[dylan604]

Yeah, us old timers that can remember the days before LLM just called this social engineering.

Customer Service: How can I help you today?

hacker: I need help resetting the password to this account that is totally mine.

CS: Sure, I just need you to verify a few things.

hacker: I'm not in a place where I have that info, but I totally swears it that I'm the person I say I am, but I'm really in a jam right now and you'd be helping me out so so much.

CS: Of course, I understand. Your new password is....

[brianwawok]

I mean, every time I call tmobile I am my wife, because only she can make changes on the account.

PROVE IM NOT HER OVER A PHONE

[LeifCarrotson]

That's a false positive vs. false negative distinction too.

The GP is concerned that Tmobile allows hackers to impersonate you/your wife on the phone.

You're concerned that even after providing all possible account details - password, PIN, last four of her SSN, last bill amount, anything else they might want to ask that's not literally a live biometric scan - they can't distinguish the two of you just because you don't sound like a woman.

Perfection is unattainable.

[brianwawok]

It's a pretty low bar. I think if you know SSN you are good to go to do anything at Tmo, including a number port. Which means phone as a 2fa is very easy to beat.

[joseda-hg]

I was about to freak out, then I remembered that there's no ID in the US

I can't change anything about my phone without providing both a "Public" (Taxpayer Code: Doesn't change, commonly shared, also used as a state bank account number) and "Private" (Document number: changes per renovation, only shared for identification purposes) number

[kube-system]

Well, it's not so much that there's "no ID" as much as it is that we have hundreds of IDs.

Some carriers in the US have you set a PIN number for phone porting. Although, people still forget them.

[brianwawok]

You provide a SSN and they will give you the porting pin (or let you pick it more likely)

[bobsmooth]

I've impersonated my father so many times making changes to our mobile account.

[dylan604]

isn't Tmobile pretty much known as the carrier most friendly to these kinds of attacks?

[smsm42]

Voice matching? I heard some banks do that.

[borski]

Still not perfect ;)

https://youtu.be/-zVgWpVXb64

[GuB-42]

Very old timers called this rhetoric.

[toomuchtodo]

https://youtu.be/2efhrCxI4J0