Hacker News new | past | comments | ask | show | jobs | submit login

> "...the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service."

Now this bothers me. I deliberately use a service (RingTo, discontinued for new users) to park a handful of numbers and be able to exchange SMS and MMS with them. One of the things I do not do is give out my actual mobile number to every random web service that wants it for "2FA," primarily because that now opens me up to even more phone spam. With RingTo, I just set that number to always go to voicemail but am still able to use SMS through their app.

It is arbitrary to say "one number type is acceptable for SMS verification but another is not." I'm actually more concerned that my mobile carrier will cough up my account to an arbitrary attacker than I am about some out-of-the-way number parking service that I log into using credentials that are not able to be easily discovered (an alternate e-mail address and such). My mobile carrier is a much larger target and has scores of fallible humans working for it just waiting to be socially engineered.

I agree. Namecheap currently only supports SMS 2FA. I'm abroad with a local sim in my phone so I registered my Google Voice # with them. It would really suck if I had to carry my USA sim at all times and swap it anytime I wanted to login to those accounts.

Ideally they'd support the standards so I could just use one of the many standard OTP apps

Same problem. Don't know why namecheap doesn't support 2FA app like FreeOTP. Would make it so much simpler and more secure at least.

They've been promising to implement a better 2FA option for ages. I just got tired of waiting and moved to another registrar.

It's a shame because in general, I've never had any problems with Namecheap.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact