March 25, 2019

The Coming Reckoning of 2FA and Your Phone

Brian Krebs has a great article on the coming reckoning to be had with services that use your phone as a second factor of authentication to sign into their services and verify your identity. As companies have tied your phone number to your account more often, your risk of having your account exposed when that number is no longer your own increases greatly. Whether this be from people actively trying to hijack your phone number or from someone just inheriting it after you gave it up, the threat is real. As Brian points out in his article, this is really happening and he has the experiences of his readers to back it up.

So what does this mean for you? It means that whenever possible, you should not be using your phone number as a second factor of authentication. If you can, you should be using an app like Google Authenticator or Authy to act as your second factor of authentication instead. This allows you to avoid having your phone number become your identity. There are more and more online services that support these apps today, and if your favorite service doesn’t, you should reach out their support and ask them to consider supporting it. After all, you need to act to protect your privacy and your data. No one else is going to do this for you. Just look at what Facebook disclosed last week to understand how true that is.

Links to authenticator services: