Do you use two-factor authentication? Then beware of using your phone number.
When you log in with your password, an SMS authentication code will be delivered to your number. This code is used for second log in attempt which are sent as text to your phones. This could be a problem because your phone number is the weakest link in this process.
Ever move your phone number from one SIM to another? Phone provides only require a few details to do this for you
- Credit card Number
- An Old Address
- Last four digits of SSN
These details are often seen in large database leaks, if a malicious attacker has this info they can have the phone carrier migrate your number to another SIM. If they get through the first log in screen of an account the code gets sent to their SIM with your Number.
There are few options that offer a more secure exchange, Google offer an option called Google Prompt for its own log-ins. Just try it and it worked.
While apps like Authy generate their own codes and integrate with Facebook, Amazon, Dropbox and more. Physical devices like Yubikey are also an option. they’re USB devices that are required to log in. This makes hijacking any of your account very difficult.
Check your important accounts that may offer two factor alternatives.
Also Read : Lenovo HX06 Fitness Tracker Launched in India