Ask HN: Securing My Phone Number

6 points by stevenwliao ↗ HN
Phone numbers are becoming ubiquitous two factor authentication channels (or one factor, because some services allow a reset via SMS) for critical services like email addresses, domain names, and financial accounts.

Are there any best practices to secure my phone number against malevolent actors who want to hijack it or intercept its incoming SMS/calls/voicemails? Are there any carriers that are better or worse than average at preventing these attacks?

I live in the US but feel free to share about other international carriers as well.

1 comment

[ 4.4 ms ] story [ 18.2 ms ] thread
I'd recommend ringing your provider and ensuring that you have some form of password on your account. Most providers should allow this and it will make sure that whoever is calling regarding your account will have to mention this password.

This doesn't fully secure your account as some level of social engineering can always be used to circumvent this. This has become apparent in the news when members of the hacking group Lizard Squad apparently pretended to be store employees of the company calling on behalf of the customer.

Securing your phone number is not an easy task as the infrastructure behind providers isn't as secure as it needs to be.