But what is an appropriate level of liability here? Phone companies never signed up to be the guardians of our digital lives, and the tech industry at large has just built a castle on shakey foundations.
And there are obvious trade-offs here, if we make number portability harder, it means you're somewhat hostage to your phone provider.
No, this is exactly what they signed up for. When I sign a contract with my phone company to give me access to their network I expect that they will not just give it to someone else instead under my name.
Phone companies are guardians of our our accounts with them. The absolutely bear responsibility if poor security or loopholes allow someone to gain any sort of access to our accounts. Security and convenience are often a trade off. Clearly service providers are not properly judging where that balance should be.
> Phone companies never signed up to be the guardians of our digital lives
The parent comment addressed this point. This is not just about 2FA. SMS users expect their communication are private, except (debatably) by the courts with a warrant.
And there are obvious trade-offs here, if we make number portability harder, it means you're somewhat hostage to your phone provider.