***** Me too, If you can get a key, make sure the key generates passwords over 3000 characters long so its harder to crack. That's what I did and it works flawlessly, hell I have to do that to hook up any device to the internet in my home. For my computer, I have a 3 factor auth. that requires a card reader, and a finger print scan, than the usual windows password.
Ali Alshakhs It's more likely that the website's database will be compromised. In that case, the attacker might be able to decrypt passwords depending on their strength.
Congratz Thio, You used a word which google doesn't. 2-factor authentication instead of 2-step verification. By the way, I use it. +ThioJoeTech +ThioJoe
What would happen if the Security Key USB was stolen? Is there any form of password reset/disconnecting the key from your account? If the key is lost, broken or stolen, how do you regain access to your accounts?
Really like the security theme of this video, Would be neat if you went into how to use PGP in Thunderbird as well or using XMPP chat with Pidgin across platforms for encrypted communication. I was thinking of buying a Yubikey but I am not 100% sold yet, They employ some cool technology they are trying to get adopted as the universal standard called U2F or Universal 2nd Factor which is pretty neat, Thanks for the videos as always, *****
what about an update Joe? u2f Ubikey still "the best or only key or solokey open source options better? do they need or ever send online info? please update!
Even if you think you don't have anything worth stealing on your computer or whatever account. It's the fact people can impersonate you that is the real dangerous part. Recently we had a building operator say he had nothing of value on his computer worth stealing. This would be someone who has access to building automation systems. Such as alarms, elevators, HVAC and more.
Can someone please tell me how long does it roughly take for apple to send you another recovery key ive requested for another as i cant access my account because i dont have the device that has the sim in
What if you don't have a phone and you don't have those little KEY things .. And you can only go on a PC to check your email? Can you still use 2-factor-Auth?
The only downside is that many websites that is dual authentication will automatically accept all log 82nd from that IP for up to a month. Some times it's 24 hours, some times it's 2 weeks. So if you or a ex has a keylogger or your laptop is stolen and you have saved passwords there is still a chance to get into your account. There is also evidence that shows if you use Google authiticator on a cellphone with both the devices connected to Wi-Fi then someone can sniff your packets with wireshark and find your dedicated url key/validator that generates the randomly generated passwords.
I have a question, so a few years ago someone stole my iPhone 4s, I just upgraded to an iPhone 6 and I added my card information, whoever stole my 4s bought music off of iTunes and it sent me an email and it thinks I purchased the music but I didn't, so does the Two-Factor Authentication block them from making further purchases?
Terri Brown with Two-Factor Authentication enabled, you can change your password and choose to log other devices out of your account. You can also log in to the Apple ID website (appleid.apple.com) and remove any devices that you no longer own from your account, thus signing them out.
i had two factor auth on my bitcoin accounts but now they say using a basic feature phone is not permitted and they want me to download an app for TFA but i cannot with my basic phone ... i need a smartphone capable of running an app ... i do have a iphone 4s but never used it because i do not want to upgrade my account ... my question is can i use iphone 4s without a purchasing sim? and then use it to run an TFA app on it using a coffee house wifi to complete the process TFA requires?
You should be able to use the 4s with wi-fi only. The app doesn't use cellular service to prevent SIM jacking. In which an attacker impersonates you to have a new SIM card sent to them to intercept the text codes. I find app notifications much better than text because you're pressing a button rather than typing a code.
TUPDATE: If you have the same problem that I did (see below). Search for "How to retrieve 2 factor authentication code". The video walked me through it. Two-Factor verification has been a nightmare for me. Luckily I do have the google authentication app on my iPhone, iPad and the USB dongle. The USB dongle failed in a couple of months and had to be replaced. I used the app until it was replaced. But that's not the nightmare. It's Apple's Two-Factor Verification that's killing me. I lost my iPhone and if I try to login to the iCloud it asks for the Two-Factor Verification code that it sent to all of my Apple devices. So when I try to receive the code from my iPad, it too asks for the Two-Factor verification code. There is an option to send the code via text to my iPhone which I lost. So now I have my new iPhone and I try to restore the backup and it asks for the code again. So eventually I give up and try to set it up as a new phone and it still asks for the code. Apple say's I have to open a new account and there is no way to recover any files. Every picture since 2015...gone! I'm blocked from My own data even when I have the password.
