But as Burns’s story shows, you don’t have to be a famous billionaire to be a target. SIMjacking, or SIM swapping, was famously used to take over Twitter co-founder and CEO Jack Dorsey’s own Twitter account in 2019. “It had been wiped clean of the 1,200 or so photos I had shared since creating the account in 2012,” Burns, a Los Angeles-based television producer, told Recode. All Burns could do was watch the hacker destroy that part of his online life. With access to Burns’s SIM card, the hacker simply asked Instagram to send Burns a password recovery text in order to take over Burns’s account and lock him out. In the 20 minutes it took Burns to get the SIM switched back to his phone, his Instagram account was gone. SIMjacking: Why your phone number isn’t good enough to verify your identityīy the time Mykal Burns got the security text from T-Mobile informing him that his SIM card had been changed to a different phone, it was already too late. Don’t let the name intimidate you: There are a few extra steps involved, but the effort is worth it. That’s why I recommend using an authenticator app, like Google Authenticator, instead. But it’s a technology that wasn’t meant to serve as an identify verifier, and it’s an increasingly insecure option as hackers continue to find ways to exploit it. Text-based 2FA, where a text with a six-digit code is sent to your phone to verify your identity, is better known and better understood because it uses technology most of us use all the time anyway. (Don’t be like me, who didn’t have 2FA on her bank account until a hacker wired $13,000 out of it.) But the type of 2FA you use is also increasingly important. And you always use two-factor authentication, or 2FA. (No, “Passw0rd!” is not good enough.) Each password should also be unique to each account (We love a good password manager!). One is a strong and long password with upper and lower case letters, numbers, and special characters. Block the sign-in if you didn’t request it by tapping Noįor added security, Google may ask you for your PIN or other confirmation.When people ask me for security tips, I give them the basics.Allow the sign in if you requested it by tapping Yes.iPhones with the Smart Lock app, the Gmail app, the Google Photos app, the YouTube app, or Google app signed in to your Google Account.īased on the device and location info in the notification, you can:.Android phones that are signed in to your Google Account.Google prompts are push notifications you’ll receive on: Prompts can also help protect against SIM swap and other phone number-based hacks. It's easier to tap a prompt than enter a verification code. We recommend you sign in with Google prompts. To help protect your account, Google will ask that you complete a specific second step. Verify it’s you with a second stepĪfter you turn on 2-Step Verification, you must complete a second step to verify it’s you when you sign in. If you can’t set up 2-Step Verification, contact your administrator for help. Tip: If you use an account through your work, school, or other group, these steps might not work.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |