Two-factor authentication has an SMS vulnerability.

Two factor authentication is one of the most important advances in securing your most important online accounts, especially after the Equifax apocalypse. But if you are receiving your two-factor codes by SMS, you are opening a front door to thieves and hackers. Here's how to lock all the doors.

noSMSAs reported on The Verge (one of our favorite websites) a recent hijacking exercise showed how easy it was to bypass two-factor authentication when SMS text messages were used. Why? Because SMS is unencrypted - so a malefactor with any sniffing device, such as a laptop at a coffee bar, can easily capture the code sent to your iPhone or Android smartphone.

The way to avoid this is to use an encrypted method of message transport. For the world's Gmail users, you can add their encrypted authentication system to your iOS and Android devices (we've tested them, they work). You must have a lockscreen enabled before you can complete the process. (You are using a lockscreen, right?)

On some services, you can revoke the option for SMS two-factor and account recovery entirely, which you should do as soon as you’ve got a more secure app-based method establish

To lock down your Gmail account, add Google Authenticator from the App Store or the Play Store, which is required to remove the SMS option for Google's own two factor authentication.

An increasing number of institutions will also use email as an alternative, and your Office365, Outlook, Gmail, and Yahoo email accounts are all encrypted. For ease of use, though, we recommend you look for an app to install on your device, such as Apple's, Google's, or MicroSoft's authenticator apps.

Read the whole story on The Verge. And watch the (scary) video of a successful intercept, then if you value your sleep, follow the above procedure.

</dwm>