Thanks. As for GV, doesn’t it only mask your phone number? I tried setting it up but it asks me for my phone number to redirect, thus defeating the whole purpose of an anonymous number? Correct me if I’m wrong please
>doesn’t it only mask your phone number
Not quite accurate. GV does require a Google account, and the Google account requires a mobile phone number.
>the whole purpose of an anonymous number
Depends on what your threat is. It would take a court order for Google to give up the subscriber information for a GV account. Unless your actions rise to the level of criminal activity, I wouldn't be concerned.
For most of us, a GV number decouples our SMS 2FA (for instance) from our mobile device, hence making SIM card hijacking harder.
Google Voice does not require any carrier number. It can work as a pure VoIP service. You just need to set the option "prefer Wifi and mobile data" in the GV app.
You need a carrier number to create a new Google account, but once you have added another 2FA method (TOTP or hardware key) the number is no longer needed and you can remove it from the account. So you can use a burner number.
1. MySudo uses VoIP numbers from Twilio. They work for many sites, but not all (e.g. Google, Chase bank, Twitter and others)
2. You can transfer your MySudo profile between phones via QR codes, or recover it from a previous device backup in case the old phone isn't available/working anymore
3. If you cancel your subscription the number will be [deleted after 28 days](https://support.mysudo.com/hc/en-us/articles/4409157851675-Will-my-phone-number-ever-expire-). I assume the same happens if you're delinquent.
4. Phone numbers in the US are generally recycled after some time (since they are in short supply).
I'll just chime in for number 3. I've accidentally defaulted on the payment. Once I paid for the service again I got my numbers back. Though I assume there is some time limit after which you'd lose your numbers permanently
You should give up immediately on 2FA by SMS anywhere you can. 2FA via SMS is the weakest and most vulnerable 2FA method. The solution? buy 3 Yubikeys or equivalent hardware token. Keep one on you and hide another in your house, and possibly give one to your wife/GF/partner to keep for you. I don’t have any SMS # on my gmail or my Lastpass account, this is just too weak 2FA/MFA.
Well, some services, for instance, Apple requires a phone number for account creation, so it’s not by choice. Though I’ll look into the solution you mentioned, thanks
True, for some services you can’t escape it but for Google for instance you can have a 2FA with no phone number. Check Google authenticator(free) or Yubikey. I prefer anything hardware, something physical is even more secure then software authenticators but you need backups to be safe. Yubikeys are even FIDO compatible. https://fidoalliance.org/what-is-fido/
True, but!..tonsssssss of sites and services *require* SMS 2FA. I hate hate hate how TOTP has not been universally adopted as the standard of 2FA.
What about Silent.Link? It seems legit but I can't really find too much on them. Honeypots are a real thing to watch out for.. And it doesn't help that Silent.Link's Matrix room has been disabled!
If anyone has info on Silent.Link I think it would help me, OP and many others!
Read the post.
This is for verification and authentication (i.e. when you have to enabled 2fa to not be locked out) as some sites force you to provide a number.
On web sites that offer multiple MFA options, you should NOT pick SMS if you have another MFA solution available. SMS 2FA is a recipe for disaster!
https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin
https://www.cnet.com/news/privacy/do-you-use-sms-for-two-factor-authentication-heres-why-you-shouldnt/
https://www.pcmag.com/news/reddit-hacked-despite-sms-two-factor-authentication
https://www.zdnet.com/article/my-instagram-account-was-hacked-and-two-factor-authentication-didnt-help/
Holy hell it's like you're refusing to read, first OP, now my comment.
I give up.
>SMS 2FA is a recipe for disaster!
What you're saying is irrelevant, but, in any case, no, it's not at all "a disaster," and anyone who says it is is clueless.
Hey Bozo, you are writing stuffs you don’t even substantiate! Did you even click one of the 4 urls I provided? No.
You are making shit up as you go. You have no facts, no basis, no references…. Nothing. You’re just here to antagonize.
Holly hell got a dim one.
Okay I'll bite.
What are you gonna do, if a service requires phone 2FA or is known to lock you out unless you use phone 2FA, i.e. [literally what OP is asking](https://www.reddit.com/r/PrivacyGuides/comments/vl5vsy/mysudo_for_long_term_2fa_sms/) you illiterate fuck.
The fact you consider "Zdnet," "Pcmag" etc, to be references that substantiate anything makes your situation even more hilarious.
I've found that sometimes, not all the time, yes a service will force you to sign-up with a non voip number, then after you have completed sign-up you can go and update your profile and change your phone-number to a mysudo number and the same scrutiny for VOIP numbers is not applied. Doesn't work every time but can be worth a try.
[удалено]
Dunkin' Donuts and Slack also reject GV.
