It's so great to hear that you found this video helpful, and I have a new sub because of it! Thanks for dropping a comment 👍

I'm glad you found it helpful, and thanks for sharing this video with your family and friends!

Very true! This option is a hard pill to swallow for most, though. I'm always on the go and need to check things with my phone all the time 🤷‍♂️

@@FredShin-m7x That's another option and a good one for those that can make that work, but how are you paying bills online? Does the bank still accept payments you make via ACH?

Thank you for the kind comments. The embarrassment was more of a "I should have done these preventative measures beforehand and not let a scary situation force me into action." That's really sad that the scammers got to you - having $22,000 of crypto stolen... ouch. How did you recover $4,000 worth of crypto? Or did the mobile company pay this as compensation?

@clumaster What bank allows you to only process transactions in-person?

@@themoneyninja all canadian banks do. i am sure most others would too. all you do is to ask the bank to lock the account and when you need money you would have to show up at that bank with your ID to unlock it for which you need a bank manager to authorize it and get your money. If a bank really cares about their customers and their financial security it should be an easy option to add, and if not, another institution might be in order.

@madmonkey762 Do you remember if the incident happened with one of the authenticators I mentioned, or was it from a different company that you can't recall? Doing some quick googling, it seemed like people were storing the backup keys somewhere that hackers were able to grab, but I couldn't find that the authenticator app itself was compromised.

Several smaller banks and credit unions do, and brokerages like Fidelity and Schwab. Many national banks don't offer it currently. For these banks, you should elect email as the 2FA option and then lock your email security to mobile authentication only. You can see the list of financial institutions that offer app authentication (listed as TOTP) here: 2fa.directory/us/#banking

I’m at First Tech FCU and they have it

Banks are so bad about not having this feature! Fidelity has had it for a while but up until recently they only allowed you to use one specific brand of a TOTP-based authentication app. Now you can use any (I personally use Authy).

Banks are the slowest to adopt features... one of my biggest gripes with financial institutions.

It's crazy, right? Just remember to have a different password for each site, use an authenticator app where possible, and lock thar SIM card down! 💪

I'd recommend Ente Authenticator. It's open-source and end to end encrypted. Having tried Ente, Microsoft, Google and 2FAS authenticators, Ente provide the best security and experience.

I used Goggle authenticator for a while, then switched to Microsoft’s similar app, now I use the iPhone’s built in Passwords app. They all work pretty similar for 2FA auth codes, the main feature that’s useful is being able to have the same codes work on all of your devices. Most of these apps can do that by logging into the same account - but honestly using that feature actually reduces security a bit.

I just checked Ente out. Looks like a good authenticator. How did you find out about this one? It's pretty new.

I have a copy of the authenticator app I use on an older phone in case I lose my current one.

@MaxPower-11 100%. It was an awful breakfast experience, but the massive time zone difference saved the day. My wife tells me that we have to visit annually to "thank Maldives" for saving us. She may be the smartest ninja of all 😂

Maldives 🏝 ❤️

😂😂😂

Glad you found it helpful!

@@im4udevco Which biometric key do you use?

@@themoneyninjaI need to know this too. Have been wanting a physical encryption key for ages.

@craigf3277 Mine did too, but the text notification to the SIM switch is only 10 minutes apart. If you're away from your phone within that time frame... 😔

You got it, dude!

I'm shocked that these things aren't turned on by default too! Keep in mind though, that while creating a SIM swap PIN # will provide an additional layer of protection, it still wouldn't prevent a swap if the fraudster was able to bribe a contact center employee to do so as they are able to override it.

Mine does not offer PIN. I even called them to verify. They will only do a change with a code sent to the phone before switching.

@@craigf3277 well, in many instances the reason one might want to do a legitimate swap is because they no longer have possession of their SIM. How does your carrier handle that?

Yes if you have T-Mobile definitely activate that!

Yes. SIM Protection would help if the scammers are trying to ask or trick a mobile service provider to swap a SIM. But if scammers instead pay carrier employees directly to swap SIMs, then this is useless since a bribed employee is not going to honor any SIM protections. So while it may help someone feel completely safe having SIM protection on a line, the reality is, if the phone number is used as the two-factor authentication method to secure against a large sum of irreversible funds (like crypto), the "protection" is irrelevant, as the scammers simply bypass it.

