So many cybersecurity vulnerabilities exist on the internet nowadays that giving out your email address or phone number when signing up for a service is akin to giving someone your full name on the first date. Recently, a string of SIM swapping hacks have occurred; attacks in which hackers take control of your account by stealing your phone number, claiming ownership of it through your mobile carrier, and using it to bypass text message-based two-factor authentication.
As attacks like these become more common, it’s worth taking extra precautions when locking down your personal contact information. Apple will begin to implement a new authentication system for iOS users when it launches Sign in with Apple later this fall. But until then (or if you’re not an iPhone user), there are other methods you can use.
To increase your security, you can use secure password authentication tools like Authy or USB security keys on your original Gmail account to prevent unauthorized access. It’s also worth setting up additional PIN protection on your phone number account through your mobile provider to avoid impersonators from making changes without your consent. And, of course, a good password manager app is a must.
And if you really want to hide your identity, you can use virtual contact data when signing up for new services. By not offering services your actual email, phone number, or credit card information, you’re at least one step removed from potential cyber attacks should those services suffer a breach.
Here are some common ways to generate virtual identifications for various uses around the web.
Many online services and apps offer the option to link your phone number to your account so that you can still get in if your password gets lost. Instead of putting in your actual number, you can generate alternatives from free services like Google Voice and FreedomPop.
Google Voice lets you do this using an iOS or Android app, or on the web. Personally, I find it easier to do it on the web so I can copy and paste the numbers to various services quickly.
Here’s how you get started on the web:
Now you can use this number to register / link to any apps you want. When you decide you no longer want this number or want to change it up (like you would a password, for example) you can go to the Voice’s Settings page to change the number or delete it as needed.
Using different email addresses to sign up for new accounts or access to coupons, articles, and other downloadable material is a good way to avoid spam emails, unwanted newsletters, and email tracking used by apps and services to send you ads. They also add a layer to remove yourself from potential phishing emails.
If you really want to avoid any info from a website, you can use a service like Temp Mail, Maildrop, or Mailsac to create fake email addresses. These temporary inbox services will only hold emails for a small period of time (anywhere between 10 minutes to a week).
Because of that, though, may not want to use them for any site where you do want to check up on free promotions you might have gotten in the past. For those sites, you can create a separate throwaway Gmail, Outlook, or other email address specifically for online registrations.
And as with phone numbers and passwords, switch your ID occasionally instead of using the same one time after time.
If you do decide to use one of these temp inbox services, head to the site and you’ll see a space where you can generate any email ID you want. No registration is required, so you can create a temporary email address to put into any site where you don’t want them to have permanent access to you. Again, depending on the service you use, the emails you receive through those temporary addresses are only kept for a short period of time, so they shouldn’t be considered as permanent alternate emails.
Be aware that a generic ID like “testing@” might have already been claimed by someone else, so you could end up sharing the temporary inbox with another person. Try to pick a username that is more complex and hard to guess, to avoid someone else being able to see your purchases and activities. And if you use these services to sign up for something you don’t want permanent access to (a service trial, for example), make sure you delete the email when you’re done so no one has access to potential identifiers like account usernames or links to confirm password changes.
Most mobile / e-wallets like Apple Pay, Google Pay, Samsung Pay, PayPal, Visa Checkout, Mastercard Masterpass, and bank-specific apps offer encrypted methods of payments to prevent directly sharing your credit card information to a third party. Still, that doesn’t mean they’re fail-proof either, as mobile wallets can be hacked if your phone is not properly secured.
Before setting up your mobile wallet, try to do so from a secure Wi-Fi network (your home is likely the best bet). If you have to do so while you are away from home, use a VPN for a layer of protection. Then, after you add your credit card numbers to your mobile wallet of choice, follow general smartphone protection protocols: set up a locked home screen that can only be authenticated either by your biometric data, PIN, or pattern-based lock (or a combination of the three).
Image: Capital One
In instances where mobile payment apps are not accepted, you can generate a random credit card number to use as a one-time payment solution. Currently, only three American banks offer this service: Bank of America, Citi, and Capital One. Note that banks may limit the number of virtual credit cards you can generate at any period of time, or set a spending minimum or maximum per card number, so it may not be the best solution for every purchase.
Keep in mind that you should not use these types of services for items you could possibly return, as these card numbers could expire. They are also not recommended for reservations where you have to present the credit card used to make the purchase to verify the booking (such as car rentals, hotels, flights, etc.).
Following these extra steps can offer additional protection against online hackers, but always remember to build strong password habits on top of these methods to provide multiple layers of security and keep your data safe.