Why YSK:
Because this scenario:
I know what some people are thinking:
My eSIM is tied to my phone, phones these days have encryption, so all I need to do is set a lockscreen password then a thief cannot access any of my data.
WRONG
At least in Android: You can just use some button combo (just look up “[Phone model] hard reset”) to get into the recovery menu and wipe all data, then reboot, and the eSIM is still there!
(Caveat to this: If you happen to have a Google account, it would force a FRP lock, and that would stop access, but most of fediverse does not like those type of online accounts, so: without a SIM PIN and without FRP locks, the eSIM is accessible to a thief)
Now the thief has your bank 2FA Codes!
TLDR: Set a pin on your SIM cards, even if it’s an eSIM (but especially if you use physical SIM cards)
(Curious: Does anyone actually use SIM PINs or do I just have a lot of paranoid regarding tech and potential hacks/exploits)
Wait, you have a SIM/eSIM? You bank through your phone?
Well there’s your two main problems right there, separate your banking from your mobile device altogether.
All bank accounts require a phone number. VOIP numbers does not work.
Online banking through a computer requires a phone number for them to send a 2fa code to before letting you log in. (Phone number 2fa is the only 2FA option, and even if not, its often used as a recovery option to whatever other 2fa method there is, effectively making the phone number the weakest link)
But I guess if you don’t like that, you could tell them to disable online banking and avoid using electronics for banking, but then you’d have to either go to the bank every week and wait in an annoying line to verify you’re getting paid and that the amount is correct (cuz you can’t trust employers)
(Or use the sketchy ATM machine that could have card skimmers and fake PIN pads, can sometimes be much more dangerous than online banking IMO)
(Also some people need online banking like my parent have a small bussiness and my mom has to do a bunch of bank transfers every month through online banking…)
Idk if I could live life not using ATMs.
Yes, they might have card skimmers, but I would trust the ATMs that’s inside the bank branch would be free of those, as a lot more eyes are on those machines, even cctvs, and any suspicion would immediately get staff’s attention. I would always do the prying test on new ATMs I encounter, if it does anything, and once I’m satisfied with it, I just look for any changes the next time I use it.
Lol my mom taught me to never trust ATM machines and always go inside the branch.
Also for gas stations, never pay at the pump, always go inside to pay…
My bank does not use a phone number for 2FA… Its handled by their app.
The phone number is now relegated to other personal information you might use to verify who you are… Like address, date of birth, or other security questions like mother’s maiden name
That feels worse…
At least you can change a phone number
How do you change your personal info? Its permanent and unchanging… One databreach and you’re fucked
That’s always been my preference, just go to the bank in person…