What kind of damage could a hacker/scammer do if they manage to port out your number assuming your email is protected with a hardware key? Assuming you don't trust SMS-based 2FA and don't have it on all accounts, what is the worst-case scenario? Reading the story (and the useful flowchart which is one of the best explanations I've seen) at https://medium.com/coinmonks/the-mo...my-life-details-of-sim-port-hack-35de11517124 and trying to evaluate the threat scenarios with and without SMS-based 2FA. For example, assuming the scammer doesn't have account credentials but ports out a number, can they take over a sensitive account if they can't hack into your email (assuming no such 2FA)? If the account is "protected" with SIM-based 2FA and they don't have the account credentials and can't access the associated email, can they still reset the password using 2FA and take over the account somehow? Or does the email have to be compromised under both of these scenarios? I think I'm missing some basic understanding of these models so any insight would be appreciated!
