👍🏻 ‪That’s why most of the time when we set up 2FA the give us back up recovery codes to keep safe somewhere‬ ‪i like @Authy because its multi platform ‬ ‪ios , android , windows , mac , linux‬ ‪it comes with backup password , so we can activate on any platform ‬ ‪sim pin for banks sms 2fa‬ not ok with biometric as in my opinion it should strictly for banking or govt. purpose sometime back iCloud was hacked and a celebrity lost all photos biometrics like fingerprint may be stolen too

Elon Musk recently alerted Twitter users that the phone SMS 2FA will be discontinued, and can only be used by Twitter Blue subscribers, and recommended Google Authenticator. I heard that Google Authent is not good to use. Do you have a recommendation on a good option for Twitter? Maybe do a video about this since this just happened and many are talking about this?

Pardon me, could you possibly help me solve my problem? USDT TRX20 is kept in my OKX wallet, and my phrase is (clean party soccer advance audit clean evil finish tonight involve whip action). Could you tell me how to move it to EXMO or OKX?

I agree.

yes, it's strange not all banks require 2FA for online banking. I know a credit union that uses your account number as the username which I don't think is a good idea

@@davinp The reason why bank accounts stick to apps instead of security keys, is that no security key can advertise you a bank loan ;)

I would say it depends where you live. In Croatia banking apps have really good 2FA or MFA systems in place. Even before apps for smartphones (with “m-tokens”) came out, e-banking authentication was done with physical token devices or e-card readers. Even now you can obtain those modes of authentication only by going in bank and it’s one time setup. If battery dies on token/e-card reader or you lose a phone. You need to go for setup in a bank. Tho you can reactivate m-token on phone app with physical token device or e-card reader.

When you think about it they need to be, Most Google accounts contain everything from passwords, locations, pictures, payment accounts, notes, etc. Someone hacks your bank account they take your money. They get into your Google account and they have access to your entire digital life.

That’s another great method of backup.

it’s not great if your photos are automatically stored in the cloud unencrypted…

Excuse me, can you please help me out with an issue I’m facing? USDT TRX20 is in my OKX wallet, and the recovery phrase is (clean party soccer advance audit clean evil finish tonight involve whip action). Can you help me transfer it to EXMO or OKX?

I’m not aware of the legal requirements of biometrics, but I completely understand your hesitancy.

Wrong, you are talking about police can’t force you to give them your finger prints or DNA without probable cause. That is usually for criminal investigation to prevent evidence become invalid in court, because anything not obtained legally or without the person in question’s permission in inadmissible in court. Its not about your rights and It doesn’t apply to situations like you agree to do it in bank or on your device setup for your own account’s security purposes.

@@ygt-cd3mg and yet it happens all the time. They can and will unlock your phone by holding it up to your face, or lying and saying you have to give them your fingerprint. There's no 5th amendment protection against being forced to use your biometrics. There is with a password.

@@BB-nn9en ok don’t misuse the law you heard but don’t know what it is. The core of 5th amendment is to prevent self-incrimination, which means if the police get your biometrics unlawfully aka forced you, then its no-longer court admissible anymore which means anything they found on your phone after that is unusable as evidence in the court of law. Same way, they can’t get your DNA without your consent, they can’t just push you on the chair and force your mouth open and swap your mouth.

unlocking devices and transfer money by fingerprint of drunk or unconsciousness person is easy-peasy and constantly practiced. Biometrics are not your.

Please explain further? What is the dumb phone for?

Amen!

The workaround I have found to circumvent services which only allow SMS 2FA or which do not allow to remove that option is to use a phone number such as a Google Voice number which is not tied to a real SIM Card, then ensure I also protect the Google account associated with the Google Voice number using a strong 2FA method.

Did they mention what kind of 2FA authentication was used? Cause I know that sms 2FA is the one that is easy to get around by just sim jacking to get the text

Often it is the session Cookie thar gets stolen. No 2FA will help in those cases, as they must be valid for some time...

The problem I've heard is that sometimes the people at the carriers sometimes get careless and still hand out sims without verifying

I agree with you. I think it’s a leap to assume that it’s common for people to have their PW database broken, but even still, it’s better to use a different device.

While you're right, it's still better security than sms or no 2FA. Using 2FA on a separate device can be a real hassle and will discourage the average user from doing anything. I'll get around to trying a Yubikey at some stage (although my key ring already jangles like a gaolers) but until then, I think 2FA codes in a PWM is an acceptable tradeoff.

It's true if you use an online PM but if you're using an offline one like Keepass and the password is different from all other password and also using somthing you have such as a key file or hardware key, it should't be a problem at all.

On my phone biometrics is an option. If I lost my finger I could just type in the password, the fingerprint reader just makes it faster. If you are using biometrics for 2fa, you can set up other options like an authenticator, and yubikeys. Then you would have 3 ways to get in.

Most 2FA, including biometrics, can and should be backed up by codes or seed phrases that allow for account access. Even Apple allows you to set up a “Legacy Contact” who can access your account after death.

Yes, access by trusted individual if something should happen is critical.

I would like to see more about preparing for legacy contacts and end of life issues

Yea, that's a good idea if you can. Thanks, David!

