It's good to be back in the actual Centre for Computing History! They're still closed to the public right now for obvious reasons, but have a look in the description for a link to them and their fundraiser to help them get through the closure!
@Squant Because parents (instead of grandparents) are now of the generation who learned that computers can't do what you mean. And now they're frustrated because the computers are BAD at guessing what they mean because we're used to being much more explicit than the average.
@@bartonseagrave9605 Their generation did. But that's like saying Werner Von Braun's generation built rockets, ergo everyone of that generation is a rocket scientist.
"No way to check that the President wasn't ... being coerced." I always assumed that there was not only a "correct" code on the Biscuit, but that there was also a coercion code, basically telling the recipient that "this source is compromised, disregard further signals from this source."
We had this at a safe in a store I worked. If you typed in a pin containing double zero it would open the safe but also send an alarm to the security company + the Police.
ANGRC series crypto-radios (1970's tech) had a similar thing; lots of operator sequences could lead to auto-destruct! Any one of a dozen combinations of control settings will release the magic smoke from all the transistors. Hell, using the damn thing while driving on a bumpy road could start auto-destruct! The paranoia around these things being compromised was intense! OK, memory being what it is, it likely wasn't AN/GRC that I was thinking about...
"Signatures can be forged" is an understatement. 99% of people who require a signature for anything have actually no idea what your signature looks like, and it's practically a formality.
Another bad thing about signatures is that yours changes over time. If they actually used them to verify identity, you could be denied even if it were you. I worried about this when I voted by mail in the last election. The signature on file with the election officials is from high school. My signature has changed drastically since then.
Signatures and initials have moreso become a thing for those that are relevant, like when accepting a package from a delivery guy. If any of my neighbours go onto their app in case the delivery guy was too lazy to put in a card saying hey, it's dumped at this address they can see my NS with a squiggly line and know it's at my house.
@@theophrastusbombastus8019 If it's "snitches get stitches" that is learned, it's probably not the police that he's running from. Also, I'm picturing him running clutching his stomach running out that scenario.
Three things: 1. Tom Scott is a genius story teller. 2. Whoever edits Toms videos is brilliant at their job 3. Tom Scott considers hacking fraudsters, scammers and MLMs on the same level, and like with many other things, Tom Scott is right.
Damn computers just need to learn to listen better. I threaten mine with violence whenever it doesn't do what I want. Doesn't seem to accomplish much but it does make me feel better...
Many years ago my department manager had a poster behind her desk: I hate this damned computer, I wish that they would sell it; It never does quite what I want, but only what I tell it.
It should be "computers will only do what you or the manufacturers say." The ones who built the operating system also get a say in what your computer can and can't do, and the manufacturers have precedence over the end user... unless you have an open source operating system like linux, but why would you torture yourself like that?
Not gonna lie, in high school, I learned a teacher’s password. It logged us into faster, less filtered, WiFi. So I logged myself and all my buddies in. Never got caught!
I guess sharing the fact that you and they are doing something naughty is a good idea in order to not get caught cuz no one would tell to the teachers, which what went bad for sharing immaturely in Tom's case.
Now that its online classes I use a emulator and a VPN and log into the webex meeting and then I blast out music just for fun during classes while it seems like I already logged in and using a PC due to which they won't suspect that I did it
"The code you type in can be short, because they only last one minute each" That's actually not true... In fact it's one of the most common misunderstandings I encounter as a security tester! The fact that a code only lasts one minute is not going to help you against an attacker that tries to guess a lot of codes. If the attacker keeps guessing random codes (and the codes are short), the attacker is expected to hit the correct code quickly, even if the correct code changes every minute. What does allow for short codes is the fact that we can block the user's account after a couple of wrong tries. Passwords cannot be short, because we cannot block the user after a couple of wrong passwords. (Some sites do, but it allows someone nasty to lock the user out of his account by deliberately entering wrong passwords, so not a good idea). Multi-factor codes can be short, because they come after the user has already his entered his password - so it's not possible for anyone but the user to deliberately enter wrong 2FA codes. With one exception: when someone else obtained the user's password, in which case it's probably good we block the user's account.
"so it's not possible for anyone but the user to deliberately enter wrong 2FA codes". Except when somehow the Authenticator and the phone times are somehow not syncronized so you keep trying with the right code but in the wrong time
@@Dogelition Kinda sorta. There's usually a grace period involved where you could put in the previous or next interval's code, just in case the clocks are slightly out of sync.
This reminds me of the trope from movies, where all security uses just "one-factor" authentification. Either as a guessable password, an item that gets stolen, or a body part that got "hacked" and used as a key. I guess so many movie plots would not work if basic 2-factor authentification was in play.
I can think of quite a few movie scenes that had people both swipe a card/chip and also enter a pin, so two-factor very much was in play. It makes gaining illegal access harder but certainly not impossible. The one exception are usually biometrics, which are often considered safe on their own.
When you were talking about shoulder surfing passwords with your teacher, I did the exact same thing and got in trouble because guess what - I told my peers. Lesson well learnt and you literally spoke through me with that statement.
I have a friend who has tons of allergies. One of his allergies causes his fingerprints to momentarily disappear. Sadly, it's not an allergy to pineapple.
Tom the picture of the phone at 4:30 was really smart The video went live at 4PM, so if you watched it when it came out you were at that point at 16:04, the exact time on the phone This is why I love your vids
"they can't do what you mean" (7:42). When I was a young programmer, I was complaining about a stupid bug (of my own creation) that I was chasing, and my boss said "Oh, you forgot to put in the DOWHATIMEAN instruction", with a silly smile. Someday, maybe...
the shoulder-surfing of passwords is a mood. when i was in high school there was a password for the sign in system which was ridiculously short and simple. cos i was late all the time, i was around sometimes when the device wasn’t set up and once i saw the password a teacher typed in to set it up. i actually never used the power for evil, just to not have to ask for help when one of the two systems was logged out, but the moral of the story is that schools usually have bad passwords (this one was literally 3 characters and those were the initials of the school).
Think about it this way: the teacher (or whoever else) has to remember the password. Therefore the password has to be really simple, because chances are that teacher (or other staff member) is braindead.
@@DevinDTV Hopefully future generations will be technologically literate enough to be able to remember at least 2-3 good passwords. Also would be good to normalise long passwords and password managers and leave behind pointless password requirements like numbers, special characters or capitals.
My school used the same password for most of the non-personal accounts in Active Directory. Naturally, this was the name of the school. Fortunately for security, the Administrator passwords were (comparatively) more secure.
This video is a masterclass in story-telling and public speaking. Tom started off with Reagan and a tense situation with a nuclear crisis, hooking the listener/viewer. Told them all about how multi factor authentication works and concluded by giving closure to the original story, while also articulating the big takeaways and caveats.
I really love how composed your videos are. It's clear that you put a lot of work and planning into the words that you say, and it works absolute wonders for your videos. Great work!
You know he's still mad about getting in trouble in high school... We all have that one thing we did super long time ago that doesn't matter anymore but you still wish you didn't do it
Going to make 4 factor authentication. Finally, it won’t just be what you know, who you are, or how you smell. Finally, they will have to ask HOW you are.
Yes yes yes! Thank you for encouraging people to take security more serious! And doing what you do best, giving some history and explaining it well. Love your videos Tom 🙂
"Computers can only do what you say. They can't do what you mean, and they can't stop you from asking for terrible things. But at least they can be reasonably sure that it's you asking." ~ Tom Scott
Rewatching this video is so delightful because after understanding other technologies and their issues, in so many places that people are too concerned with MitM attacks or intercepted data or hacked phones/servers when so *so SO* many instances of theft or fraud were perpetrated under circumstances an automated system would be incapable of understanding weren't legitimate. Its a salient point in how we design security and how it fits in with society and its incentive structure and how...its not always compatible, and that no amount of patching or improvement will resolve a more fundamental shortcoming if its never acknowledged.
I worked at a retail store a while back and we had a fingerprint scanner as part of the sign in system. Didn't work all that well if our fingerprints got papercuts or similar during a shift...
@@Steamtostay yea, That's really inconvenient, isn't it. I always thought "oh fingerprints and face recognition, best security system" and I think it is, until you got cuts and bruises on those body parts
Heck it doesn't even need to have a cut or bruise. A small droplet of water or at the wrong angle breaks it. Lemme tell you, as someone who is nearsighted, face ID is great unless you're in bed without glasses on and the phone is two inches away. Face recognition is great; forehead recognition needs work. XD
"This story has something to do with your phone, I promise." You are a great storyteller Tom, I would never skip one of your videos simply because it doesn't concern me directly, and I'm sure most people here feel the same :=) I'm sure this was just a segue but on the off chance it has 1% of sincerity in it, better say it!
I actually watched the video of you attempting to remove your fingerprints. When you did the joke at the end with the stove you genuinely got me, so good on you Tom
1:48 I want to add something to the list of authentication"something you didn't know". Like "where are your keys". It's something you don't know, it's something you don't have and it is something you are: me, the clumsy guy from Brooklyn
“You spend most of your day telling a robot that you’re not a robot. Think about that for two minutes and tell me you don’t wanna walk into the ocean.”
this has nothing to do with this video but; Tom, you are an amazing person. the views, the information, the subjects, the research. Just everything is always so... you. impossible not to like, easy to understand, just very uhhhm stable, might be the right word. Keep it up with all the interesting work you have been doing these past 12 years on youtube and thank you for giving us a peek inside your mind.
