A most informative yet sobering segment. It only stands to reason that it is just a matter of time before AI driven scam apps will become so prevalent that they will become virtually indiscernable from legitimate ones..
It really appreciate that in the end you point out the spectrum of security. That not all of these concerns affect all users. Some of us aren't going to fall for dark app design but some of us will. We can adjust as needed. I haven't flipped over to hardware yet but I'm using three different apps. Authy (Desk/Mobi), Aegis (Mobi), an open source browser extension (Desk). Definitely something to be mindful of regarding the apps.
Authy is owned by Twillio who got breached and Authy also requires a phone number which can make your account vulnerable to sim swapping attacks. I would recommend Raivo OTP for iOS or Aegis Authenticator for android or even better a hardware security key such as Yubikey.
@@IdkG7 Welp I'm not sure if you finished reading my post but I'm aware of the breach with Twillio. And hardware keys keys won't work with my use case. In my particular case I'm not concerned about SIM swapping but thanks for the general concern and the tips.
Also something to note: 2FAS and Microsoft Authenticator have biometric lock on the app itself while Google Authenticator doesn't, at least on Android. This makes the former options even more secure
@@alvaromonteiro7766 that's good. I mean I'm genuinely happy for ios users and even more pissed at Google now. For their own Android OS which has biometrics built in, they couldn't implement it yet🤦♂️
i just came across your channel. I haven’t finished the first video but started scrolling through your videos. Subscribed for all your content👍🏾(I finished the video and greatly appreciate your content. Made me happy I’d decided all these years to stick with SMS. Now I need to get a good security key)
@@NaomiBrockwellTV o Thank you very much. I'd heard about a year ago about the problems with using SMS for 2FA. I decided to stick with it rather than get an authenticator app.
Separate discussion, but this is one of the reasons I absolutely hate generic names for apps with common functionalities, and all big tech companies are guilty of doing this. It's just another anti-consumer measure to confuse people, and it ends up enabling bad actors to do stuff like that - release their own app with some generic name that will live in peoples phones there scamming them out of their privacy and security because of a greedy decision by big tech. This includes not only authenticator apps, which a whole ton of companies decided to name it simply as "Authenticator", but also almost all more common or system apps such as Clock, Calendar, Weather, Dialer, Messenger, MyFiles, Gallery, Camera, Voice Recorder, etc etc etc. In a fair world this should be grounds for anti-trust investigations. A whole bunch of those apps are proprietary and often mass harvesting data without authorization. The practice should also be considered a dark pattern.
In addition to the official reliable authentication apps like Google and Microsoft, it's worth mentioning that Apple has a built in authenticator under settings in the password section. Of course, for those who have an iPhone.
A (yearly) update on the best VPN, email, DNS, browser, search engine, etc. would be very cool! ☺️ Or a website that keeps updating when your top 10/top 5 change and why they change. ☺️
Great show 👍 and a very important subject you are explaining in way, that everyone can understand. You have some great posters on the wall with Snowden and Monero. Could you please leave a link to where I can buy them? 😎
You should mention SIM-LOCKING if you want to use SMS for the second factor. It sounds like that mitigates the risk of sim-swapping. Now all you have to worry about is a man in the middle attack for SMS to get your codes.
Luv your delicious accent and your classy vintage garde robe. So bri-ish. But most of all your knowledge and desire to share it in such a simple and easy to understand way for such technical topics. Thank you for sharing Naomi. You are the queen of the geeks.
I think apple’s 2FA in their password manager not being mentioned is a problem because even though they might be tracking usage, it’s inbuilt into all Apple devices
I just saw a video by The WSJ about the iPhone's entire security relying on the phone's lockscreen passcode and how all of your data on that phone can easily be compromised just by knowing that one short PIN... so i would never advise using Apple's options for password management and/or 2FA authentication, you're better off using a 3rd party app which offers a separate way to lock the app itself (and don't use the same pin as to your phone of course)
@@beriont. while I agree that’s a problem right now, Apple will fix it. And the video wasn’t about the best way to keep safe and secure, it was about the easiest options that are better than “fake” apps.
@@beriont. I use the six-digit passcode option and I change it on the first of every month because of a similar report. Fool-proof? No. More secure than a four-digit passcode? Yes.