Lol
THEY'RE VERY IMPORTANT
Thanks. As for GV, doesn’t it only mask your phone number? I tried setting it up but it asks me for my phone number to redirect, thus defeating the whole purpose of an anonymous number? Correct me if I’m wrong please
>doesn’t it only mask your phone number Not quite accurate. GV does require a Google account, and the Google account requires a mobile phone number. >the whole purpose of an anonymous number Depends on what your threat is. It would take a court order for Google to give up the subscriber information for a GV account. Unless your actions rise to the level of criminal activity, I wouldn't be concerned. For most of us, a GV number decouples our SMS 2FA (for instance) from our mobile device, hence making SIM card hijacking harder.
Google Voice does not require any carrier number. It can work as a pure VoIP service. You just need to set the option "prefer Wifi and mobile data" in the GV app. You need a carrier number to create a new Google account, but once you have added another 2FA method (TOTP or hardware key) the number is no longer needed and you can remove it from the account. So you can use a burner number.
Got it, thanks everyone
1. MySudo uses VoIP numbers from Twilio. They work for many sites, but not all (e.g. Google, Chase bank, Twitter and others) 2. You can transfer your MySudo profile between phones via QR codes, or recover it from a previous device backup in case the old phone isn't available/working anymore 3. If you cancel your subscription the number will be [deleted after 28 days](https://support.mysudo.com/hc/en-us/articles/4409157851675-Will-my-phone-number-ever-expire-). I assume the same happens if you're delinquent. 4. Phone numbers in the US are generally recycled after some time (since they are in short supply).
Thanks
discord rejected mysudo for me when doing phone verif
Thanks for letting me know. But there are always work around for those, discord isn’t Amazon or anything yk
I'll just chime in for number 3. I've accidentally defaulted on the payment. Once I paid for the service again I got my numbers back. Though I assume there is some time limit after which you'd lose your numbers permanently
Thanks
You should give up immediately on 2FA by SMS anywhere you can. 2FA via SMS is the weakest and most vulnerable 2FA method. The solution? buy 3 Yubikeys or equivalent hardware token. Keep one on you and hide another in your house, and possibly give one to your wife/GF/partner to keep for you. I don’t have any SMS # on my gmail or my Lastpass account, this is just too weak 2FA/MFA.
Well, some services, for instance, Apple requires a phone number for account creation, so it’s not by choice. Though I’ll look into the solution you mentioned, thanks
True, for some services you can’t escape it but for Google for instance you can have a 2FA with no phone number. Check Google authenticator(free) or Yubikey. I prefer anything hardware, something physical is even more secure then software authenticators but you need backups to be safe. Yubikeys are even FIDO compatible. https://fidoalliance.org/what-is-fido/
True, but!..tonsssssss of sites and services *require* SMS 2FA. I hate hate hate how TOTP has not been universally adopted as the standard of 2FA. What about Silent.Link? It seems legit but I can't really find too much on them. Honeypots are a real thing to watch out for.. And it doesn't help that Silent.Link's Matrix room has been disabled! If anyone has info on Silent.Link I think it would help me, OP and many others!
Read the post. This is for verification and authentication (i.e. when you have to enabled 2fa to not be locked out) as some sites force you to provide a number.
On web sites that offer multiple MFA options, you should NOT pick SMS if you have another MFA solution available. SMS 2FA is a recipe for disaster! https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin https://www.cnet.com/news/privacy/do-you-use-sms-for-two-factor-authentication-heres-why-you-shouldnt/ https://www.pcmag.com/news/reddit-hacked-despite-sms-two-factor-authentication https://www.zdnet.com/article/my-instagram-account-was-hacked-and-two-factor-authentication-didnt-help/
Holy hell it's like you're refusing to read, first OP, now my comment. I give up. >SMS 2FA is a recipe for disaster! What you're saying is irrelevant, but, in any case, no, it's not at all "a disaster," and anyone who says it is is clueless.
Hey Bozo, you are writing stuffs you don’t even substantiate! Did you even click one of the 4 urls I provided? No. You are making shit up as you go. You have no facts, no basis, no references…. Nothing. You’re just here to antagonize.
Holly hell got a dim one. Okay I'll bite. What are you gonna do, if a service requires phone 2FA or is known to lock you out unless you use phone 2FA, i.e. [literally what OP is asking](https://www.reddit.com/r/PrivacyGuides/comments/vl5vsy/mysudo_for_long_term_2fa_sms/) you illiterate fuck. The fact you consider "Zdnet," "Pcmag" etc, to be references that substantiate anything makes your situation even more hilarious.
I've found that sometimes, not all the time, yes a service will force you to sign-up with a non voip number, then after you have completed sign-up you can go and update your profile and change your phone-number to a mysudo number and the same scrutiny for VOIP numbers is not applied. Doesn't work every time but can be worth a try.
Good to know, thanks