Before we get to “SIM Swapping”, two Factor Authentication (or 2FA) is also a term that has been in the news recently. It is a way of securing your email, banking, and social media accounts by requiring you to authenticate using more than one factor to prove your identity.
There are 3 factors that you can use to prove that you are who you say you are:
- Something you know (like a password, your birthdate, or a PIN code),
- Something you have (like your cell phone, a driver’s license, or a passport), and
- Something you “are” (like a fingerprint).
Identity theft is easier when a thief only needs to try and intercept your password to take over your accounts. 2FA typically uses your password (something you know) along with sending you a one-time code to your cell phone (something you have) that you then use to confirm that you have the cell phone as well. These 2 factors provide a much greater confidence that you are indeed “you.”
Recently, news stories have surfaced about “SIM swapping.” In this scam, someone phones up your cell phone company and convinces the call agent that they are you; that you lost your phone; and that you need a new SIM card for your new phone tied to your current cell phone number. Call agents get paid to keep customers happy and so—thinking they are dealing with you, their real customer—are often too happy to comply without confirming your identity. The thief can then intercept all your SMS messages including any 2FA codes sent to you to access your accounts.
This scam is not your fault; the cell phone gave away your identity, not you. And yet you pay the price with a stolen identity and a cell provider who may or may not take responsibility for their mistake.
One way to help protect yourself from Sim Swapping is to use an “Authenticator” as the second factor instead of an SMS code sent to you. An authenticator is a smartphone app that is keyed to your identity and supplies a constantly changing set of codes to allow you to prove that you have the corresponding smart phone. Google and Facebook (and many others) both support this method of 2FA. There are a number of different authenticators available right now.
To use Google’s Authenticator*, install the Authenticator app from the Play Store or Apple Store, log in with your G Suite or Google account, and go to: Google Support. Follow the instructions to authenticate your Google account. From then on, you can use the app to add any new 2FA compatible accounts. Installing new accounts is as easy as scanning a barcode with your smartphone and then copying the resulting code back into a webpage.
The benefits of 2FA using an authenticator are many:
- Your account can’t be SIM swapped since you no longer rely on SMS messages for the second factor.
- You can supply the second factor without roaming charges or if you are outside you cell carrier’s coverage area.
- You can install an authenticator on a tablet or other device that doesn’t support an LTE or 5G network.