Lockdown Your Accounts! Best 2FA or MFA FIDO U2F Security Keys
Vložit
- čas přidán 1. 08. 2024
- We've been thinking alot about internet security lately. Sure, we've got an amazing way of creating unique passwords for our accounts that don't rely on storing them in a web-browser BUT we're still human so breaches will still happen.
So we decided to buy as many keys that would fit into our workflows and came to the conclusion the products from Yubico were the best:
Best Yubico Key for iPhone/iPad users: Yubico 5 NFC (mreh.ca/3thZD5T)
Best Yubico Key for Mac heavy users: Yubico 5Ci (mreh.ca/3liFVo2)
If you need a straight up USB-C key, the HyperSecu HyperFIDO (mreh.ca/2OwbuhV) is the cheapest and get's the job done.
Best Cases for the iPhone: • I Bought/Tested Over 6...
Best Multi-Chargers for the iPhone: • I Spent Over $1000 On ...
Honestly, Yubico has gotten it all figured out. Being able to use their keys as stand alone 2FA/MFA keys OR with their authenticator apps allows users the maximum flexibility when it comes to securing your accounts.
For example, if you get the HyperFIDO key, you can't really use it with Facebook because they only use an authenticator app. So you're stuck with an app that ~could still be hacked. With the Yubico Authenticator, the secret keys are actually stored on the key so nobody can get at them through the app. Seriously smart.
In this video:
0:00 Intro
1:06 2FA/MFA Basics
3:19 How we choose our review products
4:12 Hypersecu HyperFIDO
4:49 Google Titan Keys
6:55 Yubico 5CI/5 NFC
8:43 These Keys Are Annoying
11:41 Aaron's Secret Password Key
-Basics of 2FA-
2FA stands for Two-Factor-Authentication and a service that uses 2FA will basically ask you to provide two different passwords instead of the usual one. The first password is usually the same password that you use for both your bank account and that cat meme website. The second password is a one one time password that’s generated by a machine or server and is different every time.
The method of 2FA that we’re all familiar with is the on-demand version where we’re asked to click on a link that’s been sent to our email or phone. The biggest downside is that our emails and phones could be spoofed and bad actors get to see all our secrets.
A step up from (from our perspective) is the soft token which requires you to use an authenticator app. The service will generate a secret key, which you’ll usually scan into your authenticator app and that key is used to generate a random number that expires after 30 seconds. The biggest downside from our perspective is that the secret key could be stolen from the service or from your device which means a bad actor can easily claim to be you.
Hard tokens are basically physical devices that generate a OTP. The most common hard token is the key fob. The key fob has one job which is to generate a random number based on a secret key that matches the secret key on the service. This method is more secure than the first two as the key fob is physically removed from the internet and the OTP can’t be intercepted by a bad actor. The biggest issues from our perspective is not loosing the fob.
Now an evolution of the hard token are ones that are come with Fast Identity Online Universal Second Factor or FIDO U2F. All the authentications required occur on the key so there are no OTP’s that can be intercepted by bad actors. The biggest drawback from our perspective is the possibility of loosing the hardware key which we’ve gotten around by having to BUY 2 keys which, depending on the model, can get expensive quick.
In this video:
0:00 Intro
1:06 2FA/MFA Basics
3:19 How we choose our review products
4:12 Hypersecu HyperFIDO
4:49 Google Titan Keys
6:55 Yubico 5CI/5 NFC
8:43 These Keys Are Annoying
11:41 Aaron's Secret Password Key
-----------------------------------------------------------------------------------------
Subscribe to stay in the loop! We release 2-3 videos a week so there's going to be something new every week. We're all about helping you get the most out of iOS so click Subscribe!
WEBSITE: www.mobilereviews-eh.ca
T-SHIRTS: mobilereviewseh.spreadshirt.com
PATREON: / mobilereviewseh
INSTAGRAM: / mobilereviewseh
TWITTER: / mobilereviewseh
AARON: / aaron_the_ho
FACEBOOK: / mobilereviewseh - Věda a technologie
Please, don't use personal information in you passwords. This information is way easier to get than you might think. Use a password manager and generate them randomly, that's the only way you can assure that your passwords are safe
There are hundreds of sites: for low level sites a hash password like he describes is a good option, for higher security use truly random numbers that you cant remember in a password manager, and use key based 2fa for that password manager and the sites that support key based 2fa
Let’s vote for sunglasses free reviews. 😎
Your reviews always help me decide what to do or what to buy. Well done. I'm a fan!
