Good advice. I thought I was current on the topic, but learned some things. In the case of Twitter, the best security measure is, unless you have compelling professional reasons, to have nothing to do with it. You'll save a lot of time and filtering of misinformation.
@huseidon3 жыл бұрын
this channel has 80's vibe
@hansdampf20845 ай бұрын
And its good🤌🏻
@davidmacias1270Ай бұрын
It’s a relaxing vibe
@WillosRock3 жыл бұрын
Essentially, it seems, a security USB key is the most convenient way to to do 2-step verification vs an authentication app. PS. Thanks for you well produced content, have watched dozens of your videos.
@joelviolinpiano3 жыл бұрын
Thank you for another great video Christopher! Its great to see how the security keys work. Since I work in the medical field, we have something similar for our doctors. Since they prescribe medications, particularly controlled substances, they are required to use a security key to authenticate in order to fill a prescription. Thanks again, looking forward to your next video. Take care.
@cupchanger3 жыл бұрын
To those that give Chris’s videos the thumbs down, get over yourself! His videos are better than anything you are likely to watch this week. If you are looking for crude entertainment like you find on other channels or platforms, this isn’t the place for you. I’ve never seen an explaining computers video that deserves a thumbs down.
@SolarWebsite3 жыл бұрын
Well, I did watch an Applied Science video which is always very good 😉 But I fully agree with the thought of your comment.
@bobcoffee113 жыл бұрын
Miss clicks happen
@MusicToTheEars1413 жыл бұрын
The offenders are NSA and FBI employees.
@antibrevity3 жыл бұрын
I'm sure that creators know a lot more about this than I do, but there's no point in criticizing people for clicking thumbs down, if they even exist; they aren't going to change their click because someone called them out in the comments. Either these clicks are just bots or people are clicking thumbs down in an attempt to stop these videos from being recommended to them. That's the wrong approach, but it's Google's fault for adding the button in the first place.
@Design_no3 жыл бұрын
Calm down dude.
@KolyaNadj3 жыл бұрын
How not to like your videos Chris? Very well explained. In last 15-20 years security on computers has changed so much.
@An.Individual3 жыл бұрын
8:47 I expected Chris to call the key "Mr Key" or Kevin the Key
@ExplainingComputers3 жыл бұрын
Now that is something I missed!
@lesliedeana51423 жыл бұрын
@@ExplainingComputers or maybe "seb Key"
@ExplainingComputers3 жыл бұрын
@@lesliedeana5142 :)
@SergeiJonovich3 жыл бұрын
Yubie 1 kenobee and Yubie 2 kenobee
@lesliedeana51423 жыл бұрын
Especially for older people, be careful of biometrics, as the body changes, particularly for Iris, as well as fingerprints. Imagine laying in a hospital, trying to get to data or contacts, only to have your phone 'Brick' itself at a time that you need it most! (recent scary experience)
@ExplainingComputers3 жыл бұрын
Very true. And biometrics are also static data -- so once they are stolen, you've had it. They are things to share very sparingly.
@cokeforever3 жыл бұрын
fingerprints papilary lines remain the same for entirety of your life; outer skin cuts or burns have no effect... you are very profane on the issue, go study basics of biometrics
@kychemclass58503 жыл бұрын
@@ExplainingComputers Or arguably... not at all! Imagine IT airport security implanting a biometric scan record onto their manifest, just like people leaving your DNA at a crime scene that you've nothing to do with. The "high" security data means it is virtually unchallengeable. I'm afraid it all leads to very dark places indeed. The standard password is equivalent to CASH. It offers anonymity and that is far more precious than anything else for ordinary people who have an inalienable right to privacy. I don't give a damn if that makes law enforcement more difficult - Law enforcement should pick their game up instead of us all having to pay the price. Cash is on the way out as it largely cannot be recorded for prying eyes to see. Passwords are on the way out for the same reason... Data logging/snooping and data mining. And what of the elderly, many already suffer because the tech changes so quick and "greater" security will by nature will cause more of the elderly to fall foul of it.
