PSA: Stop Using SMS / Text for 2 Factor Authentication (2FA) Access Codes Due to SS7 Vulnerability

Many people are becoming aware of enhanced security measures taken by banking, internet, email and other institutions.  Commonly known as “two-factor authentication” or 2FA, the user has a choice of receiving the one time PIN or password by text message or on an app loaded on the phone, known as an authenticator.  Another less common format is a security token that can be kept with the user; the token generates a PIN number randomly usually every minute.

Having your email hacked or bank account drained can be daunting for anyone, but for those of us who travel having this happen while you are in a foreign country or on an airplane with not internet access poses another problem and can easily ruin a trip.

If I have 2FA enabled, I’m safe, right?

In short, no, or maybe.  The answer is a bit complicated.  It really depends on HOW you have enabled 2FA.  If you use your text messaging or SMS to receive your code you are vulnerable. Why?  Read on…

Why is 2FA via text messaging or SMS not secure?

To fully understand why we have to look a little deeper and explain how cellular networks work. Specifically we have to understand how cellular networks are connected and why they need to be connected.  Because networks pass information such as text messages, billing information, roaming information and other data a connection called SS7 exists. This network has been vulnerable to hacks and outside access for a long time. Without getting very technical once someone has access to the SS7 network, your cellular movement, calls, and texts are easily accessible.  The text messages sent and received are not encrypted over SS7, so a hacker can read them.  If they have access to your messages, they can see any message, including PIN numbers from your bank, internet provider, email service, etc.  For more information and an example watch the video below.

Continue reading

How to Redeem Virgin America $150 Companion Discount Code & My Important Warning

Good morning everyone, happy Sunday!  I wanted to quickly thank everyone who braved the 100+ degree weather in Sacramento to attend my Sacramento Travel Hackers Meetup at In-N-Out yesterday.  It was great talking to you about miles and points.  I look forward to returning when the weather cools down a little bit.  A few weeks ago, I needed to purchase flights from San Francisco (SFO) to Las Vegas (LAS) on Virgin America.  I needed to go to Las Vegas for a specific weekend and I bought tickets somewhat last minute, so flights were expensive.  Here was the price for 2 round trip tickets on Virgin America. I found it odd that if I purchased the flights from Virgin America or through Google, the price was $729 total, but if I bought the same flights through Alaska Airlines, the price was only $613 total.  That seemed really strange to me.

I currently have a Comenity Virgin America Premium Visa Signature Credit Card which includes a Virgin America $150 Companion Discount Code.  A few months ago, I wrote Comparing the Alaska Airlines $120 Companion Fare Code vs. Virgin America $150 Companion Discount Code.  I remembered that I still had my Virgin America $150 Companion Discount Code available that was going to expire in the next few months.  In this post, I will show you how to redeem your Virgin America $150 Companion Discount Code and provide a warning before you use your Companion Discount Code.

Continue reading

PayPal Adding Faster Withdrawal Option (with a 25 Cent Fee) & Accepting Venmo Payments (Effective July 27, 2017)

Good morning everyone, happy Saturday.  On Friday morning, I received an email from PayPal with the subject line, “Notice of Policy Updates.”  When I opened the email, I almost immediately deleted the email.  The email looks like any other change of terms and conditions email that is super boring. But for whatever reason, I decided to look more closely at the email and see if there was anything newsworthy.  Good thing I did, because there are 2 important changes and 1 semi important update.  Like my good friend Stefan at Rapid Travel Chai always says, I always have my nose close to the screen looking at the small print.  Do you see how boring this email looks?

Continue reading

Reminder: Sacramento Travel Hackers Meetup @ In-N-Out Burger (Saturday June 17 from 12-2pm)

Good afternoon everyone, happy Friday.  This is a just a friendly reminder that I will be in Sacramento this weekend for a wedding and will have a Sacramento Travel Hackers Meetup on Saturday afternoon.  If you are in town that day and want to talk about miles, points, travel, and enjoy a delicious double-double, come join me at In-N-Out Burger in Sacramento’s neighboring city, Rancho Cordova.

  • Where: In-N-Out Burger, 2475 Sunrise Blvd, Rancho Cordova, CA 95670 (Google Maps)
  • When: Saturday, June 17 @ 12-2pm

There is no need to RSVP, just show up with an appetite and an eagerness to talk about travel hacking.  I hope to see some of you there.  Have a great weekend everyone!

Italian Vacation Part 3: Hotel Mozart in Rome, AquaSalata Fish Restaurant & Villa Borghese Gardens

Are you taking advantage of Europe being on sale these days? I know many readers are heading over the pond. If Italy is in your plans, either now or sometime in the next year or so, be sure to read this post. After all, who doesn’t plan on visiting Italy sooner or later. I’ve got four Italian destinations for you, so let’s get started. In Part 1, I talked about Venice and Milanin Part 2, I talked about Florence, and what to see/do/eat in those cities. In this post, I’ll share tips with you about Rome, so let’s dig in.

ROMA (Rome, Italy)

Trevi Fountain in Rome, Italy. Image source: http://www.cntraveler.com/destinations/rome

To begin, let me talk about taking the train from Florence to Rome. Usually, I use Trenitalia train service, which is owned by the Italian government. I heard about Italotreno which is a competitor and offers relatively new high speed train service. I had heard that the main advantage was that it cost less. However, that’s only if you buy your ticket ahead of time, so beware of this. I did decide to give them a try, even if the cost was the same as Trenitalia. Their trains were late and there was insufficient storage for luggage. So sure, the savings might be worth it, but if you don’t buy your train ticket ahead of time, I still prefer Trenitalia. Actually, I think next time I’ll try BlaBlaCar, the long distance carpooling service!

For lodging, I stayed at Hotel Mozart which was recommended to me by my cousins. The hotel is near the Spanish Steps on Via Condotti, which if you’re at all familiar with Rome, you’ll know is a busy part of Rome. Do make sure to ask for a quiet room. My cousins warned me about asking for a quiet room, so I did just that and didn’t have any issues with noise. The room was lovely, the concierge Rosella was very helpful, and Alex at the front desk had a great sense of humor! The breakfast spread is included with the price of the room and it was everything and more that you could want. There’s a music conservatory on the same street, so I enjoyed hearing opera being sung when I was in my room during the day. The hotel is priced on the high side, but like Hotel La Scaletta in Florence, if you use your Citi Prestige Credit Card 4th night free benefit, the cost is offset.

Breakfast at Hotel Mozart in Rome, Italy. Image source: http://www.hotelmozart.com/en/gallery/

Continue reading