Just published 15,000+ words on security keys. 🔐📱💻
With SIM attacks at their highest, now is a great time to take a closer look at your online security.
Removing SMS from your two-factor auth is a start, but authenticator apps have downsides too...
Just look at these headlines from recent SIM swap and port attacks.
It's all too established for attackers to find ways to socially engineer control of your phone number and start gaining control of your accounts.
I first talk about some general security tips.
Unfortunately not all websites let you remove your phone number from accounts.
You may consider migrating your phone carrier to @googlefi , which requires email account access to do anything (and can be locked down with security keys and even Advanced Protection)
Beyond SMS, I talk about issues that TOTP authenticator apps (the code generators) have as a form of two-factor auth. They're so, so much better than relying on SMS for your second factor but they still have issues like utilizing shared secrets and lacking phishing prevention.
Enter security keys!
Utilizing public key cryptography they don't have any shared secret between the client and the server. They prevent phishing by taking the website domain into account.
Even if you get tricked by a clone phishing website, your key won't.