[jelled]

Was thinking about moving a line to Google Fi for this reason. I know they just resell T-Mobile bandwidth, but would they provide better account level security? Is it common for Google Fi customers to get SIM swapped?

[jareklupinski]

yup https://www.bleepingcomputer.com/news/security/google-fi-dat...

my friend had google fi and was caught in this, among other things they had their instagram taken over. scary few days. thankfully their roommate works at meta...

I think the only way to be really safe is to use one of the smaller MVNOs and never ever ever reveal who your carrier is

[MetaWhirledPeas]

As a former customer of T-Mobile, I will say that the risks go beyond SIM swapping with T-Mobile. Their website is pretty bad, and there's a lot of silly PIN-based passwords and security questions going on. Getting away from that in favor of Google's security would be a huge win.

[lkbm]

I've always figured I should have two numbers—one I let people know, and one for 2fa.

But that's ~$20/mo and a moderate annoyance, so for now mostly just fingers crossed that eventually everywhere that matters will allow me to switch fully to authentication apps and hardware keys.

[jswrenn]

I don't think that having two numbers will help much. I'd guess that most sim-swapped cell numbers are leaked in data breaches or acquired through data brokering. Enrolling a number in 2fa is letting people know your number, because you're tying that number to the account.

A separate number for each account might help. Maybe.

[BenjiWiebe]

I'm getting a cell phone plan just for 2FA. It's actually a Tmobile MVNO, we'll see how it goes.

$2.50/month, RedPocket annual eBay plan.

[jareklupinski]

if you have an apple watch, depending on your plan, it may have a different phone number

wonder if that works...

[SkyMarshal]

Can also do that with iPads. I have an iPhone and iPad both on the same T-mobile account but with different numbers.

[jelled]

Thanks! Based on that article it seems that anyone who's reselling T-Mobile service would be vulnerable.

[computing]

Do we know if Google Voice also uses T-Mobile? If not, might be worthwhile to switch SMS 2FA to the Voice number if a service allows voip numbers.

[BenjiWiebe]

Google Voice isn't a wireless carrier. VoIP only.

[computing]

This is part of my question. How does Google provision VoIP numbers? When someone calls / texts a VoIP number from a normal number, that call / SMS travels over normal wireless infrastructure. So VoIP numbers are still connected to the same infra, right?

[BenjiWiebe]

As I understand it, yes, but not through a wireless carrier. They'd tie into the infrastructure somewhere else. They'd be more of a peer with Tmobile then a customer.

[SkyMarshal]

Do you know any MVNO that does security really well?