Recently I've been alarmed by several cases in which attackers impersonated someone, claimed to Verizon or T-mobile that they lost their phone, and then got a new SIM card with the victim's phone number. Once attackers steal a phone number, it is apparently easy to initiate password recovery at many sites and steal money, either by initiating payments or redirecting direct-deposit payments. Here's an egregious example where someone lost Bitcoin because of a stolen Verizon number: https://medium.com/@CodyBrown/how-to-lo ... 75fb8d0bac
Now that I know my cell numbers are worthless for security, I'm thinking of relying on my home number, but I don't know if it's any better. Sadly, a number of sites exclusively offer SMS/voice calls as 2FA. Does sonic do anything to protect customers' phone numbers from fraudulent porting activity? Or is there anything I can do to increase the security of my sonic phone number?
On a related note, any hope of getting a Google authenticator/TOTP option to protect our member profiles?
Now that I know my cell numbers are worthless for security, I'm thinking of relying on my home number, but I don't know if it's any better. Sadly, a number of sites exclusively offer SMS/voice calls as 2FA. Does sonic do anything to protect customers' phone numbers from fraudulent porting activity? Or is there anything I can do to increase the security of my sonic phone number?
On a related note, any hope of getting a Google authenticator/TOTP option to protect our member profiles?