Hacker News new | ask | show | jobs
by Justin_K 711 days ago
Even worse... Sounds like phone number is irrelevant, yet they collect it.
2 comments
jokethrowaway 711 days ago
It's used to store and retrieve your 2fa secrets in case you lose your device
link
Terretta 711 days ago
> > Even worse... Sounds like phone number is irrelevant, yet they collect it.

> It's used to store and retrieve your 2fa secrets in case you lose your device

The phone number doesn't store anything?

But if somehow knowing that phone number is a key to getting your 2FA secrets, you'd have a bigger problem.

Except it often is, and that's the problem.

link
ezekg 711 days ago
Do what I do and turn off "allow multi-device." Problem solved -- even if your phone number is stolen, they can't recover your 2FA because it's locked to the device too.
link
FabHK 711 days ago
You can enable multi device, and have it on multiple devices, then disable it.

https://authy.com/blog/understanding-authys-multi-device-fea...

link
ezekg 711 days ago
Yep. I've done this. Lots of people I know use "burner" phones without cellular for 2FA.
link
oldmariner 711 days ago
How else are they going to track people with a hard-to-change identifier?
link
Terretta 711 days ago
> How else are they going to track people with a hard-to-change identifier?

Using the device advertisee ID that the user is entitled to change.

// Sorry, for a moment I thought you were serious.

link
prng2021 711 days ago
I just did some quick research on these IDs. Correct me if I'm wrong, but it seems like each user account would be tied to one device. It also seems like the user, at least on Apple devices, has to opt into advertising tracking in order for your app to even get access to this.

Ignoring the security pitfalls of phone numbers, it really doesn't seem like these advertising IDs are a drop in replacement for using phone numbers.

link