Stefan Mileschin

Most of the recent security breaches depend on it

Several recent security breaches, including those affecting T-Mobile, have called into question the security safety device method involving handing over your mobile phone number as a back-up ID.

The Better Identity Coalition has warned about the over-reliance on phone numbers as a security method and called for a better identification system to be developed.

Jeremy Grant, coordinator of the Better Identity Coalition, an industry collaboration that includes Visa, Bank of America, Aetna, and Symantec said: "We just have to make sure that knowledge of an identifier can't be used to somehow take over the authenticator. However a phone number is only an identifier; in most cases, it's public."

The use of phone numbers as both lock and key has led to the rise, in recent years, of so-called SIM swapping attacks, in which an attacker steals your phone number. When you add two-factor authentication to an account and receive your codes through SMS texts, they go to the attacker instead, along with any calls and texts intended for the victim. Sometimes attackers even use inside sources at carriers who will transfer numbers for them, he said.

We never hand over phone numbers as ID on the sound basis that handing over a phone number to a corporation is like saying "please bother me by trying to sell me phone subscriptions every week while I am having my dinner".

https://fudzilla.com/news/mobile/470...rity-nightmare