Excellent content! And TY for not selling these keys and just getting to nitty gritty of the critical details.
Love watching these videos with Val in them! 😍
Use a random password generated by a password manager or use unique long text phrases (don’t quote books, movies, tv shows, etc).
The last part: USE THE PASSWORD MANAGER, don't follow the tip in the video for password
Unless you’re a high value target an Authenticator and password manager that can generate passwords is all you need
but if a password was leaked somewhere, then hackers could easily reverse engineer your password to know all the other ones. the chances that one of your passwords was already hacked are very high. if 2 of your passwords are hacked. if 2 of them were hacked then you it will be even easier to find the other passwords.
Amazing Video, I Really Enjoyed It, Thanks For The Heads Up On Creating Passwords. Thanks Again
Love this show, where can I purchase extra long apple series 6 straps please?
Love your content man! Have you ever tried hydrogel/TPU screen protectors? How do they compare to Tempered Glass? Thanks so much
if each one is different it would be nice to have a way to remember which one is for which.
Super cute dog!
When I make a password I simply press every key on the keyboard or let my brother do it as he usually loves to mess stuff up on my laptop
Video’s incomplete without monty
He’s in the corner
Great content
Cool. Subscribed.
Can you please do a hardware durability test with these?! I am reading all over online that (at least the Yubikeys) are water/crush resistant but I can't find a single video testing this theory. It would be a great science experiment and I'd buy one through your Amazon link if you did :) LOL 🤣
I can tell you for three years now I have carried a yubikey for work and use it probably 15 - 20 times a day. Its held up like a champ so far, definitely looks used but works as well as the day I got it
Hey! I dont know if you will see this but I love your videos and I have one question! Will the Flo lab series 6 Apple Watch screen protector work with the Rhino Shield CrashGuard case?
Could you please review the mous 4.0 case? For the iphone 12 pro max... i wanted to know if it is better or worse than the 3.0.. will appreciate it a-lot thank you!
You guys are cool!!! Does Val wear shades indoor all the time?????;)
Good vibe and I like the production values of your videos. Question: would using this kind of physical key work in conjunction with a password manager, as an extra level of protection?
Dig it. I train staff on this stuff all the time.
Can you review the Whoop please that you both wear. Thanks.
Will you be doing a review of the Whoop you have there?
Great tips. I like the password algorithm you use, but have you ever ran into a scenario when the service forces you to change your password and sees that your new password is to similar to your old one and refuses it? Most of the time it will just realize the
“(numbers) device name (special character) number”
and refuse unless you rearrange it, but that will break your consistency across all platforms then.
Love this.. learnt something new today.
7:45 can’t you set up a shortcut/automation to counter act this particular obstacle or nuisance?
Could you use titan security keys on a microsoft account? Thanks in advanced!
Man, it,s almost uncanny:
I’ve been thinking about getting a YubiKey for a few days and here I see a video by one of my favorite channels about - exactly that!
Thanks a lot again for making those awesome and informational videos!
I would get the Yubikey but it seriously needs a waterproof cover to be any use to me. I don’t get why they wouldn’t have that, even my cheap fountain pen has a waterproof snap cap.
If the authenticator app is tied to your phone and you phone is lost or stolen, or dead battery how can you access your accounts with out the 2FA key?
No Monty, no thumbs up. That's the law.
He’s in the corner
Hey sorry this is off topic I looked through your videos and can't find anything. On your left wrist what's that opposite of the Apple Watch on the inside of your wrist? Thanks!
I saw on my new hp set up instructions booklet and it says it has a nfc thing on the trackpad. Does anyone know why or how this is used?
trying to memorise your passwords for dozens of sites and applications is a bad idea, and using a formula to create mnemonic passwords is not very safe. Far better to use random passwords from a password generator, and keep them in a password safe, then you only need remember the password to the password safe.
