Over the years we’ve been led to believe that we are doing a good thing by setting up two-step text authentication. It is a good practice to get into and is better than nothing, but it’s no longer the best method for keeping your accounts safe.
Why isn’t two-step text authentication enough?
Although your mobile device is your personal device, hackers can easily get their hands on your number. Take for instance the 2019 Hack on Twitter Co-founder, Jack Dorsey. A cyber-hacking group were able to use a technique called ‘Simswapping’ to gain access to Dorsey’s account, where they then were able to tweet directly from Dorsey’s account. The group tweeted offensive messages from Dorsey’s account for 15 minutes before being shut down.
Simswapping and Simjacking
‘Simswapping’ or also known as ‘simjacking’ is a technique where an existing phone number account is transferred to a new sim card. Hackers will target phone companies and trick staff into carrying out the switch over.
Once hackers have access to the victim’s phone number account, using two step authentication they can log into the victim’s personal accounts.
One method of preventing these techniques happening to you or your business is to use two-factor authentication.
What is two-factor authentication?
Two-factor authentication is different from Two-step text authentication as it adds an extra layer of security. Two Factor Authentication will prompt users to enter their username and password and then require additional information that only the account owner should know such as:
Personal Identification Number (PIN)
Biometric login in such as Face ID or Fingerprint
This means that unfortunately if your password is stolen, it is less likely that hackers will be able to gain access to your account.
What else can I do to keep my account secure?
Keep your account cyber safe by adopting some other good practices:
Use Two-Factor authentication on all sites that adopt this method
Use a Password manager like LastPass or 1password to keep all your passwords secure and in the same place
If you’re an Apple User you can turn on Two-Factor Authentication under Password & Security on your Mobile Device or under System Preferences on a Mac
Avoid easy to guess passwords and change your password every few months
Never share passwords via email or instant messaging sites