undefined | Better HN

0 pointsIIAOPSW3y ago0 comments

The phone number decision is stupid. I up and jump countries every few years. Each time, I'm switching to a new number. I'm the opposite of homeless, I'm that jet set elite. The idea that you want, need, should or will tie your identity to a phone number where people can always reach you is long outdated.

0 comments

oceanplexian3y ago

What’s painful is that I’ve ported my phone number out to a VoIP provider similar to Google Voice for exactly this purpose, but something like 25% of providers now block using SMS for 2FA unless it’s tied to an approved mobile phone operator.

Turns out 2FA is also being used as a low-effort form of a captcha in addition to being a tool for data harvesting and “device identification”. I wouldn’t be surprised if legitimate users simply never receive a 2FA SMS because someone used a prepaid phone or something.

tehwebguy3y ago

Was just reading about how Overwatch 2 won't let people register with a prepaid phone number.

I'm sure there is some good reason to want to avoid people spinning up free or ultra low cost phone numbers to make extra accounts but some users were like, "I've been using TracPhone for a decade" or something like that. Also pretty surprised that it's this easy to detect the carrier. Guessing we'll see this more and more!

danuker3y ago

The problem will solve itself. People unwilling to sign up for a mobile plan for playing a game will automatically boycott the likes of Overwatch 2, which will result in revenue lost (perhaps to competing games that allow prepaid cards).

I have only ever used prepaid cards. I would rather be cut off from communication (or buy a local prepaid card) than get a surprise bill of hundreds of euros for visiting a country outside the EU.

I guess a lot of people have the same thought process as me around Europe, because there are lots of smartphones available with dual SIM cards.

2 more replies

judge20203y ago

Using mobile phone numbers as a makeshift captcha is the #1 tool any security team has to prevent fraudulent signups. Because they're expensive to get, it puts any attack at a baseline cost $x, so many would-be attackers that only stand to gain $y just don't carry out the attack when $y < $x.

throwawaysleep3y ago

It is more that generating thousands of phone numbers is extremely expensive. It is cheap for real users, but scammers and spammers have to pay a lot.

RupertEisenhart3y ago

Sticking my German sim card into my phone for fifteen minutes in all sorts of random countries and continents and waiting for a number to come through always feels absurd.

I pray for the rise of esims! I feel like it's on the cards.

lxgr3y ago

I've been using eSIMs for the past couple of years for this specific use case, and while they certainly help, it's really just a stop-gap measure:

You still need your phone and cell signal to receive them (at least many European carriers don't support SMS over VoWIFI); the eSIM is "stuck" in your phone if it physically breaks (and on many carriers, you can't re-use an eSIM QR activation code in any case); in many countries, SIMs expire after a couple of months or even weeks of inactivity, losing your number permanently, to name just a few.

I've found Google Voice to work quite well as a workaround for almost all of these problems, but unfortunately, many US companies insist on not allowing VoIP numbers for 2FA or even plain account creation purposes. I usually try to avoid these companies.

mwint3y ago

> the eSIM is "stuck" in your phone if it physically breaks

Wait, does this happen?

2 more replies

Timpy3y ago

I thought I got everything moved over to an authenticator app before leaving home but I forgot one, I got a "check your phone for verification SMS" earlier today. My American SIM could get the text but my foreign sim was giving my laptop internet access. Big pain in the ass.

xani_3y ago

Eh, I greatly prefer ability to move the very reliable thing from one phone to another, just use another phone instead of going into paperwork to move it if my phone gets damaged or something

sowbug3y ago

Fortunately Google doesn't require phone numbers for account access. See, for example: https://www.androidauthority.com/gmail-without-phone-number-...

You do need to be able to receive a texted code at a phone number to create a brand-new account. This is to deter spammers from creating lots of accounts. But once that's done, you can remove the phone number from the account.

benhurmarcel3y ago

I've lived in different countries along the years, it's simple and best to just keep a permanent phone number in the country you consider the most like "home". Get a cheap phone-only plan, stick the SIM into a dumbphone or your second SIM slot. Done.

jbay8083y ago

That phone number will not necessarily get reception when travelling in foreign countries.

uup3y ago

So use one of the other 2FA options.

esperent3y ago

Not always a possibility. Many banks require phone number based 2FA, for example. And you're required to use it any time you want to make a transaction that exceeds some threshold.

netheril963y ago

We are talking about Google here, right?

jbay8083y ago

(FWIW, my bank does not provide any other 2FA options.)

wavelen3y ago

afair you need to set up a phone number before you can choose to add another 2FA option (which is stupid imho)

UncleMeat3y ago

Even if this is the case, this isn't a problem for the poster. They have a phone number, it just changes frequently. They can sign up, enroll in a TOTP or U2F system, and then they are set.

