SMS Key

can be lost if:

• the SIM card is lost in a context where the phone number cannot then be recovered. (There are potential exceptions: see SMS Providers)

• the security answer is irrecoverably forgotten

• all SMS providers terminate all provider accounts servicing Obi accounts

Non-duress attacks include:

• SIM swap attacks

• physical theft of the device in an unlocked state or with insecure settings (e.g. message notifications display text even when locked)

• an SMS provider is compromised

Both attacks are mitigated by the security answer, especially in combination with Security Notifications.