I wish youtube would also allow you to archive Playlist... I have several IT related ones (this one for example I put in a Playlist "security") it would make my life easier with the amount of Playlists I have 😅
FOSS is the only way to go for a security app. SIM swaps can be mostly avoided by a smart user. Take away SM swap and SMS becomes safe and even has advantages over a hardware key. How long until someone starts making counterfeit hardware keys that look and act just like the real thing only they keep a copy of your data as well?
I'd really like to see exactly how Tommy and Talal check these apps for maliciousness, like do they have an internet bandwidth monitoring app or tool they prefer to use to monitor every in and out bound communication from these apps and the nature of those communications and the info they're gathering and sending? Is the preferred software for this, Proxyman?
naomi this was helpful.. general.. would it not be helpful to list apps that are actual examples of apps that were uncovered, and documented to be examples of what you are reporting?? respect achilles
❤ thanks for your help, I have been targeted for 6 years by Leigh McLean who is a covert Narcissist. I could barely type this, do you have any information for me?
Another better solution is not paying for the scam software. You can close the app most of the times and if not, just switch the phone off. When reboot your phone, just uninstall that software. The biggest problem is that people are more and more "click happy" and clicking every button they see. Think about the "don't push this button" test. Everyone is going to hit that button.
That's highly illegal because of terms of service and bypassing device software via the website or an app is also illegal report this asp or else you'll be hacked, force restart your device if it's trying to force you to purchase something you don't want to buy, delete the website data immediately and completely delete the app from your account on all devices, update all devices to the latest version and turn on privacy settings to mitigate further hacking or fishing 8:44
But can someone tell us which apps are compromised and which are secure? I have a 2FA and even if I understand all this I still don't know if mine is one of the bad ones
The more authentication you need the less safe it is in my opinion specially if its Google and other similar company's. Best open source Apps, where the public can check it, if ther is some wrong.
SMS is more secure than 2FA especially for eSIM. And SIM cloning is not easy anymore, it also need physical access to the sim and therefore more secure than Yubi keys.
Cause once you lose access to backup keys and you install 2FA app on a new phone. You will need to prove who you are and that means sharing your true identity with these people. That means they know who you are, where you live, what your ID number is, what your skin colour is, etc. And immediately they have an accurate profile of you which can then be sold to private parties looking for this information.
Interesting video. One thing I do wonder is how those free 2fa generators that seem legit earn their money. When things are free, usually you are the product.
I will NEVER understand why anyone in their right mind would use their FACE (unique identifier) OR THEIR FINGERPRINTS (yet another unique ID) on a device thats tethered to the internet pretty much 24/7 and on a device that may or may not be transmitting those unique ID's to some 3rd party either deliberately or by interception of that information, and on a device that has been shown that corporations habitually use to take away our freedoms and liberties every bit day by day. I will never understand humans sometimes.
Is it though? Because, its pretty obviously fake just by looking at the publishers name. There is only a handful of companies that make legitimate security apps and only two of them are actually worth using. Microsoft and Bitwarden.
Another excellent video, once again, but in this case I have very little sympathy for users who download and trust random software developers on the Internet, regardless of whether it's security software, or social media software, or games. If I am thinking about downloading any software I first spend an hour researching the company that I'm downloading it from and also studying its Privacy Statement. Half of the products that I examine fail these tests and I don't download them.
There are flavors of Android that allow you to block internet access to certain apps. I bet if you block access before setting them up, they can’t leak anything. OnePlus’s flavor of Android has allowed for this but being a Chinese company, you may be subject to a lot of other data being leaked.
So much for Apple to not do anything for authenticity and still people believe that they respect our privcay bcoz they are premier and costly. Dont understand these money sucking corporates.
Sorry in advance for potential bad English, Bilingual(English is not my mother tongue, yes it's on a good level but still) and dyslectic As long it's MS or Google expect your data to be collected and sold further. Yes as long it's free, you're the product but some companies are better than others. More and more companies have started to be more privacy based. I try to use the ones who are more privacy based more than the ones who are big known tech companies like MS, FB, google(alphabet), Apple etc.... Being online you have to sacrifice some privacy and information but some are way worse than others. Either you have to live outside the grid totally, or have 10 Firewalls, Anti-tracking, tor, VPNs and you're still not totally safe. So either you have to live not connected at all. Like in the middle of the forest in a cave and live like modern stone age. Or you must sacrifice something. You should try to use the more privacy based type of companies. The most secure way to use MFA is actually the HW keys which looks like an USB stick.
oh snap. looks like it HAS been abandoned. > This repository has been archived by the owner on Jun 14, 2022. It is now read-only. Seems he got a "big boy job" as it were and doesn't have time and energy to do even more work after that. I wish the developer well. Sounds like it couldn't happen to a better person.
