Cyber security and privacy have become ever higher concern on online users’ minds. Almost daily news of privacy and data breaches, coupled with the ever-growing importance of our email and social network accounts, as well as the migration of services like banking and government procedures online, has made the safety of these accounts extremely important.
Two factor authentication (2FA) has been limited to industry experts for a long time, but in the past couple of years, tech giants have been aggressively encouraging their users to enable 2FA on their accounts.
2FA is when your password is just one of two steps to access your accounts or data. Usually, 2FA means a one-time, unique code is sent to you by SMS after you punch in your password. This second step makes it harder for hackers to access your account, given that having your password isn’t enough to guarantee access to your account.
Why 2FA Is Risky?
The unique code is sent to you by SMS, which is plain text. In other words, it’s not encrypted. This means that if someone is targeting you, they could theoretically intercept the SMS. If they’re in close proximity, they could just glance at your notifications on your phone. If they’re a bit more tech-savvy, they could dupe your telco’s towers into sending it to a different number/SIM card masquerading under yours.
This means that 2FA with SMS functionality might be better than merely having a good password, but it is far from ideal, especially if you might be a target for malicious actors.
What You Can Do
One way is to link your 2FA to private number only you know, as a back-up to your main SIM card. The e-SIM capability, as well as many phones having a dual SIM card slot nowadays, means you can get another line and use it exclusively for 2FA. This minimizes the chance hackers can leech off your number to get the SMS content (unique 2FA code in this case).
Of course, this isn’t the most convenient solution, and in many countries it’s an extra cost and hassle to maintain a secondary phone line. One way this could be avoided is using 2FA with an authenticator app, like Google Authenticator.
Instead of sending a unique code by SMS which is not encrypted, websites and services can be added to your authenticator app, and each time you sign in from a new device, you open the encrypted (password-protected) app to get the unique, one-time code. This makes it nearly impossible for hackers to intercept the code.
The problem is however, not all online portals provide the services you can use in authenticators. While Gmail and Facebook do, networks like Instagram still don’t, even though the developers promise it is in the works. So, authenticators are a great option, but not a solution for all your online security.
A powerful password is key, and 2FA is great whenever possible. Using password managers might also be right for you. However, the most important thing to keep in mind is be smart and careful with your online behavior. Never trust websites or payment methods that seem suspicious, avoid downloading files or clicking links that you don’t trust. Always double check the url to make sure it’s the right website, as hackers often design websites that look identical to stuff like Gmail, Facebook or your bank’s website, and the only way to know you’re not unwittingly punching in your credentials, is to make sure the url is right (facebook.com, gmail.com, etc.) and not one that looks similar (spelled differently, etc.)