Hello again, Ken. Thank you so much for covering this topic for people who aren't really that aware of what's going on in the digital world we now live in, especially for oldies like myself who are becoming more dependent on it than we would ideally wish to be. As you know, I use SMS for my 2FA codes. However, I only use an old-style and simple text/calls mobile phone for that, as it can't be hacked via the internet, e.g. no cookie hacking. That being said, it's probably still not totally fool proof, but I feel safer with it than I would with a smartphone/iPhone. If you or anyone here can verify or counter that, please let me know. Thank you.
Hello again! To answer your question, you are definitely better off having SMS codes than not using 2FA at all. Some people might disagree with me on this, but I don't have an absolutist view on security. If someone does something that makes them even 1% more secure, that's a good thing. I tend to just recommend people go with whatever works best for them.
@@KenHarrisio My question was about using a mobile phone that doesn't have the capability of internet connection (iOS??? Android???) on it. Mine is only capable of text messaging and phone calls, so I'm presuming it's safer to receive a 2FA code on that kind of phone, rather than a smartphone/iPhone??? No cookies?
@@EIRE55 Ah okay, now I see what you were asking. In a case like that, yeah, I would say the overall security is better. The classic style phones don't have as wide of an attack surface, since the software is much more limited. Not having internet is a plus as well.
2FA is pain in the ass at some point... One time I had to change phone number and email accounts and if you forget one account that use 2FA you gonna have a good time recover it beleive me....
hi ken, thanks for the video. i was wondering though, how do passkeys fit into authentication? should they be used, and can i trust my password manager to store one? a video on password managers in general would be helpful
I'll be making a video on password managers at some point in the future. As far as passkeys, they are great when they are supported, but they still have a ways to go. I think it'll be a few more years before there's wide adoption of them. Some places still only offer SMS 2FA, which is almost pointless against a dedicated attacker. If they can't even be bothered to do TOTP 2FA, then it'll probably be a while before we see good adoption for new standards. As far as using them now, feel free to use them on sites that support them. I'm not sure if all providers support them, but I heard 1Pass does for sure.
For the main site where I have the book recommendations, I'm using Huge Blowfish. For the cybersecurity site, I use MkDocs Material. These have both been great, as they both use Markdown for the content pages. The only thing I don't like about Blowfish is that it's somewhat restricted in customization without a lot of custom code. I'm looking at moving the main site to a different platform, and using Blowfish for miscellaneous tech guides, which is something it would be great for. The MkDocs site has been absolutely awesome and I'll be keeping that long term.
@@KenHarrisio the info on your experience is appreciated. I believe GitBook is another MD document store, but not sure how it compares. In any case, have a great day. :)
Thanks for the update on authy. Probably could use the mobile version but a sign of discontinuing products doesn't inspire trust.
Hello again, Ken.
Thank you so much for covering this topic for people who aren't really that aware of what's going on in the digital world we now live in, especially for oldies like myself who are becoming more dependent on it than we would ideally wish to be.
As you know, I use SMS for my 2FA codes. However, I only use an old-style and simple text/calls mobile phone for that, as it can't be hacked via the internet, e.g. no cookie hacking. That being said, it's probably still not totally fool proof, but I feel safer with it than I would with a smartphone/iPhone.
If you or anyone here can verify or counter that, please let me know. Thank you.
Hello again!
To answer your question, you are definitely better off having SMS codes than not using 2FA at all.
Some people might disagree with me on this, but I don't have an absolutist view on security. If someone does something that makes them even 1% more secure, that's a good thing. I tend to just recommend people go with whatever works best for them.
@@KenHarrisio
My question was about using a mobile phone that doesn't have the capability of internet connection (iOS??? Android???) on it.
Mine is only capable of text messaging and phone calls, so I'm presuming it's safer to receive a 2FA code on that kind of phone, rather than a smartphone/iPhone??? No cookies?
@@EIRE55 Ah okay, now I see what you were asking. In a case like that, yeah, I would say the overall security is better. The classic style phones don't have as wide of an attack surface, since the software is much more limited. Not having internet is a plus as well.
@@KenHarrisio
Thanks again, Ken. You've helped me to feel safer and wiser. At my age, those are great bonuses.😊
2FA is pain in the ass at some point... One time I had to change phone number and email accounts and if you forget one account that use 2FA you gonna have a good time recover it beleive me....
helpful video, thanks.
hi ken, thanks for the video. i was wondering though, how do passkeys fit into authentication? should they be used, and can i trust my password manager to store one? a video on password managers in general would be helpful
I'll be making a video on password managers at some point in the future. As far as passkeys, they are great when they are supported, but they still have a ways to go. I think it'll be a few more years before there's wide adoption of them. Some places still only offer SMS 2FA, which is almost pointless against a dedicated attacker. If they can't even be bothered to do TOTP 2FA, then it'll probably be a while before we see good adoption for new standards.
As far as using them now, feel free to use them on sites that support them. I'm not sure if all providers support them, but I heard 1Pass does for sure.
Curious which software you're using for your website.
For the main site where I have the book recommendations, I'm using Huge Blowfish. For the cybersecurity site, I use MkDocs Material. These have both been great, as they both use Markdown for the content pages.
The only thing I don't like about Blowfish is that it's somewhat restricted in customization without a lot of custom code. I'm looking at moving the main site to a different platform, and using Blowfish for miscellaneous tech guides, which is something it would be great for. The MkDocs site has been absolutely awesome and I'll be keeping that long term.
@@KenHarrisio the info on your experience is appreciated. I believe GitBook is another MD document store, but not sure how it compares. In any case, have a great day. :)
No point using an authenticator app with sms backup. The simswap can just bypass the app method.
Better to us an email also locked down by app or use a google voice phone number...etc