You already know how important it is to have strong passwords and two-factor authentication on your online accounts — but you may not have considered your voicemail password. Voicemail accounts are startlingly easy for hackers to access, and that can be a problem for your other online accounts.
That's because most of your online accounts let you reset your password by phone. Theoretically, by calling or texting an access code to your phone number, a service can confirm your identity before letting you reset your password. But if a hacker has access to your voicemail, they can request a password reset code by phone and intercept it. Then they change your password and have full access to your account. Websites like PayPal, eBay, LinkedIn and Instagram are all vulnerable — and even secure messaging apps like WhatsApp and Signal can be compromised.
The hack itself is simple. Many voicemail accounts have default passwords or easy to guess passwords, like the last four digits of your phone number. Even if you change the password, you usually only need to provide a weak four-digit code — and most phone providers allow you to guess your code as many times as you want without locking your account. That means a hacker can just go through every possible number combination until they hit the right one. After that, it's easy for them to force your calls to voicemail so they can intercept your password reset code.
Some companies — including PayPal — have protections against this kind of hack, but those can be bypassed, too. PayPal will call you with a password reset code, but requires you to enter that code during the phone call. Hackers can get around this by listening to the code, then changing voicemail greeting to a recording of the code.
In the end, the problem is that our voicemail accounts aren't very secure — and the prevalence of password reset by phone leaves us all vulnerable. The only way to completely prevent such an attack is to shut down your voicemail entirely, which isn't practical for most people. However, you can make it more difficult for hackers by changing your voicemail password. Fortunately, most mobile carriers make it easy. Here are instructions for resetting your password on each carrier:
- AT&T
- Sprint
- T-Mobile
- Verizon (on the website or your mobile device)
When you reset your password, be sure:
- Make it as long as possible, preferably a random series of numbers.
- Don't include any easily guessable personal information, like addresses, phone numbers or birthdays.
- Save it in your password manager so you don't forget it.
And, of course, you should make sure your other passwords are up to snuff, too. Anything you do to make it harder for hackers to get into your accounts makes it less likely you'll be a victim.
[Image credit: voicemail access via BigStockPhoto]
