Comment by guidedlight
3 hours ago
> Our phone numbers are not identifiers.
I think you missed the point. The process creates an identifier, by strongly associating you with the phone number.
This association allows the bank to quickly establish your identity later when you call up or use online services.
As the sibling commenter pointed out, in their case, it totally failed to create a meaningful identifier, because he used some other person's phone to get past the ridiculous gate.
It’s not ridiculous. It’s for you to verify. It’s setting up 2FA. How can you not understand that?
2FA presumes user-ownership of the second factor, and that possession of the second factor authenticates that the possessor is the account owner. It's ridiculous because in the OP's case, he literally had someone else temporarily hand him the second factor in front of the clerk: the 2FA didn't really authenticate anything, and the clerk could even see that.
Even if it was useful in OPs case -- which it wasn't -- SMS 2FA is frowned upon by all modern security standards because it has several severe security issues.