| ▲ | kleiba 3 hours ago |
| My wife and I had an appointment last week to apply for a line of credit. We talked it all through with the clerk and decided to go for it, so he started the whole process on his computer. His jaw dropped half-way through when he asked for my wife's and my phone number, and I had to tell him that I don't own a smart phone. Turns out you must have a smart phone because the system sends you some kind of code to verify your identity. Let that sink in: I am sitting in front of the clerk, but in order to identify me, he needs me to give him some phone number. The only way we could finalize the application is by me asking my mother whether I could use her phone number briefly to get this over with. She forwared the code to my wife's phone. That worked in the end -- but so much for "identifying me". |
|
| ▲ | ryandrake 2 hours ago | parent | next [-] |
| > in order to identify me We should stop accepting this ridiculous excuse. Our phone numbers are not identifiers. How does me telling a bank "My phone number is 123-456-7890" give them any assurance whatsoever that I am the person whose name will be printed on a loan document? |
| |
| ▲ | kleiba 2 hours ago | parent | next [-] | | Well, my case is the best proof of that: the phone number I ended up using was my mom's. It's most definitely baloney because I also had to provide ID. So, certainly there is no way I could identify myself "even more" by giving them a phone number than by giving them a government issued ID. | |
| ▲ | guidedlight 2 hours ago | parent | prev | next [-] | | > Our phone numbers are not identifiers. I think you missed the point. The process creates an identifier, by strongly associating you with the phone number. This association allows the bank to quickly establish your identity later when you call up or use online services. | | |
| ▲ | ryandrake 2 hours ago | parent [-] | | As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate. | | |
| ▲ | bradlys 33 minutes ago | parent [-] | | It’s not ridiculous. It’s for you to verify. It’s setting up 2FA. How can you not understand that? | | |
| ▲ | ryandrake 23 minutes ago | parent [-] | | 2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that. |
|
|
| |
| ▲ | mindslight 2 hours ago | parent | prev [-] | | It's not necessarily just for the 2FA snakeoil. The worst places snap on a glove and proctologize your network identity metadata (spilled by all the underlying carriers, IIUC), and sometimes even billing records with your name and address (more vulnerable if you're still on a postpaid). The US desperately needs a port of the EU's GDPR, for starters. |
|
|
| ▲ | throwawaypath 3 hours ago | parent | prev | next [-] |
| >Turns out you must have a smart phone Any phone that can receive SMS, not a smartphone. You could purchase a burner flip phone for this purpose. |
| |
| ▲ | EvanAnderson 3 hours ago | parent | next [-] | | I don't think the assumption that SMS is enough is valid anymore. My wife's elderly aunt has a flip phone that can receive SMS but not MMS. We just went thru an "identity verification" procedure with a major bank last week that sends MMS, not SMS, and could not reach her flip phone. The whole ordeal was a huge pain in the ass and if my wife and I weren't there to help her it would have been completely impenetrable to her. | | |
| ▲ | jeroenhd 28 minutes ago | parent | next [-] | | MMS is ancient. Ancient enough that my carrier disabled it entirely. Maybe the flip phone UI is shitty, or the carrier hasn't supplied the necessary APN info to the phone, or the phone hasn't been set up to use that APN because of a bug, or they're using some kind of modernized, non-standard MMS media type or something, but there's no way that phone can't receive MMS at all. | | |
| ▲ | EvanAnderson 21 minutes ago | parent [-] | | Like I said in my other comment - She can't receive a message with a photo from me. Just text, she can. It's an old phone, I think a Kyocera, and I believe her carrier is Cricket Wireless. |
| |
| ▲ | throwawaypath an hour ago | parent | prev [-] | | >My wife's elderly aunt has a flip phone that can receive SMS but not MMS. Doubt it, model number? >We just went thru an "identity verification" procedure with a major bank last week that sends MMS, not SMS, and could not reach her flip phone. Double doubt it, verification services do not use MMS. It would be against NIST standards and not a single verification software sends MMSs. I work in this space. MMS is being deprecated across the globe, multiple telcos have already entirely disabled MMS at the network level. You're likely confusing getting a verification number in the banking app, not SMS/MMS. | | |