Val has such a beautiful smile!😃
She’s got Supersaf styling going. Nothing wrong with that.
Love Canadians🥰
Let me make sure I understand this. You made a video to give other people, security advice, and then at the end of the video you told us that you trust safari browser with all your passwords instead of at least using a separate password service? Do I understand this correctly?
Does it have to be a Google brand or can it be any Titan Security Key?
yoo wait did i spot a toastmade wood skin on that 12?
I still use Safari Password Manager 🤔
4:03 I just realised, this man's right hand is bigger than his left...
When memes become reality:
XD
What’s that Apple Watch band? 👀
Only when I see that cartoon dog, I realized the cartoon female character is probably Val.
Get a password manager. Don't make up a system:)
If you aren’t self hosting a password manager theirs no point
add a few spaces in your password as well
they need to make the nano yubi key be able to stay pluged in and still be able to charge your phone!...to make it practical
@ 6:13 FYI - The problem I ran into with this again is google documentation, and removing a device google thinks you still have after you have sold it, swapped it out (Warrenty claim) or lost it. Even using a soft token google sometimes asks for a second verification in addition and thinks I still own my iPad Pro that I sold.
The Google’s new 2FA approach (asking you to confirm yourself from another device) is terrible: 1) it cannot be disabled 2) if you phone is stolen you have lost your Google account 2FA. Even CZcams app acts as a 2FA now, and you cannot do anything with it. Also I have CZcams under my account on my daughter’s iPad, if it is lost, my Google account is exposed.
I'm not 100% sure, but I think there is a way in which you can go to your security settings on your Google account and it generates about 8 or 10 sequence of numbers (keys) as an 2FA. You can print it or save it and keep in somewhere to use it whenever you can't use the other method you mentioned. Each of these keys can be used only one time and I think you can generate new ones if you use all of the previous. Facebook have (or had) this same method.
@@henrique392 yes, those are Google's back up codes. I change them when I change my password and then destroy the old ones. But also, you can have more than one android phone on your account for 2FA. Which is important because if you lose a phone you want to use the find my device app to lock down your phone and then erase it if you can't find it right away and then make sure to go back into your Google account and change the password and remove the lost device from your account. Then call your cell carrier and report your phone lost or stolen to shut down your sim and transfer your number away from it.
I just use a password manager for my passwords. I don't have a secret key.
Have you guys considered getting sponsored content unrelated to tech and the products you review? I feel like in the current YT landscape there’s really nothing wrong with sponsored content but I understand if it’s not something you want to explore as a USP of your channel.
what about sim swipe scam i think yubikey will protect ..???
Why not just use a Password App?
Why does Val always wear sunglasses indoors?
If I'm to guess it's because people always make creepy remarks about her
@@lyric668 has she ever shown her face before?
@@SsShadowbaneSsS Yeah she did in a previous video and there were a handful of people saying how beautiful her eyes are. I'd go back to hiding them too if anyone were like that to me
@@lyric668 OMG people were saying her eyes are beautiful??? THOSE ANIMALS!!!
@@chadh6855 fyi, he has shown her face in past videos before. This is what happens when you speculate without research.
Nice Mustache!
Where do you get those drinking glasses
icloud and apple id still do not support yubikeys or u2f, correct?
Poor guys, I bet he cries deeply when there is a password breach and then he must come up with a new method for his new password.
My passwords are at least 48 character long and no I don't type them. I hate some services still forcing us to use passwords no longer than 8 character. E i g h t fcking characters come on.... Arghh
........the only thing i learned about this was that none of these are ready for my use.
I use Apple keychain
Bad Actors!! And something about security keys.
You forgot the password ???????? don't you use Lastpass?
bro sorry, but you don't need internet for TOTP, that's why it's totp with basic servers you need a connection to the internet to set i up and then you are free to go
And device that generates that totps is even better than hardware key, because it's harder to extract something from software than hardware.
I enjoyed the video, but to have a truly well rounded review of hardware authentication devices, you need at least one open source product, because for some, closed source products are not an option. The connector also seems arbitrary (besides NFC), there are adapters you can buy for under 10$ for every connector.
