How do you protect your accounts then?
So, if two-factor authentication via SMS isn't safe, how should I protect my account then? Yeah, I follow the basic rules of not opening sketchy emails, not giving pw's over phone, having complex pw's, etc. But, I'm just curious if there are any other layers of protection I can add here?
Many years ago, I used to have an Etrade account and they gave me one of those RSA security device keychains that generated a random number (which I needed to enter along with my pw). Not sure if that type of "offline" solution is more secure, but I don't see those things offered any more by U.S. banks. My banks in the U.S. all use two-factor via SMS.
Biting the hand that feeds IT