This is scary. And reason why I try to stay away from all these new gadgets. I use passwords, I have a few very complex passwords that I have memorized. Edward Snowden recommends you have "a long phrase sentence as a password" and use it everywhere. I do not recommend this approach and wonder how the hell did Edward Snowden even tell people that it is a great practice. Imagine AI robots in the future who have access to your "long phrase password" and just like that, your whole identity everywhere is compromised.
>Edward Snowden recommends you have "a long phrase sentence as a password" and use it everywhere. That seems wildly incorrect can you find any source on this? long sentence passwords are great but using the same one everywhere that's bad idea since before Snowden became a public figure.
I don't believe Snowden ever said to use the same password everywhere, I think you misunderstood him, he doesn't say that in the video you linked, he's suggesting the use of passphrases in general everywhere.
@@futurecactus Why do you guys always have to sound so unintelligible? Listen to the discussion again. The discussion is centered around people using one password for their logins. And usually that one password is so weak, that people ought to rethink their password. Cause how many people have the ability to have 2 or 3 or more passwords and remember which one to use on which website? Hardly many people. And so Snowden, suggests people keep and use a passphrase. Sure go-ahead, use 10 passphrases and let me know how that works out for you. People don't even remember what their spouse accurately said last night, and you think Snowden is suggesting them to keep multiple passphrases... he was talking to people who use "passwerd" all over the internet as their main password.
@@NaomiBrockwellTV uh oh...i don't recall entering any such "string" when I first set up my authenticator, LOL. Is this "string" thingy something I'm supposed to know??
@@PerpetualPreponderer if you set up your 2FA and it's working then your key was recorded in the background, you don't need to know what it actually is and there's nothing more to do and nothing to worry about. If you lose access to your 2FA by losing your phone for example, then you can use the recovery codes to log in once and regain access to your account, that's why they should be recorded in a way that's secure but also accessible if you lose your 2FA app.
@@muaawiyahtuckerThe ones I listed are open source meaning you can see what ur does if you view the code, not in the cloud. This makes it superior for security alone
There's nothing to steal. They seem to have it all already. And they're still compulsively scavenging. It should tell you something about their real natural place on the food chain.
The sad part is I know the exact users who would fall for this. Especially the one I married. 😂 ...but as she says, that's why I'm still around (for tech support) 🙂
A most informative yet sobering segment. It only stands to reason that it is just a matter of time before AI driven scam apps will become so prevalent that they will become virtually indiscernable from legitimate ones..
Naomi is a gem 💎
@@PaulyTater Blinding our vision precious.
Simps everywhere
@@sevenelven Aww, you learned a new word. 🥰
@@natemarx4999 uhh thanks? Lol
@@sevenelven Hi! You can give me compliments too. It helps balance out the nasty ones!
Thanks Naomi for breaking it down and keeping it real!!
It really appreciate that in the end you point out the spectrum of security. That not all of these concerns affect all users. Some of us aren't going to fall for dark app design but some of us will. We can adjust as needed.
I haven't flipped over to hardware yet but I'm using three different apps. Authy (Desk/Mobi), Aegis (Mobi), an open source browser extension (Desk). Definitely something to be mindful of regarding the apps.
Good points .
Authy is owned by Twillio who got breached and Authy also requires a phone number which can make your account vulnerable to sim swapping attacks.
I would recommend Raivo OTP for iOS or Aegis Authenticator for android or even better a hardware security key such as Yubikey.
@@IdkG7 Welp I'm not sure if you finished reading my post but I'm aware of the breach with Twillio. And hardware keys keys won't work with my use case. In my particular case I'm not concerned about SIM swapping but thanks for the general concern and the tips.
Thank you Naomi for highlighting this danger. You really are a treasure.
