Rob Braxman is WRONG about 2FA. Here's why.
Ғылым және технология
Rob Braxman, a self-proclaimed cybersecurity expert, recently released a video saying that 2FA is a scam. But, is it really? Or was this bold statement made to get more clicks? Watch as I react to Rob's video and find out whether or not his claims are legitimate.
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured KZread channel (although we admit we're a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ Setup a 2FA Key for MAXIMUM Online Security! (Yubikey Tutorial) • Setup a 2FA Key for MA...
✅ Yubikey Bio vs Yubikey 5 | Is Fingerprint 2FA Worth an Extra $40? • Yubikey Bio vs Yubikey...
✅ So you have "NOTHING to HIDE"?? Think again. • Why Online Privacy Mat...
🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Is 2FA really a scam?
1:00 - Disclaimer: I am NOT a Security Expert
1:56 - Rob's Definition of 2FA
2:39 - Rob's Idea of a Safe 2FA
3:17 - Can 2FA be harmful?
5:39 - Lesson 1: 2FA is NOT a Scam
6:02 - Lesson 2 - Use a 2FA Key
6:21 - Lesson 3 - Consider Separation of Powers
6:50 - Final takeaway: Be skeptical of anybody giving advice online.
*********************
Two-factor authentication is far from perfect, but it's definitely not a scam. So, if you have the option to enable 2FA in your account, I recommend you do it. Rob's video is a good example of why you should be skeptical of anybody giving advice online, and that includes me. Make sure you also do your own research!
#robbraxman #2fa #yubikey
Пікірлер: 272
What do you think? Did Rob cross a line with his clickbait video or was his point strong enough to merit the argument? Let me know in the comments. And when you're ready to set up your own 2FA, watch this video: kzread.info/dash/bejne/dZx_0shueM3Jg7w.html
@whisperingwolf8217
2 жыл бұрын
I have to have a cell my ranch is off the grid , with mine I do not have internet on it and have put tape over the front and back cameras
@lonnymo
2 жыл бұрын
I am glad to see you cover this video that Rob posted. I thought it was just click bait or at the very least, not something I agreed with so I did not watch it. Yes the text type 2FA is not the best. Understood and whenever possible I do not use it. I do use either Google or MS Authenticator. Nice video.
@statinskill
2 жыл бұрын
It's a scam in that it is offered with ulterior motives in mind, such as to force people to give up their phone numbers. Just in case people like Google doesn't already have it. Because the "second factor" is usually a phone. Also 2FA hurts repudiability, because it weakens the third party stealing password credentials angle in legal cases. Of course the 2FA works and prevents casual access by your girlfriend into your email account. But depending on what you do, you may not want it. Scam yes, outright fraud not.
@pmessinger
Жыл бұрын
You're doing nothing different from those you're attacking.
@annacurransmotherofmeghanc1841
Жыл бұрын
@@pmessinger ✅ nah, he’s doing one thing very different. That’s Sh;tting on a bigger creator and using their name he put into the title as CLICKBAIT since they are bigger than him that means this video will be seen more than his other ones.👍
I watched Robs original video a while ago and it was clear to me he was talking about using a phone number for 2fa. It's a way for big tech to get your phone number.
@johngreene6783
Жыл бұрын
Big tech already has our phone numbers, which is why I wonder about a lot of what Rob says
@mq1563
5 ай бұрын
@@johngreene6783 so big tech already invades peoples privacy so we should be suspicious of anyone who doesnt want to stand in lone and help.them?
@gyurilajos7220
21 күн бұрын
Yes but if you use phone just for 2FA. and only for that you prevent linking of your activity to a real identity. Which is why it is a scam. Bank login with random subset of your password or the card reader was pretty safe for decades. Why change? Microsoft bought GitHub essentially owning all of open source and train the AI. Now they introduced 2FA too to get in on the act and clearly increasing the value of all the data they collect.
@retagainez
10 күн бұрын
Big tech can simply just ask you to make an account with them to use their software to get your phone #. They don't need to make you use your phone # as 2FA to do that...
I like you and Rob. I think many misunderstand Rob's comments. He does explain what he means by being a scam and you basically concurred that most of the 2FA is a scam. By scam, meaning a tool for them to cross reference you to various devices and or accounts. You both agreed that devices like ubikey or my favorite only key is not dependent on Google, Apple, etc. knowing who you are and what devices you have on their app.
@JRE-ut2tb
Жыл бұрын
The fact that people have these accounts and are signing up freely to hand their data over and allowing their activities to be monitored is the bottom line in all of this. I think this talk of “2FA is a scam” is just smoke and mirrors to distract from the reality that big data tracks us from the moment we create an account with them. So perhaps 2FA/MFA is in fact just a false sense of security as we are led to believe that the big threat is from the outside…
Rob is making great points though!
@views8962
Жыл бұрын
I'd give him a D on that video because the intentions were good but the communication and delivery is a fail.
@StewartStewart
2 ай бұрын
@@views8962idk. I think his intention is to sell his own privacy suite and de-googled phones. So if he's making money, then communication and fail is a success.