@kevinshumaker37533 жыл бұрын
@@cokeforever Waiting days or weeks to heal for them to be restored is problematic from cuts / burns / other damage. I am a diabetic, and have to do finger sticks on a very regular basis. Because of that, I do not use my registered fingers for those sticks to test blood glucose levels, because I can lock up / lock out very easily except on very cheap / inaccurate readers.
@davidcrane73973 жыл бұрын
@@cokeforever I don’t the details of biometrics but I do know that after my wife had chemo for cancer a side effect was extremely dry skin and the fingerprint authentication on her iPhone became extremely unreliable.
@insanemainstream36333 жыл бұрын
Another great video! We use RSA authentication at work and have a mortal and alias accounts with 16 character passwords each. Insane to remember when they change every 3 months and you can't use the last 15 known passwords. Love the video.
@ElmerFuddGun3 жыл бұрын
_"Backup"_ codes often provide easy back door access. When a banking website asks you for your "mother's maiden name", "first car", "where were you born", etc. they are really asking you to provide answers that are easily figured out or guessed. Hey you'll never forget these "passwords" but they are easy to brute force... "What was your first car?" not a lot of guesses required even if you have no clue about the user's account you are hacking.
@juliaset7513 жыл бұрын
When someone asks for the name of a car, or a maiden name, I always use a random character string not the actual name.
@perrymcclusky46953 жыл бұрын
It is sad to be reminded just how many unscrupulous people there are in the world. Thanks for covering a very needed topic! Looking forward to your next video.
@ExplainingComputers3 жыл бұрын
Greetings Prerry! And yes, we live in a sad world.
@brettjohnson7913 жыл бұрын
I've had a yubikey for years now, but this video gave me the kick in the pants to actually add it to accounts other than my password manager, thanks! I'm also finding how depressingly-few very high profile organizations don't support hardware keys. :(
@johnq49513 жыл бұрын
Considering the majority of threats are virtual these days I find storing this stuff physically is the way to go. I use a sort of one time pad to obfuscate it.
@nrnoble3 жыл бұрын
I liked the included info that changing passwords frequently (ie every 60-90 days) without a known breach or validate reason is good advice. Many companies, such as MS, found that forcing employees to keep changing their passwords often led to them to developing worse security practices such as writing down passwords on stick notes simply because they were forced to keep changing their passwords so often. Two-factor authentications and hardware methods are much better solutions.
@tpobrienjr3 жыл бұрын
Thanks for a very complete discussion, including mention of backdoor cautions.
@msi20233 жыл бұрын
I would love to see such videos more!! Thank you for sharing such a valuable information. Please talk about browsers (Chrome, MS Edge, Firefox, Brave) security as well.
@ACompExp3 жыл бұрын
Like seeing you smiling a bit when say your intro message.
@davidglenn64682 жыл бұрын
Thanks Chris, for another informative video. I didn’t know about authentication keys, but will now look into it.
@leonardobajana69563 жыл бұрын
Hello from Boston. As usual every Sunday. Thanks.)
@ExplainingComputers3 жыл бұрын
Greetings from the UK!
@Mad_Sochi3 жыл бұрын
Hello from Russia. Thanks for info and videos.
@ExplainingComputers3 жыл бұрын
Greetings from the UK!
@larrywilliams80103 жыл бұрын
I think it's time to change the combination on my luggage. Thanks for another great video.
@alanthornton35303 жыл бұрын
An interesting and thought provoking video at EC, my Sunday is now complete a bit later than usual. Security is so important and for some it's a complex subject, I know people who don't bother with it at all.
@dejohnny23 жыл бұрын
I learned something today. Thanks Chris 😊
@ExplainingComputers3 жыл бұрын
:)
@wendyhunter59133 жыл бұрын
Another informative video, Chris--thank you. I now see the need to use this kind of 2SV.
@cyberp0et2 жыл бұрын
Always enjoyable and useful content from EC. How about a video on Big Tech (especially Facebook) and the evl nature of Zuck
@25hztolife143 жыл бұрын
Maybe Mr. Hamster can tell us about how to keep our lives private from the prying eyes of Google and KZbin.
