[djakjxnanjak]

Does anyone know if there’s a way to prevent your SMS from being rerouted, or get a special protected number?

The ability to do this would not mitigate Microsoft’s responsibilities here, but at least it would allow some people to help themselves.

[red_phone]

I'm not a subject matter expert, but a Google Voice number can be used to receive texts and is protected by the relatively robust security of your Google account.

[kortilla]

If the issue is the SS7 network, that won’t help unless the originating text is also in Google Voice.

[testvox]

That seems pretty possible though, if SS7 is the only issue then providers of 2factor SMS auth should just have a number on each network and when a 2factor request comes in they should determine what network its being sent to and then actually send the SMS from the number they have on that network.

[gdfiutyer]

Unfortunately, some services won’t accept a Google Voice or any voip number.

[lopmotr]

If you had that protection, what would you do if your phone was lost/stolen and you wanted the number transferred to a new SIM card? You lose your number forever if it was impossible to transfer. If there's some way to transfer it, like showing your passport in person in the phone company's office, a hacker can pretend to be you and do that too if your account is valuable enough to be worth the risk. Ultimately, you're still trusting the phone company not to assign your number to somebody else, and that's what they're not good at.

[djakjxnanjak]

I guess I’d like the ability to delegate the responsibility of updating the ownership of my phone number to an entity of my choosing. The phone company would only be able to update with this entity’s go-ahead. Services could specialize in this kind of work so identity verification would be a core competency, and I could pay more for better protection.

[dillutedfixer]

>> or get a special protected number?

That's an interesting point. Maybe an unlisted burner that you don't use for anything else could be your SMS backup number. At least that adds one small layer of security.

It's like being in an episode of The Wire just to stay semi-secure online ;-).