You and these guys been doing God's work. Thank you.
This channel has both given me confidence and anxiety LOL
knowledge enables us to empower ourselves and make more informed decisions! :)
Exactly right.
Naomi has that affect (effect?) on people.
Now read what I just wrote again if you're neurotypical or neurodiverse. 🙊🙉🙈
Also something to note: 2FAS and Microsoft Authenticator have biometric lock on the app itself while Google Authenticator doesn't, at least on Android. This makes the former options even more secure
In iOS Google Authenticator also has biometric lock like Microsoft Authenticator.
@@alvaromonteiro7766 that's good. I mean I'm genuinely happy for ios users and even more pissed at Google now. For their own Android OS which has biometrics built in, they couldn't implement it yet🤦♂️
Thanks Naomi for enlightening us all😇
This woman really does a great job. I wish I had found this channel sooner
You're here now! Welcome 💛
i just came across your channel. I haven’t finished the first video but started scrolling through your videos. Subscribed for all your content👍🏾(I finished the video and greatly appreciate your content. Made me happy I’d decided all these years to stick with SMS. Now I need to get a good security key)
here's a deep dive into sms to show you the other side of things! th-cam.com/video/hLQpys14wW0/w-d-xo.html
@@NaomiBrockwellTV o Thank you very much. I'd heard about a year ago about the problems with using SMS for 2FA. I decided to stick with it rather than get an authenticator app.
Great content! Curious to see the next vid on the open source ones.
Thanks. Really interesting one - nice mix of what and how. Cheers!
Separate discussion, but this is one of the reasons I absolutely hate generic names for apps with common functionalities, and all big tech companies are guilty of doing this.
It's just another anti-consumer measure to confuse people, and it ends up enabling bad actors to do stuff like that - release their own app with some generic name that will live in peoples phones there scamming them out of their privacy and security because of a greedy decision by big tech.
This includes not only authenticator apps, which a whole ton of companies decided to name it simply as "Authenticator", but also almost all more common or system apps such as Clock, Calendar, Weather, Dialer, Messenger, MyFiles, Gallery, Camera, Voice Recorder, etc etc etc.
In a fair world this should be grounds for anti-trust investigations. A whole bunch of those apps are proprietary and often mass harvesting data without authorization. The practice should also be considered a dark pattern.
That's an interesting point. I've certainly had that problem distinguisihing the contacts app I downloaded vs the one that came with my phone.
Excellent guests . And the host is sublime .
Great to see you and Heidi talking together. My 2 fave tech and crypto girls keeping it real 🙏🏾💕🙏🏾
She's great :)
In addition to the official reliable authentication apps like Google and Microsoft, it's worth mentioning that Apple has a built in authenticator under settings in the password section. Of course, for those who have an iPhone.
Aegis authenticator is what i use and its great thank you reddit
A (yearly) update on the best VPN, email, DNS, browser, search engine, etc. would be very cool! ☺️
Or a website that keeps updating when your top 10/top 5 change and why they change. ☺️
Great show 👍 and a very important subject you are explaining in way, that everyone can understand. You have some great posters on the wall with Snowden and Monero. Could you please leave a link to where I can buy them? 😎
Actually unsure where to buy them these days! I'll find out
thanks, just sent this to a colleague who didn’t want to recommend any specific app because the users should be able to decide by themselves
Excellent content. I think these clone apps/sites are not just targeting 2FA but all apps
Seems like the app store could have liability for letting these scammers steal seeds
i feel like a lot of liabilities go away when a user agrees to the terms prior to using the app store.
Why was this 8:03 not identified during Apple's manual app verification process?
You should mention SIM-LOCKING if you want to use SMS for the second factor. It sounds like that mitigates the risk of sim-swapping. Now all you have to worry about is a man in the middle attack for SMS to get your codes.
This is a video people should pay attention to.
Naomi , love you and your videos! You explain everything so well but in a way a dummy like me can understand!
Thanks
I like open source FreeOTP+ although I disabled network access which I guess is used for icons.
Fortunate to find your channel! Good video! Keep it up! 👍🏼
🙏
Thanks Naomi you are a guardian angel !
Luv your delicious accent and your classy vintage garde robe. So bri-ish. But most of all your knowledge and desire to share it in such a simple and easy to understand way for such technical topics. Thank you for sharing Naomi. You are the queen of the geeks.