I have always worried with my two factor that it texts me a temporary password..but what if I lose the phone and now they can reset themselves since the phone is getting the password...so how do I prevent them from getting the text since now they have my phone. I do have a finger print password but nevertheless makes me worried.
I use 2-factor auth on all sites that allow it. I also use a Yubikey Neo for Lastpass & my Google accounts. I stopped using Google Authenticator since it is slightly vulnerable. Now I use the Yubico Authenticator Android app because it stores all the info on my Yubikey Neo. (It has NFC so it's great to use with a phone) This makes it basically impossible for me to be hacked. But if I do of course I have notifications every time I'm signed in on a new device & Paypal notifications to my phone whenever money is spent. (I'm a slight security nut so all this stuff is part fun as well.)
So what I learnt from this video is that two factor authentication is not secure because of man in the middle attacks, but some magical stick that you do not know how it works is secure. So basically magic > logic. Thx. Maybe come back and explain this magical stick in to real world terms.
Okay I have my laptop and iphone, I try to do something in my laptop because the fucking phone was lost now it asks me the fucking two factor auth. can't do shit now.
You know that a good secured site hashes and salts (best encryption method) the password on the computer itself so everyone can read that hashed aan salted password but no one knows your password (I can tell you Google does not know your password. Neither does your router switch hub or anything else between you and the server) and if a company send your password back you know that it is not secure couse that know your password so hackers do as well.
jaap aarts Right, the right way is to have a user go through a link in the email to reset the password, and probably should have to answer some other verifying information also.
Thanks. Someone send my daughter a fb messenger video, looked like a TH-cam so she clicked on it & within an hour, she couldn't get back in her fb so she had to reset all passwords again.
Thanks man, that really means a lot! And yes, I did make my logo myself :) In fact I am planning on making a video on how to make the long shadow effect (on GIMP), so stay tuned if you want to learn how!
I'm a big fan of Two-Factor authentication, and here's why you should be too!
***** Me too, If you can get a key, make sure the key generates passwords over 3000 characters long so its harder to crack. That's what I did and it works flawlessly, hell I have to do that to hook up any device to the internet in my home. For my computer, I have a 3 factor auth. that requires a card reader, and a finger print scan, than the usual windows password.
Ali Alshakhs It's more likely that the website's database will be compromised. In that case, the attacker might be able to decrypt passwords depending on their strength.
+ThioJoeTech Love Two-Factor authentication too! I don't have to worry about MSA getting hacked.
Congratz Thio, You used a word which google doesn't. 2-factor authentication instead of 2-step verification. By the way, I use it. +ThioJoeTech +ThioJoe
how can i remove two factor...bcz i can put my contact button on insta but there is no switch business profilr
Finally someone did a video I understand thanks Joe
HadesHD Glad you liked it!
OMFJ U responded
What would happen if the Security Key USB was stolen? Is there any form of password reset/disconnecting the key from your account? If the key is lost, broken or stolen, how do you regain access to your accounts?
You should do a video about Anti-Virus Protection Joe!
@Malave Stephanie I don’t have IG.
Thanks for the info I just got my Fido Key from amazon . Good job
Really like the security theme of this video, Would be neat if you went into how to use PGP in Thunderbird as well or using XMPP chat with Pidgin across platforms for encrypted communication.