Rob is very knowledgeable, but viewers should not forget that he is also trying to sell you his security and privacy products. So there might be some bias. Personally, I have learned a lot from watching his videos, but I have not bought anything from him. He raises privacy/security awareness, and that is a good thing.
As a cybersecurity studient I really love your video, especially when you explained "I'm not an expert, don't trust me" ... Oh god thanks !
@AllThingsSecured
2 жыл бұрын
My pleasure.
I'm against 2FA, not because of security risks or because of privacy risk, but risk of single point of failure. I don't want phone companies or governments blocking me from access to something that I could otherwise have provable access to. 2FA is definitely 100% not provable access. You have to be "good" with whatever authority controls the phone number. Not worth it for some people.
@mq1563
5 ай бұрын
Another excellent reason why Rob is correct about 2fa as its used by most companies now (SMS) and why all things secured is talking rubbish about rob (is he paid by google?)
I'm glad you are addressing this. I've seen Rob's videos and scratched my head. We must challenge all things and stay alert and skeptical to ensure we follow the path of best practices.
Great video Josh! Glad you made this as I do trust your knowledge and suggestions. I, too, follow up on your topics with a significant amount of research on both sides of subjects so that I can weigh in my thoughts, beliefs, needs. Then look at as many pros and cons as possible and then make my final decision on what's best for me.
@AllThingsSecured
2 жыл бұрын
Good for you, Karin. Glad to hear it!
Oh, I remember when that video came out. It was such blatant fear mongering with obvious inaccuracies, and my comments were deleted when I challenged him on it.
@AllThingsSecured
2 ай бұрын
Yea, he does that. He won’t talk to me anymore because of this video 😂
@StewartStewart
2 ай бұрын
@@AllThingsSecured You should be harsher on him! He's clearly disingenuous and has a financial motive.
I love your channel. But I have a question. Accessing through imap bypasses most of 2fa but I am not really sure if bypass the security key 2fa. Do you have idea? Thanks
He never said it was a scam. He shows how big Corp uses it in an evil way to link you as a real person to all your digital activities. He even states more than once that in a cybersecurity aspect, it’s a great method. He’s referring to a PRIVACY aspect.
@gregdora
Жыл бұрын
Exactly. And how they are making your identity so secure, you loose all privacy resulting in big tech knowing way too much about you
@mikeg9b
Жыл бұрын
The title of his video is "2FA is a Big Tech Scam! You Must Resist!"
I wouldn't say 2FA is a scam but it is vulnerable. SIM Swap Attacks are real and I believe there are SIM Copies out there as well, when you or I receive a 2FA code so does the person trying to steal your identity. They basically get a text when you do. And most likely have access to your financials. It's crazy what hackers can do.
@AllThingsSecured
2 жыл бұрын
Agreed - there is no 100% fool proof security measure. But SMS text is just one type of 2FA...and just because it's not strong doesn't mean that everything else is a scam.
I think Rob is telling about the 2fa by google app.... He told that even google has Totp option they implement and promote the 2fa by google app inorder to track our devices...
@AllThingsSecured
2 жыл бұрын
I agree, and I say as much in this video...but you don't throw the baby out with the bathwater by saying "All 2FA is a SCAM!"
@PvtAnonymous
Жыл бұрын
I just remembered what he means, because my employer finally forced 2FA for our Google accounts (work accounts). I just noticed that when you set up 2FA in your Google Account, they exclusively offer using the "Google Authenticator App" whereas every TOTP app like Authy or Yubico Authenticator would and does work if you select that option. This really IS misleading and will make most consumers believe that the only option is to use Google's app. So in fact I do agree with Rob here 100%.
Thanks for the info. You've given me a lot to think about concerning privacy and security...
@AllThingsSecured
Жыл бұрын
Glad to help
i picked up pretty quick he was over sensationalising the issue so clicked on the 3 dots in the recommended videos on the right next to his video and picked "Do not recommend his channel"...
Great points, but Rob isn't wrong if you look at his context of identity/privacy management. He's advice is the same as to not have any one company have all your information. He uses Gmail only so that he can access Google services but does not use it anywhere else. Of course he is sensationalizing for clicks in part and you are absolutely right but in the end you are both suggesting the same advice.
@AllThingsSecured
2 жыл бұрын
We may both be suggesting the same advice, but based on the emails I've received from numerous people asking me why I recommend 2FA because "Rob Braxman says it's a scam"...there was a bit of confusion that needed to be addressed.
@drakezen
2 жыл бұрын
@@AllThingsSecured Totally agree, and love your videos by the way!
Yea I was confused there too for a second... him saying 2FA is a scam. The first thing that came to my mind is TOTP and the different authenticator apps I have on my phone... since like you said... these are 2FAs. Rob should have been more specific and say that "2FA using phone SMS can be exploited"... and I have read an article on this before how it is done. The best thing to do is use a password manager like Bitwarden and use the built-in random password generator it has for all your password needs. Use at least 20 characters long of random letters, numbers, special characters with a mix-up of small and capital letters. Even more important is secure your password manager with a long master password (at least 16-20+ characters long) that you haven't used anywhere else. It's even better if you can afford to use a hardware 2FA authenticator like Yubikey to secure your most important accounts. Just make sure you buy a minimum of 2 keys so you have a back-up.
