Advertisement

We need your help now

Support from readers like you keeps The Journal open.

You are visiting us because we have something you value. Independent, unbiased news that tells the truth. Advertising revenue goes some way to support our mission, but this year it has not been enough.

If you've seen value in our reporting, please contribute what you can, so we can continue to produce accurate and meaningful journalism. For everyone who needs it.

Shutterstock/Lolostock

Relying on texts to help protect your accounts is no longer a good idea

You really should be using two-step authentication, but it’s best to switch to apps dedicated to the task if you haven’t already.

IF YOU’RE LOOKING for a quick and effective way to improve your online security, two-factor authentication (2FA or two-step verification) is the first thing you should look at.

If you’re using it already, you’ve most of the way there, but if you’re using SMS to keep your accounts safe, it’s best you switch over to a dedicated authentication app instead.

The reason for this is because it’s easier than ever for someone to intercept your text messages and direct those messages to them instead of you (Wired goes through a number of situations where this has happened and it happens more often than you would think).

This is down to a flaw in SS7, a protocol used by phone networks to exchange the information needed for passing calls and texts between each other, and allows people from one network to roam on another. In short, it’s best to assume your normal calls and texts aren’t as secure as you would think.

Granted, whether you would be targeted or not really depends on a number of factors like how important you are, but like many things, you should treat this as a possibility. It likely a distant possibility but it’s a possibility all the same.

Encouragingly, more services are offering alternate ways to use 2FA but the best approach is to use a dedicated authentication app.

What an authentication app does is generate a one-time code every 30 seconds. It will continue to generate codes for you to log in even if your phone isn’t connected, ensuring you can log in regardless of the situation.

So what type of app should you use?

There are a few apps out there but a good place to start would be looking at Google Authenticator (iOS and Android) and Authy (iOS and Android). Google’s version is probably the easier of the two to set up but Authy is more robust and works across multiple devices.

Both apps will serve you well and how long it will take to set up will depend on how many accounts you have. You will have to scan a QR code (or enter in a key) for each one which may be time-consuming but it’s worth it.

Google Authenticator Google Authenticator / Google Play Google Authenticator / Google Play / Google Play

The only potential problem is not all apps allow you to log in using this method. Twitter is the most noticeable example of a site that only allows the SMS method but that should be changing soon.

It’s also worth mentioning that you should have a strong password too. While it’s useful, 2FA is not an excuse to continue using a weak password so change it if necessary.

Read: Seoul brings in traffic signs telling smartphone addicts to look up more often >

Read: Check out these amazing photos taken using aerial drone photography >

Readers like you are keeping these stories free for everyone...
A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article. Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

Author
Quinton O'Reilly
View 5 comments
Close
5 Comments
    Submit a report
    Please help us understand how this comment violates our community guidelines.
    Thank you for the feedback
    Your feedback has been sent to our team for review.
    JournalTv
    News in 60 seconds