Why YSK:

Because this scenario:

I know what some people are thinking:

My eSIM is tied to my phone, phones these days have encryption, so all I need to do is set a lockscreen password then a thief cannot access any of my data.

WRONG

At least in Android: You can just use some button combo (just look up “[Phone model] hard reset”) to get into the recovery menu and wipe all data, then reboot, and the eSIM is still there!

(Caveat to this: If you happen to have a Google account, it would force a FRP lock, and that would stop access, but most of fediverse does not like those type of online accounts, so: without a SIM PIN and without FRP locks, the eSIM is accessible to a thief)

Now the thief has your bank 2FA Codes!

TLDR: Set a pin on your SIM cards, even if it’s an eSIM (but especially if you use physical SIM cards)

(Curious: Does anyone actually use SIM PINs or do I just have a lot of paranoid regarding tech and potential hacks/exploits)

  • BeefHouse@lemmy.worldEnglish
    3·
    3 hours ago

    My bank does not use a phone number for 2FA… Its handled by their app.

    The phone number is now relegated to other personal information you might use to verify who you are… Like address, date of birth, or other security questions like mother’s maiden name

    • 「黃家駒 Wong Ka Kui」@piefed.caOPEnglish
      5·
      3 hours ago

      That feels worse…

      At least you can change a phone number

      How do you change your personal info? Its permanent and unchanging… One databreach and you’re fucked