| ▲ | exceptione 3 days ago | |
Dumb phone works as well with sms verification. | ||
| ▲ | techcode 2 days ago | parent [-] | |
I used to work for a GSM messaging gateway/SMSC. And seeing first hand how most of those SMS messages (2FA, password reset, bank transaction/balance ...etc) are usually routed (sure over SSL but stored/forwarded as unencrypted GSM packets) through several different companies around the world - before reaching your mobile operator ... And on top of that you add stuff like sim cloning, and all the other things that one gets by having a direct SS7 connection (there were blog posts/YouTube videos - IIRC Linus Tech Tips calls/SMS got routed to Australia). Using SMS for 2FA or anything similar is my last resort. Granted I stopped working there 15+ years ago - but I imagine that the basic economy reasoning where it's impractical for every mobile operator to have a direct peering contract with every other operator in the world - is still the same. And messages originating from non mobile users/operators (like DigiD 2FA) always start at one of these messaging gateways/SMSCs (e.g. InfoBip.com), and often go through a few different ones before reaching your mobile operator. | ||