Close the Security Holes in Your Two-Factor Authentication
Techcrunch writer John Biggs had his phone number stolen on Tuesday by a hacker who gained control of Biggs’s T-Mobile SIM card, giving him access to Biggs’s phone number, which was used to verify his identity. Biggs correctly used SMS-based two-factor authentication for his accounts, but forgot to add additional layers of security to his wireless carrier account. His attacker blocked his accounts and tried to demand a ransom in Bitcoin.
In the end, Biggs managed to regain his accounts and regain control of his phone number, but you can turn his evening of headache and password reset into a learning moment for yourself and learn how to prevent a similar incident from happening to you.
Enter the PIN into your phone account
The easiest way to make sure no one can take over your phone’s wireless account is to add a security PIN or password. It’s as easy as calling your carrier and asking them to turn on PIN protection (it’s free), or logging into your online account and visiting your security settings.
This is not a PIN that you can use to unlock your smartphone, but a number or passcode that you will need to enter or say when you are dealing with a carrier. If you are on line with a customer service representative, you will not be able to make any changes to your account without providing a PIN or access code. You can set your PIN by calling your carrier or visiting a retail store with a valid ID.
Forgot your PIN? Operators such as AT&T and T-Mobile will allow you to reset your PIN over the phone or over the Internet. Every major carrier will allow you to log into a retail store with a valid ID and thus update your PIN. When it comes to the PIN itself, avoid simple PIN codes such as “1234” or the PIN associated with your birthday, as these can likely be guessed by hackers sniffing out your social media profiles on searches for identifiable information.
Leverage improved two-factor authentication services
Used to verify your identity by sending you a random passcode to access your account, SMS-based authentication is a good start to a safer digital life, but you’ll have to take it a step further if you want to be sure. there are no security holes. Generally, it should only be used when no other two-factor authentication process is available.
Keep in mind that your phone may not be the only device receiving this authentication message, especially if your messages are synced across multiple devices, such as a tablet or computer. They can be sent to other messaging services on the internet like Google Voice or Skype, services that can be accessed from places other than your smartphone. It is also vulnerable to carriers’ transmission of SIM cards, Briggs discovered, if proper security protocols are not used.
Two-factor authentication apps like Authy or Google Authenticator are much more secure and don’t use email addresses or text messages, giving attackers fewer entry points. Setting up is a little more complicated than entering a number sent to your phone and requires you to have an authentication device, be it a smartphone or tablet, while you enter a randomized string of numbers periodically.
Use a password manager
Don’t assume that adding extra layers of security means you have to remember each new PIN, password, or other secret. When configuring additional security checkpoints, enter the information in the password manager of your choice . You can use it to store backup codes, support numbers, or a carrier’s exclusive email address, ensuring that it’s away from hackers and only accessible to you.
Keep one-time codes handy
Setting up two-factor authentication apps like Google Authenticator usually involves saving a backup passcode in case your phone is lost or stolen. Google suggests you print them out and store them in a safe place. You can store them in a tucked away folder somewhere in your home, or in a password manager for quick access. Regardless, having a backup plan in case your original backup plan doesn’t work is a great way to keep yourself and your identity safe from intruders.