When TeleSign enables account protection for our customers we do so by either sending a SMS, voice call, or push notification containing a numeric PIN code (also known as a one-time passcode, or OTP) to the user's phone. In doing this you've taken an important step in securing yourself online. It's also important to take a few simple steps to secure your mobile device. Here's a good checklist to follow:
It's a best practice to have a PIN code or pattern that protects access to your phone. If your phone is stolen the thief won't get immediate access to your data. On iOS if your phone is locked and an attacker enters an incorrect code 5 times your phone is then locked from any access for 1 minute, the protection on the device escalates from there until after 10 attempts the device is wiped. On Android the screen lock has similar configurations and protections. This protects access to the data on your phone while not being too much of a hassle.
Many mobile OS's allow for SMS messages previews or full messages to be shown on your lock screen. While this can be useful to the user it also allows private information to be shown on your mobile device when your screen is locked. An attacker who then wanted to hack into your account would only need to get your username and password and then be able to view your phone screen when the text comes in. Certainly this an unlikely scenario but this simple extra step will give you a little more confidence that your online accounts are safe in the event that your phone is stolen.On iPhones go to Settings->Notification Center->Messages and turn off “Show on Lock Screen”, on Android go into the settings of “Messaging” and if this feature exists in your version of Android's OS disable it.
Phone companies generally use CallerID to check access to voicemail services. If the number is yours, the service may simply let you in to listen to the messages. While this may have been okay in the early days of voicemail, in today's world this is far from secure. Voicemail hacking is really common, and unfortunately, really easy to do. By spoofing CallerID, attackers can fool voicemail systems into believing you are calling to pick up your messages. Fortunately, putting a simple PIN on your voicemail fixes this vulnerability and makes it much harder for an attacker to get into your voicemail. iPhones that use Apples' Visual Voicemail, the default option, require a PIN code to be on your voicemail account. With other phones and operators there are a myriad of ways of setting this up. Make sure you have a PIN your voicemail no matter who your provider is.
It's happened, your phone is lost or stolen, now what are you supposed to do? Fortunately if you have an iPhone there's an easy way to track, send alerts and if worst comes to worst remote delete all data from your phone and wipe it. On iPhones go to your device and use Settings->iCloud under there turn on “Find My iPhone”. Once that's set up you can find your phone, set alerts or wipe it by going to www.icloud.com. If you're an Android use you should check out www.google.com/apps/mydevices. From this page you have the same options that an iPhone has in locating, locking or wiping a deviceIt's great that you're securing your online accounts but just like you lock your door when you leave home every day, it's important to take a few steps to secure the device that you're now using to help secure your online identity.