Question for you: I'd love to change the 2FA to log into my bank's online banking site from SMS to TOTP. The only option they offer (and they're a major bank, one of the biggest in the US) is SMS. Is there anything that I can do about that?
@AllThingsSecured
2 жыл бұрын
Unfortunately, banks are one of the worst when it comes to 2FA. Most - even the largest ones - only offer SMS 2-factor authentication. Nothing you can do about it except complain to your bank.
@MissBabalu102
Жыл бұрын
Complain and then take your money to a better bank. . Maybe support the local credit unions.
@MrWhipple42
Жыл бұрын
@@MissBabalu102 Yeah, my primary financial institution is a credit union. I just have this one credit card with specific perks. I've been a big fan of credit unions for decades.
@BillysFingers
Жыл бұрын
My credit union here in Australia uses SMS too. I don't want to change because they're excellent with their services, but i really wish they'd address 2FA properly.
"you also have the option to use authenticator apps and security keys". Wrong, most banks don't give you this option but force you to use SMS messages and lose your privacy. Its an excuse to get more data on you and opens you up to SIM jacking frauds which actually reduces your security.
Does anyone know if a security key works with crypto currency exchanges when buy and sell limit orders are set up? Will the orders fill?
He also says that altering the imei of a device is a federal offense and That is exactly what he does with His Brax 2 Phone a Udigimi A9 with his own Os on it and he spoofs a Pixle 4a IMEI so that his phone isnt blocked by us carriers
I keep getting pop ups on boot up synchronise all devices WTH That's how hackers not only take control of a device but your id access to everything.
Great video! Well explained & very much needed. 👏
@AllThingsSecured
2 жыл бұрын
Thanks! Really appreciate that.
Josh, I always appreciate your videos because you consistently present your ideas as suggestions, not one of "The Ten Commandments". You offer food for thought that begins a discussion and research from which the user can make their own decisions to do or not do. You clearly note that there is seldom a one-size-fits-all solution or THE answer. Kudos.
@AllThingsSecured
2 жыл бұрын
Thanks so much. I appreciate the kind words.
In most 2fa occasions, the app providers already know your registered identity which is the target for 2fa to protect. When talking about privacy here, it is about how you can prevent the app provider to link your registered identity with other identities or identifiers you might have. 3rd-party open-source TOTP is a more reliable solution than the authenticators provided by big companies. It maybe less secure but definitely more private. I think this is what Rob mentioned.
4:43 when you sign up for a Google account they require auth by phone.
You sure do 'passive aggressive' very well. Glad to see that you wouldn't use 'click bait' [Is 2FA a SCAM? (I react to Rob Braxman's video)]. I notice Rob has many more subscribers than you do.., I have an idea use this title 'Is 2FA a SCAM? (I react to Rob Braxman's video]', and then 'virtue signal' a desperate offer for him to come on YOUR show... Your purpose here is malicious, knowing that 'is' helpful.., a verbal thumbs up for that.
@STONE69_
Жыл бұрын
Its not so much the Subscriber count thats important, its the amount of views and time spent watching. When views are low the creator makes a video like this to pull people from another channel. Rob does this also, its all about the views, to make a living.
@dn734
Жыл бұрын
@@STONE69_ 'Fair play' if that's all it was.., but the "self proclaimed" comment, and being accused of ''click baiting', aren't meant as compliments. Dude comes across jealous, desperate and hypocritical with a 'Stelter like' delivery.
@STONE69_
Жыл бұрын
@@dn734 2fA is just another way for big tech to to track your other devices or devices, so in a way, they are trying to fish people into this. I don't sync my devices or do 2fA, its none of their business. I also use Linux and use the 2 Browser system. Once my phone is done, I will use something like Lineage. In my opinion Rob is right, it is a scam.
@dn734
Жыл бұрын
@@STONE69_ Yep, this Stelter like 'All Things Secured', is jealous of Braxman.
I gotta tell you.... I don't know why you made this video. I watch you and Rob and other privacy oriented channels (and instant karma and cat videos). Anybody that watched his vids, as you say you do, knows that he is talking about SMS text 2FA as being unsafe. He's made dozens of videos about it. Thanks for the 99.99999% of the videos you make. I'll finish this one, even like it, but, I hope you don't continue down this path.
@AllThingsSecured
2 жыл бұрын
Thanks for watching the video, and hopefully by the time you were done you saw that he's not just talking about SMS text 2FA. That was literally just the first 30 seconds. What he's railing on is the requirement by many companies (i.e. Google) to download a special app (Smart Lock) in order to use a 2FA key to log into Gmail. And I agree with him - that seems unnecessarty, but that doesn't mean that all 2FA is a scam.
