Well, my case is the best proof of that: the phone number I ended up using was my mom's.

It's most definitely baloney because I also had to provide ID. So, certainly there is no way I could identify myself "even more" by giving them a phone number than by giving them a government issued ID.

> Our phone numbers are not identifiers.

I think you missed the point. The process creates an identifier, by strongly associating you with the phone number.

This association allows the bank to quickly establish your identity later when you call up or use online services.

As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate.

2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that.

Yes. It presumes things but it also allows the bank deniability. If you get completely hosed - it’s mostly on you for supplying a shit 2FA.

Come on guys. It’s obvious why banks have this. Everything identity related is stolen constantly.

Even if it was useful in OPs case -- which it wasn't -- SMS 2FA is frowned upon by all modern security standards because it has several severe security issues.

I agree it sucks. Sadly, the world we live in. It’s a stop gap. Most people aren’t special enough to have their shit scooped up by some foreign telco operator.

The issue goes far beyond foreign telco operators.

1. It is quite easily to accidentally take over someone's account(s) on various mobile apps when you get a new phone number these days. Many apps will allow you to log in with your phone number, reset password or do one-time login via SMS, etc. Some even do it automatically as a convenience. This isn't an edge case issue -- this happens on several of the top social media platforms, etc.

2. SIM swapping is still a viable fraud vector for identity theft and financial crime.

3. It is very vulnerable to phishing, and its prevalence only has exacerbated that.

It's not necessarily just for the 2FA snakeoil. The worst places snap on a glove and proctologize your network identity metadata (spilled by all the underlying carriers, IIUC), and sometimes even billing records with your name and address (more vulnerable if you're still on a postpaid). The US desperately needs a port of the EU's GDPR, for starters.