@edgarwalk56373 жыл бұрын
Start with Duck Duck Go. 🦆
@MusicToTheEars1413 жыл бұрын
Great video. I was going to comment about the SMS 2FA risks and that TOTP Apps are more secure in an expectation that you would've missed that. But, you didn't, so a very good shout out for this video, Christopher.
@ExplainingComputers3 жыл бұрын
:)
@simon41333 жыл бұрын
All rise Ladies and Gentlemen as Judge Chris once again drops on us another masterpiece of computing knowledge... BOO-YAA!!!
@paulluce25573 жыл бұрын
I will be watching this video properly later. Very definitely a hot topic in this day and age.
@statters3 жыл бұрын
I see what you did there, making the hardware keys resemble Mr Scissors at 5:54 :) Great video as always.
@alexlandherr3 жыл бұрын
I use all things described here except the keys. My laptop has a fingerprint reader so whenever I want to see a password in Chrome or similar Windows 10 will ask for my fingerprint. UPDATE 2021-11-21: I’ve now ordered a YubiKey 5 NFC (the one with a USB-A plug since most of my devices don’t always have a USB-C port available).
@Nobody-wu7iy3 жыл бұрын
I hope you get to 1 million soon
@ExplainingComputers3 жыл бұрын
Thanks! :)
@timsaxon58253 жыл бұрын
Great video. Hadn’t considered physical keys. Buying some now.
@kaskazimnoch95833 жыл бұрын
Dear Mr. Barnatt, this might be a bizarre message for you to read. A friend of mine, named Aaron, the only son of my dearest friend, was a great fan of your channel and generally of you. Sadly, he passed away a little over a week ago at the age of 21. To his mother, your voice will forever bring up sweet and cherished memories of Aaron, as she'd often fall asleep and wake up to the sound of you explaining computers, coming from Aaron's room. His funeral is this Wednesday. Would you be so kind and perhaps record a few words (just audio would be great) that could be played at his funeral? This would be so Aaron ;) He would absolutely love that and appreciate it greatly, like all of us here. Please forgive me if this is uncomfortable to you in any way. Kindly Katarzyna
@ExplainingComputers3 жыл бұрын
I am sorry to hear of your loss, and will reply to your e-mail message.
@kaskazimnoch95833 жыл бұрын
@@ExplainingComputers Thank you so much, you are so kind!! And you described Aaron's passion in the message very accurately. We all appreciate it very very much.
@tonysheerness24273 жыл бұрын
Very informative and some good tips,however to me this looks like putting loads of padlocks on your entrance while the company allows all your data to be stolen. How many companies have millions of user data stolen and it is not one or two.companies some very big names. I have learnt in life that if you have something that some else wants they will take it. If you do not have what other people want you are left alone. Burglars go for flash well kept houses with expensive cars parked in the drive. If you own and wear a flash watch, you become a target. Passwords if they can not be remembered are a liability, you end up resetting them as you run out of the 3 attempts to log in. What one man invents in the way of security another one finds a way round it. Look how many cars are stolen with so called secure remote controls. The more trusted devices the weaker the security.
@ExplainingComputers3 жыл бұрын
You make the case here very well for the use of security keys over passwords!
@trevorford83323 жыл бұрын
The safest way to keep your password Safe it's not go online in the first place, sadly nowadays it's not always possible. Thanks for the information very useful. I was thinking that I might use gpg on Linux Mint to encrypt my login when I boot into Linux.
@PeterRince3 жыл бұрын
Great video! You, Sir, are a strategic asset for humanity.
@ExplainingComputers3 жыл бұрын
Thanks! :)
@realdragonrude3 жыл бұрын
i have all my passwords written down in a notebook so only i can know them
@safirahmed3 жыл бұрын
Biometric data is subject to some change as the body replaces most cells after seven years and replaces 3.8 million cells, mostly blood cells every second.
@geographicaloddity23 жыл бұрын
Thanks, Chris.
@Colin_Ames3 жыл бұрын
Thanks for another great video, on a very relevant topic.
