Just curious.
I used eSim for a while when I first got a phone that supported eSim, because I wanted to make it harder for a thief to disable the phone tracking, but now my main phone is broken and I’m a bit annoyed at having to chat with customer support for half and hour to activate eSim on another device.
There’s an elevated hijacking risk with eSIM. If a hacker is able to social engineer a customer rep into thinking they’re you and requesting an eSIM swap, or they get into your account by recycling a leaked password you used on another site, it’s suddenly really easy to take over your phone number from halfway across the world.
They could call a premium number they own to extract money from you. They could request SMS-based 2FA tokens. I’m surprised it doesn’t happen more often.
That hijacking risk applies to both. If you’re able to social engineer a telephone worker, they could move your account to a different SIM card completely.
My best advice, is to use Google voice, Google Fi, lockdown your number for SMS two factor. A Google account and lockdown mode, with physical security keys, is not going to get hijacked by anything less than a state actor.
Then your local phone, your local phone number, local SMS, none of that should be on your escalation path to authentication. Then you don’t care if somebody steals your sim.
Phone numbers and SMS should never have been involved with user authentication beyond simple contact info. Smartphones really ruined it.