I was thinking of buying a Yubikey but I am not 100% sold yet, They employ some cool technology they are trying to get adopted as the universal standard called U2F or Universal 2nd Factor which is pretty neat,
Thanks for the videos as always, *****
Yeah unless someone steals your phone and they get to reset your password. Just happened to me, will never you 2 factor again.
what about an update Joe? u2f Ubikey still "the best or only key or solokey open source options better?
do they need or ever send online info? please update!
Is worth it to use 2 factor autentication. I can log in multiple times
Even if you think you don't have anything worth stealing on your computer or whatever account. It's the fact people can impersonate you that is the real dangerous part. Recently we had a building operator say he had nothing of value on his computer worth stealing. This would be someone who has access to building automation systems. Such as alarms, elevators, HVAC and more.
Can someone please tell me how long does it roughly take for apple to send you another recovery key ive requested for another as i cant access my account because i dont have the device that has the sim in
What if you don't have a phone and you don't have those little KEY things .. And you can only go on a PC to check your email? Can you still use 2-factor-Auth?
The only downside is that many websites that is dual authentication will automatically accept all log 82nd from that IP for up to a month.
Some times it's 24 hours, some times it's 2 weeks. So if you or a ex has a keylogger or your laptop is stolen and you have saved passwords there is still a chance to get into your account.
There is also evidence that shows if you use Google authiticator on a cellphone with both the devices connected to Wi-Fi then someone can sniff your packets with wireshark and find your dedicated url key/validator that generates the randomly generated passwords.
I have a question, so a few years ago someone stole my iPhone 4s, I just upgraded to an iPhone 6 and I added my card information, whoever stole my 4s bought music off of iTunes and it sent me an email and it thinks I purchased the music but I didn't, so does the Two-Factor Authentication block them from making further purchases?
Terri Brown with Two-Factor Authentication enabled, you can change your password and choose to log other devices out of your account. You can also log in to the Apple ID website (appleid.apple.com) and remove any devices that you no longer own from your account, thus signing them out.
does u2f replace phone 2fa? what about pgp?
How do u actívate The two factor
i had two factor auth on my bitcoin accounts but now they say using a basic feature phone is not permitted and they want me to download an app for TFA but i cannot with my basic phone ... i need a smartphone capable of running an app ... i do have a iphone 4s but never used it because i do not want to upgrade my account ... my question is can i use iphone 4s without a purchasing sim? and then use it to run an TFA app on it using a coffee house wifi to complete the process TFA requires?
You should be able to use the 4s with wi-fi only. The app doesn't use cellular service to prevent SIM jacking. In which an attacker impersonates you to have a new SIM card sent to them to intercept the text codes. I find app notifications much better than text because you're pressing a button rather than typing a code.
how can i use 2fa? where can i scan this code or typ it in? i realy dont find it....
*Can you make a video on what we need to do before upgrading to Windows 10?*
Very informative video...thanks Joe!
Thank you for sharing. This is great advice!
thanks! Maybe add the links you mention in the description?
TUPDATE: If you have the same problem that I did (see below). Search for "How to retrieve 2 factor authentication code". The video walked me through it.
Two-Factor verification has been a nightmare for me. Luckily I do have the google authentication app on my iPhone, iPad and the USB dongle. The USB dongle failed in a couple of months and had to be replaced. I used the app until it was replaced. But that's not the nightmare. It's Apple's Two-Factor Verification that's killing me. I lost my iPhone and if I try to login to the iCloud it asks for the Two-Factor Verification code that it sent to all of my Apple devices. So when I try to receive the code from my iPad, it too asks for the Two-Factor verification code. There is an option to send the code via text to my iPhone which I lost. So now I have my new iPhone and I try to restore the backup and it asks for the code again. So eventually I give up and try to set it up as a new phone and it still asks for the code. Apple say's I have to open a new account and there is no way to recover any files. Every picture since 2015...gone! I'm blocked from My own data even when I have the password.
is only key or solo key trustworthy? can theyor ubikey record passwords and transmit? anyone verify via "fing", "netgaurd" etc?
