Table of Contents
The First Line of Defense: 2FA
What is it?
Two-Factor Authentication (2FA) adds a second step to your login. Even if a hacker has your password, they can't get in without the second key (usually a code sent to your phone or an app).
Why you need it:
It stops 99% of automated attacks.
How to set it up:
- SMS 2FA: Better than nothing, but vulnerable to "SIM Swap" fraud.
- App 2FA (Recommended): Use Google Authenticator or Authy. These generate codes offline on your device.
- Hardware Keys (Pro): YubiKey. Physical USB keys. Unhackable unless stolen physically.
Two-Factor Authentication (2FA) adds a second step to your login. Even if a hacker has your password, they can't get in without the second key (usually a code sent to your phone or an app).
Why you need it:
It stops 99% of automated attacks.
How to set it up:
- SMS 2FA: Better than nothing, but vulnerable to "SIM Swap" fraud.
- App 2FA (Recommended): Use Google Authenticator or Authy. These generate codes offline on your device.
- Hardware Keys (Pro): YubiKey. Physical USB keys. Unhackable unless stolen physically.
Password 123 is Not a Password
The Rules of the Game:
1. Length beats Complexity: "CorrectHorseBatteryStaple" is harder to crack than "P@ssw0rd1!". Aim for 12+ characters.
2. Don't Recycle: Never use the same password for your Bank App and a random forum. If the forum gets hacked, your bank account is next.
3. Use a Password Manager: You can't remember 50 unique passwords. Use Bitwarden (Free & Open Source) or 1Password. They remember them for you.
1. Length beats Complexity: "CorrectHorseBatteryStaple" is harder to crack than "P@ssw0rd1!". Aim for 12+ characters.
2. Don't Recycle: Never use the same password for your Bank App and a random forum. If the forum gets hacked, your bank account is next.
3. Use a Password Manager: You can't remember 50 unique passwords. Use Bitwarden (Free & Open Source) or 1Password. They remember them for you.
Spotting the "Fake Alert"
The "BVN Blocked" Text:
We've all seen it. "Dear Customer, your account has been blocked due to BVN issues. Click here to reactivate."
Red Flags:
- Urgency: "Do this NOW or lose your money!" Scammers want you to panic.
- Generic Greetings: "Dear Customer" instead of your name.
- Weird Links: "gtb-verify-ng.com" instead of "gtbank.com".
What to do:
Never click the link. Log in to your bank app directly or call their official number.
We've all seen it. "Dear Customer, your account has been blocked due to BVN issues. Click here to reactivate."
Red Flags:
- Urgency: "Do this NOW or lose your money!" Scammers want you to panic.
- Generic Greetings: "Dear Customer" instead of your name.
- Weird Links: "gtb-verify-ng.com" instead of "gtbank.com".
What to do:
Never click the link. Log in to your bank app directly or call their official number.
If Your Phone is Stolen...
In Nigeria, phone theft often leads to emptied bank accounts.
Protective Measures:
1. SIM PIN: Set a PIN on your SIM card. If they put your SIM in another phone, they can't receive OTPs without the PIN. (Default is usually 0000 - change it!).
2. App Locks: Use your phone's built-in "App Lock" to require a fingerprint for Banking Apps, SMS, and Email.
3. Find My Device: Enable this on Android/iOS to wipe your phone remotely if lost.
Protective Measures:
1. SIM PIN: Set a PIN on your SIM card. If they put your SIM in another phone, they can't receive OTPs without the PIN. (Default is usually 0000 - change it!).
2. App Locks: Use your phone's built-in "App Lock" to require a fingerprint for Banking Apps, SMS, and Email.
3. Find My Device: Enable this on Android/iOS to wipe your phone remotely if lost.
Ibrahim "Cyber" Musa
Cybersecurity Consultant
3
Ibrahim specializes in digital hygiene for everyday Nigerians. He teaches people how to lock down their WhatsApp against hijackers and secure their bank apps from intruders.
42
Articles
Verified
Expert
Locking Down WhatsApp & Instagram
Scammers will call you, pretending to be from a "WhatsApp Group" or "Church Group," asking for a 6-digit code sent to your phone. NEVER share that code. It's your login key.
Fix: Enable "Two-Step Verification" in WhatsApp Settings > Account. It asks for a PIN periodically.
Instagram "Copyright" DMs:
"We found a copyright violation on your post. Click here to appeal." This is a lie to steal your login. Ignore it.