Decouple Your Phone from Sensitive Accounts

Laura Shin over at offers some excellent advice for safeguarding your sensitive accounts such as bank accounts, Dropbox, cloud storage, and the like. Some of it is the usual sensible advice such as using a password manager that generates long high entropy passwords, using two-factor authentication, and lying about the answers to security questions1.

But as Shin points out, a weak link for most accounts is your phone. If a criminal can get access to your phone account and forward calls to his account, two-factor authentication can be largely bypassed and password reset protocols can be compromised. Shin recommends that you

  • Disable online access to your phone account
  • Add a password or pin to your phone account
  • Use a phone account specific email address for your phone account
  • Tell your phone carrier to allow changes only in person with a photo ID
  • Try Google Voice
  • Don’t associate your main phone number with any sensitive accounts
  • Use biometric authentication

Shin explains how you can implement the above steps. She’s got a lot of good advice and it’s definitely worthwhile implementing as much of it as you can. Don’t think you’re safe because you’re not important or rich; criminals will be just as happy to steal your money as anyone else’s.



I like to use UUIDs for this (on macOS you generate them with uuidgen) but of course this make sense only when you’re using a password manager.

This entry was posted in General and tagged . Bookmark the permalink.