But don’t make the mistake of disabling MFA entirely – even vulnerable SMS-based MFA is better than no MFA at all
Regular readers of Hot for Security know that we’re big fans of multi-factor authentication (MFA, sometimes called two-factor authentication or 2FA).
Multi-factor authentication makes it much harder for hackers to break their way into your online accounts, even if they already know your password.
An online account protected by MFA will prompt you to enter a separate one-time code – often constructed out of six random digits that expire after a short period of time – after you have entered your password.
The thinking is that a malicious hacker may have managed to correctly guess your password, or cracked it, or phished it, or even exploited the fact that you used the same password somewhere else on the internet that later got breached, but they won’t – most likely – have access to your MFA authentication code.
So, my advice is to turn on multi-factor authentication where it is supported on as many of your accounts as possible, whether it is called MFA, 2FA, or even 2SV (two-step verification). It’s an excellent step to take which will harden the security of your online accounts.
But having MFA enabled is not a guarantee that your account will never get hacked, and that’s especially true if you are using phone-based MFA – which is often delivered via an SMS message.
As we have described before on a number of occasions, hackers have successfully pulled off a SIM-swapping sca ..
Support the originator by clicking the read the rest link below.
