create account

Why you should never use SMS for important two factor authentication by themarkymark

View this thread on: hive.blogpeakd.comecency.com
· @themarkymark ·
$38.85
Why you should never use SMS for important two factor authentication
![image.png](https://files.peakd.com/file/peakd-hive/themarkymark/K4gZDhbR-image.png)

Seth Shapiro, an AT&T user had their cryptocurrency stolen during a heist thanks to AT&T handing over control of the victim's cell phone number during a robbery.

Roughly $1.9 Million USD of various cryptocurrencies were stolen when an AT&T staff member ported a number to a hacker's SIM card.

Any second-factor authentication that uses SMS is at risk for this to happen as support staff can be easily convinced to port user numbers to criminals SIM cards.  Once they have a clone of the victim's SIM, they are able to confirm SMS security prompts to gain access to Exchanges, Banks, and various critical services.

With Crypto, there is nothing you can do to recover funds sent through exchanges and even personal wallets.  There have been numerous cases of victims and their family members being threatened at gunpoint to give over hardware wallet passcodes. 

Seth Shapiro is suing AT&T for enabling the theft of his tokens.  AT&T was sued in 2018 by another victim under a similar situation.  In the previous case, Michael Terpin lost over $24 Million USD in cryptocurrency.  Michael Terpin won a judgement for $75.8 Million dollars against the hacker, but will not likely recover any funds as a result of the judgement.  He is also suing AT&T who enabled the theft which is still in process.  In February, a judge granted Michael Terpin permission to proceed with the lawsuit against AT&T.  Michael's lawsuit is for $200 Million dollars in punitive damages.

Seth has been unable to obtain approval by a judge to move forward with his case against AT&T.

In both cases, AT&T was asked to be special protections on their account to prevent this situation.  Any customer can contact their mobile provider to request additional security on critical account changes and this it is highly suggested you do so, even if it may not work every time.  

Ultimately, it is down to the low paid and poorly trained support rep that takes the call, or the next one that takes the second and third call if the hacker is unsuccessful.  With security, you have to win every battle where the hacker only has to win once.

*""AT&T failed to implement sufficient data security systems and procedures and failed to supervise its own personnel, instead standing by as its employees used their position at the company to gain unauthorized access to Mr Shapiro's account in order to rob, extort and threaten him in exchange for money,"*
<sub> - Seth Shapiro's Lawsuit Filings</sub>

AT&T is, of course, trying to get the case dismissed, while unsuccessful so far, they have prevented Shapiro from getting approval for his case.  This will likely go on for years until a settlement is reached or Shapiro is unable to continue paying his legal services.

According to an interview with CoinTelegraph, Seth's tokens were around 1,200 Ethereum stolen from his Bittrex account, around $400,000 was stolen from Wax Cryptocurrency account, and almost $1M USD worth of crypto for a project he was working on.

---

<center>Securely chat with me on [Keybase](https://keybase.io/officialmarky)
<center>https://images.hive.blog/0x0/https://steemitimages.com/DQmcWxV1dpA1eAtw2ipwZiWZkydyVNU5LaLa2Ak1GUnbGmS/The-Marky-Mark.png </center>
# <center>  [Why you should vote me as witness](https://peakd.com/witness-category/@themarkymark/why-you-should-vote-for-themarkymark-as-witness)  </center> #

👍  , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , and 476 others
👎  , , , , , , , , , , , , , , , , ,
properties (23)
authorthemarkymark
permlinkwhy-you-should-never-use-sms-for-important-two-factor-authentication
categorycryptocurrency
json_metadata{"app":"peakd/2020.07.1","format":"markdown","tags":["cryptocurrency","crypto","leofinance","security","palnet","neoxian"],"users":["themarkymark"],"links":["https://keybase.io/officialmarky","/witness-category/@themarkymark/why-you-should-vote-for-themarkymark-as-witness"],"image":["https://files.peakd.com/file/peakd-hive/themarkymark/K4gZDhbR-image.png","https://steemitimages.com/DQmcWxV1dpA1eAtw2ipwZiWZkydyVNU5LaLa2Ak1GUnbGmS/The-Marky-Mark.png"]}
created2020-07-05 06:24:24
last_update2020-07-05 06:24:24
depth0
children8
last_payout2020-07-12 06:24:24
cashout_time1969-12-31 23:59:59
total_payout_value23.176 HBD
curator_payout_value15.673 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length3,453
author_reputation1,774,102,110,989,337
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,349,108
net_rshares106,524,760,136,747
author_curate_reward""
vote details (558)
@bengy ·
Part of the problem is that services still offer SMS as a two factor... That said, I can imagine the pain of mass adoption of time based authenticator codes for everything. We have it across the board for banks in Europe... But I can imagine the amount of locked out accounts or lost keys because people have no systemic way to back up. 
properties (22)
authorbengy
permlinkre-themarkymark-qczhws
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-05 06:55:42
last_update2020-07-05 06:55:42
depth1
children0
last_payout2020-07-12 06:55:42
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length337
author_reputation1,239,407,738,727,130
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,349,475
net_rshares0
@brianoflondon · (edited)
$0.05
[Bitcoin Billionaires, Ben Mizrahi's book on the Winklevoss twins](https://amzn.to/3gx0AkB) after their settlement with Zuckerberg and Facebook, has a chapter on how they flew around America each depositing parts of their keys in seemingly random and unconnected small branches of different banks in safety deposit boxes for the bitcoin wallets that they were storing 10's of millions of USD worth of Bitcoin at that time.

