Yes, Youtube search John Mcafee and crypto/mobile security, he has much to say on the topic, and being on the front line of such things he knows more than anyone. I don't use my phone for any banking or crypto stuff.
Are there easy ways to backup Google Authentication? This seems to be one way: https://www.icontrolwp.com/blog/google-authenticator-backups/ Anyone using it? EDIT: Just found this: http://www.newsbtc.com/2017/06/03/coinbase-recommends-users-enable-google-authenticator-ditch-authy/ Coinbase recommended not using Authy EDIT2: It seems that re-enabling your Google Auth codes and then printing out the barcodes is the best way to go to backup.
yes printing out your codes is the best way. i also keep a second basic phone in a safe deposit with all codes enabled. dont use authy, yes it will work as a backup but means you need to trust them.
When something like this happens it naturally makes you review how you are doing things in hope that it won't happen to yourself Just thinking of myself, I use Exodus as my wallet, on my personal laptop. I have 2FA enabled via 12 secret words which I have saved (screenshot) on an external HDD that isn't plugged in to a computer, it's stored away. I am thinking about getting a Trezor, and will start using MEW soon enough I'm sure I have accounts with CoinSpot and Bittrex, and have 2FA via Google Authenticator on both. I don't like the fact that they both required my personal details, drivers licence etc to set up accounts with them (just in case they get hacked and my details with them are jeopardized) but I guess that's just the way it goes My laptop has anti-virus etc, and I don't visit suspect sites on it Exodus, CoinSpot, Bittrex & MEW. That's it for me. I hope that's all good enough to prevent anything bad happening
what happens if your house burns down along with your laptop and hdd? unless you have memorised your 12 secret words this is a real risk.
Sounds a little dramatic I'll get around to printing off the 12 words and storing them in my SDB, but other than that I think I am doing everything I can to protect myself as much as possible
replace burned with stolen or with hard drives failed, these are not unlikely scenarios. get your passphrase somewhere safe and should be fine.
I use google authentaicor on all my logins where my cryptos are and keys backed up on and offline, though this porting attack has me thinking that my primary bank accounts would be vunerable ( as I uses SMS 2FA thre) hrmmm migh tlook into how to change it.
Might sound over the top, but is it worth calling your Telco and getting them to put a note on your file saying that if any attempt to port is requested they should contact you first, requiring you see them face to face before proceeding, or something along those lines? Sounds extremely over reactive I know, but I use SMS 2FA with CBA too, so maybe it's worth doing? Would only take a phone call/shop visit to organise so no real effort
Sounds like independent reserve, they offer SMS 2FA Auth, and would be linked to your banks account, A solid company so that really blows. if it makes you feel any better losing crypto to a hack, lost wallet.dat, scam or phishing is like a baptism, wear it and carry on
Tried this today with my provider. They can set your account up to be pin access only, which means when you call for anything they ask for you PIN and if you cannot provide it that's it, nothing can be changed even if it is you and you've forgotten it. They also supposedly put a note down to call be in person before any porting can be attempted. Better than nothing. Thank you to the OP for bringing this to our attention, and hopefully everyone can stay safe out there.
Having a pin is pretty normal nowadays but it doesn't really do anything with regards to someone porting your number as the new provider you switch to facilitates the port with your current provider, and the password means nothing in that case The note on file is better then nothing, but I wouldn't have 100% confidence that a Telco would enforce it when receiving a port request, but let's hope it never gets to this
I really hope most of the main carriers will send a txt to the mobile number before the number is ported. It should note when the number will be ported and to what carrier. There should also be a 24hr delay from the time you get the txt, so you have time to stop it from going through. If this doesn't happen now, then this major security flaw should be fix very fast.
not sure the operator in bangalore will read any comments on your account, let alone deviate from the script of porting your number. hopefully there is some sort of secondary validation, i know optus send a txt to say when the change will happen.
Yes not ideal but the only thing could do. When we recently ported a number from Optus we got an automatic text message from them. So hopefully that’s enough to prevent unauthorised porting from happening. Not much more than can be done anyway except being vigilant.
Absolutely trivial to store your code hidden away in PNG format on a cloud somewhere. No one is going to find it unless you label it "here_is_the_2FA_for_my_coinspot_acount.png", and even then buried away in thousands of photos and other images, not going to happen. The text can also be hidden anywhere. Steganography is your friend.
Hi guys, Just a quick update ... most of you guys are probably using an exchange that allows for POLi payments. DON'T USE THIS METHOD OF PAYMENT! The bank does not guarantee them, so if a hacker gets into your exchange account they will have access to you bank account numbers and balance (thanks to POLi), they can then transfer money into your exchange account, buy cryptos and send them to their wallet. And if like me, they've taken your phone number, they just need the banks confirmation SMS to authorise the transaction. Make sure that you disconnect your bank account and exchange account so that POLi can't 'see' your bank account. Make this an action step you do immediately. Pay your exchange using direct debit or BPay (which the bank will guarantee) so if there is some funny business, the bank will reimburse you. Another lesson learnt the hard way. Cheers, Sammy
I was always amazed that some people used POLi, it's such an insecure serves. Unlike credit cards where your money is protected if someone steals it, POLi is an unsupported dodgy service. No one should use it EVER.
Thanks for the update Sammy Can you explain this please? How is that POLi's "fault"? Sounds like you were hacked (still not sure how) but because you have your bank details and mobile number on your exchange account, they were then able to use that info to get more funds and made the payments via POLi POLi might not guarantee payments, but it doesn't sound like they were the reason you got hacked, unless I am missing something blatantly obvious?
When you use POLi, you essentially trust that Australian post (owner of POLi) has very high security standards (which they don't). As they have access to your login details. More or less POLi has major security issues and there is a high probability they could be the cause of this issue. Here is a quick cut and past run down.