Your cell phone number: To give or not to give

Discussion in 'privacy general' started by ronjor, Dec 12, 2014.

  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    7,303
    Location:
    England
    Some good info in there as to what companies are allowed, and not allowed, to do if you give them your number.
     
  3. deBoetie

    deBoetie Registered Member

    Joined:
    Aug 7, 2013
    Posts:
    1,150
    Location:
    UK
    The cellphone for 2FA is a disaster. Not only from a privacy POV, but because its the wrong platform: it needs batteries (hence is not always available), is software-complex (hence hackable), fairly often breaks, and is an attractive target for theft.

    The reason companies are so keen on it is because it's the crown jewels of identity as far as they're concerned. As far as what they are allowed or not allowed to do, I don't believe that more than the cost of the electronic paper those assurances are written on. And you can't trust 'em to keep it safe anyway.

    By contrast, as an example, the U2F 2FA standard is a privacy improvement on previous fob-based authentication, and comes in a small and reliable form factor. It doesn't have all the issues that biometrics have (e.g. non-repudiation, false negatives, general unreliability), and is no biggie to have with you. Being able to separate you from your second factor is also sometimes an advantage.
     
  4. pajenn

    pajenn Registered Member

    Joined:
    Oct 26, 2009
    Posts:
    930
    If you decide to go for the cell phone number authentication scheme then make sure you never change your number or travel aboard someplace where you might have to use a different number because that's when these services often lock you out (for using different than normal IP and device), and then you won't be able to get unlocked because that's exactly when you don't have access to your old or home cell phone number.
     
  5. Nebulus

    Nebulus Registered Member

    Joined:
    Jan 20, 2007
    Posts:
    1,582
    Location:
    European Union
    The article has an American-centric view of this issue. But I wonder what happens when someone outside the US gives a phone number to a site for 2FA? From my personal experience, I never got any phone calls from a site/company where I gave my phone number, but it might be just luck...
     
  6. PatsSoxBruins

    PatsSoxBruins Lurker

    Joined:
    Dec 14, 2014
    Posts:
    25
    I could careless if someone has my cell #. With iOS you can block numbers. If worse comes to worse you change your number. I have a LAN line I give if some company wants a contact number.
     
  7. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    People leave their cellphones laying around all the time and most don't use a locking password because it is a real nuisance to keep typing it in.
     
  8. PatsSoxBruins

    PatsSoxBruins Lurker

    Joined:
    Dec 14, 2014
    Posts:
    25
    Well that is just plantant stupidity. Those are the same people who give there kids the admin password login or do not even have a login password. On my iPhon5S and now I my 6 I enable the finger print scanner.
     
  9. RockLobster

    RockLobster Registered Member

    Joined:
    Nov 8, 2007
    Posts:
    318
    Yes it is kinda stupid but people do it all the time. As for fingerprint scanners they are worse than passwords, an adversary can lift your fingerprint from something else you handled, photograph it and then use a 3D printer to make a copy of it. Regular wood glue is then applied and peeled off when it dries. This piece of wood glue is a copy of your fingerprint and it fools the fingerprint reader.
     
Loading...