The problem really isn’t SIM swapping, it’s that we’ve become used to treating phone numbers as reliable personal identifiers, and SMS OTP as proof of identity (for authentication) and/or humanity (for spam/sockpuppet account protection).
Mandating 2FA methods other than SMS OTP would be amazing, but I don’t see that happening at the federal level, largely due to the complete lack of other digital authentication methods. What else should companies use?
the same thing hacker news uses; a user name and a password.
if we want proof that each account correlates to exactly one person, well i think that should 100% not be a phone number and is an entierly bigger+different problem
Mandating 2FA methods other than SMS OTP would be amazing, but I don’t see that happening at the federal level, largely due to the complete lack of other digital authentication methods. What else should companies use?