Shutterstock
Now playing
01:43
Google finds evidence of attempted mass iPhone hack
e-skin wearable health someya spc intl_00001205.png
e-skin wearable health someya spc intl_00001205.png
Now playing
03:09
Electronic skin could track your vital signs
SAN FRANCISCO, CALIFORNIA - OCTOBER 04: Project Include Co-Founder & CEO Ellen Pao speaks onstage during TechCrunch Disrupt San Francisco 2019 at Moscone Convention Center on October 04, 2019 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)
Steve Jennings/Getty Images
SAN FRANCISCO, CALIFORNIA - OCTOBER 04: Project Include Co-Founder & CEO Ellen Pao speaks onstage during TechCrunch Disrupt San Francisco 2019 at Moscone Convention Center on October 04, 2019 in San Francisco, California. (Photo by Steve Jennings/Getty Images for TechCrunch)
Now playing
04:53
Ellen Pao: The biggest myth about tech is that work is a meritocracy
AirTag
Apple
AirTag
Now playing
01:17
See AirTag, Apple's new device for tracking your lost stuff
Google Earth's new timelapse feature
Google
Google Earth's new timelapse feature
Now playing
01:09
Google Earth's new Timelapse feature shows 40 years of climate change in just seconds
Now playing
01:32
Scientists turned spiderwebs into music and it sounds like a nightmare
Elon Musk's Neuralink says this monkey is playing Pong with its mind
From Neuralink/Youtube
Elon Musk's Neuralink says this monkey is playing Pong with its mind
Now playing
01:41
Elon Musk's company says this monkey is playing Pong with his mind
CNN
Now playing
02:36
The truth behind Covid-19 vaccines for sale on the dark web
Now playing
05:41
NFTs have completely transformed these digital artists' lives
Boston Dynamics
Now playing
00:48
Boston Dynamics' newest robot has tentacle-like grippers
Energy and Commerce Committee/YouTube
Now playing
02:50
US lawmakers question tech CEOs on misinformation
Now playing
00:55
This robot's 'self-portrait' NFT just sold for nearly $700,000
Now playing
03:19
Slack CEO: We made an 'unforced error' in DM roll out
WASHINGTON, DC - FEBRUARY 10:  Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Pool/Getty Images
WASHINGTON, DC - FEBRUARY 10: Chairman Sen. Bernie Sanders, (I-VT) speaks as Neera Tanden, President Joe Bidens nominee for Director of the Office of Management and Budget (OMB), appears before a Senate Committee on the Budget hearing on Capitol Hill on February 10, 2021 in Washington, DC. Tanden helped found the Center for American Progress, a policy research and advocacy organization and has held senior advisory positions in Democratic politics since the Clinton administration. (Photo by Andrew Harnik-Pool/Getty Images)
Now playing
03:04
Sanders: 'I don't feel comfortable' about Trump's Twitter ban
Rally Studios
Now playing
02:13
One-shot drone video of bowling alley mesmerizes internet
MyHeritage
Now playing
01:01
Watch old photos come to life using AI
(CNN) —  

The hack of Twitter CEO Jack Dorsey’s account on Friday revealed a flaw in the social network’s systems that could leave anyone vulnerable, from lawmakers to CEOs to the average Twitter user. And it raised a serious question as to how you can keep your account safe from the same thing.

Dorsey was likely a victim of SIM swapping, a practice in which a hacker will bribe or otherwise convince a mobile carrier employee to switch a phone number to the hacker’s device.

“Somebody can just get somebody making $12 an hour and offer them a thousand dollars to do a SIM swap,” Brian Krebs, a leading cybersecurity journalist, told CNN Business on Saturday.

Thanks to a feature left over from Twitter’s early days, if a hacker gets control of the phone number associated with your Twitter account, they can text any tweets they want to Twitter’s number, 40404, and they’ll be immediately published to your account. The hacker wouldn’t need any other verification — not even your account password.

Asked by CNN Business on Saturday, Twitter declined to comment on whether it would change its security practices following the Dorsey incident.

Until it does, there doesn’t appear to be any real way to turn off the feature that the hacker or hackers apparently exploited to take over Dorsey’s account. The only way to do it actually involves making your account less safe overall. But there are still some things you can do to protect your account from these kinds of attacks.

Verification codes

First off, it’s a good idea to always have two-factor authentication on, as an additional verification step to confirm your identity beyond your regular password. But even two-factor won’t protect you from a SIM swapping hack.

Not all verifications are made equal. A hacker can intercept security codes sent via text message, rendering it useless.

Luckily, Twitter offers several more secure verification methods.

One step better would be to use the Google Authenticator phone app, which will provide you codes. A hacker would then need your actual phone to get the codes. Or you can use a physical security token, a small piece of hardware you can buy separately that generates security codes. A hacker would typically need to physically steal that key to gain access to an account.

Replace your phone number

Right now it appears that the only way to shut off the ability to use text messages to send a tweet from your account is to delete your phone number from Twitter entirely. But there’s a catch: Doing so will disable two-factor authentication on your account. I tried multiple times to keep two-factor enabled on my own Twitter account while deleting my phone number from it. Each time it appeared Twitter would allow me to do so, but when I refreshed the page, two-factor was off.

What you can do instead, if you’re in the United States, is to try replacing your phone number with a number generated by Google Voice, as first suggested on Twitter by Krebs. A Google Voice phone number isn’t managed by a mobile carrier and doesn’t have anyone a hacker could talk into helping them obtain control of your number.

“You can’t get somebody from Google Voice on the phone if you tried,” Krebs told CNN Business.

It’s not a perfect solution, Krebs said, as your Google account could also get hacked via SIM swapping if you’re set to receive text messages for two factor authentication for that account. And anyone outside the United States will need to find an alternative service. But it would still be effective if you enable an alternative verification method on your Google account and follow other generally good security procedures like setting very strong, unique passwords for all the sites you use, and using a password manager to keep track of them.

CNN’s Kevin Collier contributed to this report.