By default, most smartphones show the first few words of incoming text messages on your phone’s lock screen. You should absolutely, 100% change that default setting. Allowing incoming texts to be readable on the lock screen is a gaping security hole.
One reason, aside from snoops being able to read your messages, is that your texts may contain multi-factor authentication (MFA) codes. These codes are usually six-digit numbers that a company sends to you when you’re trying to log into an online account.
Why Should You Protect Your Lock Screen?
Imagine someone gets their hands on not only your phone, but also one of your username-and-password combos (they’re incredibly cheap to buy on the dark web). If you allow preview text on your lock screen, that crook now has access to MFA codes sent by SMS or email, which means they have a front door to your account.
Even if you lock your phone remotely, which you would do if you lost it or had it stolen, all the hacker has to do is take out the SIM card (assuming you have a physical one, not an eSIM) and pop it into a new phone. Then once again they have access to incoming texts.
Here’s what to do: Change the default setting on your phone to hide previews of incoming texts and emails. Second, consider changing the method you use for MFA to something other than one-time passcodes sent over SMS.
The image in the middle shows an incoming text message notification with the contents hidden. The image on the left and right show similar notifications from Gmail and Messages with a preview of the message visible.
(Credit: PCMag)
How to Hide Text Messages and Emails From Your Lock Screen
iPhone
On iPhone, go to Settings > Messages > Notifications. Look for a section called Lock Screen Appearance. Tap Show Previews and select Never. It’s similar for email: Go to Settings and then choose your email app; then select Notifications and toggle off the Show Previews option.
Or, if you want to hide all apps from showing any content on the locked screen, go to Notifications > Show Previews > Never. If you select this option, you won’t see much detail from any app when you get notifications. You’ll only see the app name, icon, time received, and an indication that you have a notification. So, for example, if you want your ride-hailing app to tell you from the lock screen the license plate number of the car picking you up, don’t use this blanket method of hiding notification previews.
(Credit: PCMag)
Android
Every Android phone is a little different, so the exact steps for hiding messages on your locked phone or in your messaging app may vary.
If you only want to hide the content of text messages, open your Messaging app, and go to its Settings > Notifications > In-app Notification Settings. Look for the option Preview New Messages and toggle it off.
There’s another option that’s even more secure. You can hide the contents of all notifications, not just messages. Doing that will prevent people from seeing snippets of incoming emails and other potentially personal information. Go to Settings > Notifications and look for Sensitive Notifications. Turn it off. Now only the app name and time of arrival of new messages appear on your locked screen, not the contents of the notifications.
Change Your MFA Method
Hiding the contents of your incoming messages is one way to protect your privacy and be a little safer online. Another option I recommend in addition to hiding your text messages is to change how you authenticate yourself. Getting a code by text message or email isn’t the only way to do it. With some accounts, you can choose your method. (That said, not every company gives you an option. Some will insist on sending codes by text or email, which is why it’s so important to hide the preview of incoming messages on your phone.)
All the security experts at PCMag wholeheartedly recommend using multi-factor authentication where it’s available. Choosing codes sent via SMS is not the safest option, though. You’re better off using an authentication app or a physical security key.
Authentication Apps
Authentication apps generate a code, much like the code you might get by SMS, but it’s generated right on your phone, making it safer than a code sent over the air to your SIM card. As mentioned, anyone with your SIM card could get these codes, or the codes could be intercepted in transit. That’s not the case with an authentication app. Some examples of authentication apps are Google Authenticator, LastPass Authenticator, and Twilio Authy. They’re all free and there’s not too much distinction among them.
Physical Security Keys
A physical security key is among the most secure ways to authenticate yourself. These keys are little devices you carry with you that authenticate your identity. Only you hold your key. The key interacts with your devices in a variety of ways, depending on which exact type of key you have, such as by plugging into a USB-C or other port or through near-field communication.
(Credit: Yubico)
Your key is unique to you, and it requires no batteries, internet connection, or moving parts to work. Our favorite security key at the moment is the Yubico YubiKey 5C NFC because it can work with nearly any current device, and it sells for a fair price ($55), though there are good options for more like $20.
It’s Better to Stay on Top of Privacy Than to Clean Up a Mess Later
Taking little steps to protect your privacy and keep your online accounts secure is undoubtedly preferable to cleaning up a security disaster after it happens. Hiding your text messages and using secure forms of MFA do more to protect you than you may realize. For example, a few years ago, Google required employees to use physical keys for MFA, and account takeovers effectively dropped to zero. Don’t underestimate an ounce of prevention, especially regarding your online security.
If you’ve recently been hacked, read up on what to do now (or bookmark that article for when you or a friend may need it).
Like What You’re Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Hits: 0