Naomi is a gem 💎

Excellent guests . And the host is sublime .

Dark Side of 2FA = Mouse Guarding Cheese!

This is a video people should pay attention to.

A (yearly) update on the best VPN, email, DNS, browser, search engine, etc. would be very cool! ☺️ Or a website that keeps updating when your top 10/top 5 change and why they change. ☺️

Excellent content. I think these clone apps/sites are not just targeting 2FA but all apps

Naomi , love you and your videos! You explain everything so well but in a way a dummy like me can understand! Thanks

FOSS is the only way to go for a security app. SIM swaps can be mostly avoided by a smart user. Take away SM swap and SMS becomes safe and even has advantages over a hardware key. How long until someone starts making counterfeit hardware keys that look and act just like the real thing only they keep a copy of your data as well?

algorithms

The problem with a key is that you need two and have to carry something else about. If they were smaller, I would use them. I would use Aegis.

Interesting video. One thing I do wonder is how those free 2fa generators that seem legit earn their money. When things are free, usually you are the product.

You are such a splendid mind !

This is interesting about "2 Factor Authentication" applications. I have no trust in most apps unless I specifically know the author is authentic and safe. Best to use the phone number in your mobile phone with SMS service. Nobody else can have the same phone number as your mobile phone. The system is designed that way. The only way possible for someone to have your SMS messages is if they steal your SIM card, or steal your phone and have the password, or be able to transfer your SIM card phone number to a new one. It is important to have some type of arrangement on your file with your mobile phone service provider to not allow SIM card transfer or replacement unless you go in person to one of their dealer locations, have two photo IDs, and a pass code with them. This way if someone has your mobile number, they cannot just simply transfer the SIM card phone number. This can be a pain for you if you need a new SIM card. You can also ask that your SIM card is locked to your device only, but if you want to swap the SIM card to another phone you will have to have the lock transferred by your service provider. A safe way to use a mobile phone is to never give out the mobile phone number. Have a land line phone number permanently forwarded to your mobile phone, and give out only the land line number. This way anyone who calls you is not directly calling your mobile phone number. A land line cannot accept SMS messaging. Only services you log in to should have your mobile phone number to allow them to use the 2FA system with your phone's SMS messaging.

Time for Congress and FBI to put as much pressure on app stores to verify their offerings as the FBI puts on Facebook to fact-check and remove harmless comments and opinions.

I will NEVER understand why anyone in their right mind would use their FACE (unique identifier) OR THEIR FINGERPRINTS (yet another unique ID) on a device thats tethered to the internet pretty much 24/7 and on a device that may or may not be transmitting those unique ID's to some 3rd party either deliberately or by interception of that information, and on a device that has been shown that corporations habitually use to take away our freedoms and liberties every bit day by day. I will never understand humans sometimes.

Excellent video

Good data, thanks. What do you thnk of getting codes via email or phone call, rather than SMS text?

So much for the app store being safer. "side loading" is dangerous they say. Sounds like you are taking your chances either way.

Waited and waited but I never heard what apps to avoid.

I use Microsoft Authenticator and 2 Secure Keys

Mwuahahahaaaa my chastity belt are now more secure than ever!

She very good thank you

Brilliant

Nice video mam

That dam evil hacker.

Ok how would they be able to get your SEID, EID, or IMEI to do this? If your phone is locked how would you be able to stop this?

SMS text authentication is the least secure of the 3 authentication methods, so try not to use it if poosible

Why Apple permit all those apps in the App Store?

Looks like the VPN cartels …

EYES ARE YOUR IDENTITY...................

Sooo, no Robinhood. Got it

stop focusing on Apple. What about Android?

How can they do sim swap if you are using an Apple iPhone with only e-sim?

Best to use apples own TOTP built into iOS

❤❤❤❤❤

I couldn't concentrate on the information because I was so taken by Naomi's Beauty! I'm jus' sayin'! I'm not a "perv" just an old man respecting Gorgeousness? 😉

Aegis authenticator is what i use and its great thank you reddit

This channel has both given me confidence and anxiety LOL

A most informative yet sobering segment. It only stands to reason that it is just a matter of time before AI driven scam apps will become so prevalent that they will become virtually indiscernable from legitimate ones..

Seems like the app store could have liability for letting these scammers steal seeds

You and these guys been doing God's work. Thank you.

Also something to note: 2FAS and Microsoft Authenticator have biometric lock on the app itself while Google Authenticator doesn't, at least on Android. This makes the former options even more secure

It really appreciate that in the end you point out the spectrum of security. That not all of these concerns affect all users. Some of us aren't going to fall for dark app design but some of us will. We can adjust as needed. I haven't flipped over to hardware yet but I'm using three different apps. Authy (Desk/Mobi), Aegis (Mobi), an open source browser extension (Desk). Definitely something to be mindful of regarding the apps.

Thanks Naomi for breaking it down and keeping it real!!

Smartest, hottest redhead on KZbin!

Thanks Naomi for enlightening us all😇

Great to see you and Heidi talking together. My 2 fave tech and crypto girls keeping it real 🙏🏾💕🙏🏾

You should mention SIM-LOCKING if you want to use SMS for the second factor. It sounds like that mitigates the risk of sim-swapping. Now all you have to worry about is a man in the middle attack for SMS to get your codes.

