Secure your phone against 2FA skimming

By -
Google recently introduced a new faster method of 2 step verification.  Instead of using Google Authenticator or SMS as a mechanism to enter a verification code, they simply send a push notification to your mobile device.

It is simple and if you don't use it, you should turn it on!

But today, for some reason, the push notification didn't arrive.  So I asked Google to try a different method. I chose SMS and a moment later I was sent a text method with a code (partially blanked out below)
MFA code is visible when locked

Now you can see that my phone is locked, but the whole code is visible.  This got me very paranoid, imagine being away from your phone for 5 minutes and someone guessing your password and then using this to bypass two factor authentication?  Or thinking about it, my bank uses one time passcodes (OTP) before transferring large amounts of cash....scary!

No thanks

Thankfully, Android has a mechanism to make this more secure.  If you go to Sound & Notifications > App Notifications > Messaging

From here you can turn on the setting to Hide Sensitive Content

Enable "Hide Sensitive Content"
I tested the two factor authentication again after turning this setting on and results are below.  A lovely hidden SMS!
MFA code is hidden until unlock
You can achieve a similar result in iOS

Sam

Comments

Post a Comment

Popular posts from this blog

Assigning Windows 10/11 Enterprise Subscription Activation Licences to Hybrid Azure AD Joined Devices

By -
Image
Introduction Starting with Windows 10, version 1703, Windows 10 Pro supports the Subscription Activation feature, enabling users to “step-up” from Windows 10 Pro to Windows 10 Enterprise automatically if they are subscribed to Windows 10 Enterprise E3 or E5. The Subscription Activation feature eliminates the need to manually deploy Windows 10 Enterprise or Education images on each target device, then later standing up on-prem key management services such as KMS or MAK based activation, entering GVLKs, and subsequently rebooting client devices. It’s important to note that the Windows 10 Enterprise subscription activation is designed to “step-up” a device from Windows 10 Pro to Windows 10 Enterprise. Therefore, your device is required to have a Windows 10 Pro license activated as a baseline. For Windows 10 Enterprise Subscription Activation to function, there a several prerequisites which need to be in place. This blog is aimed for organisations which have Active Directory on premises an...
Read more

Power Automate: Get first item in output

By -
Image
One of the most annoying things about Power Automate for me is when I am trying to use the output of a previous action and as soon as I click that dynamic content button, it pops my new action into a For Each loop. It does this because the previous action could have more than 1 item returned and this would clearly fail unless it was in a loop. But if you have used the Row Count or Top option in the proceeding action, or you know full well that only 1 item will return, it is nice to avoid bloating the flow with an unnecessary loop. There are a couple of way to do this: First function You can craft your filter expression so that the output is wrapped in the First function. This will tell Power Automate to only look at the first item. First(variables('Array')) Calling Index You can edit your filter expression to tell it which item from the source you want. Zero being the first item e.g. variables('Array')[0] Which one to use? I use the index and the main reason is due to...
Read more

De-selectable radio buttons - Power Apps

By -
Image
Introduction When creating a Canvas Power App you can choose from a large number of controls and specifically input controls designed to get information from the user. One of these controls is the humble radio button. This is a good control which provides possible options without requiring a user action. In comparison a dropdown would require the user to click to expand all of the possible options. Example radio button input One of problems with this control is the fact you cannot de-select it. Once an option has been chosen, you can change it but you cannot undo it. The post shows a way to make de-selecting possible in a Canvas Power App. One simple way to achieve this is to have a button or icon next to the radio button and its OnSelect property to be Reset(rdoButton). This is easy, but if there are many radio button controls, it could result in lots more controls on a screen or in an app. Power Apps recommends keeping under 500 for an app and 300 maximum per page. The followi...
Read more