Stop using SMS-based 2FA

Two-factor authentication (2FA), which adds something you have to do to the something you know (your username and password) during login, is a must-have.

Use either an authenticator app such as Authy or Google Authenticator, or a hardware token like a YubikKey.

Don’t use 2FA that sends codes by text message. “If your phone Is stolen, the thief can put your sim in another phone and request an SMS code for resetting the password to all your accounts,” warns Cesar Cerrudo, chief technology officer at security research company 1OActive.

Setting a pin on your sim card is recommended, but that won’t help if someone cons your network provider into transferring your number to their device, a scam known as sim-swapping. “SMS-based 2FA is vulnerable to sim-swap attacks,” says Paul Bischoff, privacy advocate-at, “but if it’s the only option, It’s better than no 2FAat all.”