Two Factor Authentication Explained | Go Incognito 3.5
Vložit
- čas přidán 8. 05. 2019
- Welcome to Go Incognito, a full guide to security, privacy and anonymity. This is lesson 5 of Section 3: Two Factor Authentication (2FA). This lesson will cover several methods of 2FA, as well as which are best at protecting your privacy and security. Some topics covered are Authy, Google Authenticator, other standard 2FA apps, proprietary apps like Symantec VIP Access/Duo, and the dreaded text SMS two factor method. Lastly, physical forms of 2FA are an option covered as well. Use multifactor authentication to strengthen an already strong password.
Thanks for watching the free version of the course - Go Incognito Premium has no ads, includes quizzes & guides, hundreds of improvements, a certificate, and much more! Support our mission & join the premium experience: techlore.teachable.com/p/go-i...
To access the sources, changelog, GitHub repo, and more, visit Go Incognito's Homepage: techlore.tech/goincognito.html
🔐 Our Website: techlore.tech
🕵 Go Incognito Course - to learn about privacy: techlore.tech/goincognito
🏫 Techlore Coaching - to get direct support: techlore.tech/coaching
💻 Techlore Forum - to connect with other advocates: discuss.techlore.tech
🦣 Mastodon - to stay updated: social.lol/@techlore
We cannot provide our content without our Patrons, huge thanks to:
BRIGHTSIDE, Clark, Ente, Larry, Afonso, Boori, Brad, Casper, Cookie, Floyd, JohnnyO, kevin, love your content, NotSure, Poaclu, x
🧡 Join them on Patreon: / techlore
💚 To see our production gear, privacy tools we use, and other affiliates: techlore.tech/affiliates
💖 All Techlore Support Methods: techlore.tech/support
#techlore #incognito #2fa - Věda a technologie
Thanks for tuning in to Go Incognito! 🕵️♂️
1) Go Incognito Premium has no ads, includes quizzes & guides, hundreds of improvements, a certificate, and much more! Support our mission & join the premium experience: techlore.teachable.com/p/go-incognito
2) To access the sources, changelog, GitHub repo, and more, visit Go Incognito's Homepage: techlore.tech/goincognito.html
3) To order Go Incognito merchandise, visit our Privacy Shop: teespring.com/stores/techlore-merch
4) Go Incognito is offered for free thanks to all of our supporters. Support Techlore and our mission today: techlore.tech/support.html
Ideally nothing? Brave is meant to be out of the box ready to go. If you want something that’s hardened, go to Firefox.
I have two questions. The Prism-break site says that you should not use Authy with a two-step app, why is that? prism-break.org/en/categories/android/Firefox add-on says that Ghostery should not be put, why is it? prism-break.org/en/subcategories/android-web-browser-addons/
Want Your Views on Aegis Authenticator
If Possible compare Aegis Vs AndOTP
Great video! I’ve been subscribed for a couple weeks now and I am really happy with the content!
I literally love your channel. Such amazing content. Keep it up!
Hands down one the most informative security video series on the internet, that is also easy to understand.
Love the changing backgrounds to indicate how hardcore the methods are!
Keep it up, your content is unique!! ;D
2FA is very important. I learned a lot from this! Awesome video man! Love the videos
Thanks man!!
Thanks for the video!
I knew this was coming because I saw the thumbnail at the end of your last video :)
Nice work H
Hello. What is your opinion about app based 2FA like Google Authenticator vs Prompt style 2FA. Wondering if any of them is different enough in security level or they're pretty much the same. Thank you.
Thanks a lot 🌹
You're welcome 😊 Thanks for all your nice comments!
My biggest issue with 2FA apps is that a lot of online services require that you give them your phone nombre to enable 2FA with an authenticator app. I’m not comfortable with that.
What sites do this? I haven’t really experienced this issue.
@@techlore Yahoo.com
Twitch
Excellent video! I had SMS and thought it was the same as an app like authy etc. . I just got messages to my phone and typed in the two code numbers and got access to my account. No QR code since I was on my laptop typing the numbers in to the sms box.
Handsomest CZcamsr ever!
You need also to talk about, what happen if your loss your phisical 2FA, Recovery codes?, where you store that codes?, in a password manager, encrypted in a cloud drive?, paper?.
how does the website know the code displayed in the auth app is correct? how is that synchronized?
Any recommendations for a MacOS 2FA app? Like Ravio for mac?
Your information is appreciated and valuable but I need to (see you using & setting up the app) - andOTP . I have no clue and completely no understanding of how this is supposed to work. I learn and understand better visually as opposed to reading or hearing. AND how will I be affected if lose cell ph after andOTP is set up ? PLEASE make video.
I agree sir.
Plus you can encrypt the file. Via open-pgp or AES.
It matters which 2fa app you choose. Authy is not a good choice, it's closed source, it requires a phone number, there is no way to export 2fa codes for backup to usb memory stick, etc so if authy stops working over day you loose access to all your accounts.
nice vid. but still dont get, how these FOSS 2FA work in principle. when for example using google 2FA and i want to login into google, then google sends me a sms code, which they can confirm once i login with this data. how can a "3rd party" app like the FOSS ones give me a 2FA code, which google recognizes, if the code does not come from their app/side? thx
Any tip on how to store backup codes for Authenthicator Apps? I'm worried about paper backup codes in case of a fire or something like that.
Store them in an encrypted file, and backup the file. 2 good options are your password manager's database, or a Veracrypt file container
What happens if we lose our phone or the software gets deleted? Or we don’t have our phone with us? Say I went to another country I forgot to take my phone with me?
True, that's why I haven't use it yet, I would like another alternative
Regularly changing passwords isn’t even advised by NIST. It can easily make it even less secure than to set a very good one for multiple reasons
Which 2FA is better? Code via email or an app (Google authenticator, etc)
App
yubikey also offers a 2FA app: Yubico Authenticator. This requires the yubikey to have the 2FA accounts loaded onto the usb key, and a password to unlock the key to access the keys.
The only problem with code generator apps is that if you have to reset your phone or you get a new phone, you have to jump through a bunch of hoops to get the 2FA setup on the new/reset phone.
Not really. Apps like Aegis & AndOTP have export/import functions which transfer all 2FA codes in a few minutes tops. You should actually export/backup your keys so you don’t lose them with your phone.
Authy took like two minutes for me when I was changing my phones.
5:07 - Is Authy really FOSS?
Not fully no. Check the changelog later tonight.
Best place to store backup codes?
No “right” answer. But I personally store them in a text document on a Veracrypt encrypted container.
Techlore Can you show us step by step on how you do this?
Here's my guide on creating a container:
czcams.com/video/C25VWAGl7Tw/video.html
Just move a text document into a container and you're good.
Can't find your telegram community link anywhere.
We don't recommend Telegram. We have a forum (recommended) and Discord. Let me know if you'd like those links!
@@techlore Got forum in your site, thank you for the community man.
OTP Auth, not FreeOTP
6:20
always make sure you have at least 2 devices/2 ways as second factor.. so many dumb people eg have 1 single iphone and then lose it and lock themselves out of their account for a month.
'Dumb people' of less technically skilled people? How could they know? At least now they know.
Yes, although that’s why you save backup codes, I’ll add this to the changelog. You could argue having two devices with the code is less safe though...as jeopardizing one of two devices leads to direct access to your 2FA code. The purpose of 2FA is ONE point only you have control over. Having cloud backups of 2FA codes and several devices lowkey lessens the purpose of 2FA. I’d argue less is more, just make sure to save backups!
You have to remember security is about layering. FIDO Keys, Software Authentication, and Backup Codes. Like he said, SMS should only be used as a last resort.
FIDO Keys are great because all the online accounts I tried it on. Accept more than one key. So that means backups. Buy as many as you can afford and scatter them.
Man you are correct. Most of these people have money and time to set up all their recovery factors. Yet make no effort to do it.
@@IgnoreMyChan I am inclined to agree with him. Apple gives you to avenues of authentication. Two-Factor and Two-Step Verification, in my experience there are two types of Apple Users. IT Professionals and lazy users who think they are secure because they spent $2000 on a phone! When a $200 to $400 could do the same stuff.
support.apple.com/en-us/HT204152?fbclid=IwAR2-vw6Hcd3kCnKG4syYPMReF_uvVphn5ZOeAyR8ss8vxRUKchRKlLNWsNk
The problem free p, paid, or open source. It does not matter most users are lazy.
I knew one Apple user who used SMS. Had no recovery email address. Had security questions. Nothing. He came to me for help. Again, most users do not care at all. Apple makes it easy to implement basic security.
I'm Dutch and my government still uses SMS-2FA if you want to log in to platforms for civil affairs… I wonder which stupid ass is responsible for that. In any case, it just shows that not everyone is aware of where the risks are. Unbelievable that this is still happening at this level.
Ooo
Aaa
@@techlore Thank you for that
What about aegis?
Aegis wasn't available when we made this video, but we do recommended it!