authenticators

Is 2-Factor Authentication by SMS Safe?

Authentication

Episode 1626

Ben from Auburn, AL

Ben has an issue with 2-factor authentication. Leo says that text message 2-factor authentication isn't safe anymore because "sim jacking" can occur, by bad guys figuring out what your cellphone number is, and then using social engineering to get them to reassign that number to a new SIM. Once they do that, they have control of the mobile device and can control even 2-factor authentication. That's why Leo supports using an authenticator. He uses a hardware-based model called Authy.

Is There a Password Manager that Doubles as a VPN?

ExpressVPN

Episode 1624

Mike from Highland, CA

Mike needs a good password manager that can also serve as a VPN. Is there any? Leo says he doesn't think that there is one, but that is a great idea. Leo recommends LastPass or 1Password for a good password vault. As for VPNs, there are a lot of options out there, but beware of free VPNs, because to make money, they sell their traffic. So it really isn't all that secure. Leo recommends ExpressVPN. There's also the Tiny Hardware Firewall.

Can I use NFC with Yubikey to unlock my data?

YubiKey

Episode 1563

Laverne from Not the Bronx

Laverne made a secondary Yubico key on her network. She wants to know if her Galaxy Note 9 Android phone will unlock via NFC since it has a chip. But she gets an error message. Is it the key, or the phone? Leo suspects the phone isn't seeing the code as it needs to. She could try the YubiKey app that is available through the Google Play store.

Is 2 Factor Authentication by SMS secure?

Smartphone and computer

Episode 1555

Carmine from Chicago, IL

Carmine has 2 factor authentication on most of his systems, but some use SMS, and he thinks that's not very secure. Leo says that there will always be a trade-off between security and convenience. But SMS is far easier to crack than independent authentication through an authenticator. Leo says to contact the cellphone company and have them put their additional layer of authentication on her phone.