| ▲ | EvanAnderson an hour ago | parent [-] | | I don't have the make / model of her phone. I suppose it could be an issue with her phone plan, or settings on her phone. I don't have tons of experience in the wireless telco space and I'm sure I'm abusing terminology. My Android phone says "SMS" under the "bubble", next to the time, when I send my wife's aunt a message. If I attempt to attach a photo to a message to her (which I've always thought was "MMS") she never receives the photo or any text I send with the photo. Nothing. re: the identify verification We had the bank send the message to my wife's phone. She received a message with a link to a website in the native text messaging app on her iPhone. My wife absolutely doesn't have the bank's "app" installed. The website linked in the message used her camera to photograph her aunt's ID and face. I don't know what color the "bubble" was on my wife's iPhone, which I know has some ability to differentiate SMS vs iMessage. My aunt can receive text messages. She couldn't receive this message. That's what I know. |
|
| |
| ▲ | kleiba 2 hours ago | parent | prev | next [-] | | I could also buy a smartphone. The point is that I shouldn't have to. | |
| ▲ | mbreese 2 hours ago | parent | prev [-] | | Sometimes the code must be received through the bank’s app. I went though this process recently to open a new account (at a bank where I already had other accounts). I didn’t think much of it at the time, but if you didn’t have or want a smartphone, this could be a major problem. |
|
|
| ▲ | reconnecting 3 hours ago | parent | prev | next [-] |
| The uncomfortable truth is that they most probably need your phone to check the online accounts you have. I believe most bank applications do it automatically as part of fraud prevention. May I ask, what is the country? |
|
| ▲ | stetrain 3 hours ago | parent | prev | next [-] |
| 2-factor authentication codes via SMS are pretty common and don't require a smart phone. You haven't run into this before? |
| |
| ▲ | kleiba 3 hours ago | parent [-] | | No, I don't really use a lot of service that require 2FA and for the ones I have to (e.g. work), there's always been a workaround. But this might not really have been a 2FA case - I mean, I was physically sitting in the bank. | | |
|
|
| ▲ | rolandog 2 hours ago | parent | prev | next [-] |
| Had a similar process when helping my parents settle in after relocating to Spain recently. I ended up having to ask an acquaintance to put down their phone so I could get some verification codes or information about an appointment in order to sign them up for... a Home internet + mobile phone lines bundle. Cherry on top of this dystopian situation was that the number needed to be a Spanish phone number. Couldn't be from a different country code. |
|
| ▲ | rvba 3 hours ago | parent | prev [-] |
| I understand what you mean, however it's still quite hilarious that there is an user on checks notes hacker news, who does not have a phone. This reminds me of the Japanese cybersecurity minister who did not use a computer. Bonus points if you work at Apple, or Google and work on iOS or Android. Would explain a lot why they are the way they are. |
| |
| ▲ | marssaxman 3 hours ago | parent | next [-] | | It's not so hilarious, really; there's nothing like a stint in the sausage factory to put one off one's taste for sausage. | |
| ▲ | kleiba 2 hours ago | parent | prev | next [-] | | I know I'm in the minority but I value privacy higher than convenience. I'm aware that not having a smart phone does not automatically equal total privacy, but I just cannot get myself to have a personal tracking device on me 24/7. | |
| ▲ | pid-1 2 hours ago | parent | prev | next [-] | | Many security/privacy nerds don't own end consumer gadgets etc... Some folks go vegan after seeing how the sausage gets made. | |
| ▲ | abnercoimbre 3 hours ago | parent | prev | next [-] | | I know Chrome / Chrome-adjacent googlers who swear by Firefox. | | |
| ▲ | ahartmetz 2 hours ago | parent [-] | | What are their reasons? I can imagine a few and I use Firefox myself, but I'd be interested in anything non-obvious. |
| |
| ▲ | jjgreen 2 hours ago | parent | prev | next [-] | | Ahem, more than one ... | |
| ▲ | tmtvl 2 hours ago | parent | prev | next [-] | | Imagine being on hacker news and having an iPhone instead of a Pinephone /jk. I'm always annoyed when some real-world good or service is only available to people with a smartphone, especially when it wasn't always so. Blue Bikes (rentable bicycles) were in the past usable with a membership card, but it got phased out in favour of an app. | |
| ▲ | 3 hours ago | parent | prev [-] | | [deleted] |
|
