Never Use Your Phone Number For 2FA
I wrote in an earlier post that I'm getting rid of my Spotify and google accounts.
So far, Spotify was easy to cut out of my life 1.
But my Google account (Gmail) and the associated accounts I've signed up for using it? Pain. It's been months since that original post and I'm still slowly removing stuff.
At first it was fun and therapeutic, like I was cleaning house. But then I discovered old important accounts tied to my old Gmail using a phone number as 2FA. A phone number I haven't used in 6-8 years 2.
Let me tell you: account recovery processes suck if you lose this. It is the most bureaucratic hellscape you can imagine. It is mind-numbing. Oh and good luck if that derelict phone number was used as 2FA for a Gmail account. Google will make it very hard to open that up.
Please don't be me. Make use of literally any alternative. Something like Proton Authenticator. It has an easy export feature to backup your 2FA codes.
If you're worried about losing that then just religiously backup your encrypted codes to your hard drive/local NAS. Hell, put it in a USB and bury it in undisclosed coordinates. Memorize the scrambled encrypted contents of the JSON file.
Literally ANYTHING but use a goddamn phone number. Even if you're careful, shit happens. You could lose access to that phone number one day or the service you're using could get caught in a data breach and now you have people calling you about your car's extended warranty.
OH and if a service you're using only allows for phone numbers as 2FA, and they're not banks/government entities, its not worth it. Just use a password manager to generate a unique password for you. Bitwarden is great for that.
Ok rant over.
Mail reply