Your phone number was never meant to be an all-access pass to your life.
That 10-digit string has likely followed you worldwide and across the internet for years. Over the course of that time, you’ve almost certainly handed it out — willingly or otherwise — to every person, restaurant, social media platform, or online store that’s asked. That’s a problem. For someone with the right motivation, that number is a thread that, once pulled, can unravel your entire digital life — crashing down your privacy, bank account, or even your very identity.
But it doesn’t have to be.
There’s a way to mitigate the very real risks that come with treating your phone number like both a public identifier and a key protecting all your secrets: getting and maintaining a second phone number.
Thankfully, as long as you’re diligent about it, the process isn’t that complex. Unfortunately, according to Jon Callas, the Electronic Frontier Foundation’s director of technology projects, this partial solution is only an expensive Band-Aid on a broken system.
But when it comes to healing wounds, a bandage is often a great place to start.
A phone number in the wrong hands can be a dangerous thing.
If you use any type of modern online service — email, online banking, cryptocurrency exchanges — it’s more than likely that your cellphone number is tied to those accounts. Often, in the case of forgotten passwords, those accounts rely on phone numbers for password resets.
In other words, the true key to an online account isn’t its password, but the account holder’s phone number.
We’ve seen, time and time again, how this can be abused. SIM swap a victim’s phone — which involves nothing more complicated than calling and convincing a mobile phone carrier to port a target’s phone number to a SIM card of the hacker’s choice — and you can steal all their cryptocurrency. Gain access to someone’s voicemail — which is easier than you would expect — and all their online accounts are yours.
Or, even simpler, with the help of Whitepages Premium, a troublemaker can learn all kinds of presumably non-public details about your personal life (like where you used to live and the names of your family members) using only your phone number. Some of those details may be answers to password recovery questions.
But here’s the thing: In order for hackers to target you specifically for this kind of attack, they need to know the phone number you have linked to your most sensitive online accounts. Unfortunately, with hacks, data breaches, and leaks happening all the time, it’s relatively easy for those bad actors to figure out your number.
Even if the data hackers get is years old, when it comes to phone numbers that fact likely won’t matter.
“I’ve heard a joke that, in the U.S., your area code indicates where you were when you were old enough to start paying your own phone bill,” Callas said. “The ‘We don’t want to change our phone number’ aspect is what changes phone numbers into a privacy and security thing.”
Here’s where a second, secret phone number comes in handy.
By maintaining a separate phone line that you exclusively link to your most important accounts — e.g., your bank and primary email — you can drastically reduce the possibility of targeted phone-based hacking attacks ever taking place.
When is the last time you changed your phone number? If you’re like many people, it’s probably been a while. That can have real consequences when it comes to your privacy.
A disparate host of companies buy, share, or otherwise gain access to people’s — and not just their customers’ — phone numbers as a matter of course. You may not recognize names like Spy Dialer Inc., Acxiom LLC, or Applecart, but there’s a good chance those companies would recognize yours. Data brokers, in turn, scatter those phone numbers even farther afield, with the phone numbers accreting more and more associated data about their owners in the process.
And they’re a massive pain to change.
“Having to change your phone number is a genuinely Herculean task.”
As Callas points out, “having to change your phone number is a genuinely Herculean task because of all of the places that it goes to for just being a human being.”
Callas is referring to places like your doctor’s office or bank, but those aren’t the only businesses where your number ends up.
Did you hand over your phone number for a frequent shopper card at a liquor store? How about when buying ammunition or in exchange for a waitlist number at a vegan restaurant? Those are all valuable data points that are now being bought and sold by scores of invisible companies which, in sum, form an incomplete picture of your life that may come back to haunt you.
“There are advertising industry databases and profiles that they build up, and they use things like phone numbers, and they use things like location, and they will even combine the two of them,” Callas explained.
This practice allows marketers to draw scarily accurate inferences which people often mistake for a different type of invasive monitoring.
Sadly, you may be giving out your phone number to shady marketers even if you don’t realize it.
A second phone number used strategically and — this part is important — in a manner that is different than what is described in the preceding section of this article regarding password resets, is one way to combat this.
In this privacy-focused scenario, your second number is your “junk number” and it’s not tied to your real name. Think of it like a secondary email address — the one you use to sign up for all those random memberships and discount codes. With this second, throwaway number at your disposal, it matters less who has it or if the company that’s selling it gets hacked.
Because it’s a real number that you control and not just 867-5309, you can receive needed texts or calls. And, because it’s a junk number, you can ditch it any time you want and start over.
Getting a second line
So, how does one go about getting a second phone number?
First, the bad news: It’s likely going to cost you — at least a little. There’s not a 100 percent free way to get a second mobile phone number that can make and receive SMS messages and calls (Google Voice is mostly free for personal use, but it’s changed its policy on SMS forwarding in 2021). The good news, however, is that it’s easy.
The especially good news, if you’re in the U.S. anyway, is that you do not need to show ID when purchasing a SIM card. If you want to go old school, you can go this route and buy a prepaid SIM card with cash. Keeping a minimum balance on that account at all times will ensure that no one else snags the number that’s now yours. Pop it in your phone when you want to use it, or keep it in an old phone that you’ve been meaning to recycle.
If you want to go a little more high-tech, there are numerous apps for just that purpose. PCMag (which, like Mashable, is owned by Ziff Davis) did a rundown of many of these just last year.
One such app, Line2 (which is owned by Mashable’s parent company, Ziff Davis) is available for both iOS and Android and allows you to control multiple phone numbers. It’s targeted mostly toward businesses looking for a VoIP product but would work especially well as a secret number for all your password resets. The basic plan, which is $14.99 per month, gets you a local phone number, call forwarding, and unlimited calls and texts.
“There is no good solution to this real problem. The system is broken.”
Most people aren’t going to go to the trouble of getting a new primary phone number every six months and this second line strategy is a tacit admission of that reality. Compartmentalization, it turns out, is a much more realistic approach.
While it doesn’t solve the underlying problem inherent in a system that ties phone numbers to identity, a second phone number, as Callas noted, does serve as a “Band-Aid.”
“It works until that one gets out.”
The real issue, he added, is the system at large.
“There is no good solution to this real problem. The system is broken.”
So get a second phone number, slap a bandage on that broken system, and know that you’re at least taking an active measure to protect your own privacy and security.
This post was originally published in June 2021 and was updated in July 2022.