Paused the video, turned on two factor authentication and changed my password to a stronger one. Thanks for reminding me to do it, been meaning to for a while now.
Great work, as always! You should do an entire episode on "Keep your mouth shut," because I'd love to see data on conviction rates resulting from bragging.
3:50 is something that is kind of already being done, Tom. Some companies are starting to use ML algorithms to track your keyboard and mouse behavioral patterns to identify that it is you that is inputting them. They usually use proceed to use phone identification when you fail that test.
Yes, I've had 3D secure authentication ask for an SMS code, and then ask me to type my email address with the way I typed it apparently being a form of identification
I always get the feeling Spotify ignores features that are requested by the community anyways. For example, why can I still not download one single song?
The bit about sci-fi writers brainstorming systems that know when a person normally is logged into a device has been investigated by corporate IT teams for several years. I feel like flexible work/work from home has actually added complexity to this potential solution.
This series could have been enough for the students of the computer science high school where I taught math this year to ace their finals. But, alas, almost no one had any interest in studying. (I write from Italy btw)
That's because many people went back to watching it after this video. So the algorithm knows it's a popular follow up. Scary? Maybe. But not mysterious.
I genuinely can’t decide what series Tom puts out is my favourite? Is it The Basics, or Things You Might Not Know or is it Amazing Places? I honestly have no idea which I love the most!
and streaming service like spotify, tidal, netflix don't have these. no wonder many of it's users (including me) complain about stolen accounts despite using separate emails and unique passwords.
my guess is that someone probably combined someone else's password with your username and added a few numbers and got lucky then. probably some kid trying to get a free spotify account tbh
We had a similar security token system in one of my former jobs. They initialized the token when you were hired and passed the background checks. Then the token started generating codes. In use you had to have your name, the tokens 8 digit code number at the moment you were logging in (changed every minute) plus your employee number and the secondary password you set up with the IT department after you were hired. The codes also only worked if there was a specific card installed in the PC and it was on the companies network.
Such a good video. Clear, well explained and easily understood. I'm going to do some coaching for friends and family on online security and I think I might make them watch this!
I used to have a debit card from my bank that had a digital display on the front that generated a six or seven digit number each time you pressed a button on it and that verified the card when using it online. It was so cool! I used to push the button and tell friends that the seven digit number was my bank account balance.
It's good to be back in the actual Centre for Computing History! They're still closed to the public right now for obvious reasons, but have a look in the description for a link to them and their fundraiser to help them get through the closure!
Time traveler
Big chonk
"4 days ago"
Why does this say 4 days ago if it just came out 🤔
If u unlist the video , then u can leave a comment for later
That truly is all we ever learn as children: Not “don’t do it” just “don’t get caught”
Exactly!
Or at least have a very good excuse for innocently doing wrong ready
I think that is the lesson that punishment entails. If you make someone suffer for doing something deemed wrong they just learn not to be caught.
I don’t quite get what you mean. We’re taught not to do ‘bad’ things are we not?
@@ayhamshaheed7740 It's what we are told but not what we learn.
"computers can only do what you say, they can't do what you mean"
i wish my parents would finally learn this
When i was watching the video (the last minutes) i scrolled to the comments and when i was reading it was synced with the video itself
@Squant Because parents (instead of grandparents) are now of the generation who learned that computers can't do what you mean. And now they're frustrated because the computers are BAD at guessing what they mean because we're used to being much more explicit than the average.
Didn't grandparents invent computers?
@@bartonseagrave9605 Their generation did. But that's like saying Werner Von Braun's generation built rockets, ergo everyone of that generation is a rocket scientist.
Parents can't do either
I swear Tom Scott is just that dude who can make you smile with a random fact any time
I know!
Yea
Yes!
OF WHAT?
day
"No way to check that the President wasn't ... being coerced."
I always assumed that there was not only a "correct" code on the Biscuit, but that there was also a coercion code, basically telling the recipient that "this source is compromised, disregard further signals from this source."
We had this at a safe in a store I worked. If you typed in a pin containing double zero it would open the safe but also send an alarm to the security company + the Police.
@@TH-camAdministrator we told you not to tell anyone!
@@ahreuwu *laughs in robbery*
ANGRC series crypto-radios (1970's tech) had a similar thing; lots of operator sequences could lead to auto-destruct!
Any one of a dozen combinations of control settings will release the magic smoke from all the transistors.
Hell, using the damn thing while driving on a bumpy road could start auto-destruct!
