So glad to hear it, Michael! I hope you don’t have to experience a hack again.

What channels do you recommend for someone starting out?

I googled my name and address and only came up with a 411 look up @@AllThingsSecured

@@AndrewMcDreamy Payette Forward

@@AndrewMcDreamyI also like and recommend the podcast security now to help

Thanks so much.

Fool proof -

I took a degree in Stockton to secure myself and it’s a bachelor. I also know how to encrypt and decrypt anything. So. I’m so dangerous right now and nobody fights me online anymore even if I curse them

Want to help me? 2FA emergency Social media situation.

Can a physical key still be a solution?

While that is very important, it too also has flaws. Session hijackings, like what happened to Linus Media Group and many other KZbinrs actually circumvent the Login alerts as the session is considered as "already logged in". Great thing to have, but certainly shouldn't be used on its own.

yes make a video on security question like you made a video on how to set & remember a good passphrase set custom security questions if possible eg. your 1st iphone ? ans. Samsung S3 make it cryptic ($@m5ung S3) that way big tech. , hackers , govt. will keep guessing iphone you can make it harder by setting answer like cake but harder for you too if not letting you set custom then don’t set obvious answers eg. your birth month ? ans. 0ctumbur@ry where did you study ? ans. B3rmud@ Tr!@ngl3 (just examples not my answers)

Isolate tasks to different browsers.

I'm still paranoid about my facebook data getting leaked, even after deleting my account, since they still keep backup copies on their servers forever.

@@rorylisbon4723 Exactly. That's another form of sandboxing that can work.

How much does DeleteMe cost because Im sure its not free?

Wow…that sounds mind numbing 😆

That’s what I have been doing or at least trying to do the last couple years. It’s so irritating how so many companies make it such a pain to delete accounts.

Lastpass?

Mines thinks they're too complicated...

Better Nordpass or Bitwarden

Glad it was helpful!

Great job 👏

So, you mean do a video about having an actual safe in your house?

Agreed, although I try to give them a slight bit of grace because it’s a constant game of cat and mouse, not to mention trying to keep track of your weakest employee link.

Flipphone.🎉😂😅😊

You can hide your identity if you’re on a manhunt 😂

When it comes to things like banking, never ever click on links provided. Unless e.g. you've been expecting an e-mail to verify your e-mail address. In any case, if you do intend to click on a link, check the certificate and domain. If they notify you of something, always go through their main website. This is why banks, at least where I live, don't send links. They don't want people clicking on links in e-mails. They still rely on snail mail for important things. I also have my own domain and have been using vendor-specific addresses for almost 20 years, primarily so that I can track who leaks/ sells my data and to prevent accounts across companies being matched (although since I have a personal domain, it's still possible, but that's unusual). I don't actually set up mail boxes for them, they go into a generic bin that collects all mail that couldn't be delivered to a box. If I wanted to, I would probably create an action that would allow me to make a box for a given recipient and transfer all existing messages there. Creating it retrospectively, when I'm reading mail. Instead of having to set it up during registration. Without having to fill out anything - just a couple of clicks and done. I've always liked to sandbox my interests. That's why I dislike modern social media as opposed to old-school forums. If I'm into model trains and fishing, I don't necessarily want those two groups to know about each other. Usually, only very few people in such groups know who I am. The rest has no reason to and so they don't. Certainly not newcomers. You could set up multiple accounts, but given how nosy social media companies are, they would probably be able to link them anyway. They just have too much leverage.

My pleasure!

I’ll look into it. Thanks for the suggestion.

No, it’s different forms of 2FA.

If you save the backup codes securely, it’s pretty much the same.

I generally discourage anybody from using 3rd party keyboards. What’s your purpose for using them?

Exactly.

@@AllThingsSecured FYI, I don't have a phone number! :) My wife has a landline tho.

Same reason companies only offer SMS 2FA. Because every man, woman, other and dog will understand it. They are playing to the dumbest common denominator. Send everyone Yubikeys and 75% of the customers are going to be calling them for help with it every other week.

Not hard to do.

I’m not a good example. I live overseas, so I send all packages to my virtual address.

Most the Big companies have drop locations you can use rather than your home, i.e. UPS Stores for one. Walgreens will receive FedEx packages, etc. And most have locker locations including Amazon. 😊

two very different services

Yes but buy multiple keys for backups

In this case, the Security key USB-C would work just as good, and it’s significantly cheaper.

I agree, but you also need to remember that even when companies invest in security, it’s often no match for the constant state-sponsored attacks.

@@AllThingsSecured I remember when they discovered Stuxnet in 2010. Who knows how long it been operating. There quickly followed the unmasking of around half a dozen more...all state-sponsored.

Yikes. Sounds like you don’t have many options.

This is one of the few cases where a VPN can actually help you.

Google Authenticator is good and I e used Authy in the past.

I will eventually.

@@AllThingsSecured aren't you doing paid promotions for Proton?

Try international.joindeleteme.com

I do not want anything ever going to the cloud, ever. I did not ever sign up to cloud associated with my iPad .

It’s frustrating, I know. Unfortunately, because a lot of the problems come from international attackers beyond your country’s jurisdiction, shielding yourself is one of the only options.

Absolutely. No harm in doing that at all.

What secure USB are you talking about? If you mean the Yubikey shown in the vid, that is not a storage device. It's a dedicated security chip with a USB interface. You're not cloning a Yubikey.

@@sothere1 The Secure USB in the video is one which has a little keypad controlling the USB controller. It can be attacked easily. Nor is your idea that Yubikey is not "cloning" the least bit realistic. You can't clone a yubikey to another yubikey - but there is no physical way to prevent a straight content rip even though this involves physical access to the underlying memory.

@@c1ue1isn’t it encrypted

@@ScarfaceLittlebee-mj2ch What does encryption have to do with it? Among other things: if you have penetrated the endpoint that the "secure" device is connected to - either the password is resident in memory or the password is going to have to be reapplied every time the drive is in operation. In either case, the encryption doesn't matter. If the attack is on the device by itself - the boot sector is 512 bytes, typically. If someone has the cash and sufficient desire, it is a pure matter of money to clone the boot sector and then slap it onto thousands of parallel cloud machines to grind passwords. At that point, the question is just how good the password is. But if the "keypad" is not intrinsically tied into said boot sector, you can attack the channel connecting the keypad to said bootsector including snooping, replay, and many other forms of attack. Pretty much every single "secure" device I have ever looked at, at the consumer level, were not the least bit secure.

Yea, I get it. And of all the security/privacy channels I watch, I tend to be the least “fanatical”. This is hardly overboard, I’m simply challenging people to really think about what they need to secure before it’s too late. And I’m not saying that your family needs to do the exact same, but if they’re not using 2FA, just understand that they pose a small threat for you.

Oooh I want a moat !!!!

Which services are you referring to? DeleteMe offers international service, aliasing is global and virtual addresses are everywhere.

Shall take a look at DeleteMe. But here In the UK hard to get Virtual, Cards, Address and Phone without spending alot.

@@AllThingsSecured deleteme says on its pricing: "U.S. residents only."... So its not international because only US residents can apply. :)

@@notknownguy as mentioned: DeleteMe says on its pricing: U.S. residents only. And I am not a US resident... If its global this should be removed. Maybe the service is global but they only allow US residents...

I’m sorry to hear that.

@@AllThingsSecured Thanks , this and your tips made me smarter now! :)

@@AllThingsSecured Have a fantastic day and please keep up a good wwork!

Thanks!

🙏

What do you mean?

@@AllThingsSecured just my opinion so much going on regarding the recent security incident over the past few months but it very informative to say the least thanks lol