{"id":23819,"date":"2018-09-12T10:18:31","date_gmt":"2018-09-12T14:18:31","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=23819"},"modified":"2019-11-15T06:33:42","modified_gmt":"2019-11-15T11:33:42","slug":"2fa-notification-trap","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/2fa-notification-trap\/23819\/","title":{"rendered":"Making two-factor authentication much stronger in two easy steps"},"content":{"rendered":"<p>Reading a recent post about a <a target=\"_blank\" href=\"https:\/\/www.kaspersky.com\/blog\/how-they-stole-my-iphone\/23330\/\" rel=\"noopener noreferrer nofollow\">stolen iPhone<\/a> and the importance of two-factor notification, I had a mortifying realization. I\u2019d happily enabled <a target=\"_blank\" href=\"https:\/\/encyclopedia.kaspersky.com\/glossary\/two-factor-authentication\/?utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=termin-explanation\" rel=\"noopener noreferrer\">2FA<\/a> for pretty much all possible accounts \u2014 banks, Google, if they had the option, I took it. No petty thief would put one over on me, no ma\u2019am.<\/p>\n<p>Anytime I needed to log in from a new device or otherwise set off a two-factor-authentication signal, I\u2019d simply pick up my phone and snag the authentication code from a convenient notification <em>that popped up even if the phone was locked<\/em>.<\/p>\n<p>That\u2019s right, both iPhone and Android can show text messages on the lock screen for anyone to see. In other words, I\u2019d be fine \u2014 as long as my phone was never stolen. Great! Never mind that smartphones are some of the tastiest bait for crooks, who can get up to all sorts of moneymaking mischief with a mobile.<\/p>\n<p>So, take this small bit of advice from a truly humbled yours truly: Make sure your notifications, and the notifications of your loved ones, don\u2019t give away your valuable secrets and account access.<\/p>\n<h3>Disabling lock-screen notifications on iPhone<\/h3>\n<p>iPhone users have a bit more flexibility in notification settings. First of all, you can set up notification previews in general:<\/p>\n<ol>\n<li>Open <em>Settings<\/em>;<\/li>\n<li>Go to <em>Notifications<\/em>;<\/li>\n<li>Tap on <em>Show Previews<\/em> at the very top if you want to turn off lock-screen notifications all at once.<\/li>\n<li>Select <em>When Unlocked<\/em> or <em>Never<\/em>.<\/li>\n<\/ol>\n<p>In iOS you can fine-tune the balance of convenience and privacy. If you prefer to keep some notification previews on your lock screen and hide only those that contain sensitive information, you can choose another approach and set up this option individually for each app:<\/p>\n<ol>\n<li>Again, open <em>Settings<\/em>;<\/li>\n<li>Go to <em>Notifications<\/em>;<\/li>\n<li>Tap on the app in question, for example, <em>Messages<\/em>;<\/li>\n<li>Scroll down to the option for showing previews and select either <em>When Unlocked<\/em> or <em>Never<\/em>.<\/li>\n<\/ol>\n<h3>Disabling lock-screen notifications on Android<\/h3>\n<p>Android settings can vary a bit depending on version and device \u2014 and there\u2019s quite a number of them. With that said, it\u2019s impossible to make an ultimate guide, so poke around a bit if necessary.<\/p>\n<ol>\n<li>Open <em>Settings<\/em>;<\/li>\n<li>Go to <em>Apps &amp; Notifications<\/em>, then <em>Notifications<\/em>;<\/li>\n<li>Choose <em>On the lock screen<\/em>;<\/li>\n<li>Choose either <em>Don\u2019t show notifications<\/em> or <em>Show notifications but hide sensitive content<\/em>.<\/li>\n<\/ol>\n<p>Most Android versions don\u2019t allow you to set up lock-screen notifications individually for each app; however, in Samsung\u2019s version of the OS you can do it.<\/p>\n<h3>Don\u2019t forget to protect your SIM card<\/h3>\n<p>Removing notifications from your lock screen is a good start, but our job isn\u2019t done yet. You see, it isn\u2019t a phone that actually receives text messages, but rather a tiny piece of plastic no one thinks about much: a SIM card. It\u2019s incredibly easy to remove a SIM card from one phone, insert it into any other phone, and receive your calls and messages \u2014 including messages with 2FA one-time codes.<\/p>\n<p>It\u2019s pretty easy to protect yourself from that kind of information theft \u2014 just set up a PIN code request for your SIM card. Here\u2019s how to do it on an iPhone:<\/p>\n<ol>\n<li>Open <em>Settings<\/em>;<\/li>\n<li>After a fair bit of scrolling, tap on <em>Phone<\/em>;<\/li>\n<li>Go to <em>SIM PIN<\/em>;<\/li>\n<li>Switch <em>SIM PIN<\/em> on;<\/li>\n<li>Enter your current PIN. If you never set one, use the default code set by the operator \u2014 you can find it in your SIM starter kit;<\/li>\n<li>Tap on <em>Change PIN<\/em> to use custom code instead of the default one;<\/li>\n<li>Enter your current PIN;<\/li>\n<li>After that enter your new PIN code, and enter it once again for confirmation.<\/li>\n<\/ol>\n<p>For Android (again, it may be slightly different in your phone):<\/p>\n<ol>\n<li>Go to <em>Settings<\/em>, then <em>Security &amp; Location<\/em>;<\/li>\n<li>Choose SIM card lock and <em>Lock SIM card<\/em>;<\/li>\n<li>When prompted, enter the SIM PIN. If you didn\u2019t set one up, find the default SIM PIN in the documentation from your SIM card;<\/li>\n<li>Choose <em>Change SIM PIN<\/em>;<\/li>\n<li>Enter the old PIN;<\/li>\n<li>Enter a new PIN (and again, for confirmation).<\/li>\n<\/ol>\n<p>Now every time your phone is restarted or the SIM card is inserted in another phone, you\u2019ll need to enter the PIN code, or else it won\u2019t start. You\u2019re set \u2014 at least as far as two-factor authentication codes go.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Speaking of two-factor authentication \u2014 as we often do \u2014 did you know some convenient settings render it utterly useless? Let\u2019s do it right.<\/p>\n","protected":false},"author":2045,"featured_media":23820,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[9],"tags":[1218,105,1250,26,45,131],"class_list":{"0":"post-23819","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-tips","8":"tag-2fa","9":"tag-android","10":"tag-ios","11":"tag-iphone","12":"tag-smartphones","13":"tag-tips"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/2fa-notification-trap\/23819\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/2fa-notification-trap\/14280\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/2fa-notification-trap\/11973\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/2fa-notification-trap\/16257\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/2fa-notification-trap\/14434\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/2fa-notification-trap\/13398\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/2fa-notification-trap\/16932\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/2fa-notification-trap\/16280\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/2fa-notification-trap\/21282\/"},{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/2fa-notification-trap\/5266\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/2fa-notification-trap\/10942\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/2fa-notification-trap\/11026\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/2fa-notification-trap\/9756\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/2fa-notification-trap\/17655\/"},{"hreflang":"zh","url":"https:\/\/www.kaspersky.com.cn\/blog\/2fa-notification-trap\/9925\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/2fa-notification-trap\/21556\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/2fa-notification-trap\/17348\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/2fa-notification-trap\/21137\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/2fa-notification-trap\/21142\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/2fa\/","name":"2FA"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23819","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2045"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=23819"}],"version-history":[{"count":5,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23819\/revisions"}],"predecessor-version":[{"id":29632,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/23819\/revisions\/29632"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/23820"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=23819"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=23819"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=23819"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}