The paranoia around these things being compromised was intense!
OK, memory being what it is, it likely wasn't AN/GRC that I was thinking about...
@@pirobot668beta sounds very cool. Wonder how much equipment we have of these killswitches in today.
"Signatures can be forged" is an understatement. 99% of people who require a signature for anything have actually no idea what your signature looks like, and it's practically a formality.
Another bad thing about signatures is that yours changes over time. If they actually used them to verify identity, you could be denied even if it were you. I worried about this when I voted by mail in the last election. The signature on file with the election officials is from high school. My signature has changed drastically since then.
I can't even forge my own signature
Signatures and initials have moreso become a thing for those that are relevant, like when accepting a package from a delivery guy. If any of my neighbours go onto their app in case the delivery guy was too lazy to put in a card saying hey, it's dumped at this address they can see my NS with a squiggly line and know it's at my house.
@@YingwuUsagiri that's a ridiculously specific edge case and I wouldn't be able to tell you the signature/initials of half my neighbors
JOKES ON YOU MY SIGNATURE IS A LIL DOOFLE I MADE
"What I learned was 'keep your mouth shut'" - Tom Scott, telling a secret to his 2.9 million subscribers
And the lesson I learned was not 'don't do it', it was 'snitches get stitches' - Tom Scott, on the run from the Police, circa 2021
And it’ll probably be seen by more than 2.9 Million people
That is the actual secret. Know when to keep your mouth shut.
@@theophrastusbombastus8019 If it's "snitches get stitches" that is learned, it's probably not the police that he's running from.
Also, I'm picturing him running clutching his stomach running out that scenario.
@@hotaru8309 Have you been paying attention to the news lately?
"Some kind of nerd who wanted to learn something for fun" is probably the same kind of person as 90% of Tom's subscribers
me
Yep. This is why I posses a set of lock picks.
Exactly fits me.
Mhm.
That's exactly who I am
The great thing about computers: they do exactly what you say.
The terrible thing about computers: they do EXACTLY what you say.
Computers are the second dumbest thing that computer scientist have to deal with on a daily basis
😳
@Bounze You had to explain the joke.
It's like a douchebag genie who takes your words too literally.
@Bounze the number one being the users was implied. You kind of killed the joke by explaining the punchline.
Haha! I remember that pineapple video!
ahahaha hey cody
It’s really him!
I didn’t know if anyone else was going to! That was a while ago!!
Cody!
I watched it 10 minutes ago
"So the moral of the story is to not do the bad thing?"
"No. The moral is to not tell people you did the bad thing."
But what's actually moral is to avoid doing the bad thing altogether.
I thought of a bad thing i'd done that I had kept a secret and almost used it as an example here like a dumbass
@@arvaneret_329 but is just knowing a teacher's password a "bad thing"?
Dont do the bad thing and if you be bad and did it do not be worst and dont tell anybody
@@arvaneret_329 "It isn't illegal if you don't get caught" - A friend of mine from middle school
Three things:
1. Tom Scott is a genius story teller.
2. Whoever edits Toms videos is brilliant at their job
3. Tom Scott considers hacking fraudsters, scammers and MLMs on the same level, and like with many other things, Tom Scott is right.
Ah, the editor, William Marler. His work on Tom's videos is always great.
"3. Tom Scott considers hacking fraudsters, scammers and MLMs on the same level, and like with many other things, Tom Scott is right." - Indeed.
"You can't exactly change it, I tried once"
*Glasses-wearing, Pineapple-consuming, Long-haired war flashbacks*
YES!!!
pineapple on finger go brrr brrr
we are so lucky of having people like you in youtube
Dude ur the best PS4 theme ever
we are so lucky to have a cool goose like you here
@@opensourceslime8585no mate,. im just a goose
@@acoolgoose1782 I like chicken 🍗🍗
"Computers can only do what you say, they can't do what you mean" is probably my favorite quote now.
Damn computers just need to learn to listen better. I threaten mine with violence whenever it doesn't do what I want. Doesn't seem to accomplish much but it does make me feel better...
@@zwenkwiel816 Yes Mr.President, we found him do we launch the missile?
Many years ago my department manager had a poster behind her desk:
I hate this damned computer,
I wish that they would sell it;
It never does quite what I want,
but only what I tell it.
It should be "computers will only do what you or the manufacturers say." The ones who built the operating system also get a say in what your computer can and can't do, and the manufacturers have precedence over the end user... unless you have an open source operating system like linux, but why would you torture yourself like that?
@@zwenkwiel816 I'm hoping your computer isn't named HAL, otherwise you're going to be having some real problems.
"You can't exactly change it. I tried once."
