If you have a passcode set up on your phone and SMS-based two-factor authentication set up on your smartphone plan, you might think you’re pretty secure from hackers.
While you’re doing a lot better than most, your phone—and all the accounts you have linked to it—are actually still vulnerable to attackers. In a recent story, Buzzfeed notes that a smart hacker who has access to the last four digits of your social or a fake ID of yours could still be able to impersonate you and get your phone number transferred over to another device, keeping your number.
When they have a device that’s technically “you,” they can then gain access to any of your accounts that require two-factor authentication.
It might seem complicated, but Buzzfeed notes it’s not as hard as you might think. Ambitious hackers can call and gain small amounts of info about you from different services you use and then piece it together into enough info to get into the account. It actually happened to Black Lives Matter activist Deray Mckesson last year.
This type of “mobile hijacking” is getting more and more prevalent (read Buzzfeed’s story for more details), which makes it more important than ever to add as much security as possible to your account.
For that, Buzzfeed makes the excellent suggestion of adding a PIN code to your account. I already have one attached to my AT&T account as well as a few others. It’s a third layer of protection beyond your password and two-factor authentication. Sort of like the PIN you use at the ATM, the often four-digit code is something you’d come up with (don’t use the last four of your social, it’s too easy to track down!), and you’ll have to provide it whenever you’re making changes to your account like getting a new phone.
The idea is there’s an extra layer of defense for your account which will at least be a speed bump for attackers if not a brick wall they can’t get through.
Every major U.S. carrier offers the ability to do this. Here’s a breakdown of each one and how to do it:
You can add a PIN to your AT&T account on the web. Log into your account and then got to View Profile followed by Sign-in Info. Under “Wireless passcode” you’ll want to pick “Manage Extra Security” and add your new passcode.
Sprint customers are required to have a PIN. You can update yours on the web by logging into your account and then selecting My Sprint followed by Profile and security. You’ll want to scroll down to Security Information and then update your info before hitting Save.
With Verizon, you can add a PIN by going to vzw.com/PIN. You can also add a PIN in person at any store (with a government issued ID) or by calling (800) 922-0204.
T-Mobile customers can add a PIN by either dialing 611 from their mobile phone or by dialing 1-800-937-8997. With T-Mobile you’ll need to have a six-digit passcode rather than a four, so have something good in mind (not your social!) before you call.
And that’s just the beginning. Check out the Buzzfeed article and the articles linked below for more suggestions on how to make your accounts even more secure. And like everything, great security starts with a great hard-to-guess password. Make sure you’re using a good one. If you need help, here’s how to make one .