Personal Finance (Not Investing) • Re: Security of your brokerage rests in the hands of the customer service rep of your cell phone provider

I recently had the opposite problem... I was on a long remote international mountain trip and lost my phone. When I returned to civilization, all of my accounts which used 2FA (including brokerages, email, banks, and many others) wanted to authenticate through my phone through MFA apps, SMS, or other phone-related means. Since I didn't have my phone anymore, I couldn't do any of these, and for the few services that would fallback to email, I couldn't do that either since I was also locked out of my email. A few services had customer service that I could talk to in person that said there would be ways to recover the account, but many didn't... including google for my email, which apparently has no means to recover a lost account whatsoever. Without access to either my phone number or email, most other services said I was out of luck.

Fortunately, I was able to go in-person to the store of my cell service provider and show them my photo ID, and they provided me with a new phone with the same number that allowed me to recover access to all my accounts. But I was locked out of literally everything for ~2 weeks, while on international travel, which was quite stressful.

It made me realize how just losing a single device can basically totally screw you over if you go with the "default" of 2FAing everything through your phone. Since then, I have just set strong new passwords and disabled 2FA entirely on many services (the ones that still allow that) since I feel like the probability of me losing my phone and permanently losing access to my accounts is much higher than a malicious attack. On others, I have tried to go to non-phone means of 2FA (yubikeys, etc) wherever possible.

Statistics: Posted by VictorStarr — Tue Aug 06, 2024 3:33 am