And how do you enable this?

That works unless the scammer was able to bribe an employee. They can easily override SIM protections placed on the account. An authenticator app provides an additional layer of protection if SIM protection is breached.

@ no they can’t. I mean anything is possible of course anyone can do anything they want to but they would need a good motive to go the all that trouble when they can easily target someone that doesn’t have sim protection which is a ton of other vulnerable people out there.

​@@kauigirl808They actually can. That's how my account was compromised and I had SIM protection on. It does nothing when a CSR can turn it off. That's how a lot of these SIM swaps happen.

Yubikey is another option. It depends on if you want to use a hardware-based authenticator like Yubikey or a software-based solution like Google Authenticator.

@themoneyninja Yeah, but with a Yubikey, it is something physical that one must have in their possession, so better than an authentication app.

@jayteknica1175 The first $100k takes the longest, but you can get there! Start small, think big 💪

@@dav1dw Websites get hacked all the time, and the information that gets leaked includes your name, phone number, etc. You can check if your email address has been leaked. If it's an email you use for many websites, chances are it is. Check here: haveibeenpwned.com/

@@themoneyninja yeh. all my emails and info has been leaked before. It took some effort to switch over to new emails and I also started using email aliases.

Very smart to do. It's another layer that makes it more difficult for scammers to penetrate.

@@lafavini Glad you found it useful 👍

@danielle5684 eSIMs can't prevent a scammer bribing an employee or acquiring a fake ID to claim that they lost your phone and need a replacement.

@@zenwar8835 Yes, and scammers can get that once they have control of your phone number and email address. They click on the "forgot username" or "forgot password?" feature and get this information sent as a text message or email.

It works with physical SIMs, too. Scammers visit mobile carrier stores pretending to be you and tell the employees that they lost the SIM card and ask for a replacement.

@@themoneyninja I'll rephrase: Does method 1 work with eSIM? It seems to me that it would only work with physical SIMs but I'm not sure.

@johnbeene3117 Thanks for clarifying. The answer is still yes. Scammers can pretend to lose "their" phone, which includes the eSiM.

@@themoneyninja Wow so replace the entire phone? I guess this would only work if you had insurance against lost phones, right? Sorry for the noob questions, this has all just gotten a lot more complicated since the last time I got a phone.

@johnbeene3117 Yes, they're able to replace the phone on the account with a fake ID. Call your mobile service provider and ask if they can add an additional layer of security to lock your SIM. But the advice here (adding an authenticator app) would prevent them from logging into your financial accounts. No worries about the questions, you're asking good ones!

@@ryshask Which key do you use?

That's exactly right. Redirecting to another email address is definitely a good option, though I love having an authenticator app centralize and secure all my important accounts.

@ToboeKey309 Unfortunately most banks don't offer Passkey or Authenticator app as 2fa. They have gone all in on SMS even though they have known it's not safe. Even the US government is now warning against texts for communications yet the banks won't change. They simply don't want to spend the money to upgrade their systems.

Gmail requires a phone though

​@lostbydesign You don't need a phone number. Go to your Google settings and click on "Security". You can add multiple ways to verify yourself under the "2-Step Verification" option without requiring a phone number.

You can change the authenticator ​@@lostbydesign

@saxophoneplaya You're welcome and thank you for watching! 👍

Preach brother! 👍

I'm finally convinced. Now more places are using auth apps.

Auth apps connecting to say your icloud account suffers the same issue and can be hacked easily. Opt in something like yubikey which is physical

@SunshineFL That offers some protection, but unfortunately, if scammers are able to bribe the employees, that security layer is ineffective.

@Halfnoob I chuckled out loud when this popped up in my notifications. We all start somewhere, buddy. Like I always say at the end of my videos, "start small, think big."

Thanks for the feedback! I'll make sure to keep pacing in mind for future videos.

@themoneyninja 🎤 ~ Perfect; but just my opinion, of course. Happy Holidays ⛄

@ShellyBomb I welcome all constructive feedback. Thanks Shelly - happy holidays to you as well 🙂

@@themoneyninja What a gentleman! 😉

Glad you found it helpful!