As a regular Komando.com reader, you’re probably familiar with two-factor authentication by now. In the ever-evolving world of technology, it is one crucial feature that you need to enable to protect your online accounts.
Two-factor authentication (we’ll call it 2FA, for short) is a fancy name for adding an extra verification step to the login process of your most critical accounts.
With the 2FA setting enabled, instead of just providing just your username or password to log in to an account, a secondary form of verification is required to prove your identity.
The most popular form of 2FA right now is a special one-time code that’s texted to your cellphone.
The idea is that even though hackers may have figured out your credentials, without the special code, they still won’t be able to access your account.
But did you know that using your cellphone’s SMS text messaging is not the safest way to receive your 2FA codes?
As usual, crooks and cybercriminals have a way to have figured out a devious way to steal your phone number and, in turn, receive all your 2FA authentication codes.
With schemes like SIM card swaps and cellphone porting scams, criminals can take over your phone number. With all the 2FA code text messages they can request, they can take over your other accounts like social media and your bank accounts, too.
To protect yourself from these scenarios, here are essential alternate methods you can employ.
Use a better number for your 2FA codes
Nowadays, your personal phone number can be tied to various apps and services since many of them require a valid phone number for account creation.
And as I mentioned earlier, your personal number can also be used for SMS two-factor authentication codes and sign-ins.
But what if you lose your phone? Or if your phone number was hacked? What if you have to change your phone number or switch carriers?
This is why for ultimate security, it’s advisable that you avoid using your personal number for your 2FA codes.
Either use an authenticator app or use a virtual secondary number to receive your 2FA SMS codes.
This way, even when disaster strikes and your phone gets compromised, the crooks can’t readily exploit your personal number to request access to your accounts that use two-factor authentication.
Option one: Get a Google Voice number
Speaking of virtual secondary numbers, did you know that Google has a free phone service? It’s called Google Voice and you can choose your own free phone number for voice calls, texts and voicemail. All you need is an active Google account.
It’s currently one of the popular options for a secondary “burner” number, and it’s a viable alternative for receiving your 2FA text messages.
The upside is that even if you lose your personal phone, switch carriers or your number gets compromised, your Google Voice number will remain separate and your 2FA texts will still be accessible via a web browser or another phone.
Here’s how you set up a Google Voice number:
- Install the Google Voice app. The Google Voice app is available for both iOS and Android. Note: You can also access Google Voice on your computer via a web browser.
2. Link your Google account.
3. After linking, the app will then prompt you to choose a Google Voice number. You can search for available numbers by ZIP code or city. You can even select an area code that’s different from your actual location.
4. After choosing your Google Voice number, you are required to link and verify your account to an active cellphone number. All your Google Voice calls and text messages can be forwarded to this number, too.
5. Google will then send a 6-digit code to your linked phone number to verify your Google Voice account. Just enter this code in your Google Voice account and make sure they match.
6. That’s it. You’re now all set to use your Google Voice phone number!
From now on, instead of using your own phone number for apps and web services that support SMS text-based two-factor authentication, you can use your Google Voice number instead.
However, keep in mind that you will have to disable all message and call forwarding via your Google Voice app’s Settings screen to make this effective.
There’s one big downside to this method though. Since your Google Voice number is tied to your Google account, if hackers manage to compromise your Google account, you’re actually back to square one since they’ll have access to your 2FA codes as well.
Another caveat is that you can’t use a Google Voice number as your Google two-factor authenticator number. (This makes sense since this can put you into an unrecoverable verification loop.)
If you plan on using Google Voice for your 2FA SMS codes, it’s equally important that your Google account is iron-clad.
Needless to say, don’t use your personal phone number as your Google two-factor authentication method either or you’ll be defeating the purpose of this method.
Thankfully, your Google account can be secured with an even better two-factor authentication system.
For improved security, you can always use an authentication app for securing your Google account and other services that support it.
Another more secure option: Use an authenticator app
Instead of using SMS text message codes for your 2FA codes, try using an authenticator app like Google Authenticator.
Using an authenticator app is far more secure than text messages since the codes can’t be intercepted on the carrier level.
Especially for your Google account, it’s recommended that you use an authenticator app for your 2FA codes. Note: Aside from Google Authenticator, you can use other authentication apps like Authy, Microsoft, LastPass or FreeOTP.
Next, to secure your Google account, go to your Google account management page then click on “Signing in to Google.”
On the next page, click on “2-Step Verification” then on the next page, scroll down to the “Set up alternative second step” section.
Important: You have to link your phone number first to activate this option. Don’t worry, once your authenticator app is set up, you won’t need SMS text 2FA codes anymore.
In this section, select “Authenticator app” then click “SET UP.”
Choose your gadget type then click “Next” to reveal a scannable QR code.
Now, open your phone’s Google Authenticator app then tap the “+” sign to set up a new account. Select “Scan a barcode” then scan the QR code that’s displayed on your browser with your camera.
A six-digit code will be generated on your phone. Back on your web browser, click “Next.”
Type the 6-digit code as your 2FA code on your web browser then click “Verify.”
And that’s it! Now, instead of an SMS text message, you will be required to use your Google Authenticator app to generate 2FA codes when you’re logging in to your Google account on a new device.
Roughly the same steps will work for other sites that support the authentication app method too so make sure you select this option instead of SMS whenever available.
But not all services support authenticator apps. In fact, some of them still only support SMS text messages as their 2FA method. For these types of services, try securing them with a Google Voice number (secured by Google Authenticator) instead. As we covered in this tip, this is a vastly more secure method than using your personal number’s SMS text messaging service for your 2FA codes.
Important: If you are using Google Authenticator or another authentication app, make sure you secure your smartphone with a very strong passcode. Click here for the most secure ways to lock your smartphone.