@jellybean7253
2 жыл бұрын
@@AllThingsSecured Thanks for the reply. I will rewatch and re-evaluate. I am always open to discussion. I don't always agree with Rob, nor, anybody else for that matter. Thanks for always presenting an intelligent view of things. Cheers
You're good with the titles lol
Yeah he does that... Standard KZreadr click bait & drag the video along, to make it longer than it has to be.
I'm that apple guy. :D You can even store passkeys in Keychain, just like an Yubikey but it's stored in the cloud, yay! :-) But I think about securing at least my Apple ID with Yubikeys. Is the YK5 more robust than the YK5C? (I feel the usb c connector may me not that robust...?)
2FA texting may not be the best method, but it has saved me from people being able to log into a few accounts where I activate it. Usually, this is a result of me being lazy and reusing the same password for multiple sites and I guess one of the other sites had a security breach. It's my, "Hey dummy, you need to change your password now." Obviously, I use separate, unique passwords for my email and bank accounts so that can't be gotten from a security breach on a different site.
@AllThingsSecured
2 жыл бұрын
Glad to hear it saved you! And if it’s the only option, use it for sure. But when TOTP (Authenticator apps) and 2FA keys are an option, I would opt for that every time instead.
I have watched a lot of Rob's videos and I really have to wonder about him and his advice. I do my own research which includes watching his videos, your videos and many other videos from other content creators. In addition, I also do a lot of web based research. From that point, I can digest all of the information and make rational decisions. Sometimes I really believe that Rob is way off the rational cliff
Unfortunately many services ONLY offer SMS 2FA.
@AllThingsSecured
2 жыл бұрын
This is rapidly changing. Most services now offer the Authenticator app option and are slow to adopt the FIDO security key option.
@artistryartistry7239
2 жыл бұрын
@@AllThingsSecured I was looking for banks the other day that offer operability with authenticator app. Can't find ANY. Ridiculous.
Enjoyed the video and love the T-shirt!
@AllThingsSecured
2 жыл бұрын
Ha! Thanks 🙏
I think that this is an overall good discussion, mostly in the comment section.
@AllThingsSecured
2 жыл бұрын
Thanks.
I used to be subscribed to Rob but he became too 'Big Brother is out to get me' along with constant clickbait. Said goodbye after his 'antivirus does nothing' video. I can direct him to a few other professionals that DO work in pc security that showed the complete opposite.
Love the tshirt Josh
@AllThingsSecured
Жыл бұрын
Thanks 🙏
Apple has a built in Authenticator in passwords.
Rob sells de-googled phones, now you gotta admit that sounds pretty slick.
Rob uses FEAR TO PROMOTE HIS PRODUCTS and he doesn't care about educating people in privacy
Greatly delivered!!!! Always with you👍🙏
@AllThingsSecured
2 жыл бұрын
Thanks again!
I worry about cyber criminals making charges on my credit cards and making withdrawals from my bank/investment accounts. I don't worry about Google because I don't think Google would do that to me. I can't think of any way Google would hurt me. Google can't even show me ads because I use an ad blocker.
bravo for this video and how you deliver it! Love such content!
@AllThingsSecured
2 жыл бұрын
Thanks so much, Stef!
I use my security key with my phone all the time just keep a usb c adapter with Me
@AllThingsSecured
Жыл бұрын
Yup. Or you can buy a Yubikey 5Ci that has a lightning adapter.
4:36 Google does now
The poster of this video does not understand english. He has shown a statement made by the other guy saying that 2FA could be done without revealing personal data (which is the main issue that this other video is focusing on, it does not criticize 2FA as non secure but as a way to obtain personal data) and the guy in this video responds immediately after the very clear sentence from first guy is over by asking mockingly what does he think is a secure way to do 2FA. Mastery of language should come before any pretense to understand any technology.
@AllThingsSecured
5 ай бұрын
Ha! Another mindless Rob follower has joined the chat 😂
@AlainPaulikevitch
5 ай бұрын
thanks for proving my point by showing a bully's attitude along with an inability to use language to answer on topic. for info i am not anyone's follower just pointing your inability to tell the difference between the words privacy and security. good luck with becoming an expert that does not need to advertise that status but would rather have said expertise recognized by a discerning audience that immediately gets the subtlety of your views, and should we be thick enough to not instantly recognize the expert in you perhaps you could take a couple of minutes to explain that you're not the kind of expert that advertises himself as such because that would be untoward. @@AllThingsSecured
Interesting - I think his video could have been better such as "you're likely using a poor method of 2FA". Text 2FA is HORRIBLE Irony for me is, I'm using MS Authenticator for just a few things that need the most security but I still have a Authenticator backed up to my MS account in case my phone get's trashed lol, am I shooting myself in the foot tho for doing this?
@AllThingsSecured
2 жыл бұрын
Not really. Is there possibly a better way to do it? Probably. But you can work toward that. You're not "shooting yourself in the foot" in the meantime.
