Most people think of their email address as the thing to protect online. The reality is that your phone number is a far bigger vulnerability — and it's one most people freely hand over to every app, retailer, and website that asks.
Your Phone Number Is Permanently Tied to Your Identity
Unlike an email address, your phone number is almost impossible to meaningfully change. It's tied to your bank accounts, your two-factor authentication, your government accounts, and your medical records. Which means anyone who controls your phone number — or knows enough about you to impersonate you to your carrier — can potentially access everything.
SIM Swapping
SIM swapping is when an attacker calls your mobile carrier, impersonates you using information found on data broker sites (your name, address, last four of your Social Security number), and convinces the carrier to transfer your phone number to a SIM card they control.
Once they have your number, they receive all your two-factor authentication codes. They use those to reset your email password, then your bank account password, then your crypto accounts. This attack has cost people millions of dollars and it starts with your phone number being findable online.
Your Number Is Already on Data Broker Sites
Search your phone number on Spokeo, Whitepages, or Radaris. Chances are your name and address come up immediately. That's the information an attacker needs to SIM swap you.
What to Do About It
Add a PIN or passcode to your mobile carrier account. Call your carrier and ask them to add a port-out PIN — a code that must be provided before your number can be transferred. Most carriers offer this but don't advertise it.
Remove your number from data broker sites. Opt out of Spokeo, Whitepages, BeenVerified, Radaris, and Intelius. The less findable your personal information is, the harder it is for an attacker to pass the carrier's identity verification.
Use an app-based authenticator instead of SMS. Google Authenticator, Authy, or a hardware key like a YubiKey means even if someone SIM swaps you, they can't receive your 2FA codes. Switch your important accounts — email, bank, crypto — off SMS-based 2FA immediately.
Use a Google Voice number for signups. Give out a Google Voice number instead of your real number when apps and retailers ask. Your real number stays out of data broker databases and breach lists.
The Bottom Line
Your phone number is the master key to your digital life. Treat it accordingly.