It seemed like overkill then... they were spending millions at $7 to $10 per BTC.

Here in Israel, way too many government services can be reached by knowing your ID number and your mobile phone number. If you have access to a cloned mobile number (and I'm pretty sure this isn't that hard to do here) you're in trouble.
👍  
properties (23)
authorbrianoflondon
permlinkre-themarkymark-qczh25
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-05 06:37:18
last_update2020-07-05 06:38:06
depth1
children0
last_payout2020-07-12 06:37:18
cashout_time1969-12-31 23:59:59
total_payout_value0.024 HBD
curator_payout_value0.024 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length744
author_reputation760,626,613,375,672
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,349,248
net_rshares211,869,194,185
author_curate_reward""
vote details (1)
@cerberus-dji ·
SIM cards are going to get hot in the privacy and net neutrality debates.
properties (22)
authorcerberus-dji
permlinkre-themarkymark-202075t24927393z
categorycryptocurrency
json_metadata{"tags":["cryptocurrency","crypto","leofinance","security","palnet","neoxian"],"app":"esteem/2.2.5-mobile","format":"markdown+html","community":"hive-125125"}
created2020-07-05 08:49:27
last_update2020-07-05 08:49:27
depth1
children0
last_payout2020-07-12 08:49:27
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length73
author_reputation88,097,600,550
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries
0.
accountesteemapp
weight300
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,350,524
net_rshares0
@opidia ·
Very weird fishy story ...🤔
Not like any random cryptos Hodler 
Yeah , sms is weak when you Hodl so much , counting on your phone 
Sounds almost like a bad joke 
properties (22)
authoropidia
permlinkre-themarkymark-qd07ye
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-05 16:18:15
last_update2020-07-05 16:18:15
depth1
children0
last_payout2020-07-12 16:18:15
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length162
author_reputation46,915,480,723,097
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,356,520
net_rshares0
@simplegame ·
So what is the best choice for two factor auth?
properties (22)
authorsimplegame
permlinkre-themarkymark-qd0lts
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-05 21:17:51
last_update2020-07-05 21:17:51
depth1
children1
last_payout2020-07-12 21:17:51
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length47
author_reputation129,115,995,803,740
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,360,813
net_rshares0
@anonymouser ·
I suggest using a private and secure email provider for your two-factor authentication.

Tutanota (based in Germany) and ProtonMail (based in Switzerland) already are very secure and have strong privacy protections, but CTemplar (based in Iceland) offers the strongest protections (but comes at higher costs). Just don't forget your passwords there though, as nobody can recover them for you. 
properties (22)
authoranonymouser
permlinkre-simplegame-qd702k
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-09 08:11:12
last_update2020-07-09 08:11:12
depth2
children0
last_payout2020-07-16 08:11:12
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length393
author_reputation3,176,149,596,351
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,421,213
net_rshares0
@trumpman ·
Hey since you use Leo related tags maybe you want to publish your crypto/finance related posts through the native leointerface. Here's why:

First, there is now a 10 % tax for posts not through leofinace
https://leofinance.io/hive-167922/@steem.leo/native-leofinance-content-now-earns-10-more-leo-a-few-interface-updates

Also, it helps a lot with the seo of leofinance. Which means more traffic, which means more ad revenue for leo burns, which means a higher token price, which means more money for you, lel. Please see the following for more info:

https://leofinance.io/hive-167922/@steem.leo/why-posting-from-leofinance-is-one-of-the-best-ways-to-grow-our-token-and-community
https://leofinance.io/hive-167922/@steem.leo/new-model-for-leoads-or-burning-leo-with-ad-revenue


TDR. You get more leo. Leo gets more expensive and more leo are burned. We all get a lambo.

Posted Using [LeoFinance](https://leofinance.io/@trumpman/qd0gv9)
properties (22)
authortrumpman
permlinkqd0gv9
categorycryptocurrency
json_metadata{"tags":["leofinance"],"links":["https://leofinance.io/hive-167922/@steem.leo/native-leofinance-content-now-earns-10-more-leo-a-few-interface-updates","https://leofinance.io/hive-167922/@steem.leo/why-posting-from-leofinance-is-one-of-the-best-ways-to-grow-our-token-and-community","https://leofinance.io/hive-167922/@steem.leo/new-model-for-leoads-or-burning-leo-with-ad-revenue"],"app":"leofinance/0.1","canonical_url":"https://leofinance.io/@trumpman/qd0gv9"}
created2020-07-05 19:30:48
last_update2020-07-05 19:30:48
depth1
children1
last_payout2020-07-12 19:30:48
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length938
author_reputation2,469,157,199,290,110
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,359,321
net_rshares0
@themarkymark ·
I always forget as I don't always post LeoFinance type of stuff.
👍  
👎  , ,
properties (23)
authorthemarkymark
permlinkre-trumpman-qd0ie2
categorycryptocurrency
json_metadata{"tags":["cryptocurrency"],"app":"peakd/2020.07.1"}
created2020-07-05 20:03:36
last_update2020-07-05 20:03:36
depth2
children0
last_payout2020-07-12 20:03:36
cashout_time1969-12-31 23:59:59
total_payout_value0.000 HBD
curator_payout_value0.000 HBD
pending_payout_value0.000 HBD
promoted0.000 HBD
body_length64
author_reputation1,774,102,110,989,337
root_title"Why you should never use SMS for important two factor authentication"
beneficiaries[]
max_accepted_payout1,000,000.000 HBD
percent_hbd10,000
post_id98,359,797
net_rshares-500,232,139,852
author_curate_reward""
vote details (4)