116
Brick phones will ring in an unlikely revival
(www.reuters.com)
This is a most excellent place for technology news and articles.
I got one just to put my 2FA sim cards in. It cost like $10, the battery lasts a week, I can just mute the ringer cause I only care if its getting a text message I just requested, and if my real phone is ever lost or stolen the keys to my accounts are sitting safely in a drawer at home.
You should never use SMS for 2FA. The network is incredibly insecure, as evidenced by the recent alarms that China has been in the network for a while now. 2FA codes over SMS are rarely stolen from the legitimate device itself. Hackers will just pull off a different scheme, like SIM swapping, and they'll own all your codes and you won't have a clue until it's too late.
If only every service I need gave other options. In any case, the card numbers are not connected to me or the account in any publicly accessible way. Thats part of the whole point of running them off a separate phone. I dont give anyone that number except for the purpose of 2FA, so SIM swapping wont work, the sim card never leaves the house, so scan based exploits wont work, and the phone doesnt have the hardware required to be vulnerable to more sophisticated phone based attacks. If any major government intelligence agency wants in theyll find a way, but using a separate dumb phone should be significantly more secure than using the SIM in my regular phone.
I understand what you're saying. But the reality is everything you just said doesn't matter for SIM swapping. The fact that you use the phone number for that service says that the number you use is out in the wild. Typically when SIM swapping is used is when there's a data breach and your username, email, password, and phone number are leaked. But they still can't get in because of the extra 2FA step.
So they HAVE that phone number. SIM swapping is done at the carrier level. It's when the associated number is "swapped" to a different SIM card (one that the hackers own). Which means you can get totally screwed over without lifting a finger and not a single person touching your computer or phone.
Like I said before, the damage to you would be done before you even knew what happened.
Edit: autocorrect
Edit 2: and yes, I understand many services have no other options than SMS, which is why it's such a huge massive problem.