I just finished reading about a guy named who lost in 15 minutes from Coinbase. Cody Brown $8k of Bitcoin How did this happen? Didn’t he have Two-Factor Authentication set up for his Coinbase account? Yes. But he had the wrong one: SMS text messaging. SMS text messaging is very insecure as a Two-Factor Authentication. Hackers nowadays can easily call up your phone provider and pretend to be you. They don’t need to prove any identity. All they need to do is convince the employee that he is you. And some hackers are really good at this. It’s currently the weakest link that exists and regular people still don’t understand the risks involved. One of the biggest Blockchain VC’s, recently by a hacker using this same weak link: SMS text messaging. It’s a huge problem right now that many people are unaware of. Bo Shen had over $300,000 stolen Disconnect your phone from your accounts right now if you have SMS text messages as your 2FA. I’ll explain what you should do in place of it that is actually secure. Do It Right Now. Sometimes a video can explain all of this better than reading text, so please watch this one. In it, the young man uses Yubikey, which I have never used. I use a Trezor as my U2F (or physical key). So, what exactly is U2F? ( ) is an authentication standard that strengthens and simplifies using specialized or devices based on similar security technology found in . While initially developed by and , with contribution from , the standard is now hosted by the . Universal 2nd Factor U2F open two-factor authentication USB NFC smart cards [1] [2] [3] [4] [5] Google Yubico NXP Semiconductors FIDO Alliance [6] [7] U2F Security Keys are supported by since version 40 and Opera since version 40. U2F security keys can be used as an additional method of two-step verification on online services that support the U2F protocol, including , , , , , , and others. Google Chrome [2] Google [2] Dropbox [8] GitHub [9] GitLab [10] Bitbucket [11] Nextcloud [12] Facebook [13] [14] Chrome and Opera are currently the only browsers supporting U2F natively. Microsoft is working on FIDO 2.0 support for and the browser, but has not announced any plans to include U2F support. is integrating it into , and support can currently be enabled through an addon - Windows 10 [15] Edge [16] Mozilla Firefox Wikipedia I’m going to simplify this definition: U2F is a physical key that you put into a USB port on your computer. You put this in after inputting your password. The U2F device uses encryption, as it contains a private key that is matched up to your public key in order to unlock your accounts like Gmail and Facebook. Without the physical key, no one can access your account. So, hackers, and even key loggers will not be able to steal your passwords because the U2F encrypts the data. There are other cheaper options like the I’ve never used Yubikey and only learned of it recently after doing some research. A good idea is to have several U2F devices connected to your account, to ensure you don’t lose access if you lose one of your keys. Yubikey that costs $18 from Amazon. It’s overwhelming to do this the first time, but once you do, you will be able to sleep at night. Hackers are just getting more advanced and sneaky over time, so the sooner you get one of these physical U2F keys, the better! Cars and houses need physical keys, so do your accounts! Here’s a how-to video that shows you how to set up a U2F physical device like Trezor or Yubikey with your gmail account: You can do this……….now.
