COVID has likely changed your life a great deal and presented you with many unexpected challenges. On top of that, hacks and scams have been on the rise since the start of the pandemic. It is sad to see nefarious actors taking advantage of vulnerable people in these turbulent times, but there's still hope. If you want to step up your cybersecurity, I advise using an authentication app over text codes for two-factor authentication.
What is two-factor authentication?
If you aren't already using two-factor authentication, you should be. Two-factor authentication is the process of allowing a user to access a computer or application only after they are only able to present two pieces of information. The most common way to do this is using something the user knows (a password), something the user has (a phone number), and something the user is (a fingerprint.)
What is the problem with SMS authentication?
An attack called SIM swapping is being used by hackers to defeat SMS two-factor authentication. This process involves them associating your number with a device of their own. All they need to know is your phone number and the last four digits of your social security number (often leaked in banking data breaches). With this information, they can redirect your phone number to their device and can receive SMS two-factor authentication codes. For the average person, this may not be a huge problem, but if you have a high level of influence that might make you a target, SIM swapping should be on your radar.
What you should use instead
Security experts recommend that you use an authentication app to counter the vulnerability of SMS authentication. These are better than SMS because you do not have to go through your carrier, they have a short time out for their codes, and they prove to be pretty challenging for hackers to compromise. Some good choices for this are Google Authenticator, Authy, or Microsoft Authenticator. These apps are intuitive to use, more secure, and in some situations, they are more convenient.
Get Our Weekly Blog Sent Straight to Your Inbox
Discover what's new in the world of cyber and get your burning questions answered. We're here to demystify cybersecurity for you.
Blog updates weekly on Thursdays. Follow us on social media for more content.