Two Factor Authentication (2FA) is one of the best ways individuals can protect their accounts from Social Media to Amazon to iTunes. Using 2FA may increase the security of your accounts, but it's not without it's risks.
Most companies like Google, GoDaddy and Instagram send the user an option for either an email message or to have your cell phone texted. However, hackers have been using "SIM swapping" for a long time now.
SIM SWAPPING: the process where through malicious code your phone's SIM Card (Subscriber Identity Module) is replaced with a fake or alternate SIM Card. Also known as SIM Hijacking and SIM Hacking.
It's not very hard for a social engineering hacker to do a lookup on your name and find a list of pervious phone numbers attacked to it. Combine a lookup like this with your email address and now not only is your 2FA on all your accounts compromised, but every account that uses that phone number is compromised as well.
Emails are definitely more secure than phone numbers, right? Not even close. Through simple email scams, called phishing scams, users can have 2FA bypassed just by clicking on a link.
Phishing Scam: Phishing scams, also know as phishing, is the process of sending a fake website, page, link, email, text or otherwise legitimate-looking software designed to
Aren't email providers supposed to block those kinds of things? Yes, email services have things called filters that block out certain kinds of phishing scams; however no filter is human proof. We have to remember that code is "black and white". If we can't type in exactly what we're looking for, often times something is eventually going to get through. Individuals should learn how to recognize these kinds of emails in our newsletter.
Even if you don't fall pray to these methods, another big vulnerability is viruses and malware. Most individuals have protection from virus on their laptops, but few have it on their other devices that they tend to use more frequently. Phones, tablets and even Smart capable devices can embed malware and viruses right into our devices.
Websites even have been known to have viruses embedded into their site, without their knowledge, that can capture session cookies and login credentials EVEN WITHOUT LOGGIN IN. Watch how this is done here.
The other vulnerability that many individuals don't consider is their bluetooth and wi-fi connections. If we have these devices turned on when we're entering those codes in our 2FA apps, hackers can "steal" the code in the air and use it later. It's very similar to intercepting a ball in a game of catch. Making sure that these are turned off when using the app is a good way to make sure others can't capture the code as easily in the air.
Now that we know the risks, we should use a third party software like Authy or Google Authenticator or Duo to provide secondary keys and pass codes that you can enter. Using these apps provides an added measure of security, but isn't full proof. Recall above how I mentioned that if we can get a phone number or email address hackers can gain access to your 2FA app codes without you knowing.
This is why using a separate phone number, like Google Voice, adds some extra security to you. If you ensure that no one else receives this number, it can make your accounts and 2FA security measures that much more secure. Just be sure that you secure your email account as well.
Use Separate Email Account
Creating an email account that is only used for 2FA is a good idea for individuals. Businesses can even do this for employees as well to ensure that security is tighter. Why not use your normal email? It's the same reason you isolate your phone number. It just offers you more protection from hackers since they have another personal piece of information they need.
We hope these tips and information help you become a little safer online! Please share them with a friend.
Raising kids in a digital world doesn't have to be difficult. Learn the tools you need to enhance your power over technology so you can do what you do best: Be There For Them.