@jrioublanc3 жыл бұрын
Very valuable video, thanks
@sihledotcom3 жыл бұрын
More videos like this please? :) I'm personally getting bored of SBCs now. My opinion though :)
@ExplainingComputers3 жыл бұрын
Thanks for this feedback. SBC content here is now more like one every three weeks, rather than every two weeks. The world is indeed changing. :)
@sihledotcom3 жыл бұрын
@@ExplainingComputers That's awesome to hear :) thanks for the reply
@Z0983 жыл бұрын
Putting password in a notebook that is kept in a locked drawer at home, is a secure way to store them. Only a limited number of people would have access to it. physical security does still work. If the notebook was in a desk drawer at work, then it is not secure since you don't know who has had access to it. Also if you have 2 yubi keys, keeping them both on you defeats the point. You would have to store the backup somewhere but that can be a bank vault.
@Alexanderkermani3 жыл бұрын
Awesome video. I want one of these, but because I don't know how they work, I don't know how secure they are. Perhaps it should suffice that these major companies are using them, but I'm helplessly cautious on these sorts of things.
@wildrice76593 жыл бұрын
What does the “Participation Medal” look like???? I have to sleep some time. Always great info. Thanks from USA!!!!
@johnbee15743 жыл бұрын
I must say i love the full disk encryption on linux mint, as my work requires me to leave a laptop sometimes where it could be accessed, love the video by the way and aint nobody hacking mr scissors
@lesliedeana51423 жыл бұрын
Here I for another Sunday Experience!
@ExplainingComputers3 жыл бұрын
Greetings Leslie! :) How soon Sunday comes around again.
@cx32683 жыл бұрын
For some accounts such as Amazon. Login with just ID & password is OK! To spend $$$ there or to change the account would want the 2nd factor. Do not have a Twitter account (never will). But if I had one, would want that 2nd factor of security just to get in. OR just to make posts or account changes. 2 factor security is a pain for all the time usage. Unless your function demands it and you are not paranoid. Yes had to deal with higher security work situations. Just to get into the parking lot demanded card & pin #, then again to get thru the door with security people, then again to get thru another door, then at my desk to get access to the workstation, ... Pain!
@SeanPorterPDX3 жыл бұрын
One thing to note when it comes to passwords, a lot of people like to use dictionary words with letters replaced by other characters. This is NOT secure, as the dictionary attacks that can be used to crack them account for the possibility and include most permutations for each letter in their dictionary files. The only way are under that is to have an absurdly long password...
@ExplainingComputers3 жыл бұрын
Very true.
@KirstyTube3 жыл бұрын
I have only heard of SIM / social engineering the ISP / mobile provider attacks in the US. Has this ever happened in the UK ? It is the only 2FA that my bank has available so just wondering 😳 Great video !
@steveshadowphoto93463 жыл бұрын
Thanks so much for this video, it was really helpful to me!
@Reziac3 жыл бұрын
Speaking of back doors... this happened to a friend, and was explained to us by a security expert: if you use 2-factor with a phone number as the second factor, and some miscreant manages to correlate your phone number with your online account, you're screwed, and since the bad guys automate this attack, you'll have hell's own time beating them to the password in time to change it. So... _don't_ associate phone numbers with email accounts, or with anything else if you can avoid it. Also, what happens if your Yubikey malfunctions... or is itself compromised?? (most likely at the chip-manufacturing level, I'd think)
@ExplainingComputers3 жыл бұрын
Yes, agreed -- this is why using a phone as a second factor is not ideal. If a Yubikey malfuctions, you use your backup, and if that fails, you use a backup code and register some new keys! :)
@marcos71063 жыл бұрын
Very informative. Thank you very much.
@syedirfanahmad96263 жыл бұрын
Generally, people avoid getting into the mess attached with making accounts secure since they find it cumbersome. But you realize its importance when something goes wrong with the account.
@AMDRADEONRUBY3 жыл бұрын
Nice Sunday my favorite day nice video as always have a nice week
@ExplainingComputers3 жыл бұрын
Thank you! You too!
@Macam2macam3 жыл бұрын
sir, can you do video about email services. the safest, cheapest, etc.
@ExplainingComputers3 жыл бұрын
Good video idea noted. Once you have security keys, Gmail in the Advanced Protection Program is almost certainly (one of) the safest.
