lifehacker lifehacker LifeHacker LifeHacker SMS-based two-step verification is not secure. What should I do?

lifehacker lifehacker LifeHacker LifeHacker SMS-based two-step verification is not secure. What should I do?

The other day, TechCrunch reported that "Instagram is considering changing the two-step verification," Instagram acknowledged. It will employ a passcode and login using a security app such as Google Authenticator.

Thus, we welcome more authentication using token-based apps instead of text messages.

Please switch to the new authentication method immediately. This is because hackers frequently call mobile carriers, find unprotected customer service personnel, and easily impersonate you. The Bitcoin exchange Kraken explained in a 2016 blog post:

According to a Motherboard article, mobile carriers (and the Federal Trade Commission) have finally begun to take basic steps, knowing the prevalence of such hacks called "SIM hijacking" and "SIM porting." It's just a place.

The only way to increase security is to add a special PIN code that you must enter when calling customer service on your mobile carrier. If you don't do that, tragedy may come just by the hacker knowing your phone number. The Motherboard article says:

How to stop sending 2-step verification code via SMS by a site or service

I'm not saying where, but there are still sites that send text messages every time you log in. To protect yourself, you need to know more about sites and services that offer app-based two-step verification.

lifehacker LifeHacker LifeHacker SMSベースの2段階認証は安全とはいえない。対処法は?

There are two ways to find out if your favorite site uses so-called "token-based" two-step verification. First, scroll through the text message to find the site that you've sent your login code to in the past. Then check the settings for that site to see if your app can set a software token.

If you want to take this opportunity to start using a two-step verification app, but don't know which one to use, use the app recommended by sites that support token-based two-step verification. If you can't find a recommendation for the site, the following is the app recommended by the author.

Some sites have their own mobile app for authentication. For example, if you enable Facebook's Code Generator, the Facebook mobile app will prompt you to enter the code each time you log in to Facebook from your new browser.

If you look for a text message and can't find your login code, you've probably deleted the message after logging in to your site or service. In such a case, a site called Two Factor Auth is convenient. Click a category to see a list of apps and services and the two-step verification they support.

Whatever your method, such as going back in your browser history to find frequently visited sites, all access should be token-based two-step verification. That way, even if your phone number goes into the hands of a hacker, it won't break into your digital life.

Screenshot: David Murphy

Source: TechCrunch, Motherboard, Federal Trade Commission, Code Generator, Two Factor Auth

David Murphy --Lifehacker US