OPSEC52 / Week 4 — Phone number compartmentalization
Your phone number outranks your email as a master key — it’s a real-world anchor that carriers, brokers, and SIM-swap attackers all treat as you. Stop handing the same number to your bank, your exchange, and a random forum, and stop trusting SMS to guard anything.
Threat model: a SIM-swap attacker who takes over your number to drain SMS-2FA accounts; SS7-class SMS interception; data brokers and apps joining your accounts through a shared, carrier-bound number that maps straight to your legal name and address.
Last week we gave every service its own email alias. This week we fix the identifier that’s worse than a reused email — your phone number. Email you can churn; a carrier number is welded to your legal identity, your billing address, and a physical SIM an attacker can socially-engineer away from you.
Why a phone number is a worse master key than email
An email alias is just a forwarding rule. A carrier number is a real-world identity anchor: it’s tied to a KYC’d account, a billing address, and a SIM card sitting in a slot someone at a phone-shop counter can re-issue. Three problems compound:
- It correlates. The same number handed to your exchange, your bank, your dating app, and a leaky forum lets brokers join all of them — and a number is far easier to reverse-lookup to a name than an email.
- It centralizes. Anyone who controls the number can run “forgot password → text me a code” on every account that allows it.
- It’s swappable. Unlike an email you control end-to-end, your number lives at a carrier whose support desk can be talked, bribed, or phished into porting it to an attacker’s SIM. That’s a SIM swap, and it’s the single most common way crypto and high-value accounts get drained.
SMS 2FA is the weak link, not the safety net
Texted codes feel like security; they’re the opposite. SMS rides protocols (SS7) that were never built for confidentiality, and the whole thing collapses the instant someone owns your number. A number you use for 2FA is a single point of failure for every account behind it. The rule: SMS is acceptable as a delivery channel for unimportant signups, never as the lock on anything you’d hate to lose.
- Replace SMS 2FA with a TOTP app (Aegis on Android, or any offline authenticator) or, better, a hardware security key (FIDO2). These never leave your device and can’t be SIM-swapped.
- For accounts that force a phone number, give them a number you can afford to lose (below) — and still turn on TOTP as the real second factor.
Compartmentalize: a number per trust tier
Same idea as personas and aliases — match the identifier to the context:
- Your real carrier number — tier zero. Give it to almost no one. Family, maybe your doctor. Never to an exchange, a marketplace, or anything internet-facing. If it never touches an account, it can’t unlock one.
- A stable VoIP / app number — everyday accounts. A long-lived number from a VoIP or app-based provider for the accounts you keep but that aren’t your crown jewels. It survives, but it isn’t your carrier line, so a swap there doesn’t touch your real SIM.
- Disposable verification numbers — throwaway. For the endless “verify your number to continue” walls on services you’ll use once, rent a one-time number per signup and discard it. The signup gets a code; you never expose a number that maps to you. xmr.club’s SMS / number providers covers the no-KYC options here.
For the data side, a data-only eSIM keeps you connected without putting a KYC’d voice line on your device at all — handy when travelling or when you simply don’t want a carrier identity following you between contexts.
The SIM-swap test
Here’s the payoff, the way last week’s “breach test” worked for email. Picture an attacker who successfully swaps your carrier number tonight. In the shared-number world, they run password resets across your exchange, your bank, your email, and your socials before you notice the signal bars vanish — game over. In the compartmentalized world, that number unlocks nothing, because nothing important uses it and nothing important trusts SMS. The swap becomes an annoyance (re-issue the SIM) instead of a catastrophe. That’s the whole point: no single identifier should be able to end your week.
Common mistakes
- Treating a “second number” as compartmentalization. One spare number reused everywhere is just a second master key. The unit is per-tier, not a backup.
- Keeping SMS 2FA “as a fallback.” A fallback to SMS is the attack surface — an attacker just triggers the fallback. Remove the number from the account entirely once TOTP/hardware is set.
- Registering your throwaway/VoIP number with details that re-link to you. A disposable number paid with a KYC card and your real email undoes the whole exercise. Pair it with email aliasing and private payment.
See also
- Week 3 — Email aliasing: the other identifier behind every account.
- Week 2 — Identity compartmentalization: one persona per purpose; phone numbers are a persona’s hardest-to-fake limb.
- xmr.club: SMS / number providers and eSIM options for the no-KYC tooling that makes per-tier numbers practical.
Curated by Cyber Satoshi