1 more reply

borissk3y ago

It's not stupid - Google wants to track everyone everywhere and a phone number is a good way to link an account to a real world person.

Beltalowda3y ago

I'm in the same boat; it's always a pain for services you don't login to that often but do need every 1-2 years. Account recovery ranges from "a pain" to "damn near impossible". I wasn't able to recover my PayPal account for example.

I also don't use my phone much, and the only reason I even have one of those things is because it's "needed" for so many things.

rex_gallorum23y ago

Absolutely true. I am a serial expat who has lost numerous numbers over the years by switching countries. I at least hope to keep the same basic online services running when crossing borders, but I swear, in the last couple of years, it has become an absolute nightmare. It is getting harder and harder.

gerash3y ago

you can also use a security key or a onetime password from an authenticator app (plenty of options for each) or a separate device logged into Google as your second factor. You have plenty of options

xani_3y ago

> The idea that you want, need, should or will tie your identity to a phone number where people can always reach you is long outdated.

Yeah I have no idea why phones still use numbers. It would be so easier if same address for e-mail worked for voice, just add some DNS records that point at my phone provider to domain and done.

Then again, spam calls would probably be so much worse...

j / k navigate · click thread line to collapse

0 comments

oceanplexian3y ago

tehwebguy3y ago

Was just reading about how Overwatch 2 won't let people register with a prepaid phone number.

danuker3y ago

I have only ever used prepaid cards. I would rather be cut off from communication (or buy a local prepaid card) than get a surprise bill of hundreds of euros for visiting a country outside the EU.

I guess a lot of people have the same thought process as me around Europe, because there are lots of smartphones available with dual SIM cards.

2 more replies

judge20203y ago

throwawaysleep3y ago

It is more that generating thousands of phone numbers is extremely expensive. It is cheap for real users, but scammers and spammers have to pay a lot.

RupertEisenhart3y ago

Sticking my German sim card into my phone for fifteen minutes in all sorts of random countries and continents and waiting for a number to come through always feels absurd.

I pray for the rise of esims! I feel like it's on the cards.

lxgr3y ago

I've been using eSIMs for the past couple of years for this specific use case, and while they certainly help, it's really just a stop-gap measure:

mwint3y ago

> the eSIM is "stuck" in your phone if it physically breaks

Wait, does this happen?

2 more replies

Timpy3y ago

xani_3y ago

Eh, I greatly prefer ability to move the very reliable thing from one phone to another, just use another phone instead of going into paperwork to move it if my phone gets damaged or something

sowbug3y ago

Fortunately Google doesn't require phone numbers for account access. See, for example: https://www.androidauthority.com/gmail-without-phone-number-...

benhurmarcel3y ago

jbay8083y ago

That phone number will not necessarily get reception when travelling in foreign countries.

uup3y ago

So use one of the other 2FA options.

esperent3y ago

Not always a possibility. Many banks require phone number based 2FA, for example. And you're required to use it any time you want to make a transaction that exceeds some threshold.

netheril963y ago

We are talking about Google here, right?

jbay8083y ago

(FWIW, my bank does not provide any other 2FA options.)

wavelen3y ago

afair you need to set up a phone number before you can choose to add another 2FA option (which is stupid imho)

UncleMeat3y ago

Even if this is the case, this isn't a problem for the poster. They have a phone number, it just changes frequently. They can sign up, enroll in a TOTP or U2F system, and then they are set.

1 more reply

borissk3y ago

It's not stupid - Google wants to track everyone everywhere and a phone number is a good way to link an account to a real world person.

Beltalowda3y ago

I also don't use my phone much, and the only reason I even have one of those things is because it's "needed" for so many things.

rex_gallorum23y ago

gerash3y ago

you can also use a security key or a onetime password from an authenticator app (plenty of options for each) or a separate device logged into Google as your second factor. You have plenty of options

xani_3y ago

> The idea that you want, need, should or will tie your identity to a phone number where people can always reach you is long outdated.

Yeah I have no idea why phones still use numbers. It would be so easier if same address for e-mail worked for voice, just add some DNS records that point at my phone provider to domain and done.

Then again, spam calls would probably be so much worse...

j / k navigate · click thread line to collapse