When reading advice, I take two or three stars off from people who don't know the dollar symbol precedes the dollar amount.
@@Vector_Ze This may be one of the dumbest things someone has ever replied to me with.
@@spaghettienforcer4896 My guess is, that means people usually don't see your comments worthy of reply.
Please, completely disregard the last but about the "smart way" to create passwords. Just use a password manager like 1Password, Dashlane,...
Best internet couple!
There not a couple she a friend that helps him with all the hard work of videos and reviewing
@@lck4579 Nah, I don't buy it.
@@Erickchicas dude they are not a couple, he already has a wife and she already has a husband. In his previous videos he mentioned it. Even if they're a couple which they aren't, why is it a big deal to you?
@@chadh6855 His wife has a job and maybe she doesn't like to be in video so.
@@alphaomega9387 Nah, not buying it.
Objectively password length is important *almost* above all else. The most garbage looking password is practically useless if it's only 8 characters.
It's important to remember that passwords aren't guessed through login attempts (easily rate limited by the service provider) but instead leaked databases are hammered with millions of password permutations per second. - If your password is in that database and the company didn't take proper security measures, the only thing that matters is length.
Also, don't forget, we're still on an exponential computing power curve. So just because your 16-20 character password cannot be brute forced today, doesn't mean it safe from the computers of tomorrow.
Hi
Those dark glasses WHY???????????
I’m hearing all this vibe about these keys. This is all new to this 78 year old fart here. Instead of show me what keys are out there, can you explain where and when I would use one. Somewhere I read that the only time I would use a key would be to enter into my Apple account. Is that all they do? You talk about using a key to replace a password. I have something like over 100 various passwords. Does one key replace all these passwords or is it only a place to back them up like backing up your pictures on a hard drive?
Sorry about all these crazy questions. But, that’s how one learns.
😊👍🌹
A security key from google... I laugh any time I hear that for some reason 😂
Google is actually great at security, privacy is the one you should be concerned about LOL 🤣
@@VPC right.
This is all too confusing. I'm just gonna get hacked because that takes the least effort.
Google - yuk!
Guys can you please please review lingerie❤
I'm trying to figure out HOW this is a review... Basically listing the product with little background on the company. Nothing on durability of use. No OSS. Waste of time.
I used to work a customer server job and told my customer always if you create a new password due to hacked account at our service. If you always use the same password like: monty2008 do this instead : monty2008_FB for Facebook Monty2008_Twt for Twitter. Then at least the hacker can’t just copy and paste your password and adding a extra special character and 2 or 3 letter make it way harder and cost more time to hack it.
The password creation recipe is unsafe advice, please please please don’t do this. It’s only slightly better than using the exact same password. If any of the services you use suffer data loss the only thing keeping all your other accounts safe is hoping that someone can’t figure out your rules (and they absolutely can if they want to)
Favorite part about this video is mounty getting to rest.
1. Really wish this video wasn't so focused on iOS devices. I'd like to know how well the yubikey works with Android and this video didn't touch on that at all.
2. The password generation advice is terrible advice. Use a password manager.
Google security is an Oxymoron
Are they dating? Lmfao
Just a way for government to make more money
Too many goofball antics and comments.
ALL proprietary designs - sorry dudes try again :-(
Is that lady’s job literally holding product on camera for 10 second per video and make two three cringe jokes ? 😂 yeah sure “co-workers” lol
Favourite password: 114514
oooooh I like that one
Sunglasses ?????? Not good!!!!!
your password management technique is terrible :)
Val’s favourite password likely ends in digits “69” 😜
You should have at the least checked which are opensource and have been peer reviewed - unless your intention was to sell crap filled with built in back doors and spyware...
The “banter” doesn’t work. Sorry.
Your joking around I find annoying. You're dealing with a serious subject and this comedy routine is distracting.
Can you please help me! My Facebook and Instagram have been hacked and I have just received my Thetis key and don’t know how to use it to unlock my account please help me or my Facebook will be deleted November 18th!!!
Hi, since watching this I see this great looking device, maybe you should review it, for the money I think it’s awesome TrustKey G320H