Worried about SIM-jacking and roaming (SS7) attacks that are in the news with your text message based two factor authentication? Look no further!

Introducing txtGuard – your secure solution for all those sites that require a mobile number for verification or two factor authentication, and in particular when you need to share these with other people (like at a business) or maybe you just don’t want to give out your “real” number.

What next?

To sign up, fill out the order form. (This will take you to our Prodigi website, the company behind txtGuard)

How It Works: A Simple Step-by-Step Guide

  1. Set Up Owner Account: Once your owner account is created, we’ll ship you a hardware token for secure authentication.
  2. Receive Your Private Mobile Number: We provide you with your exclusive mobile number. It’s not shared, a short-code, or virtual.
  3. Receive your hardware token: Once the hardware token arrives, you can log into the website and configure your personal two factor authentication (with an app such as Google Authenticator) as well as other features.
  4. Invite Others with Security: Want to share access? You can invite others to your account, but they’ll also need to authenticate using a code from the hardware token when they first log in. Don’t worry, it’s just the first time, then they set up their own personal two factor authentication using an app like Google Authenticator.

Currently we can provide this service in New Zealand and Australia.

Why use us?

Traditional SMS/Text-based 2-factor authentication can be tricky and insecure:

  • Can’t share it (though account sharing isn’t recommended, not all services accommodate multiple users)
  • Requires mobile coverage or a carrier supporting SMS via WiFi to access codes.

Here’s how txtGuard makes the difference:

  1. Genuine NZ Mobile Number: We offer a real mobile number, not a short code or a virtual one. This ensures compatibility with services that don’t support short codes or international numbers from virtual services.
  2. No More SIM-Jacking Concerns: Your assigned number is tied to tightly controlled corporate accounts. There’s no risk of it being hijacked through social engineering or other tactics.
  3. Access Messages Anytime, Anywhere: All you need is an internet connection to view the messages you receive.
  4. Shared Access with Control: Allow others to see messages, but only with the account owner’s green light.
  6. Top-Tier Security: We have a rigorous security model, including hardware-based 2-factor authentication.

Pricing

We have a simple pricing model.

You can choose between paying a $100 set up fee or a 12 month contract.

Business

$30/month for the base account including your mobile number and 3 users.

$15/month for additional mobile numbers

$5/month per additional 5 users.

Personal

$15/month for a base account with your mobile number and 1 user.

No additional numbers or users are available on personal accounts

FAQ

  • What do you mean by ‘tightly controlled corporate accounts’ to protection against SIM-Jacking? Our numbers are on business or wholesale accounts which do not permit changes to be made via retail stores or customer service lines. SIM swaps and porting can only be carried out with multiple levels of identity verification required. We would never carry this out in response to an external parties request.
  • What about the SS7 attack? Our numbers do not permit roaming, so are not vulnerable to the SS7 roaming attack recently publicised by Veratasium in their video
  • What other security measures are you taking? We are hosted with AWS Confidential Computing with encrypted memory and disk. We are also in the process of gaining ISO27k1 certification.
  • Are you coming to other countries? That’s the plan! Our model is repeatable in other countries too (but not the US/Canada, sorry!)
  • Will we be able to get the codes other ways? We are considering options such as Slack and Teams integration, but this would somewhat reduce how secure the messages are. These integrations would be on an opt-in (liability waiver) basis.
  • Do I have to use a physical security token? Yes. We are offsetting some of the security lost by sharing codes by requiring 2-factor authentication into the app via a single security token that the account owner holds.
  • Is this service for business or personal use? While our primary target is businesses, there is nothing stopping anyone signing up for an account.

A Prodigi Service | Legal Information | Pricing excludes GST