@hiddenlawyer
Жыл бұрын
A lot of companies will offer the option of single-use backup codes in the event of loss of your authenticator app, I believe MS is one of them. You should be very careful with them though, they can be used by anyone who has access to them, so keep them in a safe place. People will typically either print them and put them in a fireproof safe or store them in an encrypted file, both options with multiple backups (on and off site).
@mq1563
5 ай бұрын
@@hiddenlawyer never write you password on a peice of paper they used to say. Now thats considers the best security advice by the worlds largest tech companies.
@hiddenlawyer
5 ай бұрын
@@mq1563Ha, yeah it is funny how it came to that. I personally go with the encrypted vault on my NAS that is also using a zero knowledge encryption backup service, but not everyone will put in that level of effort and money into just protecting 2FA, you kinda have to already have a lot of that in place. The trend here is decentralization, pushing the ability to override authentication to the edge so there isn't a single target with a high payout, now adversaries have to start shifting to attacking individuals. At least when someone uses a 2fa recovery code, there is (usually) a notification that goes out, so hopefully you will at least notice an issue.
I'm fairly certain that the "first form" wasn't text message based, given that I recall carrying an RSA token for years before smart phones.
@phr3ui559
9 ай бұрын
ok
Security key !!!
why cant they have 2fa where an actual person calls you , gives you the code and helps you if your having problems with it ? what if i dont want to give a company my email or my phone number?
Ok, not even 10 seconds into the video and already you are wrong. Rob did not say "ALL" 2fa was a scam. He said that you should use 2fa that does not require you go give up your personal phone number.
@AllThingsSecured
4 ай бұрын
Haha! Appreciate your feedback. Definitely don't care about Rob's coattails, I can tell you that much. I produced this video because so many in my audience saw at least the thumbnail and first few minutes of Rob's video and emailed me asking if 2FA really was a scam. Because Rob's video is very misleading. But hey, I can already tell that you are one of those people who is going to defend Rob no matter what I say, so... :)
An exaggeration to say Rob Braxman claims "All (my emphasis) 2FA is a scam". He doesn't say that about its use with banks.
@AllThingsSecured
5 ай бұрын
The title of his video is literally "2FA is a scam"
@SpiritintheSky.
5 ай бұрын
Point taken. For information, I use Yubikeys whenever possible. I wish my bank and building societies, here in the UK, would allow it. With them, I use particularly long passwords, frequently changed.@@AllThingsSecured
Not a security expert, but is in the IT field. Yes, Mr. Braxman is being sensational. I think what Mr. Braxman may be complaining about is Google's push to make your smartphone the 2fa device. Right now if you enable 2fa on a google account and you do not use a hardware key, the google account will default to using a smart phone authentication as 2fa. When you log into the account, you will get a notification on your phone to approve or deny. You can tell the account to use a different method then use TOTP, but by default the smartphone is used and there is no way to override that default unless you disassociate the account from the phone entirely. I think Mr. Braxman is more concern with privacy than security. If he really wanted to be secure, he would push yubikey. Perhaps he does not because it's probable that hardware key can be used to ID you, but frankly they are not widely used enough in my opinion to bother. I agree with you that 2FA of any kind is better than non, but hardware key > TOTP > SMS. Now if we can only get more people to adopt hardware keys.
@AllThingsSecured
2 жыл бұрын
No, I don’t believe that a Yubikey can be used to ID you, and if Rob was more concerned about privacy, he would call himself a “privacy advocate” and not a “cybersecurity expert”.
You recommend to separate apple browser from Apple maps etc.but ypu recommend 2FA which connects two formerly separate activities. I'd be careful about critiquing Rob, he's clearly an expert and genuine.
@AllThingsSecured
2 ай бұрын
Clearly. You know, cause he’s on KZread.
Nope. Rob Braxman is the one to trust ... NOT his detractors.
@AllThingsSecured
4 ай бұрын
Then you can stop watching this channel and continue with the FUD 😂
@scotthullinger4684
4 ай бұрын
@@AllThingsSecured - I surely will, because I know truth and intelligence when I encounter it. And that ain't YOU -
Damn love your t-shirt. Hopefully one day I will maybe be able to wear it.
@AllThingsSecured
2 жыл бұрын
Ha! Glad you like it - it’s actually the brand that a friend of mine created.
Word
@AllThingsSecured
2 жыл бұрын
👍
Count me as one of those who wasted time watching the original video for 25 mins! I did wonder how it worked out that the solution to 2FA was to use 2FA back then when I watched it even to the point to actually look up TOTP to see if I was misunderstanding the difference as I always thought it was pretty much the same. Good informative video from yourself Thank you for clarifying I am not totally losing my marbles trying to work out why I could not see a huge difference in what Rob was saying!
@AllThingsSecured
2 жыл бұрын
Yea, Rob's video ended up confusing a lot of people, so you're not alone.
@mq1563
5 ай бұрын
How do you not see the privacy difference between giving a phone number to a company to send texts (for 2fa) and using an anonymous TOTP verification that'd does not (for 2fa) . Rob was clear about the difference. Its not confusing a phone number is tied to many things. TOTP is not tied to anything at all.
