So, it’s not that the message itself is insecure, but the inability to verify the sender makes phishing attacks possible or similar things. I get a text from a random number saying “click this link to pay your bill!” And I don’t have any way to trust its legit.
SIM swaps make it so people can take over your phone number temporarily and then generate 2fa requests to gain access to accounts. Doing the swap usually involves bribing someone or gaining access to a providers database by other means, but its been done a lot.
There are ways to prevent this, but the most straight forward is using a MFA app. Barring that 2FA via email is the next best thing.
Forgive my ignorance, aren’t emails sent in plain text that can be read by any of the networks they are passed between? I’ve always been taught email is the least secure of any communication.
I’m not a security expert so my ability to explain is limited, but no, emails have long used encryption protocols like SSL to prevent such problems. However, your email provider may scan and read your emails. That’s not much different than a text message service reading those messages, but you can choose your provider. From what I can tell proton.me is the way to go for resolving that issue - they provide encryption which prevents their own machines and employees from being able to read your messages and other data. Otherwise, your email is basically as secure as your passwords are.
Wait, how is email more secure than SMS?
https://en.m.wikipedia.org/wiki/SMS_spoofing
So, it’s not that the message itself is insecure, but the inability to verify the sender makes phishing attacks possible or similar things. I get a text from a random number saying “click this link to pay your bill!” And I don’t have any way to trust its legit.
SIM swaps make it so people can take over your phone number temporarily and then generate 2fa requests to gain access to accounts. Doing the swap usually involves bribing someone or gaining access to a providers database by other means, but its been done a lot.
There are ways to prevent this, but the most straight forward is using a MFA app. Barring that 2FA via email is the next best thing.
Forgive my ignorance, aren’t emails sent in plain text that can be read by any of the networks they are passed between? I’ve always been taught email is the least secure of any communication.
I’m not a security expert so my ability to explain is limited, but no, emails have long used encryption protocols like SSL to prevent such problems. However, your email provider may scan and read your emails. That’s not much different than a text message service reading those messages, but you can choose your provider. From what I can tell proton.me is the way to go for resolving that issue - they provide encryption which prevents their own machines and employees from being able to read your messages and other data. Otherwise, your email is basically as secure as your passwords are.
OK, I had no idea what I was talking about, lol. Thanks for responding!
No prob, this stuff is difficult to keep up with. I’m still always learning and hoping I’m doing it right