Ah yes, the classic Tom Scott Pineapple Scrub™
I felt way too much pain watching that video
Yep, not worth the pain
*war flashback*
I was gonna comment this haha
Ah, a throwback from pre-red-T-shirt long-haired Tom Scott era.
Not gonna lie, in high school, I learned a teacher’s password. It logged us into faster, less filtered, WiFi. So I logged myself and all my buddies in. Never got caught!
hope your teacher doesn' see this comment
Thank you for the likes
How did you know? Might try it when quarantine is over
I guess sharing the fact that you and they are doing something naughty is a good idea in order to not get caught cuz no one would tell to the teachers, which what went bad for sharing immaturely in Tom's case.
You may have actually been caught by IT... but that doesn't mean they *cared.*
Now that its online classes I use a emulator and a VPN and log into the webex meeting and then I blast out music just for fun during classes while it seems like I already logged in and using a PC due to which they won't suspect that I did it
"The code you type in can be short, because they only last one minute each"
That's actually not true... In fact it's one of the most common misunderstandings I encounter as a security tester! The fact that a code only lasts one minute is not going to help you against an attacker that tries to guess a lot of codes. If the attacker keeps guessing random codes (and the codes are short), the attacker is expected to hit the correct code quickly, even if the correct code changes every minute.
What does allow for short codes is the fact that we can block the user's account after a couple of wrong tries. Passwords cannot be short, because we cannot block the user after a couple of wrong passwords. (Some sites do, but it allows someone nasty to lock the user out of his account by deliberately entering wrong passwords, so not a good idea). Multi-factor codes can be short, because they come after the user has already his entered his password - so it's not possible for anyone but the user to deliberately enter wrong 2FA codes. With one exception: when someone else obtained the user's password, in which case it's probably good we block the user's account.
good comment
"so it's not possible for anyone but the user to deliberately enter wrong 2FA codes". Except when somehow the Authenticator and the phone times are somehow not syncronized so you keep trying with the right code but in the wrong time
Also, not that it really matters, but the codes usually only last half a minute.
Thanks
@@Dogelition Kinda sorta. There's usually a grace period involved where you could put in the previous or next interval's code, just in case the clocks are slightly out of sync.
No rapid cuts, straight forward monologue, no music and minimal, informative graphics, that's why I love Tom's videos so much.
3:27 "I tried once" such a small statement for such a large story
Tom: * Talking about Nuclear Weapons *
*The Basics*
Yo bro!
@@arijitdas7526 Akihito Gang, let's go!
Ew, Akkey...
@@PageantNicholas256 oo... Houtarou Oreki kun.
@@arijitdas7526 how's ur bf Hiroomi, Akkey kun?
"Computers can't stop you from asking for terrible things."
Quit looking at my search history Tom.
Too late it's been leaked on the 'net, I'm reading it now! ooooo did you really buy those?! Cheeky! Hehe 😇🤣
@@smartroadbiker women humor
@@thetabs57 incel humour
You Can't change your fingerprints... I tried once
Pineapple flashbacks
3:27 look at the computer
@@dhpz Was this the reason that video was in my recommended? I was confused that I got such an old video recommended.
@@Tessa_Gr nah probably because a lot of people search for it after watching this video
@@dhpz well spotted
Try harder
This reminds me of the trope from movies, where all security uses just "one-factor" authentification. Either as a guessable password, an item that gets stolen, or a body part that got "hacked" and used as a key.
I guess so many movie plots would not work if basic 2-factor authentification was in play.
Well, that, or it'd just make the movie longer for nor real reason.
I can think of quite a few movie scenes that had people both swipe a card/chip and also enter a pin, so two-factor very much was in play. It makes gaining illegal access harder but certainly not impossible. The one exception are usually biometrics, which are often considered safe on their own.
When you were talking about shoulder surfing passwords with your teacher, I did the exact same thing and got in trouble because guess what - I told my peers. Lesson well learnt and you literally spoke through me with that statement.
“I tried once”
And we all learned that Pineapples are no good at fingerprint removal becuse of it
Even watching that video hurts me. It's too much pain.
They'll heal back no matter how you skin it
I have a friend who has tons of allergies. One of his allergies causes his fingerprints to momentarily disappear. Sadly, it's not an allergy to pineapple.
I watched that video a couple of weeks ago, but for him it's a distant memory from last decade. Feels weird
Sepehr Rz same, I don’t know why I could feel it despite never having done anything like that
Tom the picture of the phone at 4:30 was really smart
The video went live at 4PM, so if you watched it when it came out you were at that point at 16:04, the exact time on the phone
This is why I love your vids
For me it's 11am ;-;
I totally didn't catch that. While timezones make it not a thing for a lot of places, for the UK timezone, its freaking brilliant.
