I’ve considered using smspool but I dont know if there is a better one.
smspool is the recommended in the forum discussions here and the go to.
I’m not aware about some other better option.
1 Like
gave https://smss.biz/ a try. Some of the free numbers worked which is better than ive seen with other options where they’re all expired. Any other options for future besides smspool?
I’ve always wondered - are these services secure?
For accounts that offer 2FA via passkey or authentication app, I see little risk, as you are the only one who can login
But for the large number of services that only offer SMS 2FA… by registering with a number you do not own, aren’t you vulnerable? Can’t these providers, or some middleman, use these ‘burner’ numbers to access your accounts once you can no longer use them?
Your comment reads like you have an unclear understanding of what and how 2FA works.
Unless someone has your username and password along with access to your phone number (if SMS 2FA) is enabled, they can’t get in with just access to your SMS/number. That’s the second factor for authentication.
And this is mostly a non issue because they can only log in and access your account if they have everything - in which case you’re/anyone is screwed anyways. Using a third party SMS service for 2FA won’t be to exclusively blame.
I hope you get what I mean. And so it’s always best to use TOTP for your 2FA needs. Passkeys are new but the only risk they carry is that if the domain of the website on which you made that software passkey changes, your passkeys will cease to work.
A lot of services allow you to reset an account with just a phone number. No username or password required. It’s not good security. But it’s the situation we are in.
2 Likes
Okay, at worst if this is even the case, you get locked out of your account and the attacker still can’t get in if they only have your SMS info. You’re still “safe” because your data doesn’t leak (at least this way).
Absolutely. SMS 2FA should be abolished. I don’t know what kind of expertise these companies have that still say this is how it should be. Makes no sense to me.
By reset I mean reset login details. They can gain full access with just a phone number. Unfortunately some essential services have such problems. Including municipal services and healthcare providers.
In that case, its best to use numbers from JMP.chat then. They provide a great service and I see no way the number fully being compromised by this provider.
At the end of day, there are still only so many mitigating steps you can take. Nothing is 100% guaranteed 100% of the time.