"queen of the geeks" 😂 I'll take it
Thank you Naomi.
I think apple’s 2FA in their password manager not being mentioned is a problem because even though they might be tracking usage, it’s inbuilt into all Apple devices
Yeah. It's baffling why she didn't mention that, especially Apple being big on Privacy.
I just saw a video by The WSJ about the iPhone's entire security relying on the phone's lockscreen passcode and how all of your data on that phone can easily be compromised just by knowing that one short PIN... so i would never advise using Apple's options for password management and/or 2FA authentication, you're better off using a 3rd party app which offers a separate way to lock the app itself (and don't use the same pin as to your phone of course)
@@beriont. while I agree that’s a problem right now, Apple will fix it. And the video wasn’t about the best way to keep safe and secure, it was about the easiest options that are better than “fake” apps.
@@beriont. I use the six-digit passcode option and I change it on the first of every month because of a similar report. Fool-proof? No. More secure than a four-digit passcode? Yes.
Great video. When will we see you on the Fediverse?
Dark Side of 2FA = Mouse Guarding Cheese!
Thank you. When a business pushes 2FA, it is often done without training. We had several people click on the wrong application.
Fantastic content !! Thank you very much
Great video. I'm very fortunate to enjoy computers because the pitfalls for the unwary are endless.
I wish youtube would also allow you to archive Playlist... I have several IT related ones (this one for example I put in a Playlist "security") it would make my life easier with the amount of Playlists I have 😅
FOSS is the only way to go for a security app. SIM swaps can be mostly avoided by a smart user. Take away SM swap and SMS becomes safe and even has advantages over a hardware key. How long until someone starts making counterfeit hardware keys that look and act just like the real thing only they keep a copy of your data as well?
I'd really like to see exactly how Tommy and Talal check these apps for maliciousness, like do they have an internet bandwidth monitoring app or tool they prefer to use to monitor every in and out bound communication from these apps and the nature of those communications and the info they're gathering and sending? Is the preferred software for this, Proxyman?
What about password managers with a OTP field, like 1Password?
naomi this was helpful.. general.. would it not be helpful to list apps that are actual examples of apps that were uncovered,
and documented to be examples of what you are reporting?? respect achilles
❤ thanks for your help, I have been targeted for 6 years by Leigh McLean who is a covert Narcissist. I could barely type this, do you have any information for me?
Another better solution is not paying for the scam software. You can close the app most of the times and if not, just switch the phone off. When reboot your phone, just uninstall that software. The biggest problem is that people are more and more "click happy" and clicking every button they see. Think about the "don't push this button" test. Everyone is going to hit that button.
Good data, thanks. What do you thnk of getting codes via email or phone call, rather than SMS text?
video with using vpn as firewall, like netguard? which can be setup as block by default so new app can't connect to the internet,
Hi, what’s the best 2fa for iPhone for personal use. Thank you.
The problem with a key is that you need two and have to carry something else about. If they were smaller, I would use them.
I would use Aegis.
Do you carry a house or car key around?
That's highly illegal because of terms of service and bypassing device software via the website or an app is also illegal report this asp or else you'll be hacked, force restart your device if it's trying to force you to purchase something you don't want to buy, delete the website data immediately and completely delete the app from your account on all devices, update all devices to the latest version and turn on privacy settings to mitigate further hacking or fishing 8:44
But can someone tell us which apps are compromised and which are secure? I have a 2FA and even if I understand all this I still don't know if mine is one of the bad ones
Ok how would they be able to get your SEID, EID, or IMEI to do this? If your phone is locked how would you be able to stop this?
Great video!
You are such a splendid mind !
So company that demand you use 2FA is bad, too? Do you have a video on SMS? And last ❓is eSim vs Sim better or worse? Thank you👑!
If a company wants you to use 2FA, then they should be obliged to send you a hardware security key.
2FAS is great! That's by far my fav
What happens when you get a new phone number?
Is there a way to use both TOTP and/or a FIDO Key. That way if you lose the FIDO KEY, you can still access the account/site?
Depends on the website, sometimes they all back up security keys, or back up other authentication methods
Great video
The more authentication you need the less safe it is in my opinion specially if its Google and other similar company's.