These easter eggs will forever be loved
It says 16:05 at 5:00 :0
It also is 16:05 at the 5 minuite mark and has today's date correct
"i tried once"
too many pineapples were harmed in the making of this channel
exactly one (1) Tom Scott was harmed in the making of this context
“You can’t change it... I tried once.”
Aye, I get that reference
tom's mild almost unnoticeable humor makes me laugh more than those over the top humorous stories
What I learned from this video: Tom was up to all sorts of mischief as a teenager
Watch the earliest videos on this channel! You'll be surprised
If a teenager isn't up to mischief, then they are doing it wrong. (Just as long as they don't go from mischief to crime.)
I think Tom was the "hum actually" type of teen, who hated everything concerning the big data
"they can't do what you mean" (7:42). When I was a young programmer, I was complaining about a stupid bug (of my own creation) that I was chasing, and my boss said "Oh, you forgot to put in the DOWHATIMEAN instruction", with a silly smile.
Someday, maybe...
the shoulder-surfing of passwords is a mood. when i was in high school there was a password for the sign in system which was ridiculously short and simple. cos i was late all the time, i was around sometimes when the device wasn’t set up and once i saw the password a teacher typed in to set it up. i actually never used the power for evil, just to not have to ask for help when one of the two systems was logged out, but the moral of the story is that schools usually have bad passwords (this one was literally 3 characters and those were the initials of the school).
Think about it this way: the teacher (or whoever else) has to remember the password. Therefore the password has to be really simple, because chances are that teacher (or other staff member) is braindead.
In my primary school the admin username and password was “j”
@@DevinDTV Hopefully future generations will be technologically literate enough to be able to remember at least 2-3 good passwords. Also would be good to normalise long passwords and password managers and leave behind pointless password requirements like numbers, special characters or capitals.
my school had the telephone number as the password♪┌|∵|┘♪
My school used the same password for most of the non-personal accounts in Active Directory. Naturally, this was the name of the school. Fortunately for security, the Administrator passwords were (comparatively) more secure.
This video is a masterclass in story-telling and public speaking. Tom started off with Reagan and a tense situation with a nuclear crisis, hooking the listener/viewer. Told them all about how multi factor authentication works and concluded by giving closure to the original story, while also articulating the big takeaways and caveats.
I really love how composed your videos are. It's clear that you put a lot of work and planning into the words that you say, and it works absolute wonders for your videos. Great work!
In today's episode: Tom Scotts's Editor Flexing his skills fpr 5 minutes straight
"graphics by William marler"
More like in every video
*for
It's just "Scott's"...
This isn't even one of the best edited videos
"You can't change your fingerprints. I tried once."
*Nam flashbacks to a Tom Scott video from over ten years ago.*
If you are not human...you can change your fingerprint.
@@cagedtigersteve i see that you are not one of the brightest
15 years
3:28 "I tried once". Tom, it's a good thing you remember that. Cause we certainly won't let you forget.
The lemon trick! Didn't work. I remember.
@@JessmanChicken86wasnt it pineapples?
Just wanna give props for doing this in a freaking one-take. Amazing work.
No retakes no weird transition, Tom did all this in 1 go. Mind blowing!
Gets done telling us exiting story about cold war era*
"Don't worry, I'll talk about your stupid mundane phone now."
3:27 Oh god the Pineapple flashbacks
I laughed waaaay too loud xDD
What video?
Watching that video made me feel his pain in my fingertips
what vid
The fact that it appears on the computer screen in the background makes it so much better
instructions unclear, now launching a nuke while guessing what 12yr old me's favorite drink was
@@aimu_1111 Same
@@Lilac_Dreams that heppened to me and now i dont even know the email to it because i made a new one
You know he's still mad about getting in trouble in high school...
We all have that one thing we did super long time ago that doesn't matter anymore but you still wish you didn't do it
One thing! my bloody list is in the hundreds, and I haven’t even finished school
trust me, as you get older, you'll regret more things that you didn't do than those you did!
I don't have any such thing
cough
Your seemingly off the wall or historical story lead ins are the reason I watch this channel
1:54 'password: CORblimey1926' a true British gentleman
oh yea...!
Wow, that's my password too!
1926?
Can someone explain?
@@Menon9767 blimey is a British expletive
It blows my mind that Tom Scott can somehow do this all in a single take. Mad respect
Tom: "If a spy gets your fingerprint, you can't change it, I tried it once."
Me: *long haired Tom pineapple flashbacks*
Finally! Someone else got it
LONG HAIRED??
do you mean: flashbacks of TH-cam algorithm being weird and recommending it to you five times over the past year
@@mohamedmusamustafa3324 not really but that could've been a possibility
@Buno the brains Can you explain that? I'm a relatively new subscriber.
