Bitcoin Forum
June 17, 2024, 05:45:21 PM *
News: Voting for pizza day contest
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 [4]  All
  Print  
Author Topic: Cyber Criminals dumped Ledger's hack database  (Read 727 times)
PrimeNumber7
Copper Member
Legendary
*
Offline Offline

Activity: 1624
Merit: 1899

Amazon Prime Member #7


View Profile
December 24, 2020, 11:27:05 PM
Merited by vapourminer (1)
 #61

<…>
I’d also consider severely changing the mobile phone number, in order to reduce the sim-swapping vector of attack. It’s not pretty to do, specially the more tied your phone is to services and verification processes, but it’s something to ponder heavily. In the process, I’d make sure the substitute phone number is completely new (and not some recycled number provided by the telephone network operator). You are probably going to need both numbers operative for a while to complete the process (verification sms do get sent to both numbers with some entities).

Pain in the ass though, but a clean contact start every now and then is probably healthy.

It is really best to not have your phone number be a method to verify your identity or authenticate your access. Last year, Jack Dorsey (the founder of Twitter), had tweets sent on his behalf because someone was able to impersonate his phone number. Changing your number would potentially allow an attacker to have legitimate access to your old phone number, and might be able to impersonate you. I am also not sure how easy it is to get a previously unused phone number.

I would rather use google authenticator or some other time based code as a means of authentication.
DdmrDdmr
Legendary
*
Offline Offline

Activity: 2352
Merit: 10854


There are lies, damned lies and statistics. MTwain


View Profile WWW
December 25, 2020, 02:49:01 PM
 #62

<…>
I’ve got 2FA on everything I can, but that still leaves a bunch of services that still do not support it. Namely, banks still depend heavily on phone numbers as part of their verification process, and although they are starting to include other features (sign keys through their apps ,and so forth), the phone number is still pivotal. It seems reasonable to change the phone number where the phone number is mandatory, and use proper 2FA when accepted.
Pages: « 1 2 3 [4]  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!