@Nodster
5 ай бұрын
@@mq1563 I had to rewatch the video to understand why I made this comment over a year ago and to be able to better respond to you given the the comment was made over a year ago. The confusion was over "2FA is a scam" and "you can beat 2FA by using 2FA" that Rob implied in his video. At no point did I mention 2FA over text messages, So I don't even know why you are trying to imply that as my confusion and given how easy it is seemingly to get a mobile operator to send out a new sim card for your account to someone that is not you I would have in no way ever implied that 2FA over text was a good thing anyway. I see you are trying to explain away the difference between "2FA" and "TOTP" but the reality of it is there is no difference between them and there has not been for a very long time. There are countless website that will call it either "2FA" or "TOTP" and use the exact same setup like mobile authenticator, back up text message authentication, recovery codes etc etc My bank uses the term "TOTP" and use their own banking app as the authenticator to send codes but also text message as an option and those codes are time based too so it makes your point of trying to define a difference a little moot given these days there really is no difference. All Rob did was create a clickbait video that served one purpose and that was to confuse the less tech savvy but I guess clicks = monies to him and not much more. I will go out on a limb here and say that having 2FA/TOTP via text message is still more secure than not having one at all even if it is only marginal but then the average person is not likely to get their phone number spoofed either are they? The exceptions really are people with influence or power or wealth as they are a higher priority target than the average person and KZreadrs should take notice and probably not use 2FA/TOTP over text message any way.
@mq1563
5 ай бұрын
@@Nodster you are confused. TOTP is not the same as the kind of 2FA which uses a mobile number. TOTP requires no phone number. It doesnt even need a phone.
@mq1563
5 ай бұрын
There is nothing secure about giving your phone number to a foreign transnational company like google that makes every penny it has from selling your data. Trusting them is the opposite of good security.
Maybe you should have had a conversation with Rob before pulling the trigger on your click-bait video and calling out someone else who by your own admission do not know and more than likely don't understand! Where does Rob say he uses Gmail? Get your facts straight before falling for peer pressure/ putting the cart before the horse video creation.
@BillOldsen
2 жыл бұрын
Just like Television, if you don't like what is on one channel, change it to something you do like or agree with. The internet and KZread provides lots of options!
@BillOldsen
2 жыл бұрын
And posting clips rather than Rob's entire video is misleading and takes his words/meanings out of context which makes your viewers think Rob is misleading everyone. Kicking Rob under the bus before knowing his true intentions and talking to him about something you are confused about is disinformation and disingenuous on your part. If you want your followers to respect you, engage brain before putting mouth/keyboard in gear!
@AllThingsSecured
2 жыл бұрын
Thanks for the feedback, Bill. I'm not sure if you're worried about Rob's feelings here? He's a big boy, he can handle it. I'm more worried about my audience. I have tried reaching out to Rob but he hasn't wanted to interact with me. I've received more than my fair share of emails from my audience who were confused by his claim that 2FA is a scam, so I felt like it was worth doing a reaction video. You can disagree with somebody you don't know, and do so respectfully (which I tried to do). I believe I do understand what he was trying to communicate, and I agreed with him, but in the end, I wanted to set the record straight and I'm sorry if you think that's putting the cart before the horse.
@BillOldsen
2 жыл бұрын
@@AllThingsSecured Yeah I know he's a big boy and can handle it, doesn't make it right to kick someone under the bus because you disagree with the way he presented it. I guess in this day and age people get itchy trigger fingers when their followers get confused and put pressure on someone they follow to say what THEY want you to say and what they want to hear. Speaking of being a "big boy", I'm sure most of your followers are as well and can change the channel to people like you whom they most agree with or turn it off - pretty simple really! But again, people would rather post a video for the public to hear and kick someone else down because they don't understand someone else. What happened to the live and let live mentality? The age of the internet has brought out the, "Internet Tough Guy" mentality and makes it very easy to trash talk someone else as you don't have to face the other person. Sounds like the liberal democrat fake news mentality. You may not be a liberal, and rino's aren't really republicans either.
@BillOldsen
2 жыл бұрын
@@AllThingsSecured If by your own admission you agree with him, why do you feel the need to as you put it, "set the record straight"? If you truly agree with him which I find hard to believe as you felt the need to post this video, what is the purpose?
