The SS7 exploit is a security travesty, but phone service providers never—at any point—agreed to be identity verification services.
Using SMS for authentication is popular not because it is secure, but because it lets free online services permanently ban people (you ban their phone number) and prevent them from making thousands of accounts. They also love getting more of your personal information. A bank should not be forcing its customers to use it.
The SS7 exploit is a security travesty, but phone service providers never—at any point—agreed to be identity verification services.
Using SMS for authentication is popular not because it is secure, but because it lets free online services permanently ban people (you ban their phone number) and prevent them from making thousands of accounts. They also love getting more of your personal information. A bank should not be forcing its customers to use it.
They have my phone number already, that I'm not worried about - and changing phone numbers is as easy as going into my account online and saying "I want a new number." So even that is not a thing.
They have my phone number already, that I'm not worried about - and changing phone numbers is as easy as going into my account online and saying "I want a new number." So even that is not a thing.
(post is archived)