[tyrfing]

A few years ago, my phone completely died. I walked into a store with it and my new phone, and got them to port the number to a new SIM without providing any information like the account PIN which I had set but didn't remember. It's good customer service, and even if they're supposed to check a bunch of info, that's still just a bit of social engineering to get around. The only solution is to not allow those lower level employees to do anything, which will cause complaints.

[delfinom]

_Many_ complaints. People have to realize that people working in tech that can tolerate 2FA jumps are a small minority of people in the general population. Not to mention, the scenario of "person losing their 2fa device" will happen thousands of times more frequently across 300+ million people than the one person a month in a corporate environment.