are a real threat. You can mitigate these
somewhat by choosing a carrier that has a relatively strong porting procedure.
Project Fi (Google) requires a temporary PIN generated by the user's Fi app,
as well as logging in to one's Google account. I don't know what the other
carriers require today, but this is less than what I experienced when I ported
my number from Sprint years ago for example.

2\. The author says that 2FA is overhyped, which is maybe true, but why don't
more services allow physical devices (e.g. Yubikeys) to be used for 2FA? Often
the phone number is the only choice offered for 2FA.