I left a comment there before coming here lol but yea basically watched his whole video and its not that anything he said was wrong. I think that actually the majority of it was right but his title is misleading and forces you to watch the rest of the 30 min video to even hear there is a safer alternative. I do think its a little strange that he would have suggested using google authenticators over a open source one like aegis , just as i thought it was odd he said he used google voice instead of using private VOIP services in the past. these couple of things he mentioned kind of go against his purpose of avoiding big tech. that being said as i criticize his title i will slightly also criticize yours. your video suggests he's completely wrong. which also isn't the case, all he said was mostly valid and he did suggest TOTP which you say is accurate too. His title should be "don't use big tech 2fa there are better alternatives" Your title should be "Rob Braxman has a misleading title about 2fa"
@AllThingsSecured
6 ай бұрын
Ha! I appreciate the feedback. I think the only place where you and I disagree is that I do think he goes too far on this idea that Google Authenticator is somehow a honeypot. Yes, I agree that requiring your mobile phone connection is a negative, I would say that using Google Authenticator without cloud backup is just as safe as using Aegis. I push back against his whole extreme mindset that says everybody is out to get me. So in short, I do think he's wrong. If he spends the first half of the video explaining how 2FA is a scam, only to take a few steps back in the second half of the video (when at least half of his audience has dropped out of the video statistically), I'd call that wrong.
@fakeaccount829
6 ай бұрын
@@AllThingsSecured it's just a matter of trust. Aegis is open source, which is always a green check in my book. Not because open source cant be malicious but devs showing us the code is sign of trust. And most of them do it out of the love of developing software rather then profit. Google on the other hand has this terrible track record of siphoning user data and selling it, and does everything for profit. I'm sure that you're probably right about Google authenticator but I personally feel much better using aegis 😅 just my opinion. No disrespect I appreciate all you do.
That Guy i don’t take anything serious he says....What a Quack!!
Now this is a click bait lol
Robs the man and he's a pioneer in making people aware of how we are digitally raped by big tech, law enforcement agencies and our employers. He knows his stuff and I understood what he was saying in his video and can also read between the lines in KZread video titles and the message of the poster.
@MarcoFlores-um7cj
10 күн бұрын
He is a sellout lol.
Hackers love Robs idea 😂
I use 5FA.
Rob is also trying to sell something,when someone is doing this be skeptical.
@AllThingsSecured
2 жыл бұрын
Also true.
@trappedcat3615
2 жыл бұрын
Everybody is trying to sell something. This is KZread. Ads, affiliates, sponsors, personal website, patrons, etc etc... Let that go. Look at how they are trying to sell you something and what they are selling.
Get raided and they have your key. The Government can take your keys from your apps. They can and do track you by 2fa (meta data)
@AllThingsSecured
Жыл бұрын
Ok. It’s a depressing worldview you have.
@phr3ui559
9 ай бұрын
with sms 2fa or totp?
All that is hidden will be revealed
@AllThingsSecured
Ай бұрын
How so?
I've never been a Rob Fan. I find his video's comfusing.🥴🥴🥴
Rob is correct. 2FA only protects amateurs from their parents or brother, not the FBI or NSA.
@AllThingsSecured
2 жыл бұрын
That wasn't even Rob's point so...???
@B-a_s-H
2 жыл бұрын
Bob is correct. Sunscreen only protects you against UV radiation... It's useless against a Nuke.
Love the T-Shirt!
@AllThingsSecured
2 жыл бұрын
👍🙏
Oh that’s going to be a very good one. What about is phone ?
@AllThingsSecured
2 жыл бұрын
I've never used his phone and don't plan to, so I can't say either way.
This issue stopped me before you even addressed the content. You said you exchanged emails with Rob Braxman. Really? Your claim of exchanging emails with Rob is hard to believe because Rob is known for using his own social networking site instead of email for all communications.
@AllThingsSecured
2 жыл бұрын
And yet somehow…we’ve emailed back and forth. I know I can’t force you to believe me, but it seems like a pretty stupid thing to claim if it wasn’t true 🤣
@gregdora
Жыл бұрын
@@AllThingsSecured Either you are talking about a different 2FA video then the one I watched, or you watched it and "not so smartly" missed the point he was making about how big tech is are doing everything they can to identify you for advertising aka manipulation. I would have expected Rob to have pointed this out in any follow-up conversation. He appears passionate about striving to be anonymous
Thank you for this. I’m very familiar with Rob Braxman’s videos and I’m glad someone finally called him out on it.
@AllThingsSecured
2 жыл бұрын
Thanks for watching and commenting!
Not sure the point of this video tbh. You basically said the same thing Rob said when I watched his. Only difference is that he padded his with a fair bit of explanation. While I agree that his title could be better I think his explanation made a lot of sense to me.
@AllThingsSecured
Жыл бұрын
I obviously disagree. Rob had to pad his with a “fair bit of explanation” because he was making broad, incorrect statements (“2FA is a scam”). When you say half truths, it takes a lot longer to explain them.
@kafadek825
Жыл бұрын
@@AllThingsSecured can't argue about the title part. Could definitely have been better. But the content though upon watching made sense.
Nothing rob said was incorrect except that TOTP is technically still a form of 2FA, but its obvious that he was specifically criticising googles alternative form of 2FA using SMS. He also explained why he has to use Google services for his living, opting out will ruin his livelyhood. You didn't address the specific points he made anyway. In fact you said very little at all, just trying to create FUD. I've noticed exactly what Rob was talking about and frankly its one of the best internet security videos he's made. Yubi is a fine alternative but costly compared to free TOTP which can be backed up on paper.
