Hello, and thank you for the video sharing on 2FA. As a person who has used Google Authenticator to secure many things, most important being my online crypto accounts, this is not secure at all. I would like to know if you can share with us how this can be hacked from a person's iphone or window's 10 laptop if both these devices have never been compromised by loss or use of any other person? How can a hacker use these same confirmation codes that we are led to believe can only be generated by the phone they are installed on, or the laptop they are installed on? It makes be wonder why you can install these 2FA apps on a laptop if you have them on an iphone also, but they do give out the same code numberrs? I didn't have the time to listen to the whole video and maybe you explained that, but I had to get this question off first. In my very unfortunate circumstance where this Google Authenticator was somehow hacked from either of the devices mentioned above, hackers entered into my online exchange crypto accounts and stole all that was on them. It was not a large amount, but anything is too much. How could this be done, as the exchanges will not even talk to me about what happened. Not sure customers know this, but no exchange will divulge any information about how your account was hacked with subpoena order. Can you believe it, Not to mention they will not communicate by phone either, so if your account information was changed, you are literally locked out of your account, if email has been changed or password has been changed as there is nowhere to send new password link to. It is disgusting. So secure this by Yubikey only, using the Yubico Authenticator that cannot be hacked since it is not installed on any computer or smartphone but on the hardward device itself. This is extremely important to do. I will repeat one last time. Google Authenticator or any other online or on device authenticator for 2FA verification is not secure. It can be hacked and fairly easily. Do not leave any assets on any exchanges that cannot be secured by a Yubikey. As of this date, this is the only known100% safe device that will protect you from any hack. This happened to me, and I am trying to let all know to not depend or trust any other 2FA device that is supposedly top level secure, as it is not. I wish someone would explain to me how this was hacked from me, with absolute knowledge that the devices these were on were at all times in my physical control and never even left my house, let alone missing or shared to anyone. It happened and it was ugly when it did.

I would like to hear this guy's opinion on hardware firewalls. Do hardware firewalls give you an extra layer of security or would it be a counter productive investment?

I'm looking for a good 2fa app.

Incredible job! Karma coming

This is still true for most people today. You’d think of all things, people would hold the companies handling their finances to higher security standards?

Steam accounts hold more money than Banks

For some of us, our steam accounts have more value than our bank accounts XD

Yea, sucks that we can all say that.

My stream accounts are better off than most of my bank accounts. It takes forever to disable 2FA on Steam. I have all the security protocols to disable it. Make it as hard as possible.

woah is that a donation in the form of a comment? ive never seen this before on a not-livestream video

Yes yes yes

No company is private no matter the encryption there’s always a way for someone to get access to your stuff. Nothing is hack proof

Henry's rants are not only entertaining, but you just know he is on our side here. It certainly beats certain other tech channels that spend the first ten minutes telling us how stupid WE are!

@@cowwy3130 nice try but you can't hack the secret piece of toilet paper I keep my passwords on

@@Robbie-mw5uu I mean if someone hacked the maple syrup place I wouldn’t trust that 🤣🥶

(And Techlore team. I see you!) ❤️

proton pass just released a desktop app and supports super easy 2fa

What app do you use instead of authy?

@@zaynezachariasse9240 I recommend Tofu Authenticator or Authenticator for IOS (I use Tofu Authenticator but I found out that i can't get the TOTP from it...) Aegis for Android

@@zaynezachariasse9240 I am experimenting with a bunch of them. Here are the ones I am using right now. andOTP Aegis FreeOTP Authenticator

It’s like the world just GETS us 😭

What was the best app to use for this?

@@thestreamreader Aegis And Keepass Xc For Android And Then Keepass DX For PC I Know Its Password Manager But U Can Make Separate Database For Just Totp

@@thestreamreader I still dont know :-(

More secure or private? Secure?... Not generally unless you are using and end to end encrypted messenger.

Services like Google Voice have better protection from account-takeover attempts which have infamously happened with traditional carriers who fell victim to simple phone-based social engineering attacks. So yes, small security improvement just for this reason alone. However, it comes at the cost of needing a Google (or other VOIP) account, and each service’s security/privacy practices will wildly vary. Another complication is many accounts online will flag the VOIP number and not allow you to use it. No right answer here, just some things to think about.

@@techlore thanks for the response! For the services that only do text-message 2fa, I’ve been using a VOIP number. Might be a small decrease in privacy for an increase in security, so that’s what I do.

@@LandSurfer96 I forgot to reference the fact that I’m referring to using these for 2fa. Seems VoIP might be more secure if the account you have with the VoIP provider is properly secured with its own 2fa. Google voice has the option of TOTP / hardware keys for example.

Privacy =\ security

You could just save the QR image there as well. Makes it a lot easier :)

Waiting for an answer

currently, no

Well, Bitwarden definitely works for 2fa as an app on the computer with the paid version. (Like $1/month)

Authy works great if you set it up properly.

@@BeatBoxBrian Well, I already use Bitwarden free, so I might look into that.

If you could do a video on how Chrome uses my phone as a sercurity key and how I'm suppose to link it with a QR code. I found it in settings in Chrome and it was saying my tablet could be used as a sercurity key. I've never set this up. But there was a button there saying clear linked devices in Chrome settings. I never use Chrome and I'm so confused how that would have gotten set up or it's like that cause my boyfriend said it's already set up but wouldn't I have had to have scanned QR codes to make a device to clear one. Yeah I really hope you understand what I'm asking. Google Chrome sercurity key involving the QR code and it said it would link device to use device to sign in or unlock other device I'm thinking

I know you don't like Google but if you could just clear this question up for me I would be so appreciative

Hey Juli! We're love to hear that we assisted you in your life with your career and everything privacy related! That's amazing! Now, onto your question: Unfortunately, there are time constraints so we cannot assist people with technical questions. We have a community full of people that would be willing to assist you on Matrix, Discord and even a new forum we launched! We hope you can find the assistance you need.

We talked about Yubikeys briefly in the video, and will be coming out with a Yubikey video shortly. -S

For Android - Aegis For iOS - Raivo OTP

@@fayojixe9925 Thank you!

Funny enough, already recorded this video last week. In production and should be live this Friday

@@techlore Let's go! Awesome

No, TOPT is built around the idea of a one-way hash (or "trapdoor") function. If you know the seed and the time, you can easily calculate the code, but if you have the code and the time, it is very difficult to go in the other direction and calculate the seed.

Absolutely. Will do.