wanaberetiree
Full time employment: Posting here.
- Joined
- Apr 20, 2010
- Messages
- 718
This.well i do some weird things
i rarely ever use my phone for financial transactions
This.
I have an iPhone, but don’t use it for any “financial” transactions - I don’t have my bank or brokerage apps installed.
Sure, it’s not as convenient, but it’s much more secure.
T-Mobile lets you set up a SIM PIN that's required for any changes, although I don't think it's required, which it should be. I set it up as soon as they announced they were adding that feature years ago.
SIM hack is usually pulled off using your personal data (DOB, Name, Address, SSN, etc.) from one of gaziilion data breaches (available for sale on dark web) so nothing you do matters. Sometimes they can password hack into your cell phone account (again using leaked password from dark web). So always use a very long and unique passwords everywhere especially on your cell phone account. Other than unique strong passwords only other thing you can do is remove online access for EVERY financial account you have. In other words, live in the Looniville.This.
I have an iPhone, but don’t use it for any “financial” transactions - I don’t have my bank or brokerage apps installed.
Sure, it’s not as convenient, but it’s much more secure.
OK. Thanks for the clarification.This is not about "“financial” transactions" it's about using a phone for login verification
OP, for those of us who are loathe to click links, care to elaborate on what you think we should protect from - in your own words please?
I use Google Voice for my text messaging and SMS 2FA.
There is no SIM associated with the phone number so it's much more resilient to this type of attack.
If you like to keep your normal text messaging with your phone provider, you could always just set up the Google Voice for the 2fa only.
Gauss
T-Mobile lets you set up a SIM PIN that's required for any changes, although I don't think it's required, which it should be. I set it up as soon as they announced they were adding that feature years ago.
It's basically like 2-factor authentication for SIM changes. So to reissue a SIM card or transfer the number to a different SIM, it would require an additional PIN that you create and add to the account, separate from your other account credentials. They did this specifically because transferring a mobile number can open the door wide for identity theft.How would it help in the case described ? Or would it at all ?
This.
I have an iPhone, but don’t use it for any “financial” transactions - I don’t have my bank or brokerage apps installed.
Sure, it’s not as convenient, but it’s much more secure.
Yes. Any account I have that offers 2FA I have it enabled.Do you use Two Factor Authentication or 2FA on any of your bank or brokerage web sites?
You should use 2FA but 2FA could be vulnerable to SIM hacking.
So if you do your banking on a computer, you could be affected.
Yes. Any account I have that offers 2FA I have it enabled.
I also use a password manager and each account has a long random password, most of them are a 24 digit combinations of letters, numbers and symbols. My password to the password manager is 20 digits and not written down.
Of course, if the password manager site is breached, things could get ugly.
As an aside, I know a fellow who "air gaps" his laptop. I asked him how he accomplishes that. He told me he disconnects his laptop from the internet every night. I said "Uhhh, I don't think ..." But, he brusquely cut me off and said he knows what he's doing, so I left it alone.
indeed! I've been in secure facilities that are air gapped, have no line of sight to the outside, and block radio signals. His definition of "air gap" would be laughed right out of the secure room!
OP, for those of us who are loathe to click links, care to elaborate on what you think we should protect from - in your own words please?
+1. Unless the guidelines have been changed, the posting of "naked" links is not encouraged here. Call me old-fashioned and stodgy, but if it's interesting enough to post here, I think it's worthy of the time taken to write a brief description.
Yes, despite a polite request, the OP doesn't seem inclined to oblige. Many of us simply refuse to click on those naked links without a good reason, so it seems pointless to start a discussion with one.