Best open source Apps, where the public can check it, if ther is some wrong.
How can they do sim swap if you are using an Apple iPhone with only e-sim?
esim is functionally no different to a normal sim. number just gets ported to a new IMSI
SMS is more secure than 2FA especially for eSIM. And SIM cloning is not easy anymore, it also need physical access to the sim and therefore more secure than Yubi keys.
Naomi: I don’t understand how Authy can be free. How do they survive ? Why doing it ?
Cause once you lose access to backup keys and you install 2FA app on a new phone. You will need to prove who you are and that means sharing your true identity with these people. That means they know who you are, where you live, what your ID number is, what your skin colour is, etc. And immediately they have an accurate profile of you which can then be sold to private parties looking for this information.
Authy is owned by Twilio, a publicly traded company. They make money elsewhere such as selling to businesses.
Avoid Authy use Raivo OTP for iOS or Aegis Authenticator for Android
@@harsimran1 My skin color😅 Time to remove that tin foil hat
Thanks for your excellent work❤🙏
Hi, can i have this question. How can i be able to figure out which app is real and which app not not real? Thanks
Excellent video
Interesting video. One thing I do wonder is how those free 2fa generators that seem legit earn their money. When things are free, usually you are the product.
Great Video!!!
🙏
Ya gotta watch out for fake password manager apps too.
absolutely
Why Apple permit all those apps in the App Store?
I will NEVER understand why anyone in their right mind would use their FACE (unique identifier) OR THEIR FINGERPRINTS (yet another unique ID) on a device thats tethered to the internet pretty much 24/7 and on a device that may or may not be transmitting those unique ID's to some 3rd party either deliberately or by interception of that information, and on a device that has been shown that corporations habitually use to take away our freedoms and liberties every bit day by day. I will never understand humans sometimes.
Which ones can work on a de-googled Android phone (i.e. no gapps)?
Aegis or andOTP are best
Unfortunately there are many fake 2FA apps in the app store and Google Play store and it can be hard to tell whether they are real or fake apps
Is it though? Because, its pretty obviously fake just by looking at the publishers name. There is only a handful of companies that make legitimate security apps and only two of them are actually worth using. Microsoft and Bitwarden.
2FAS is open-source and the most featured app.
Another excellent video, once again, but in this case I have very little sympathy for users who download and trust random software developers on the Internet, regardless of whether it's security software, or social media software, or games. If I am thinking about downloading any software I first spend an hour researching the company that I'm downloading it from and also studying its Privacy Statement. Half of the products that I examine fail these tests and I don't download them.
Waited and waited but I never heard what apps to avoid.
Surely the big weakest of a 2fa app is your phone which typically has a short code?
Very. Ice and informative
I Like your Video, Love From INDIA
Important video
Mwuahahahaaaa my chastity belt are now more secure than ever!
Something to note andOTP is no longer getting updates as the dev has stepped away from the project.
There are flavors of Android that allow you to block internet access to certain apps. I bet if you block access before setting them up, they can’t leak anything.
OnePlus’s flavor of Android has allowed for this but being a Chinese company, you may be subject to a lot of other data being leaked.
I always try to use well knows FOSS apps of all kinds
02:33 that can not be a seed! If you know why, you know why :)
I am constantly asking myself how I have decided to trust this person/creator/company/news source/app, etc. It's essentially a process audit.
So much for Apple to not do anything for authenticity and still people believe that they respect our privcay bcoz they are premier and costly. Dont understand these money sucking corporates.
Sorry in advance for potential bad English, Bilingual(English is not my mother tongue, yes it's on a good level but still) and dyslectic
As long it's MS or Google expect your data to be collected and sold further. Yes as long it's free, you're the product but some companies are better than others. More and more companies have started to be more privacy based. I try to use the ones who are more privacy based more than the ones who are big known tech companies like MS, FB, google(alphabet), Apple etc....
Being online you have to sacrifice some privacy and information but some are way worse than others. Either you have to live outside the grid totally, or have 10 Firewalls, Anti-tracking, tor, VPNs and you're still not totally safe. So either you have to live not connected at all. Like in the middle of the forest in a cave and live like modern stone age. Or you must sacrifice something. You should try to use the more privacy based type of companies. The most secure way to use MFA is actually the HW keys which looks like an USB stick.
andOTP has been abandoned
It has? When was the last active development? I'll look into that, thanks!
flocke Unmaintained on Jun 14, 2022
andOTP GitHub
oh snap. looks like it HAS been abandoned.