Ive watched this video a bunch of times and I've just noticed the edit in the PET screen with the pineapple video. Great work. Kudos
Going to make 4 factor authentication. Finally, it won’t just be what you know, who you are, or how you smell. Finally, they will have to ask HOW you are.
Yes yes yes! Thank you for encouraging people to take security more serious!
And doing what you do best, giving some history and explaining it well.
Love your videos Tom 🙂
"You can't exactly change it. I tried once."
>pineapples still don't remove fingerprints.
"Computers can only do what you say. They can't do what you mean, and they can't stop you from asking for terrible things.
But at least they can be reasonably sure that it's you asking."
~ Tom Scott
3:28 Look at the PC in the background! The subtle Easter eggs like this are amazing
Rewatching this video is so delightful because after understanding other technologies and their issues, in so many places that people are too concerned with MitM attacks or intercepted data or hacked phones/servers when so *so SO* many instances of theft or fraud were perpetrated under circumstances an automated system would be incapable of understanding weren't legitimate. Its a salient point in how we design security and how it fits in with society and its incentive structure and how...its not always compatible, and that no amount of patching or improvement will resolve a more fundamental shortcoming if its never acknowledged.
"And if your fingerprint gets leaked ... you can't exactly change it. I tried that once."
The pineapple thing?
@@KrisMcCool yup
I worked at a retail store a while back and we had a fingerprint scanner as part of the sign in system. Didn't work all that well if our fingerprints got papercuts or similar during a shift...
@@Steamtostay yea, That's really inconvenient, isn't it. I always thought "oh fingerprints and face recognition, best security system" and I think it is, until you got cuts and bruises on those body parts
Heck it doesn't even need to have a cut or bruise. A small droplet of water or at the wrong angle breaks it.
Lemme tell you, as someone who is nearsighted, face ID is great unless you're in bed without glasses on and the phone is two inches away. Face recognition is great; forehead recognition needs work. XD
"This story has something to do with your phone, I promise." You are a great storyteller Tom, I would never skip one of your videos simply because it doesn't concern me directly, and I'm sure most people here feel the same :=)
I'm sure this was just a segue but on the off chance it has 1% of sincerity in it, better say it!
I read your comment three times... I can't understand what your point is?
Kind of cool that the time on the phone is 16:05 and that’s roughly the time this was uploaded and playing
This is a great video. Actually watching it as part of my curriculum at uni right now in Sweden. Thanks mr. Scott!
I actually watched the video of you attempting to remove your fingerprints. When you did the joke at the end with the stove you genuinely got me, so good on you Tom
1:48 I want to add something to the list of authentication"something you didn't know". Like "where are your keys". It's something you don't know, it's something you don't have and it is something you are: me, the clumsy guy from Brooklyn
2:50 You learned the correct lesson here Tom
“Be good, if not be good at it, if you get caught give them a name just not yours or mine”
“You spend most of your day telling a robot that you’re not a robot. Think about that for two minutes and tell me you don’t wanna walk into the ocean.”
Tod when is Elder Scrolls 6 coming out
You dork go back to the chess club
@@Don-ps2um after all the Skyrim ports are done. Or never.
Umm, I don’t wanna walk into the ocean..?
I'm a scuba diver. Walking into the ocean is as good as it gets.
In the mid 90s, my uncle told me "A computer is only as smart as you are." and the last part of this video reminded me of that. So thank you for that.
this has nothing to do with this video but; Tom, you are an amazing person. the views, the information, the subjects, the research. Just everything is always so... you. impossible not to like, easy to understand, just very uhhhm stable, might be the right word. Keep it up with all the interesting work you have been doing these past 12 years on youtube and thank you for giving us a peek inside your mind.
Correct, always so correct, that was the word I was looking for.
3:27
"I've tried"
That video is 10 years old🤣
Why am I slowing down the video to read the flashing password ?
"MakesSense!"
I was going to, but a bit too lazy
Wait, isn’t the pass COrblimey1926?
Can someone provide the timestamp?
@@thisrandomdude_ 2:03
I didn't need to slow it down to read that it wasn't that fast
Maybe it's because I already know the password
Paused the video, turned on two factor authentication and changed my password to a stronger one. Thanks for reminding me to do it, been meaning to for a while now.
I love the detail of when you referenced the pineapple video, the computer on the desk showed a clip of said video. Nice touch!
New title: Why Tom Scott is a great TH-camr.
2:51 According to my mum, the 11th commandment is "thou shalt not get caught".
it's only a crime if you get caught
@@whybob1930 engineer gaming
Tom, the quick dig at MLMs at the end... Bless you.
"I tried once"
*flashbacks to tom trying to get rid of his fingerprints using pineapple and sandpaper*
That was painful to watch
Great work, as always! You should do an entire episode on "Keep your mouth shut," because I'd love to see data on conviction rates resulting from bragging.
"The lesson I learned was not 'don't do it', it was 'keep your mouth shut'". Best advice ever. The more you brag the more likely you get caught
Summary:
Keep your accounts secure with more than passwords alone, because passwords aren't safe from Tom Scott
3:50 is something that is kind of already being done, Tom. Some companies are starting to use ML algorithms to track your keyboard and mouse behavioral patterns to identify that it is you that is inputting them. They usually use proceed to use phone identification when you fail that test.
Yes, I've had 3D secure authentication ask for an SMS code, and then ask me to type my email address with the way I typed it apparently being a form of identification
That’s just recaptcha
Now if only Spotify would actually add 2FA, five years after it was feature requested...
I always get the feeling Spotify ignores features that are requested by the community anyways. For example, why can I still not download one single song?
Gabor Sophie You can download a single song...
just use a facebook account for spotify.
@@gaborsophie3347 What's wrong with adding the song to a playlist?
Even if 2FA didn’t suck why would you want it for Spotify
The bit about sci-fi writers brainstorming systems that know when a person normally is logged into a device has been investigated by corporate IT teams for several years. I feel like flexible work/work from home has actually added complexity to this potential solution.
My phone (which I've owned for over a year) just popped up with a reminder to set up two-factor authentication while watching this video.
Subtle.
This 8 minute video taught me more info than a whole day in school
American schools... pfff... try Scandinavian schools bro xD you learn everything and no homework
This series could have been enough for the students of the computer science high school where I taught math this year to ace their finals. But, alas, almost no one had any interest in studying.
(I write from Italy btw)
For anyone wondering, the password at 1:55 is "CORblimey1926"
Keep your mouth shut $
3:27
Tom: "I tried once"
Me: *pineapple flashback intensifies*
Tom is seriously one of a kind! I love your videos Tom.
So THIS is why i was getting recommendations for how pineapple doesn’t clean your fingerprints, the youtube algorithm is a strange thing
3:27 a Tom Scott classic
Edit: Right after i saw the video TH-cam recommended the Tom Scott Pineapple Video. Scary.
Same 🤔🤔
That's because many people went back to watching it after this video. So the algorithm knows it's a popular follow up.
Scary? Maybe. But not mysterious.
@@dragoncurveenthusiast oh, I See.
" I tried once"
Getting pineapple flashbacks
You can’t change your fingerprints “I tried once”
Oh boy do I remember that video
3:27 That's a great bit of detail on the screen behind him during "I tried once"
I genuinely can’t decide what series Tom puts out is my favourite? Is it The Basics, or Things You Might Not Know or is it Amazing Places? I honestly have no idea which I love the most!
and streaming service like spotify, tidal, netflix don't have these.
no wonder many of it's users (including me) complain about stolen accounts despite using separate emails and unique passwords.
my guess is that someone probably combined someone else's password with your username and added a few numbers and got lucky then. probably some kid trying to get a free spotify account tbh
[tom]: hey, did you know, if you put your password in chat it censors it? see: *********
[me]: MakesSense!
hunter2 jokes incoming in 3...2...1...
hunter2
Did it work?
Yes remember that 🤣 type your password Facebook/whatever app you're using has a secret function that will censor it
OralCumshot
Lemme try!
dQw4w9WgXcQ
2:31 great. now I need to look over my shoulder to make sure Tom isn't stealing my passwords
This guy is so intelligent. Discovered this channel a while ago but I've learnt so much from his videos.
We had a similar security token system in one of my former jobs. They initialized the token when you were hired and passed the background checks. Then the token started generating codes. In use you had to have your name, the tokens 8 digit code number at the moment you were logging in (changed every minute) plus your employee number and the secondary password you set up with the IT department after you were hired. The codes also only worked if there was a specific card installed in the PC and it was on the companies network.
"I told someone else that I'd done it."
"The lesson I learnt was don't tell anyone."
Been there my friend, been there
Such a good video. Clear, well explained and easily understood. I'm going to do some coaching for friends and family on online security and I think I might make them watch this!
I used to have a debit card from my bank that had a digital display on the front that generated a six or seven digit number each time you pressed a button on it and that verified the card when using it online. It was so cool! I used to push the button and tell friends that the seven digit number was my bank account balance.
"The lesson I learned was not _don't do it_ , but _keep your mouth shut_ " Cheers for that tom mate
Briefly having the monitor in the background "play" the pineapple video when you talked about falling to remove your fingerprints was a nice touch!