Are Your Private Texts Private?

You probably don’t give much thought to the security of a text message. Usually it’s a stream of consciousness conversation with one or a few friends about where to meet for dinner or gossip about the day’s events. Nothing proprietary here…just a few sarcastic comments and laugh emojis.

It’s not like it’s a business email or anything important, right? Besides, how would you even know if someone was eavesdropping on your texts about tonight’s dinner plans?

Better safe than sorry. We’ve compiled five tips to improve your texting security.

So what about those times when you innocently reset a password or enter a shipping confirmation number via text. Are those messages and responses from automated text messaging systems safe? Is sensitive information contained in some of those messages—account numbers, passwords, email and physical addresses—left open for anyone to see?

They shouldn’t be, but these days you never know. Phone numbers can be hijacked or forwarded without your permission. The icon on your phone shows you’re connected to your trusty network, so everything must be secure…but text messages aren’t actually a direct Device A to Device B transmission.

A text going from a business to your phone can be a multi-step process involving several companies, especially if you’re texting using a different carrier. Companies often use outside vendors to handle things like verifying a customer’s phone number or using multi-factor authentication. Once authorized, carriers then release the text message contents to get it delivered to the appropriate phone(s) or device(s). If any of the servers in this messaging/authentication chain or network ports are left unguarded, it may be possible for hackers to access your messaging threads.

While every carrier will tell you they offer multi-layer security features to protect your data and privacy against such threats, well, cyber criminals are always one step ahead of the good guys. You don’t want to risk someone scraping a password or shipping confirmation number off your texts any more than you want a stranger knowing where you’re going for dinner.

We’ve compiled these easily accessible tips to improve your security while texting and help reduce exposure to cybersecurity breaches. Take advantage of safety measures offered to you by websites you visit, as well as employing your own practices and tools.

This authentication method only grants access or allows transmission after the user verifies their identity using a combination of two different factors, usually a password plus correctly answering an obscure question about something only they would know, like a maiden name or old street address. This prevents someone from accessing an account even if they have your password. Google Authenticator and 1Password are examples of popular self-contained authentication apps with built-in 2FA code generators.

You may get annoyed at the Trusted Device protocol many sites insist on following when downloading an app or iTunes song, for example. But this is an important step to protect you when signing into sites using different devices or browsers.

Microsoft Authenticator is one example of a popular software token-based solution; others include Twilio Authenticator and LastPass Authenticator. These apps rely on a time-based one-time password (TOTP) algorithm to generate a short-lived (30 seconds or less) password. For verification, the user must copy the password into the website’s or app’s required field before it expires.

These physical devices, sometimes called dongles, are typically USB flash drives or keychain fobs that store authentication and certificate data for that user. Hardware tokens do not require cell phone reception or even Wi-Fi; however, they are costly to set up and maintain, and employees often misplace or confuse them with other personal devices.

This rapidly emerging technology eliminates additional devices altogether and instead relies on a user’s inherent credentials, such as fingerprints, retina, or even gait to verify a user. A nice feature of this technique is you have less to memorize!

Astound is dedicated to helping small businesses operate more productively and securely. Contact us today to learn how we can help transform your digital communication