Separate discussion, but this is one of the reasons I absolutely hate generic names for apps with common functionalities, and all big tech companies are guilty of doing this. It's just another anti-consumer measure to confuse people, and it ends up enabling bad actors to do stuff like that - release their own app with some generic name that will live in peoples phones there scamming them out of their privacy and security because of a greedy decision by big tech. This includes not only authenticator apps, which a whole ton of companies decided to name it simply as "Authenticator", but also almost all more common or system apps such as Clock, Calendar, Weather, Dialer, Messenger, MyFiles, Gallery, Camera, Voice Recorder, etc etc etc. In a fair world this should be grounds for anti-trust investigations. A whole bunch of those apps are proprietary and often mass harvesting data without authorization. The practice should also be considered a dark pattern.

2FAS is open-source and the most featured app.

Great content! Curious to see the next vid on the open source ones.

2FAS is great! That's by far my fav

I Like your Video, Love From INDIA

andOTP has been abandoned

Luv your delicious accent and your classy vintage garde robe. So bri-ish. But most of all your knowledge and desire to share it in such a simple and easy to understand way for such technical topics. Thank you for sharing Naomi. You are the queen of the geeks.

I like open source FreeOTP+ although I disabled network access which I guess is used for icons.

This woman really does a great job. I wish I had found this channel sooner

Important video

Sorry. I can't take a talking avatar seriously.

Thanks. Really interesting one - nice mix of what and how. Cheers!

Another better solution is not paying for the scam software. You can close the app most of the times and if not, just switch the phone off. When reboot your phone, just uninstall that software. The biggest problem is that people are more and more "click happy" and clicking every button they see. Think about the "don't push this button" test. Everyone is going to hit that button.

I am constantly asking myself how I have decided to trust this person/creator/company/news source/app, etc. It's essentially a process audit.

❤LEIGH MCLEAN from everywhere as he keeps having to move on. My life mission is to stop him. Total Narcissist disorder, very dangerous individual. His poor kids will end up the same

In addition to the official reliable authentication apps like Google and Microsoft, it's worth mentioning that Apple has a built in authenticator under settings in the password section. Of course, for those who have an iPhone.

SMS is more secure than 2FA especially for eSIM. And SIM cloning is not easy anymore, it also need physical access to the sim and therefore more secure than Yubi keys.

Thank you Naomi for highlighting this danger. You really are a treasure.

❤ thanks for your help, I have been targeted for 6 years by Leigh McLean who is a covert Narcissist. I could barely type this, do you have any information for me?

Authy was hacked recenlty, Raivo iOS and Aegis Android are better, open source.

I am sure that Yubikey is a fine product ... but disguising what is basically a paid promotion as educational video is ethically dubious at best ... disappointing ...

So much for Apple to not do anything for authenticity and still people believe that they respect our privcay bcoz they are premier and costly. Dont understand these money sucking corporates.

Hi, can i have this question. How can i be able to figure out which app is real and which app not not real? Thanks

Would love to see more gentle sex representation in the KZbin tech community. Your contact is fab. Keep it up. 🎉

I think apple’s 2FA in their password manager not being mentioned is a problem because even though they might be tracking usage, it’s inbuilt into all Apple devices

Companies dont mention as they make a lot off the Leigh McLeans of the world

Why was this 8:03 not identified during Apple's manual app verification process?

What about password managers with a OTP field, like 1Password?

I’d give Naomi my seed

Who are these people who buy an authenticator app??? 🤷‍♀

Is 2FAS auth app safe? Thanks

Great video

Scammers should go get a real job.

Nice video

Fantastic content !! Thank you very much

Thank you Naomi.

Very. Ice and informative

Great show 👍 and a very important subject you are explaining in way, that everyone can understand. You have some great posters on the wall with Snowden and Monero. Could you please leave a link to where I can buy them? 😎

Great video. When will we see you on the Fediverse?

Naomi I miss you. Where have you been? You are even more beautiful today!!!

keep up

Raivo is good too :)

I won't buy a security key because I don't know how to pick one I REALLY trust. Forget Amazon... that's just a crapshoot...

Sorry in advance for potential bad English, Bilingual(English is not my mother tongue, yes it's on a good level but still) and dyslectic As long it's MS or Google expect your data to be collected and sold further. Yes as long it's free, you're the product but some companies are better than others. More and more companies have started to be more privacy based. I try to use the ones who are more privacy based more than the ones who are big known tech companies like MS, FB, google(alphabet), Apple etc.... Being online you have to sacrifice some privacy and information but some are way worse than others. Either you have to live outside the grid totally, or have 10 Firewalls, Anti-tracking, tor, VPNs and you're still not totally safe. So either you have to live not connected at all. Like in the middle of the forest in a cave and live like modern stone age. Or you must sacrifice something. You should try to use the more privacy based type of companies. The most secure way to use MFA is actually the HW keys which looks like an USB stick.

That's highly illegal because of terms of service and bypassing device software via the website or an app is also illegal report this asp or else you'll be hacked, force restart your device if it's trying to force you to purchase something you don't want to buy, delete the website data immediately and completely delete the app from your account on all devices, update all devices to the latest version and turn on privacy settings to mitigate further hacking or fishing 8:44

I wish youtube would also allow you to archive Playlist... I have several IT related ones (this one for example I put in a Playlist "security") it would make my life easier with the amount of Playlists I have 😅

Fortunate to find your channel! Good video! Keep it up! 👍🏼

The sad part is I know the exact users who would fall for this. Especially the one I married. 😂 ...but as she says, that's why I'm still around (for tech support) 🙂

There's nothing to steal. They seem to have it all already. And they're still compulsively scavenging. It should tell you something about their real natural place on the food chain.

Ya gotta watch out for fake password manager apps too.

Great video !

i just came across your channel. I haven’t finished the first video but started scrolling through your videos. Subscribed for all your content👍🏾(I finished the video and greatly appreciate your content. Made me happy I’d decided all these years to stick with SMS. Now I need to get a good security key)