Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I am completely unsurprised. This is why I will not provide my phone number for 2FA.


It's also one of the least secure 2FA methods since you have to trust all your phone company's call center employees to not transfer your phone number to a new SIM controlled by someone impersonating you. Lots of reasons to not use SMS for 2FA.


Pixel phones are now preventing sim swapping, IIRC, and maybe a few others.


Pixel phones do? Or using Google Fi as your phone provider does?

I would understand Fi having better protection because you have to manage it online through your Google account (and same for Google Voice users).

Not sure what a phone would be able to do about it.

Anyway, Google as your phone provider opens up a different can of worms. Instead of having an overly helpful support staff who can be tricked into doing things they shouldn't, now you have Google's algorithmic account bans and tie-in with Google Payments and no recourse for problems because the customer service is a robot that says "no". https://news.ycombinator.com/item?id=18886804

Nonexistent support is great in terms of resistance to social engineering, but sometimes you need support.


This is done by the mobile operator. Independent of the phone used.


In my country, every phone number is registered to a real human being, so a number can't be transferred to an anon.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: