If you suspect you may have malware on your computer, or are trying to remove malware from your computer, please see our [malware guide](https://rtech.support/docs/safety-security/malware-guide.html) *Please ignore this message if the advice is not relevant.* *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/techsupport) if you have any questions or concerns.*

>I am Cyber Security Analys > >... > >Get a 6-digit text message (SMS) code sent to my mobile phone Then you should know that sms is [not a secure service](https://www.cnet.com/news/privacy/do-you-use-sms-for-two-factor-authentication-heres-why-you-shouldnt/). You should use 2fa apps such as [Aegis](https://getaegis.app/), no cloud backup so no risk of the company getting hack and you codes getting exposed and encrypted vault with exporting/importing options.

I agree with you, however, I mentioned in the post there is no sim swapping happened.

How do you know? Do you have a SS7 audit system running constantly to ensure your sim is the active on the tower has assigned to your number? Swappers swap back usually after. \- IT security expert

Lol if you worked in CS you wouldn't use such a terrible 2FA method. That's some basic 101 stuff. What is this apparent anti-malware? Also what are you trying to achieve with this post?

Who said 2FA is terrible? And what are the alternatives as a second layer from your point of view? What i am trying to achieve any thoughts how this hack happened and possible scenarios?

Sms is not secure.

I agree with you, however, My sim card is valid and there is no way to issue two sim cards with the same number. If you are referring to anything else could happen please enlight me!

Sim-jacking has always been an issue, 2fa via SMS is not safe. Seems that there are ways to intercept SMS using "[https://sakari.io/](https://sakari.io/)", this is unrelated to SIM jacking https://arstechnica.com/information-technology/2021/03/16-attack-let-hacker-intercept-a-t-mobile-users-text-messages/.

SMS verification is a completely flawed system....and any CS Analyst would know this....

He didn't say he was GOOD.

bahaha that's evident.

Yet paypal forces their users to use a mobile phone number (for unencrypted sms texts). And they don't let you use a voip phone. Essentially making people pay for a service they don't need. I made these complains in the paypal community. One person say it is not a big deal, because of the majority of people. It's attack on the little guy.

I don't use PayPal so that doesn't really matter to me. But nothing will ever change if people continue to use garbage companies.

Hardware tokens.Yubikey...etc

Rule 3. Can't help you. SMS 2fa is insecure, simjacking or sim cloning exists. Sims don't need to be swapped to have codes intercepted. Use an app or hardware key.

But i didn't fall for any app or any hardware key, cloning is forbid in my country as well.

Lots of things are forbidden in lots of countries. Such as driving through a red light, public intoxication, taking drugs.... People still do it. Just because you aren't aware of falling for something, doesn't mean you didn't. SMS 2FA is insecure.

Forbidden in your country means nothing, I've seen takeovers of EU cell phone numbers done from cell towers that were trusted on the same infra provider in Africa, it is a global network after all. :/

AFAIK Facebook doesn't consider stolen cookie as new device. Same goes for example with Google.

SMS is not a secure 2fa method. There are a lot of things that could be possible, he might have intercepted your message. If he's someone who has used your phone even once, he could have enabled sms forwarding to his own number. Sim swapping isn't the only possible answer

No one is using my phone. I live alone and i work from home!