Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Stop using phone numbers for authentification purposes
4 points by herbst on Dec 5, 2016 | hide | past | favorite
I have not written a article on my fancy blog, but i may reach some people on here who implement these kind of things. So lets give it a go.

So i became a "DigitalNomad" what this means is that i change countries and need Internet. Therefore changing SIM cards every other month.

To make this even worse i lost the sim card i had the years before. As it was deactivated anyway i lost the number forever...

... and with that access to dozens of accounts.

Its about 1 month since and Github are the only who were able to simply help me.

* Google does not let me set security questions before i set a telephone number. Which i cant, because if i loose access i know google wont help (see recent discussions)

* Coinbase somehow fucked something up in their number changing progress with Authy. Support is turning circles with me

* My bank accounts are basically inaccessible. Sure i could call them (toll call) every other month to change my phone number ...

* My credit card locked me out and was not able to call me back on a thai number. Needed to lie to them by let someone else call to change the number.

Now i cant even setup 2FA anymore because telephone number does not make sense, and Authy is based on the telephone numbers as well.

When did a phone number become a personal identification? What about the guy that buys my old number? Seriously we need a better solution than this!

Github let me use my SSH key to confirm my identity, why cant others do things like that? I mean i control my SSH key, i never actually controlled my phone number.

(Sorry for the rant)



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: