Do you use Two Factor Authentication with your mobile phone? Do you use your phone as a password recovery option? In case if you are wondering what the hell is two factor authentication, let me simplify it like this. Have you coupled your Gmail/ Facebook/ etc. account with your mobile phone in a way that you receive a ‘code’ that you should enter in the web browser? If so, read on this short note.
It’s easy to hack (by which I meant to take over) your Gmail/ Facebook account, if you haven’t locked your SIM card.
How?
Leave your phone on the desk and return after 15 – 30 minutes. Anyone who knows you in Facebook and that you use the same phone number with Facebook can take over your Facebook account without bothering about your fingerprint.
They only have to do is, switch off your phone, take off the SIM card and use it in another phone that isn’t locked. Now they can receive your one-time password or password reset code without bothering about unlocking your phone. Probably the only thing you’ll notice when you return is that your phone has been restarted. By that time someone may have read your Facebook messages or totally hijacked it.
How to prevent this?
Simple! Just use the SIM card lock. In Android Oreo it’s at Settings –> Security & Location –> SIM card lock. It’s also called the PIN. In Sri Lanka, most SIM cards have it defaulted to 0000. Once you activate SIM card lock change the default.
If you are unsure of the default code or in case if you accidentally lock out yourself, you can contact the customer support hotline of your service provider.
The only overhead is, you will have to enter the PIN every time you restart the phone. The advantage is, no one can use your SIM card in any phone without your permission.
Using SIM card lock has become very important than it used to be 10 – 15 years back because today it’s very common to use a mobile number with two factor authentication, account verification and password recovery.
Shaakunthala's Miniblog 
A great explanation
Thank you Laksiri! 🙂