Two-factor authentication, or 2FA, is becoming increasingly common, but one reader points out that it seems easy to get around its protection. Is he right? Security expert Max Eddy takes a look.
www.pcmag.com
The most recent of which was the Reddit Trump hack where the hackers used this or completely breached the system:
Here are some of the best authenticator apps and options. It may take a moment to set up, but once you have 2FA enabled where it counts, you can rest easier.
www.wired.com
I've heard of a few YouTuber's whose phones were compromised from fraudsters tricking mobile provider employees into replacing the sim card. Account passcodes on your mobile provider could help with this aspect of it.
You can also type the password into this page and it will tell you how many times that password shows up in all the database leaks they have on file, but it won't tell you which one.
Have I Been Pwned allows you to search across multiple data breaches to see if your email address or phone number has been compromised.
haveibeenpwned.com
The site is run by a well known security researcher, Troy Hunt, so it's safe to use. I believe Firefox uses the sites API for it's built in password breach detection.
Two-factor authentication, or 2FA, is becoming increasingly common, but one reader points out that it seems easy to get around its protection. Is he right? Security expert Max Eddy takes a look.
www.pcmag.com
The most recent of which was the Reddit Trump hack where the hackers used this or completely breached the system:
I think the confusion here is you said "Faked", the first article there talks about the Phone being stolen or the SIM hijacking, or more specifically; phone number stealing.
This happened to some people I know where they had their phone numbers in process or completely transferred from their provider to another, so someone can use their SMS to get into their 2FA services; banks, etc.
But it doesn't mean 2FA is a useless security layer, it helps stop anyone from bruteforcing. For someone to physically steal your phone, they would have to be someone specifically targeting you; knowing your login IDs already.
As for the 'SMS' jacking aka Phone number stealing; speak to your phone carriers. I've enabled voice identification to first authenticate speaking to them, and the second one is 2 ID approval, in order to approve transferring the phone number from 1 carrier to another. So let's say someone were to call in with all my private information to impersonate me and request to steal my phone number; they'll be asked to visit a local store with 2 pieces of government issued IDs to confirm & authorize the transfer. This would be assuming they can get past voice authentication.
Is it 100% bullet proof? Nah, but at least it makes it that much more difficult for the people trying it.
I think the confusion here is you said "Faked", the first article there talks about the Phone being stolen or the SIM hijacking, or more specifically; phone number stealing.
Probably right. I was pretty tired when I wrote that and figured faked would be equated to SIM cloning or social engineering to get a phone company to do it... in other words, faked.
As far as the PIN is concerned, I don't even wanna believe that's close to 100% with the people I've personally known in highschool working these call centers (anecdotal). I'm sure you could always tweedle around with someone and maybe dig up a maiden name to bypass that. If it doesn't work, rinse and repeat on the same person or user and your goal is 100% complete with just a few failures.
Probably right. I was pretty tired when I wrote that and figured faked would be equated to SIM cloning or social engineering to get a phone company to do it... in other words, faked.
As far as the PIN is concerned, I don't even wanna believe that's close to 100% with the people I've personally known in highschool working these call centers (anecdotal). I'm sure you could always tweedle around with someone and maybe dig up a maiden name to bypass that. If it doesn't work, rinse and repeat on the same person or user and your goal is 100% complete with just a few failures.