Security keys. I carry NFC YubiKey 5 on my key-chain and it's extremely convenient. For the backups I have a passord-protected TOTP app (andOTP) (if the website allows multiple types of second-factors).

@@pasikavecpruhovany7777 Thank you!

Yup, same answer. The security key is good.

My pleasure!

If you set them up at the same time, sure. But it’s difficult to export from an existing Authenticator app to a password manager after the fact.

@@AllThingsSecured Gotcha, I just meant the backup password that you can generate with Authy

There are secure backup options (seed phrases kept in a vault, password manager emergency contact, etc.) that mitigate these risks.

I was really stressed when I lost access to my business account and nothing I tried worked.

I contacted their customer service several times, but it felt like talking to a wall. It was incredibly frustrating and almost made me give up.

Got *sykes coding* n they fixed everything in just a few hours

It's such a relief to know there are experts like him out there who can help when you're stuck.

*sykes coding* really knows their stuff and made the process so easy.

Secure sometimes isn't convenient. Trust me - your life is not going to fall apart if you lose your 2FA key and you have to wait until you return home to get your back.

Authy has a solution to the stolen phone problem IF you have set it up properly. Their "multi-device" capability permits you to install the Authy app on multiple devices and sync your authorized account keys across all. THEN, turn off the "multi-device" option so that only your phone is used to get 2FA codes. (as normal) but if your phone is stolen, you can login to your Authy account to enable one of the other devices to get 2FA codes (and later, upon purchase of your new phone, setup your new phone with all of your Authy data). FWIW, I would never use face recognition to login to my 2fa software.

Good secure solution except that hardly any banks or brokerage houses in the USA support using a Yubikey, so its utility is limited by what options are available from the website you're trying to protect with 2FA.

forgot password > sms 2fa it’s pretty simple that’s probably why he didn’t need to explain it further

Pretty?

eSIMs definitely seem to offer better protection against SIM swap attacks and are probably about as secure as using something like Google Voice, which isn't bad either.

@Bello Cr yeah …but 340miles away can be an issue ;)

If you use 2 yubikeys you can keep one in a safe. Then if you loose one you still have one. But if you add an authenticator, and backup codes, then you can use those if you loose both keys.

If you lose your key, that’s definitely inconvenient. But we’re talking about one very specific, very unlikely issue that can easily be resolved by just not losing your key 😆

@@AllThingsSecured -- I'd love to use Yubikey solutions, but nearly all of the online sites where I'd want to use it don't support FIDO / Yubikey multi-factor authentication. Like my Samsung phone account, my celluar service, my utility companies, banks, brokerage houses, credit cards, social security, Experian and the other credit bureaus etc. None support anything but crude SMS 2FA. My bank will sell me an old-tech USB stick from RSA for $25 which is good for only my bank. Whoop-de frickin' doo. And Yubikey type solutions can be quite inconvenient for couples who have joint bank accounts / logins or use financial apps like Quicken. I am guessing that financial institutions already take enough support calls on 2FA problems via the SMS method, and they're reticent to implement better 2FA with Authenticator apps or hardware keys. So at the moment, the "best" protection for most online sites is still a secure password manager and long, random passwords on sensitive accounts. This is the unfortunate reality, despite the solid work to develop FIDO standards over the past 15 years.

Frequently changing passwords is exactly why people write them down.

@@reefhound9902 The advice about frequently changing passwords has changed since I wrote this comment. Now it is not recommended to change passwords frequently unless there has been a data breech or reason to believe it may have been compromised.

2FA? Absolutely. If a key is possible, that's best, and always be sure to back it up.

you cannot have both.

The app I’m using doesn’t do push notifications for certain websites etc. think I will get another authenticator too…

I was really stressed when I lost access to my business account and nothing I tried worked.

I contacted their customer service several times, but it felt like talking to a wall. It was incredibly frustrating and almost made me give up.

Got *sykes coding* n they fixed everything in just a few hours

It's such a relief to know there are experts like him out there who can help when you're stuck.

*sykes coding* really knows their stuff and made the process so easy.

Yea, I know what you mean.

The workaround I have found to circumvent services which only allow SMS 2FA or which do not allow to remove that option is to use a phone number such as a Google Voice number which is not tied to a real SIM Card, then ensure I also protect the Google account associated with the Google Voice number using a strong 2FA method.

What about it?

@@AllThingsSecured the difference between both

I was really stressed when I lost access to my business account and nothing I tried worked.

Got *sykes coding* n they fixed everything in just a few hours

It's such a relief to know there are experts like him out there who can help when you're stuck.

*sykes coding* really knows their stuff and made the process so easy.

Definitely give them a try if you're having account recovery issues.

Different people have different threat profiles. I won’t judge you for not trusting biometrics.

Sorry you feel that way. I have to keep the lights on somehow! Also, you can't receive 2FA codes over a landline.

Thank you very much for your reply. For information, I receive voiced six-digit PINs - surely a case of 2FA? - from my two building societies, here in the UK. The system works flawlessly. @@AllThingsSecured

Maybe not 😂

Chase bank is horrible. If you trigger their fraud algos, they'll close your accounts and refuse to take your calls to explain how you get your money out of their horrible bank. Many who get hit with this situation won't get their money in less than 12 months, and that's after spending dozens of hours trying to find someone at the bank who can actually help you.

Thanks