@arch11073 жыл бұрын
interesting idea, but tbh i only use microsoft and google, but just because i must use them, not because i chose them
@dfs-comedy3 жыл бұрын
I run my own email server. Alas, this is becoming vanishingly rare nowadays. :( But for about $8/month, I get a Linux KVM instance that lets me do whatever I like, including serving as my MX record.
@BilisNegra3 жыл бұрын
USB security keys seem great, but there's a big con (that I guess most people can easily figure out). In an era where we get increasingly fewer ports in our machines, there are many occasions where having a dedicated one for such a key is not an option.
@ExplainingComputers3 жыл бұрын
You don't need a dedicated USB port for a security key. They are not left plugged in to the device. Rather, they are only connected when you log on to an account, and if you then trust the device, are hardly ever plugged in again. I have I think nine accounts that use a security key now, and on average plug in a key maybe once every two weeks. So there is no "big con"! :)
@BilisNegra3 жыл бұрын
@@ExplainingComputersOh, thank you, that was really helpful! I guess I made a terribly wrong assumption because the closest thing I know to such a device are the piracy protection dongles some expensive pieces of software require to have plugged in in order to work. With that point clarified, my impression of security keys is getting so much better.
@ExplainingComputers3 жыл бұрын
@@BilisNegra Ah, I see, no problem! :) I know the things you're talking about, as I have one that I have to learn in a PC to run LightWave. But security keys are very different - they only have to be there to touch their contact on a login. :)
@chriholt3 жыл бұрын
Great info Chris, thanks as always.
@SB-qm5wg3 жыл бұрын
I think for us, the biggest threat _now_ is someone else leaking our data through negligence. ie. Gov agencies, financial (Equifax), or big data combines. I've never had an account hacked via my own actions (or lack thereof).
@madworld.3 жыл бұрын
Excellent subject ! Thanks :):)
@stevencheung97533 жыл бұрын
I'm dead at "scissors007" 😆
@mausimus13 жыл бұрын
I feel like forcing users to have 12+ characters passwords is a relict of bygone era as well, it's no longer possible to brute force passwords for online services (one or two incorrect attempts and your mailbox and phone light up with security alerts). Strong passwords will still be relevant for archives and cold data stores, but if an online service is built correctly there's no need to inconvenience users with these ridiculous password requirements.
@MediaTruth_3 жыл бұрын
Thanks for the knowledge 👍🏻
@Macam2macam3 жыл бұрын
thank you, sir. this is very important.
@jimlynch93903 жыл бұрын
So how do you use these hardware keys on a phone? I don't have a USB port on my phone or tablet.
@ExplainingComputers3 жыл бұрын
Some hardware keys have an NFC interface to wirelessly communicate with a phone.
@TheBertjeT3 жыл бұрын
This is an important topic. I have relatives who have fallen victim and they now even have received scam letters in the mail. An actual piece of paper! I always wonder, what is the risk reward ratio when using a widely adopted service or product since that makes it a large and attractive target to people with ill intent. Is there an actual benefit in obscurity? Thoughts Chris?
@ExplainingComputers3 жыл бұрын
In my view it depends on the widely adopted service or product. Common services from technically competent companies whose business heavily involves computer security (eg Google and Microsoft) I think are a pretty safe bet. But widely used services from companies with little IT competence is another matter entirely. Obscurity can be a benefit, certainly.
@tiktok.45273 жыл бұрын
Thanks for this video, Sir. Now i know how to secure my ......... files🤭🤫
@UnniG3 жыл бұрын
Thank you🌹⭐️
@adilutzu3 жыл бұрын
Any comments on the potential vulnerabilities of the Google Titanium key being actually a Feitian key manufactured in Beijing ?
@ExplainingComputers3 жыл бұрын
As far as I am aware, Google's Titan keys do use hardware manufactured by Feitian.
@UziRyder13 жыл бұрын
Great explanation.
@dieudonnecoulibaly15583 жыл бұрын
Thank you Chris!
@CrypticConsole3 жыл бұрын
What are the hardware differences between USB storage devices and security keys?
