|
|||||||||||
BS: SIM swapping ?
|
Share Thread
|
Subject: BS: SIM swapping ? From: Mr Red Date: 05 Feb 24 - 08:26 AM Because I have resisted 2 factor verification via mobile/cell phone and the bloody world is resisting me! I noticed a video on the subject. Basically - miscreants convince phone network personnel to issue a new SIM against a phone number by using data found (eg) on anti-social media. People are lax with things like birth date & relatives' names, phone numbers etc. Once the new phone has the number attached, the second level of verification is totally insecure. The rightful owner can't easily even use their phone to get in touch with the relevant organisations, and by the time the hack has been detected, clawing back the money is a loooooong process. I rarely use my phone so detecting problems could be a long time coming! FWIW I am 42 years old on Fakebook, & I doubt even the algorithm believes that |
Subject: RE: BS: SIM swapping ? From: Stilly River Sage Date: 05 Feb 24 - 03:29 PM Two factor authentication can be handled several ways. For a few devices I have a FIDO - a small USB authentication device on my keyring that I insert into the computer (or hold nearby the tablet or phone for the signal). For others I use one of the authenticators where you enter each account you want to use it with (the account itself usually offers a QR code you view with the authenticator via the phone's camera then add your information; after that each minute the code changes for each account you have enrolled on the app.) I use the Google Authenticator (get via the Play Store) and another one that I think is supplied by Microsoft through my employer/university. That one has only a couple of accounts on it, but it operates with my phone fingerprint scan so is sometimes faster than the Google one. You can also have email sent with a code or a SMS (text) sent with a code. If you start setting up some of this stuff ahead of the bad guys, you're better off for it. |
Subject: RE: BS: SIM swapping ? From: Mr Red Date: 09 Feb 24 - 07:05 PM Yea, my bank has what they call a "key" - looks like a calculator. Use it to access my account. But they still insist on sending texts via a mobile phone for on-line purchases on the bank card. Which doesn't work if you don't give them that phone's number. I have had to give the credit card company (different) the number because just about every vendor & his brother are using banks that require that method. PayPal are happy to use a landline and its keypad for their version of 2fv. Ultimately it is not a 2fv problem, but one of keeping your sensitive data private. |