Secure your phone against 2FA skimming
Google recently introduced a new faster method of 2 step verification. Instead of using Google Authenticator or SMS as a mechanism to enter a verification code, they simply send a push notification to your mobile device.
It is simple and if you don't use it, you should turn it on!
But today, for some reason, the push notification didn't arrive. So I asked Google to try a different method. I chose SMS and a moment later I was sent a text method with a code (partially blanked out below)
I tested the two factor authentication again after turning this setting on and results are below. A lovely hidden SMS!
You can achieve a similar result in iOS
Sam
It is simple and if you don't use it, you should turn it on!
But today, for some reason, the push notification didn't arrive. So I asked Google to try a different method. I chose SMS and a moment later I was sent a text method with a code (partially blanked out below)
 |
| MFA code is visible when locked |
Now you can see that my phone is locked, but the whole code is visible. This got me very paranoid, imagine being away from your phone for 5 minutes and someone guessing your password and then using this to bypass two factor authentication? Or thinking about it, my bank uses one time passcodes (OTP) before transferring large amounts of cash....scary!
No thanks
Thankfully, Android has a mechanism to make this more secure. If you go to Sound & Notifications > App Notifications > Messaging
From here you can turn on the setting to Hide Sensitive Content
 |
| Enable "Hide Sensitive Content" |
 |
| MFA code is hidden until unlock |
Sam
Comments
Post a Comment