I hope you are doing alright and staying safe during this time. I wanted to send out an email about personal cybersecurity because my friend Ari was almost a victim of a cyber attack due to speaking out on racism. I want to be thorough and provide people with the information they need to be secure and not be afraid of being hacked in 2020.
In the image Ari is showing many attempts from someone to change her password, I am assuming that they were going to delete her Twitter account.
Fortunately, Ari listened to myself and some of our other infosec friends a few months back and locked down her accounts. I advised her to add Two Factor Authentication using the Google Authenticator app to her social media pages and to her email accounts. Two Factor Authentication (2FA) is an extra layer of authentication on top of your username and password. You are probably already familiar with 2FA, anytime your bank sends you an authentication code via text message you are using 2FA. Even though banks and many other websites use text message authentication (SMS 2FA) it is the most unsecure security method around.
Why is Text Message/SMS Authentication Bad?
SMS authentication is unsecure, because your phone number can be stolen from you at any time. Hackers steal phone numbers through a method called SIM swapping. SIM swapping is when a hacker calls your telephone company, pretending to be you and tells your phone company that you have a new SIM card and need to transfer your number to the new SIM card. As soon as the SIM swap is complete the hacker can now pretend to be you and receive all of your text message authentication codes and hack into all of your accounts. This is a major vulnerability at cell phone companies, it has caused some people to have their entire bank accounts drained.
What to Do To Prevent SIM Swapping
-
Call your cell phone company and add a PIN to your account. Do not use a common pin that you use in other places.
-
Ask your cell phone company if you can lock your account so that no changes can be made.
-
Be cautious about who you give your cell phone number to. Nowadays I view my cell phone number as being just as important as my social security number.
How to Secure Your Email and Social Media Accounts with Google Authenticator and Authy
Now that we understand that SMS 2FA is not secure and now how to prevent SIM Swapping let’s talk about what 2FA methods are secure and how to secure your email accounts and social media accounts.
The most secure type of 2FA is called Time-Based One-time password (TOTP) authentication. There are a few ways to gain access to TOTP authentication tools, you can use either an app or a physical device like the Yubico YubiKeys. I think that YubiKeys are too much for a lot of people to keep up with although a physical TOTP is the most secure method, most people don’t want to add an additional item to carry around for security, so I will focus on the applications.
The two main TOTP software applications that people use are the Google Authenticator app and Authy. Both of these apps are available for free. When you turn on 2FA every time you log in to your account you will be asked to verify with the code that is showing on your authentication application. Most accounts usually stay logged in for a long period of time, so you won’t be needing to authenticate often.
Some people do not like Google Authenticator app, because there is no backup capability. So if you lose/break/wipe the device that has your 2FA key on it you will not be able to login to your accounts and will have to go through a lengthy recovery process with your email provider or social media company. I think that the lack of backup capability with the Google Authenticator app is a good thing because it doesn’t allow anyone to hack into your app.
Youtube video on how to use the Google Authenticator app
It is good practice is to write down the security key/backup code in a safe place when you add a new account to your authentication app.
I also recommend that you use at least two devices if you can when you add a new account to your Google Authenticator app. The two devices will be synced at all times, so if something happens to one device you will always have a backup.
You can download Google Authenticator app on iPhones, Android devices, iPads, and tablets.
The Authy app allows you to backup your account and automatically sync across multiple devices. Which helps prevents you from being locked out of your accounts
You can download the Authy app on iPhones, Android devices, iPads, and tablets.
Youtube video on how to use the Authy app
How to Turn on 2FA on your Email Accounts and Social Media Accounts
-
Go to Settings
-
Go to Security
-
Turn on 2FA with Authentication App or Third Party App
-
Turn off Text Message/SMS Authentication
How to Turn on 2FA on Gmail (if you are a Youtuber this is a MUST)
How to Turn on 2FA on Instagram
How to Turn on Two Factor Authentication on Facebook
How to Turn on 2FA on Coinbase
Remember to choose “Authentication App” or “Third-Party App” for authentication, not SMS as shown in some of these videos.
If I didn’t include a platform that you use, check to see if they have 2FA by going to settings then security.
Password Manager
Password managers are a secure way to access your passwords, credit card information, identification cards, and secure documents. A password management system is an all in one application that stores your passwords, so you don’t need to remember all of your passwords. They also can create secure passwords for you.
1Password is the password management system that I prefer to use. It can be installed as an application on your phone and a web browser extension so you can quickly access your passwords and always have access to them. I like 1Password because you only need to remember your one master password and that is it. It makes life really easy.
If you are still storing your passwords on a sticky note or a word document, and you are using the same password that the system tells you is too weak, it is time to move to a password manager.
1Password tutorial showing you how to export your passwords to 1Password and use 1Password
Youtube video on 1Password browser extension
MySudo the Ultimate Personal Security/Privacy Application
MySudo is an application that allows you to securely message other users, text and call any phone number, create burner phone numbers, browse the internet, create virtual debit cards, and create secure email accounts. My friend Tara put me on to MySudo and I have been using it ever since.
MySudo allows you to make up to 9 phone numbers and 9 email addresses all in one app for $149 a year. Most people would do completely fine with the SudoGo plan that allows you to have 1 phone number, 3 email addresses, and 3 virtual cards for $9.99/year. The free version allows you to only text other MySudo users, you get 1 phone number* and 3 email addresses.
MySudo Virtual debit cards allow you to shop online without worrying about someone stealing your real card information and stealing money out of your account.
How to Increase your Security With MySudo
-
You can use MySudo to make phone numbers that you only use for text message 2FA. Do not give this number out to anyone. This will prevent hackers from being able to call your cell phone company to SIM swap you. MySudo completely eliminates that vulnerability.
-
Create MySudo email addresses that you can use solely for Social media that you don’t give out to anyone. It is much harder for someone to try to reset your password if they have no idea what your email address is.
-
You can use MySudo for when you are selling items online on FB Marketplace, Craigslist, OfferUp etc
-
You can use MySudo phone numbers and give them out to people who you aren’t comfortable with having your real phone number
MySudo is the ultimate solution for security and privacy in 2020, give the free version a try. It is available for download on the Apple App Store and Android Play Store. You can only text other MySudo users, so text me at 571-200-1017 if you want to try it out.
I hope this email was useful to you and that you will take the time out of your day to set up 2FA on your emails and social media accounts, and call your cell phone provider to add a PIN and lock your account.
I am not an InfoSec professional, I am just someone who has been involved in Crypto since 2017 and know all about the risks of not having 2FA set up. Always better safe than sorry.
Stay safe out here ✊💞
"Reverse engineer your life. Live a life of abundance",
- Beez