> This repository has been archived by the owner on Jun 14, 2022. It is now read-only.
Seems he got a "big boy job" as it were and doesn't have time and energy to do even more work after that. I wish the developer well. Sounds like it couldn't happen to a better person.
@@okay4634 will mention that in our upcoming followup video when we dive into open source options, thanks!
So much for the app store being safer. "side loading" is dangerous they say. Sounds like you are taking your chances either way.
I use Microsoft Authenticator and 2 Secure Keys
This is scary. And reason why I try to stay away from all these new gadgets.
I use passwords, I have a few very complex passwords that I have memorized. Edward Snowden recommends you have "a long phrase sentence as a password" and use it everywhere. I do not recommend this approach and wonder how the hell did Edward Snowden even tell people that it is a great practice.
Imagine AI robots in the future who have access to your "long phrase password" and just like that, your whole identity everywhere is compromised.
There are open source 2FA Apps, so your comment doesn't make sense.
>Edward Snowden recommends you have "a long phrase sentence as a password" and use it everywhere.
That seems wildly incorrect can you find any source on this? long sentence passwords are great but using the same one everywhere that's bad idea since before Snowden became a public figure.
@@SuperWolfkin th-cam.com/video/SuaNGOx4ZSc/w-d-xo.html
I don't believe Snowden ever said to use the same password everywhere, I think you misunderstood him, he doesn't say that in the video you linked, he's suggesting the use of passphrases in general everywhere.
@@futurecactus Why do you guys always have to sound so unintelligible? Listen to the discussion again. The discussion is centered around people using one password for their logins. And usually that one password is so weak, that people ought to rethink their password. Cause how many people have the ability to have 2 or 3 or more passwords and remember which one to use on which website? Hardly many people. And so Snowden, suggests people keep and use a passphrase. Sure go-ahead, use 10 passphrases and let me know how that works out for you. People don't even remember what their spouse accurately said last night, and you think Snowden is suggesting them to keep multiple passphrases... he was talking to people who use "passwerd" all over the internet as their main password.
so is the secret the recovery codes the authenticator gives us when we set it up as a 2fa?
No they're recovery codes. You can opt to either scan a code or manually type in a string of digits when you first set it up. The string is the secret
@@NaomiBrockwellTV uh oh...i don't recall entering any such "string" when I first set up my authenticator, LOL. Is this "string" thingy something I'm supposed to know??
@@PerpetualPreponderer you probably scanned the qr code
@@NaomiBrockwellTV yikes...what do I do now??
@@PerpetualPreponderer if you set up your 2FA and it's working then your key was recorded in the background, you don't need to know what it actually is and there's nothing more to do and nothing to worry about.
If you lose access to your 2FA by losing your phone for example, then you can use the recovery codes to log in once and regain access to your account, that's why they should be recorded in a way that's secure but also accessible if you lose your 2FA app.
Smartest, hottest redhead on TH-cam!
I won't buy a security key because I don't know how to pick one I REALLY trust. Forget Amazon... that's just a crapshoot...
Yubico is easily the best security key maker currently and supports a wide range of protocols.
@@IdkG7 yeah but where do I get one that I can believe isn't a knock off or fake. Does Best Buy sell them?
Is 2FAS auth app safe? Thanks
Nice video
Best to use apples own TOTP built into iOS
Wrong
Raivo OTP for iOS or Aegis Authenticator for Android.
Or even better hardware 2FA such as Yubikey
@@IdkG7 why would an external OTP be better than a native one? Honest questuin
@@muaawiyahtuckerThe ones I listed are open source meaning you can see what ur does if you view the code, not in the cloud.
This makes it superior for security alone
There's nothing to steal. They seem to have it all already. And they're still compulsively scavenging. It should tell you something about their real natural place on the food chain.
SMS text authentication is the least secure of the 3 authentication methods, so try not to use it if poosible
The sad part is I know the exact users who would fall for this. Especially the one I married. 😂
...but as she says, that's why I'm still around (for tech support) 🙂