What’s painful is that I’ve ported my phone number out to a VoIP provider similar to Google Voice for exactly this purpose, but something like 25% of providers now block using SMS for 2FA unless it’s tied to an approved mobile phone operator.
Turns out 2FA is also being used as a low-effort form of a captcha in addition to being a tool for data harvesting and “device identification”. I wouldn’t be surprised if legitimate users simply never receive a 2FA SMS because someone used a prepaid phone or something.
Was just reading about how Overwatch 2 won't let people register with a prepaid phone number.
I'm sure there is some good reason to want to avoid people spinning up free or ultra low cost phone numbers to make extra accounts but some users were like, "I've been using TracPhone for a decade" or something like that. Also pretty surprised that it's this easy to detect the carrier. Guessing we'll see this more and more!
The problem will solve itself. People unwilling to sign up for a mobile plan for playing a game will automatically boycott the likes of Overwatch 2, which will result in revenue lost (perhaps to competing games that allow prepaid cards).
I have only ever used prepaid cards. I would rather be cut off from communication (or buy a local prepaid card) than get a surprise bill of hundreds of euros for visiting a country outside the EU.
I guess a lot of people have the same thought process as me around Europe, because there are lots of smartphones available with dual SIM cards.
I'm not so sure the free market will resolve things here, because people who use prepaid mobile plans are also typically lower income. They might not be considered a significant loss on net.
Using mobile phone numbers as a makeshift captcha is the #1 tool any security team has to prevent fraudulent signups. Because they're expensive to get, it puts any attack at a baseline cost $x, so many would-be attackers that only stand to gain $y just don't carry out the attack when $y < $x.
Turns out 2FA is also being used as a low-effort form of a captcha in addition to being a tool for data harvesting and “device identification”. I wouldn’t be surprised if legitimate users simply never receive a 2FA SMS because someone used a prepaid phone or something.