Do not use SMS authentication! What is it and why I would not recommend using it. How to protect your electronic money?
SMS authentication
A Coinbase user recently lost $96,000 in a SIM spoofing attack.
Fraudsters made a duplicate of his SIM card, deceiving the telecom operator. And then they withdrew money from the exchange, using the code from SMS to enter the exchange and withdraw funds.
This is a well-known scheme by which attackers can gain access to any service that requires SMS to enter or change the password.
Therefore, to protect important data (not just money on the exchange), you need to use two-step authentication (2FA) applications that generate a six-digit code instead of SMS. Works even without internet connection.
Examples:
- Google, Authy or Microsoft Authenticator
- Code generators in password managers
- iCloud verification codes
To further protect your devices and accounts, use physical security keys. One of the most popular at the moment: YubiKey.
YubiKey also has its own code generator, which can be used as a more secure analogue of Google Authenticator.
It is best used to protect mail, because using mail you can access almost any account associated with it.
The essence of his work in simple words: if you do not have a key, you will not get into your account. That is, no one will be able to access your accounts remotely, even if they know the password.
All this will significantly increase the security of your data and cryptocurrencies (if you store some of them on the exchange).
Disclaimer: This news is not investment advice. Assess the risks yourself before making any investment decisions.
Join my telegram channel.
Reviews: