A lot of us use "two-factor authentication" to add an extra layer of security to our important online accounts.
The concept behind two-factor authentication is simple: You need more than a user name and password to log onto an account. You need a one-time code that goes to a device that only you control. In many cases, that's a text or call to your mobile phone.
While I strongly recommend using two-factor authentication whenever possible, receiving the authentication code via text message or telephone call is the least secure method of receiving that code. Where possible use an authentication app such as Google Authenticator or Authy App or a hardware token such as Yubikey in place of a text message or telephone call.
If the only method of two-factor authentication offered by a web-site or service is text message or a telephone call then use that service. Any form of two-factor authentication is better than none at all, but be sure to take additional steps to secure your cell-phone account against the port-out scam as well.
A hacker can hijack your phone number - they don't steal the phone - they switch the victim's number to a phone or phone account they control. This lets them intercept those one-time verification codes sent to that mobile number by text, email, or phone call.
Mobile phone hijacking is on the rise. NBC News warned about this "port-out scam" in June 2016. Most victims find out about this when they go to use their cellphone and it won't work.
If you haven't already done so, call your wireless carrier and set up PIN authentication for your accounts. Without that PIN, your account cannot be accessed, and your service cannot be switched to another phone.
Sprint requires customers to create a PIN when they open a new account.
AT&T: Log into your ATT.com account, go to your profile by clicking your name, and under the wireless passcode drop down menu, click on "manage extra security."
T-Mobile: Call 611 from your cellphone or (800) 937-8997 to speak with customer service.
Verizon: Visit vzw.com/PIN or call (800) 922-0204.
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.