Don’t turn down any offers to set up two-stage authentication for access to your online accounts. With a two-stage setup, your password isn’t enough to access your important accounts. Usually you also receive a text message with an additional security code. I just had another experience demonstrating that it’s worth the occasional hassle to have this layer of security in place.
This morning I received an email that appeared to be from Facebook.
It was straightforward.
Hi Ian,
We received a request to reset your Facebook password.
Click here to change your password.
The email also contained a six-digit password reset code that could be used to authorize the new password.
And within about just over five minutes, I also received two text messages responding to requests for a password change.
The thing is that I hadn’t requested a password reset. So this appears to have been someone, or some bot, trying to get into my Facebook account.
Luckily, with the two-step authentication, they didn’t work.
And the Facebook email also advised: “If you didn’t request a new password, let us know.” I did respond, and was able to turn off routine requests for password changes.
Anyway, if you haven’t done so, I would say it’s a good idea to utilize two-step authorization wherever it is available. Today it helped to protect my Facebook account.
Discover more from i L i n d
Subscribe to get the latest posts sent to your email.
Two-factor authentication is a must these days, and SMS-based codes are better than nothing. But this post is pretty timely for me, in that my Instagram account was hacked and stolen last month through SIM hijacking, also known as port-out scams.
The security of SMS as a second factor (“something you have,” your phone) is only as secure as your mobile phone carrier account. Someone called AT&T, pretended to be me, and had my phone number disconnected and assigned to a phone SIM they controlled. Bam, all accounts secured by text message were vulnerable. Fortunately (!), my hacker was only after one.
This is a great series of articles on these phone hacks. The one about Instagram is exactly what happened to me.
https://motherboard.vice.com/en_us/topic/sim-hijacking
You’ll definitely want to read the one on how to protect yourself from SIM hijacking. Short version? Set a separate PIN for account changes with your mobile carrier. And don’t use SMS as a second factor if there’s another option, usually a separate authentication app like Authy or using a VOIP service as your number like Google Voice (no SIMs to hack).
I was able to get my account back, against all odds, and was lucky. I lost all my photos posted since 2010, though. Starting over now.
Thanks for sharing your experience and advice!!
Two-stage, not two-state (second sentence).
Thanks.