Why YSK:
Because this scenario:
I know what some people are thinking:
My eSIM is tied to my phone, phones these days have encryption, so all I need to do is set a lockscreen password then a thief cannot access any of my data.
WRONG
At least in Android: You can just use some button combo (just look up “[Phone model] hard reset”) to get into the recovery menu and wipe all data, then reboot, and the eSIM is still there!
(Caveat to this: If you happen to have a Google account, it would force a FRP lock, and that would stop access, but most of fediverse does not like those type of online accounts, so: without a SIM PIN and without FRP locks, the eSIM is accessible to a thief)
Now the thief has your bank 2FA Codes!
TLDR: Set a pin on your SIM cards, even if it’s an eSIM (but especially if you use physical SIM cards)
(Curious: Does anyone actually use SIM PINs or do I just have a lot of paranoid regarding tech and potential hacks/exploits)
SIM PINs are 4-8 digits
The SIM Chip itself is supposed to limit entry attempts to 3, idk if anyone managed to bypass it
After that, it required a PUK Code, 8 digits I believe. Its sometimes found on the big plastic card thing (its like the size of a credit card, and you pop off a physical sim from it). 10 Attempts.
I think the carrier also has it.
So an attacker needs to either:
or
The thing is, I as a kid/teen messed with tech stuff a lot (got my parents SIM cards locked a few times 👀, they got so mad at me lol) and I found that sometimes I can reboot a phone and the 10 attempts on the PUK code would reset… idk how, maybe the SIM card had issues… or maybe it’s a T-Mobile issue.