Hacker News new | ask | show | jobs
by guidedlight 66 days ago
> Our phone numbers are not identifiers.

I think you missed the point. The process creates an identifier, by strongly associating you with the phone number.

This association allows the bank to quickly establish your identity later when you call up or use online services.
1 comments
ryandrake 66 days ago
As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate.
link
bradlys 66 days ago
It’s not ridiculous. It’s for you to verify. It’s setting up 2FA. How can you not understand that?
link
ryandrake 66 days ago
2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that.
link
bradlys 65 days ago
Yes. It presumes things but it also allows the bank deniability. If you get completely hosed - it’s mostly on you for supplying a shit 2FA.

Come on guys. It’s obvious why banks have this. Everything identity related is stolen constantly.

link
kube-system 66 days ago
Even if it was useful in OPs case -- which it wasn't -- SMS 2FA is frowned upon by all modern security standards because it has several severe security issues.
link
bradlys 65 days ago
I agree it sucks. Sadly, the world we live in. It’s a stop gap. Most people aren’t special enough to have their shit scooped up by some foreign telco operator.
link
kube-system 64 days ago
The issue goes far beyond foreign telco operators.

1. It is quite easily to accidentally take over someone's account(s) on various mobile apps when you get a new phone number these days. Many apps will allow you to log in with your phone number, reset password or do one-time login via SMS, etc. Some even do it automatically as a convenience. This isn't an edge case issue -- this happens on several of the top social media platforms, etc.

2. SIM swapping is still a viable fraud vector for identity theft and financial crime.

3. It is very vulnerable to phishing, and its prevalence only has exacerbated that.

link