my friend had google fi and was caught in this, among other things they had their instagram taken over. scary few days. thankfully their roommate works at meta...
I think the only way to be really safe is to use one of the smaller MVNOs and never ever ever reveal who your carrier is
As a former customer of T-Mobile, I will say that the risks go beyond SIM swapping with T-Mobile. Their website is pretty bad, and there's a lot of silly PIN-based passwords and security questions going on. Getting away from that in favor of Google's security would be a huge win.
I've always figured I should have two numbers—one I let people know, and one for 2fa.
But that's ~$20/mo and a moderate annoyance, so for now mostly just fingers crossed that eventually everywhere that matters will allow me to switch fully to authentication apps and hardware keys.
I don't think that having two numbers will help much. I'd guess that most sim-swapped cell numbers are leaked in data breaches or acquired through data brokering. Enrolling a number in 2fa is letting people know your number, because you're tying that number to the account.
A separate number for each account might help. Maybe.
This is part of my question. How does Google provision VoIP numbers? When someone calls / texts a VoIP number from a normal number, that call / SMS travels over normal wireless infrastructure. So VoIP numbers are still connected to the same infra, right?
As I understand it, yes, but not through a wireless carrier. They'd tie into the infrastructure somewhere else. They'd be more of a peer with Tmobile then a customer.
my friend had google fi and was caught in this, among other things they had their instagram taken over. scary few days. thankfully their roommate works at meta...
I think the only way to be really safe is to use one of the smaller MVNOs and never ever ever reveal who your carrier is