Stories
Slash Boxes
Comments

SoylentNews is people

Why Phone Numbers Stink as Identity Proof

posted by martyb on Monday March 18 2019, @04:23PM   Printer-friendly
from the your-call dept.

canopic jug writes:

Security researcher Brian Krebs has posted an interview with Allison Nixon on why phone numbers are unsuitable for authentication and identification.

Phone numbers stink for security and authentication. They stink because most of us have so much invested in these digits that they’ve become de facto identities. At the same time, when you lose control over a phone number — maybe it’s hijacked by fraudsters, you got separated or divorced, or you were way late on your phone bill payments — whoever inherits that number can then be you in a lot of places online.

How exactly did we get to the point where a single, semi-public and occasionally transient data point like a phone number can unlock access to such a large part of our online experience? KrebsOnSecurity spoke about this at length with Allison Nixon, director of security research at New York City-based cyber intelligence firm Flashpoint.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Why Phone Numbers Stink as Identity Proof | Log In/Create an Account | Top | 43 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 1, Funny) by Anonymous Coward on Monday March 18 2019, @09:21PM (1 child)

    by Anonymous Coward on Monday March 18 2019, @09:21PM (#816630)
    You'd be amazed how many websites that demand a phone number will accept numbers of the form:

    123-555-xxxx

    or

    123-456-7890

    The first is the directory assistance number in the US (which is why almost every phone number in a tv show is "YYY-555-XXXX" with YYY being the proper area code for the setting of the show.

    If anyone were to dial it (and yes, there are fools who will) they simply get the directory assistance folks at the phone company.

    The second should be obvious (sequence of digits).

    Both work because most web systems 'validation' of an entered phone number amounts to "does it contain digits?, are the right number of digits present?".

    Starting Score:    0  points
    Moderation   +1  
       Funny=1, Total=1
    Extra 'Funny' Modifier   0  
    Total Score:   1  

  • (Score: 1, Interesting) by Anonymous Coward on Monday March 18 2019, @11:15PM

    by Anonymous Coward on Monday March 18 2019, @11:15PM (#816695)

    Actaully now 555 is being used for phone#. TV and Movies are limited to 0100 to 0199 as suffix.

    Gone are the days of "Library 2-5000" or using a "bad number" like "Queenland 7-2345"

    Was a great MENSA gag:

    "Remember those SAT and ACT test you took back in college? Well you can find out what your IQ when you took those test. Just call 1-800-4-Your-IQ".

      Then watch the confusion when the "Q" was not found on the dial. To help you ask "maybe you should try "1-800-NEW-QUIZ" instead." and walk away.