I have always worried with my two factor that it texts me a temporary password..but what if I lose the phone and now they can reset themselves since the phone is getting the password...so how do I prevent them from getting the text since now they have my phone. I do have a finger print password but nevertheless makes me worried.
very handy video, as usual. Thank you. i use clef or google chrome's waltz app for the i phone very handy
wait but ever since https was implemented, doesn't it render mitm attacks useless?
I use 2-factor auth on all sites that allow it. I also use a Yubikey Neo for Lastpass & my Google accounts. I stopped using Google Authenticator since it is slightly vulnerable. Now I use the Yubico Authenticator Android app because it stores all the info on my Yubikey Neo. (It has NFC so it's great to use with a phone)
This makes it basically impossible for me to be hacked. But if I do of course I have notifications every time I'm signed in on a new device & Paypal notifications to my phone whenever money is spent.
(I'm a slight security nut so all this stuff is part fun as well.)
Colton Blumhagen I've been thinking about getting one of those, they seem cool.
***** Totally worth it. You can also setup a static password on it for say your computer password.
Thanks for the advice that I never thought of before
how to get back two-factors code i delete my mobile app by mistake and then i install again but its show nothing
I've never been this early to an upload
PenetratorzZ ! You're the first bro
PenetratorzZ ! congrats bro well deserved
What if I do not what use it so how could I get rid of it
Two facotr authenticator code i forgot i t what to do now i cant go to my steam acc :( what to do
This is really cool! I to get this asap, adding this video to my favorites. :)
I just noticed it and this might help me out
I use winauth
this type of videos preferred
I watch you videos a lot
So what I learnt from this video is that two factor authentication is not secure because of man in the middle attacks, but some magical stick that you do not know how it works is secure. So basically magic > logic. Thx. Maybe come back and explain this magical stick in to real world terms.
quality settings disabled :/
My Instagram got hacked now when I try to log in that shit pop up
Okay I have my laptop and iphone, I try to do something in my laptop because the fucking phone was lost now it asks me the fucking two factor auth. can't do shit now.
thank you very helpful
You know that a good secured site hashes and salts (best encryption method) the password on the computer itself so everyone can read that hashed aan salted password but no one knows your password (I can tell you Google does not know your password. Neither does your router switch hub or anything else between you and the server) and if a company send your password back you know that it is not secure couse that know your password so hackers do as well.
Thom Scott made a video about this(on his own chanel or on computerphille)
jaap aarts Right, the right way is to have a user go through a link in the email to reset the password, and probably should have to answer some other verifying information also.
how can i remove two factor .....plz
IKR
Good
I randomly receive a text on my mobile to reset my IG password I dont why it got there but then I really enable 2fa
***** do you buy and test products or do you have them sent to you to keep?If so, who sends them to you?
Never heard of this till today
Fn head wrecked trying to set up a
Thanks. Someone send my daughter a fb messenger video, looked like a TH-cam so she clicked on it & within an hour, she couldn't get back in her fb so she had to reset all passwords again.
3:42 that face
Cool
If you look under his nose, the skin under his nose makes a heart shape.
GREAT VIDEO
nah jk im just here to say FIRST
Cool :)
Dude! You're so awesome! Love your videos!! Btw. did you make your logo yourself? 'Course it looks so cool!!
Thanks man, that really means a lot! And yes, I did make my logo myself :)
In fact I am planning on making a video on how to make the long shadow effect (on GIMP), so stay tuned if you want to learn how!
Yes I love your content
this all to clutsey
You are fucked if you just so happen to lose your devices and then get new apple devices
nope
Nope…
5th?
joeismexyz 4th maybe
No one cares anyways...
you clearly care enough to reply
Second!!!!!!!!!!
AntiVirus
two factor authentication is a good idea, except its pointless, if google has it the nsa has it. ask fifa.
First!
Dang. You beat me to it!
Redstone105MC yes indeed