22
Why is phone number verification requeriment for online services sometimes considered a privacy/security risk? (fedia.io)
submitted 7 hours ago by ryujin470@fedia.io to c/asklemmy@lemmy.world
5 comments fedilink hide all child comments

Title.

top 5 comments
sorted by: hot top controversial new old
[-] Randomocity@sh.itjust.works 3 points 4 hours ago

Just to clarify a few things from other comments. SMS MFA is still leagues above not having MFA for security. It's not great but it will protect you in like 80% of cases where you would've been hacked if you didn't have MFA at all. The primary problem with services that require any additional data from you though is that is an additional source for a leak. The same thing goes for name, address, phone number, etc. Phone numbers can be added to scam call lists which open you up to additional breach opportunities in the future, SIM swapping attacks, or even just using it as a number to spoof for other attacks. For most accounts that I don't care about I would be reluctant to give my number as for those sites I value privacy over security, but that's a separate discussion.

[-] Boddhisatva@lemmy.world 18 points 7 hours ago* (last edited 7 hours ago)

Not sure about all the risks but one that comes to mind is SIM Swapping. If criminals can get enough information from your social media accounts, they may then get access to your phone account. That will let them switch your number to another sim card that they control. With that, they can intercept any calls or messages sent to verify your identity and gain access to any accounts using your phone for 2FA.

[-] Eternal192@piefed.social 4 points 5 hours ago

Criminals already know this and only the stupid ones get caught these days, it's mostly so they get your data for the brokers, information brokers make a crap ton of money selling our data and we don't get anything out of it.

[-] Doodleschmit@lemmy.world 11 points 7 hours ago* (last edited 7 hours ago)

Another one is how most 2g and 3g services (some SMS and voice connections) have known vulnerabilities. Unfortunately not just software security vulnerabilities, but also bad actors that can lease access within that system. That combination can allow for attacks within the underlying systems that make the target completely unaware for periods of time that their messages and voice calls are being intercepted, including 2 factor authentication content over SMS.

Veritasium has a cool video about it. https://youtu.be/wVyu7NB7W6Y

If possible, it is best to not rely on SMS authentication for privacy.

[-] PsychoNaut@lemmy.ml 8 points 7 hours ago

Beyond the hacked SMS system thing, you’d be amazed how many places sell your number to data brokers and those data brokers have no issue selling to scammers. I used to get dozens of spam and scam calls a week. I used a service to purge myself from data brokers and switched my phone on all services to an SMS only phone number and I now get at most 1-2 spam calls a week and the scammers stopped entirely. From this point forward unless I absolutely need to talk to you you’re not getting my phone number.

this post was submitted on 28 Aug 2025
22 points (100.0% liked)

Ask Lemmy

34281 readers
939 users here now

A Fediverse community for open-ended, thought provoking questions

Rules: (interactive)

1) Be nice and; have funDoxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them

2) All posts must end with a '?'This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?

3) No spamPlease do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.

4) NSFW is okay, within reasonJust remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com. NSFW comments should be restricted to posts tagged [NSFW].

5) This is not a support community.
It is not a place for 'how do I?', type questions. If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.

6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online

Reminder: The terms of service apply here too.

Partnered Communities:

Tech Support

No Stupid Questions

You Should Know

Reddit

Jokes

Ask Ouija

Logo design credit goes to: tubbadu

founded 2 years ago
MODERATORS
Bluetreefrog@lemmy.world
TheSaneWriter@lemm.ee
TheSaneWriter@lemmy.thesanewriter.com
Asudox@lemmy.world
lemmy_bot@lemmy.world
beefbaby182@lemmy.world
ModeratorCan@lemmy.world
neidu3@sh.itjust.works
asudox@lemmy.asudox.dev
candyman337@lemmy.world
candyman337@sh.itjust.works