✅ Watch next ▶ Why ANY Two-Factor Is Better than No Two-Factor ▶ kzbin.info/www/bejne/aHWxe6SgfLF7iJo

Yes, I have graduated from no factor up to 15 factor authorization! :)

Regarding 2:40 : didn't AT&T have a huge breach several months ago?

If they don't have your password, they will just say 'forgot password' and use the 2 factor/OTP if they have the sim

I'm not so much worried about a thief gaining access to my account, I'm more worried about losing access to my account myself when I lose that second factor. Misplacing a hardware key or having your phone stolen is bad enough, but if you can't log into your account to change your password because you no longer have access to the second factor, it's many times worse. And I don't even have to lose it. Sweaty hands or having wrinkled skin from swimming for a couple of hours is all it takes to not be able to log in with a fingerprint scanner. Face recognition fails in bad lighting. If 2FA is so important, they need to come up with better implementations.

My Iphone (and the one before it) regularly "forgets" my fingerprint. Very frustrating.

A phone company manager in NJ was charging about $1000 in crypto to do SIM swaps. Bleeping Computer covered it in March 2024. Never link anything important with your phone number. You're just giving the keys to people who don't care about you.

Thanks Leo

Another point: if your passkey goes on several places at once, like in your mobile and email, they only need access to one of them to steal your account. A double edged sword.

Thanks Leo. I use two factor authentication and also don't bank or pay bills online.

The next best after security keys is passkeys. I’m assuming it wasn’t brought up in this video because it’s really replacing passwords and still not available everywhere. Yet it also is a 2FA method using your device like phone and face ID. I enjoy watching your episodes even though I know a lot of what is talked about but still learn something new once in a while and is a nice refresher on things.

My university has mandatory 2fa that oddly does not work on university controlled machines ( library pcs and lectern pcs)

That phishing at 2:40... how does a fake website know to send you the real company's code? Or how does your real website account know you are logging into a fake website that it sends you the code? I haven't met this one yet.

Great video, provides a lot of relevant information in a very digestible fashion :)

Question: Let's assume that "man in the middle" on that fake site. Can it be helpful to limit the 30 second window to much less by simply waiting to copy the 6 digit code? Giving the crook less reaction time to use that code on the real site?

Really thanks we always learn a lot from you sir

I'm thinking if all the films where they kill you then use your face, finger, iris to open your phone.

Great video. Thanks.

👍👍 JimE

Wonder how safe all these things are if you have Tic Tok on your phone that you use to login and get your SMS text code

If the online service is breached, can't they find a secret key in the database somewhere?

A dedicated prepaid SIM card for 2FA - no more SIM swap scams?

the question I have is: how to hack my facebook account that was hacked with 2fa?