@arch11073 жыл бұрын
the usb storage device is a usb controller that comunicates with the chip storing what the controller says it must store, the information is available when the controller gets a request from the pc or device you connected the usb storage device on external hard disks is a bit different because the usb controller must transtale orders into sata commands the key basically has a chip that acts like a cmos chip on your bios, it stores some information but is more for read it than white it, it is a small chip, a couple megabytes only, for those devices storing just keys, you don't change the values or keys often, if ever so pc asks for a response, dhe usb security key answers the information requested and that's it, there are cases where it must be plugged all the time or access to the resource stops responding or is closed the session this is problematic if you have a usb port that likes to disconnect things randomly or you damaged the usb connector on the device
@terrydaktyllus13203 жыл бұрын
It's perfectly possible to put an encrypted file system on a normal USB stick - so that whenever you plug it into a computer, you might need to manually enter a security code on the computer or have an encryption key already in place on the computer in order to read it. My own work IT department encrypts the drives in our work laptops so that someone cannot just take the drives out and read them in another machine. There are also some USB sticks that have a small keypad on them where you enter the security code before its contents can be read. You can also have USB devices that are not themselves storage devices but have to be inserted into a PC as a "dongle" before the PC itself can be used, or an application on it. A Yubikey is one such item. I hope that answers your question, there is so much "nomenclature" around security that it's often not easy to work out what question some is asking.
@jamesdinsmore90223 жыл бұрын
Thanks!
@ExplainingComputers3 жыл бұрын
Thanks for your support James, most appreciated. :)
@whothefoxcares3 жыл бұрын
*ExplainingTechnology* should be required study for all political action figures.
@mastereu50193 жыл бұрын
nice work
@MicrobyteAlan3 жыл бұрын
Very good and important information. Thanks
@holderbee78112 жыл бұрын
Twitter generating a code in case you lose your key should not be glossed over.. it completely defeats the purpose.. there should be an option to decline it
@ExplainingComputers2 жыл бұрын
I agree that there should be an option to prevent such a code being used, but it does not "completely defeat the purpose" of using a security key with Twitter, as there is a very low probability of anybody being able to get hold of the one-off code code.
@saddimohamed3 жыл бұрын
thank you for this video, could you please do a video about arduino portenta h7
@WybooHarry3 жыл бұрын
Great video but I am a bit confused. I have multiple devices. Android phone & tablet. Apple laptop and desktop. Many windows laptops and desktops. Finally Linux laptops and desktops. How does two step security work across all of these devices.
@nyps3 жыл бұрын
you can use the yubikey with all/most of those devices. as Chris showed, there‘s keys with USB C, but there‘s also ones with lightning (for iPhone/iPad) and NFC (for smartphones without lightning/USB C). you will have to insert the yubikey to each device while logging in to your account on it.
@nigelhsenior3 жыл бұрын
I find the challenge with this is security vs accessibility. Yes I can increase security and personally manage the complexity. But when I drop off the perch (not planned :)) how easy will it be for others to access account e.g. financial etc
@bryansmith92313 жыл бұрын
Thank you Sir.
@3v0683 жыл бұрын
If I dont have to change my microsoft password every week, ill buy it. I cant stand how microsoft will ALWAYS pester you to change your password no matter how recently you have changed it.
@markadyash3 жыл бұрын
will you going to showcase latest bosch and arduino pro latest mini iot board Arduino Nicla Sense ME
@roberthorton27443 жыл бұрын
Hi great video Very informative Would you advocate getting the slightly higher spec Yubikey with NFC to protect accounts accessed on mobile phones (in addition to iPhone facial recognition) or is the 5C sufficient for laptops desktops etc many thanks
@LMacNeill3 жыл бұрын
When an account provider doesn't even offer 2SV, it makes me VERY nervous. My bank didn't offer it for FAR too long. I kept hounding them until they finally did. Needless to say, I enabled it immediately. That's far too important an account to allow to be hacked.
