3Haz
How do 2FA (and other account verification) systems identify true mobile numbers vs VoIP numbers?
I've been dabbling with VoIP carriers which offer SMS with relatively mixed results when trying to use VoIP numbers to receive 2FA messages.
My goal was to have a dedicated DID/number which I don't publish publicly that receives SMS messages, such that socially engineering access to my primary mobile phone number won't grant an attacker access to my 2FA SMS.
(And yes, I would rather use TOTP. Sadly, some vendors only offer SMS, and won't SMS to a VoIP number)
How do online services determine if a number is VoIP or a true mobile provider? If I port a Canadian VoIP number to a mobile carrier will I be able to receive such messages or will I permanently limit my options by continuing to use this number?