✅ Watch next ▶ Why ANY Two-Factor Is Better than No Two-Factor ▶ kzread.info/dash/bejne/ZHiCrNOjd6-ugps.html

If they don't have your password, they will just say 'forgot password' and use the 2 factor/OTP if they have the sim

@askleonotenboom

2 ай бұрын

That turns the second factor into a single factor, so that's not what happens. Usually "I forgot my password" still requires something in addition to your 2FA code -- usually an email sent to your alternate email address.

@Nik-8it5p

8 күн бұрын

​@@askleonotenboom, This is what saved my bacon when some bastard stole my number, needless to say I ain't with that phone company any longer. 👍👍

Thanks Leo. I use two factor authentication and also don't bank or pay bills online.

Thanks Leo

Great video, provides a lot of relevant information in a very digestible fashion :)

Yes, I have graduated from no factor up to 15 factor authorization! :)

@er...

2 ай бұрын

Oh, I got some catching up to do!!😁

Really thanks we always learn a lot from you sir

My university has mandatory 2fa that oddly does not work on university controlled machines ( library pcs and lectern pcs)

@PeteStakk

Ай бұрын

If you mean it signs you in without needing a 2fa code, it's likely they have a conditional access policy in place that provides the 2nd factor automatically. This could be a location based policy or a way of setting approved devices etc.

My Iphone (and the one before it) regularly "forgets" my fingerprint. Very frustrating.

The next best after security keys is passkeys. I’m assuming it wasn’t brought up in this video because it’s really replacing passwords and still not available everywhere. Yet it also is a 2FA method using your device like phone and face ID. I enjoy watching your episodes even though I know a lot of what is talked about but still learn something new once in a while and is a nice refresher on things.

@StijnHommes

2 ай бұрын

No Passkeys is same factor authentication.

@KeithBarnett

2 ай бұрын

@@StijnHommes Its a password replacement

Another point: if your passkey goes on several places at once, like in your mobile and email, they only need access to one of them to steal your account. A double edged sword.

Great video. Thanks.

@er...

2 ай бұрын

Computer=machine

@er...

2 ай бұрын

You said you muted that time I caught you plagiarizing...

I'm not so much worried about a thief gaining access to my account, I'm more worried about losing access to my account myself when I lose that second factor. Misplacing a hardware key or having your phone stolen is bad enough, but if you can't log into your account to change your password because you no longer have access to the second factor, it's many times worse. And I don't even have to lose it. Sweaty hands or having wrinkled skin from swimming for a couple of hours is all it takes to not be able to log in with a fingerprint scanner. Face recognition fails in bad lighting. If 2FA is so important, they need to come up with better implementations.

@askleonotenboom

2 ай бұрын

askleo.com/two-factor-loss-risk/

A phone company manager in NJ was charging about $1000 in crypto to do SIM swaps. Bleeping Computer covered it in March 2024. Never link anything important with your phone number. You're just giving the keys to people who don't care about you.

I'm thinking if all the films where they kill you then use your face, finger, iris to open your phone.

@bv226

2 ай бұрын

Hah. But if you’re dead, why do you care? 😀

@Lili-xq9sn

2 ай бұрын

@@bv226 lol. They'll get all your money, instead of it going to your family.

That phishing at 2:40... how does a fake website know to send you the real company's code? Or how does your real website account know you are logging into a fake website that it sends you the code? I haven't met this one yet.

@askleonotenboom

Ай бұрын

It's a man-in-the-middle attack. I've got an article/video coming on that.

👍👍 JimE

Question: Let's assume that "man in the middle" on that fake site. Can it be helpful to limit the 30 second window to much less by simply waiting to copy the 6 digit code? Giving the crook less reaction time to use that code on the real site?

@askleonotenboom

Ай бұрын

I suppose, kinda, but you'd have to do that EVERY TIME you use a 2FA code, just in case you didn't notice it was a man in the middle.

If the online service is breached, can't they find a secret key in the database somewhere?

@askleonotenboom

2 ай бұрын

Nope. Or maybe yes, but that's only half of what's required. Without your matching 2factor key it's not usable.

Wonder how safe all these things are if you have Tic Tok on your phone that you use to login and get your SMS text code

@askleonotenboom

2 ай бұрын

So far there's no evidence there's a problem at all. Just a lot of FUD and posturing. I'd love to see some proof.

@curtw8827

2 ай бұрын

@@askleonotenboom Another KZread IT guy demonstrated that after installing Tic Tok on his sample device, Tic Tok directed content to him based on other apps installed on the device. He had installed a vacation planning app and a dating app, upon accessing Tic Tok similar content was directed to him based on particular searches on those apps.

@realwitness5341

2 ай бұрын

No different than if you have Facebook, X, Linkedln, etc. on your phone. They all take your info, use it and sell it. Get used to it. Oh, and so does your brand new TV set.

A dedicated prepaid SIM card for 2FA - no more SIM swap scams?

@lerssilarsson6414

2 ай бұрын

@@Band4344 Something non-invasive?