@theodorstravels3 жыл бұрын
If you don't trust password managers, always keep your login names and passwords on a postit, and put it on the edge of your laptop screen :P
@dfs-comedy3 жыл бұрын
While that is a terrible idea, keeping your master password for your password keeper written on a card in your wallet actually isn't so terrible. Humans understand how to protect physical items of value such as credit cards and identity cards. Just don't lose your wallet! (And don't put enough info on the card for anyone to know what the passphrase is used for.)
@haroldbridges5153 жыл бұрын
And now for the most important question not answered in this video: just how much more security does the added inconvenience of a hardware device buy me?
@kazi13 жыл бұрын
Hi
@ExplainingComputers3 жыл бұрын
Greetings!
@alexlandherr3 жыл бұрын
At 0:40, with license to snip?
@ExplainingComputers3 жыл бұрын
:) Cool.
@doughale15553 жыл бұрын
The problem with biometrics is that they can only augment a password with “proof of presence”. However, they can cut my thumb off and use it without me, but if they cut my head off it makes it harder to get the password out.
@reggiep753 жыл бұрын
Strangely, I had been looking at security keys recently, out of curiosity, and had wondered whether which ones were the best, could you use multiple keys or even a mix of key types together with a number of additional ways to put up even more walls of protection. I do have a number of different passwords but had thought that a security key, or 2, would be a better/more secure option to protect accounts. Any chance of a Linux books video in the future or even suggested reads right now, as I need to get reading deeper into Linux. The tides are turning and people are actively seeking to leave Windows behind due to Windows 11, Microsoft's lies, excessive bloat, data harvesting & *unneeded enslaving of OUR COMPUTERS* and people will only use Windows for specific tasks which will also make developers develop directly for Linux without the need for emulation.
@brianthorburn49573 жыл бұрын
Great video
@totherarf3 жыл бұрын
One easy way to stop brute forcing of passwords is to have an increasing time delay inbuilt for false attempts! It would be mildly annoying for a 10 second delay because I have sausage fingers ..... maybe 20 if I do it wrong twice but the number of attempts required to brute force would make this method useless! If you then factor in an interrupt where the system recognizes a number of failed attempts at entry and then contacts the real user to make them aware you get a fairly safe system! Factor multiple responses (say 3 from a list of 10 / 20) and you are on a winner! ...... or have I got it wrong?
@ExplainingComputers3 жыл бұрын
I totally agree.
@timothychng77473 жыл бұрын
EC: Any account is only as secure as it's weakest 2nd factor. Also EC: Copy backup code to clipboard.
@Kw11613 жыл бұрын
Thanks the video, hope to reply again if I can find my security keys....should have wrote down the back-up code...:}
@BharatMohanty3 жыл бұрын
Two factor authentication is activated by default to all Google users from 2021 I guess...
@zugzwang21613 жыл бұрын
Can I have two set the same just in case one key breaks
@ExplainingComputers3 жыл бұрын
Yes, this is why having two hardware security keys is advised, so if one fails or is damaged or lost, you can use the other.
@MS-sq4ms3 жыл бұрын
Advising people not to change their password regularly is a horrible idea. I work in cyber security and most of ransomware attacked happened because a password got stolen prior to the event, some have been stolen months before attacks. In most cases, a person doesn’t know if their password has been stolen so the best approach is regular password change.
@ExplainingComputers3 жыл бұрын
As I indicated in the video, the advice comes from Microsoft, although I agree with it and always have. How frequently would you force password changes? Every 90 days? 60? 30? 7? Regular password changes can certainly reduce the risk of stolen passwords being used, but cannot prevent it. Making sure different passwords are used for different accounts is a far better defence for most people, so that stolen e-mail/password combinations cannot be used, as is moving away from a reliance on passwords, which is the message of this video (and all good security guidance these days).
@MS-sq4ms3 жыл бұрын
@@ExplainingComputers not blaming you, I know it’s Microsoft’s advice. 90 days is the max age for a password in my opinion (specially in a enterprise environment)
@petesomeguy3 жыл бұрын
I'm surprised you did not mention password managers in this video.
@ExplainingComputers3 жыл бұрын
I did mention password managers in this video! :) But OK, very briefly.
@petesomeguy3 жыл бұрын
@@ExplainingComputers I re-watched and you did. My apologies. I missed it the first time.