Well, my case is the best proof of that: the phone number I ended up using was my mom's.
replyIt's most definitely baloney because I also had to provide ID. So, certainly there is no way I could identify myself "even more" by giving them a phone number than by giving them a government issued ID.
> Our phone numbers are not identifiers.
replyI think you missed the point. The process creates an identifier, by strongly associating you with the phone number.
This association allows the bank to quickly establish your identity later when you call up or use online services.
As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate.
replyIt’s not ridiculous. It’s for you to verify. It’s setting up 2FA. How can you not understand that?
reply2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that.
replyEven if it was useful in OPs case -- which it wasn't -- SMS 2FA is frowned upon by all modern security standards because it has several severe security issues.
replyIt's not necessarily just for the 2FA snakeoil. The worst places snap on a glove and proctologize your network identity metadata (spilled by all the underlying carriers, IIUC), and sometimes even billing records with your name and address (more vulnerable if you're still on a postpaid). The US desperately needs a port of the EU's GDPR, for starters.
reply