# Phone number compartmentalization — one number was never meant to be your identity > Your phone number outranks your email as a master key — it's a real-world anchor that carriers, brokers, and SIM-swap attackers all treat as you. Stop handing the same number to your bank, your exchange, and a random forum, and stop trusting SMS to guard anything. Markdown twin of https://xmr.club/opsec/04-phone-compartmentalization. CC-BY-4.0. Attribute "xmr.club". ## At a glance - Canonical: https://xmr.club/opsec/04-phone-compartmentalization - Series: #OPSEC52 — weekly threat-model-first OPSEC cards - Week: 04 - Pillar: Digital identity compartmentalization - Difficulty: beginner - Cost: $0–$5/mo (free app numbers + data-only eSIM; pay-per-use verification SMS) - Published: 2026-06-22 ## Body # OPSEC52 / Week 4 — Phone number compartmentalization > Your phone number outranks your email as a master key — it's a real-world anchor that carriers, brokers, and SIM-swap attackers all treat as you. Stop handing the same number to your bank, your exchange, and a random forum, and stop trusting SMS to guard anything. **Threat model:** a SIM-swap attacker who takes over your number to drain SMS-2FA accounts; SS7-class SMS interception; data brokers and apps joining your accounts through a shared, carrier-bound number that maps straight to your legal name and address. Last week we gave [every service its own email alias](/opsec/03-email-aliasing). This week we fix the identifier that's *worse* than a reused email — your phone number. Email you can churn; a carrier number is welded to your legal identity, your billing address, and a physical SIM an attacker can socially-engineer away from you. ## Why a phone number is a worse master key than email An email alias is just a forwarding rule. A carrier number is a **real-world identity anchor**: it's tied to a KYC'd account, a billing address, and a SIM card sitting in a slot someone at a phone-shop counter can re-issue. Three problems compound: 1. **It correlates.** The same number handed to your exchange, your bank, your dating app, and a leaky forum lets brokers join all of them — and a number is far easier to reverse-lookup to a name than an email. 2. **It centralizes.** Anyone who controls the number can run "forgot password → text me a code" on every account that allows it. 3. **It's swappable.** Unlike an email you control end-to-end, your number lives at a carrier whose support desk can be talked, bribed, or phished into porting it to an attacker's SIM. That's a **SIM swap**, and it's the single most common way crypto and high-value accounts get drained. ## SMS 2FA is the weak link, not the safety net Texted codes feel like security; they're the opposite. SMS rides protocols (SS7) that were never built for confidentiality, and the whole thing collapses the instant someone owns your number. **A number you use for 2FA is a single point of failure for every account behind it.** The rule: SMS is acceptable as a *delivery channel for unimportant signups*, never as the lock on anything you'd hate to lose. - Replace SMS 2FA with a **TOTP app** (Aegis on Android, or any offline authenticator) or, better, a **hardware security key** (FIDO2). These never leave your device and can't be SIM-swapped. - For accounts that *force* a phone number, give them a number you can afford to lose (below) — and still turn on TOTP as the real second factor. ## Compartmentalize: a number per trust tier Same idea as personas and aliases — match the identifier to the context: 1. **Your real carrier number — tier zero.** Give it to almost no one. Family, maybe your doctor. Never to an exchange, a marketplace, or anything internet-facing. If it never touches an account, it can't unlock one. 2. **A stable VoIP / app number — everyday accounts.** A long-lived number from a VoIP or app-based provider for the accounts you keep but that aren't your crown jewels. It survives, but it isn't your carrier line, so a swap there doesn't touch your real SIM. 3. **Disposable verification numbers — throwaway.** For the endless "verify your number to continue" walls on services you'll use once, rent a one-time number per signup and discard it. The signup gets a code; you never expose a number that maps to you. xmr.club's [SMS / number providers](/sims) covers the no-KYC options here. For the data side, a **data-only eSIM** keeps you connected without putting a KYC'd voice line on your device at all — handy when travelling or when you simply don't want a carrier identity following you between contexts. ## The SIM-swap test Here's the payoff, the way last week's "breach test" worked for email. Picture an attacker who *successfully swaps your carrier number tonight.* In the shared-number world, they run password resets across your exchange, your bank, your email, and your socials before you notice the signal bars vanish — game over. In the compartmentalized world, that number unlocks *nothing*, because nothing important uses it and nothing important trusts SMS. The swap becomes an annoyance (re-issue the SIM) instead of a catastrophe. That's the whole point: **no single identifier should be able to end your week.** ## Common mistakes - **Treating a "second number" as compartmentalization.** One spare number reused everywhere is just a second master key. The unit is *per-tier*, not *a backup*. - **Keeping SMS 2FA "as a fallback."** A fallback to SMS *is* the attack surface — an attacker just triggers the fallback. Remove the number from the account entirely once TOTP/hardware is set. - **Registering your throwaway/VoIP number with details that re-link to you.** A disposable number paid with a KYC card and your real email undoes the whole exercise. Pair it with [email aliasing](/opsec/03-email-aliasing) and private payment. ## See also - [Week 3 — Email aliasing](/opsec/03-email-aliasing): the other identifier behind every account. - [Week 2 — Identity compartmentalization](/opsec/02-identity-compartmentalization): one persona per purpose; phone numbers are a persona's hardest-to-fake limb. - xmr.club: [SMS / number providers](/sims) and [eSIM options](/sims) for the no-KYC tooling that makes per-tier numbers practical. *Curated by [Cyber Satoshi](https://x.com/xbtoshi)* ## Related - HTML: https://xmr.club/opsec/04-phone-compartmentalization - Series index: https://xmr.club/opsec - Twin index: https://xmr.club/llm/opsec.txt