@AllThingsSecured
6 ай бұрын
😂😂😂😂
Ouch… you didn’t understand what rob is saying. To accuse him of click-bate's is - to put it nicely - ridiculous. All your statements drive inexperienced viewers right into the trap of big tech.
Rob is much more knowledgable than you sir.
Totally Trolling 🤮
@AllThingsSecured
2 жыл бұрын
Trolling me? I'm confused.
I had my 2fa hacked lol so......
@AllThingsSecured
Жыл бұрын
What kind of 2FA?
@Hecurles-sz1jz
Жыл бұрын
@@AllThingsSecured Facebook and Google and Snapchat.... I can't seem to fix them
When are you going to have Google free phones with removable batteries and removable ad cards?
@AllThingsSecured
Жыл бұрын
Wrong channel. I don’t do that.
Got a Snyk ad before the video 👌
@AllThingsSecured
2 жыл бұрын
😂😂
Not very convincing
"self-proclaimed security expert" as described by a self-proclaimed not security expert? Maybe he knows something you don't-more than this.
@AllThingsSecured
Жыл бұрын
😂 There’s a name for someone who allows a source to determine their own credibility: GULLIBLE. 😳
My BS detector goes off easily with this guy (All things secured guy).
You misinterpreted Rob’s intent.
@AllThingsSecured
5 ай бұрын
I don't think so. I think his intent was to spread FUD so he could share how much he hates big data, and in the process he smeared a security technology (2FA) that is very much valuable.
I unfollowed Rob specifically because of his approach to conveying the information. I've seen the video in question and it's the video that turned me off to Rob's channel and ideas.
@AllThingsSecured
2 жыл бұрын
Yea, I get that. And this video always struck me as odd.
@bruceli9094
Жыл бұрын
Todd you are a Globalist shill
Hi Josh, I'm Josh. Great video, very well articulated. I appreciate the straightforward delivery.
@AllThingsSecured
Жыл бұрын
My pleasure, “other Josh” 😉
@josh3326
Жыл бұрын
And I’m Josh too. 😊
Rob messed up because he didn't describe it for those with a 3rd grade comprehension level, so it's confusing to some. Unless you use self hosted 2fa like Authelia, it pretty much a scam, so they can gather information to sell.
@AllThingsSecured
Жыл бұрын
I’m so glad we have such highly educated people such as yourself to help us poor stupid folk.
@AllThingsSecured
Жыл бұрын
I’m so glad we have such highly educated people such as yourself to help us poor stupid folk.
SMS 2FA is a scam.
@AllThingsSecured
4 ай бұрын
Scam? I don't think so. Is it the most secure? Undoubtedly not.
@synonys
4 ай бұрын
@@AllThingsSecured it’s offered as a way of collecting PII, no reason to restrict access to TOTP without providing a phone number.
I wonder why Techlore comment disappeared 💨
@AllThingsSecured
2 жыл бұрын
Which Techlore comment? I didn't see one on this channel.
@skepticalattorney869
2 жыл бұрын
@@AllThingsSecured unfortunately you narrowly missed it, briefly you have "done" what he couldn't as he said. Poor boy needed a big daddy like you and then he was slapped and pouf gone💨
Something something only the Sith deal in absolutes. Title is trashy for sure, he is probably against legacy 2FA via SMS. Every feature in my YubiKey is a form of 2FA and non require my phone number. It's only crummy companies that make you setup phone 2FA. (I know the vast majority still do. And I will continue to call them legacy / second rate)
@AllThingsSecured
2 жыл бұрын
Yea, I think the more we move toward the FIDO standard for 2FA security keys, the better off we all are.
Not gonna lie, 2FA saved my life a couple of times when my personal data had been compromised.
@AllThingsSecured
2 жыл бұрын
Glad to hear it! Keep using it!
I think you don't need to use Rob's name to drive this channel. You don't look good doing this. It's a lack of respect
Rob is a privacy expert, not a security expert. There is a difference. Rob comes at this from the angle of not wanting to share data with big tech. 2FA is another interaction with big tech that can reveal personal data. Rob seems to mainly be thinking about political activists in places where big tech might provide data to the authorities, or places where that might be an issue in the future. PS Rob has to use a Google account for his KZread account.
@AllThingsSecured
2 жыл бұрын
I would agree with you, except Rob’s own website does not say “privacy expert”…he self-identifies as a “Cybersecurity Expert”. You’re right that there is a difference, but Rob is not a shining example of what that should look like. He’s not well-respected in the privacy and security world.
The old Asian dude just clickbaiting! Thats it! Do not think so much for him...
I think you could have learned most of what you've said on your channel from Rob and that you are doing the exact same thing.
I still respect Rob Braxman very much. He escaped a communist country at a young age and is not naive. These are strange times on a global scale, so be much more private and careful. (I say that and post on googleyoutube all at once. Sigh...)
@mq1563
5 ай бұрын
The Philippines is not a communist country. It has been capitalist for as long as european imperialists first conquered it. Its also highly religious, majority catholic.