Narayanan, who was participating in the Cryptographers' Panel at the RSA Conference in San Francisco this week, was responding to a prompt from panel moderator Zulfikar Ramzan, the chief technology office of RSA.
"We were looking at some of the rhetoric around cryptocurrencies... the rhetoric being that it's ultra-secure, because it relies only on math and cryptography," Narayanan said. "And while that part is true, what is also happening is that a lot of people are losing their cryptocurrencies in very, very low-tech old-fashioned ways that brings us right back to the human element."
His reference to the human element was because this was the theme of the conference.
"Now, if there's one thing that's easier to compromise than passwords, it turns out to be taking control of your mobile accounts. So that's what we tried to rigorously look at."
He said he and three of his colleagues at Princeton - Ben Kaiser, Kevin Lee and Jonathan Mayer - wanted to see how easy so-called SIM swaps are. "What happens in a SIM swap is that an attacker calls your mobile carrier, pretends to be you and convinces them to transfer your mobile service to a SIM card that the attacker controls," he explained.
"So now they control your mobile phone number and they can use that to easily break the two-factor authentication that you might have on your online services."
He said they tried five different mobile carriers. "In each case, we created 10 different pre-paid accounts and tried to SIM swap ourselves. We were successful with all five carriers. All five of them were using authentication methods that are known to be vulnerable.
"One interesting example is that some carriers, if you call them and you're able to tell them one or two of the numbers that most recently called you, then they are convinced that you must be the right person.
"But how can this go wrong? The attacker can just call the victim and enter a number into their call logs, right? So they hadn't thought about this, we found many vulnerabilities of this type and we published a research paper on that recently."
Narayanan said he was not criticising two-factor authentication. "One thing I would say is, if you have a few minutes - and I think this is really worth a few minutes of your time - go check all of your online accounts, make sure two-factor authentication is enabled - I'm not saying don't enable 2FA - but make sure it is a secure second factor such as an authenticator app rather than SMS which continues to very vulnerable."