Shut The Loopholes In Your Two-Factor Authentication

With a high number of hacking incidents, all major companies such as Google, Facebook, and Twitter now implement the two-factor authentication process in their systems. Two-factor authentication has been claimed to be a necessity when it comes to keeping password driven systems safe, but in reality, they are as prone to risks as normal password driven systems are.

Two-Factor Authentication – Not As Secure As It Seems

A year back, John Biggs, TechCrunch writer, was targeted by a hacker who was able to steal his phone number by getting control of his T-Mobile SIM card. This gave the hacker access to John’s phone number that was used for sending an SMS as a part of the two-factor authentication to verify identity.

While John was right in using two-factor authentication, he missed out on adding an extra layer of security to the account of his wireless carrier. The hacker locked him out of all of his accounts and asked for Bitcoin in ransom.

Thankfully, John Biggs was able to get back the control on his accounts as well as his phone number. There’s a big take away from this story and you can learn to save yourself this unnecessary trouble. Here are some tips to keep your various accounts safe.

Use a PIN for the Phone Account

The simplest way to keep your phone’s wireless account safe and in your control is by using a password or security PIN for it. It can easily be done by contacting your phone carrier and telling them to enable the PIN protection, which is a free service. You can alternatively log into your online account to change the security settings.

Don’t mistake this to be the passcode you use to unlock your phone. This will instead be a special PIN that you will need every time you deal with your carrier. For example, if you’re talking to a customer care representative on the phone, you can’t make any changes to the setting on your account if you are unable to give them the PIN. You can also set up your unique password by going to the carrier’s retail store along with your valid identification.

If you’re wondering what happens in case you can’t remember this special PIN, most carriers such as AT&T and T-Mobile let users reset their PIN by placing a call to them or accessing their account online. All major carriers will also be available for assistance in their respective stores and let you update the PIN.

When choosing the PIN, don’t pick something too simple that can easily be guessed by hackers. Also, avoid identifiable information like birth dates as they are easy to crack.

Use Reliable Services

SMS based authentication works by sending you a random code via SMS on your mobile phone that is used to verify your identity and then you can access your account. This is definitely a great start to make your digital life more secure. But with the advanced ways hackers are making attacks, you will have to take your security measures a little higher. Try to only use this when two-factor authentication isn’t available.

We often sync our mobile phones with other devices and that authentication message may not just be received on your phone. It will also reflect on all these other synced devices or can go to online messaging services that can be accessed from elsewhere. If the right security protocols are not placed, even carrier based SIM card transfers are at risk.

There are many two-factor authentication applications such as Authy and Google Authenticator that can make your accounts more secure because they don’t use email addresses or SMS, reducing entry points for hackers. The signing in process is more complicated and needs you to have your authentication device on you to enter some periodically randomized numbers.

Google Authenticator generates a new code every few seconds so a hacker will need your phone in exactly that time frame to hack your account. Since this is almost impossible, it will keep you protected.

Use a Password Manager to Keep all Your Codes in Check

Password managers eliminate the need for you to constantly remember every PIN or password you’ve used for all your accounts. Every time you create a new password, just simply feed it into the manager that you are using to store codes, number, or other important PINs, all safely kept away from hacker attacks.

What Does Using a Password Manager Help?

Using a password manager will help you keep your mind free of difficult codes. Using these systems is fairly simple. When signing into an account, you need to first remember the one and only PIN to the password manager that will appropriately put in all the necessary information.

If you’re already using the password manager, it will automatically fill in the data for you, saving you the hassle of remembering usernames, emails, and password.

These password managers are also helpful when you are making a new account on a website as they help in generating random and difficult passwords as well. The secure random password generated for you will be tough to hack and you wouldn’t even have to think too much about what to use.

Another benefit of these managers is that they can even automatically fill out other necessary information in forms so you don’t have to repeatedly do it manually.

They even protect you against phishing, as they fill out information depending on the website’s URL, so if your password manager isn’t filling out the details it could mean that you are on a different URL that could be a phishing website.

Always Have Your One-time Codes Accessible

Using two-factor authentication applications such as Google Authenticator come with choosing a backup password if it so happens that your phone is lost. Users should keep these codes handy and always have them accessible in a safe place like your home study or a folder in your bedside drawer.

It’s always a good idea to have a plan B to follow if things don’t go your way. Here is a simple 1-day guide for you to secure everything in almost no time.