How to Protect Outlook w/Security Key- Embrace Passwordless Future!
Вставка
- Опубліковано 12 вер 2024
- In this video we explore how to make your outlook.com account more secure in 3 ways: 1) Adding a hardware U2F security key, 2) Linking the Microsoft Authenticator , and 3) Removing the requirement for a password. Microsoft is embracing a passwodless future.
In a previous video we detailed what was thought to be a flaw in adding a security key to outlook.com. Please see: Outlook Potentially Hackable with Yubikey • Outlook Potentially Ha... . This updated video (Hack Proof Your outlook.com) explains that full security of the hardware key is only available, if you remove the requirement for the password. This is a different approach from all other web based email systems: Gmail, Yahoo. AOL, Tutanota, Protonmail, etc. All of these email systems still require the use of a password, even after you add the hardware security key for authentication.
Help Support the channel Amazon Associates links:
Yubico - YubiKey 5C NFC
amzn.to/3NpMrcj
Yubico FIDO Blue Security Key NFC
amzn.to/3Zox8Vh
Yubico YubiKey 5C
amzn.to/3je5gm5
Yubico - YubiKey 5C Nano
amzn.to/3GDf5Di
Yubico - YubiKey 5C NFC
amzn.to/3VF9QY0
Yubico YubiKey 5 NFC
amzn.to/3X2r9TS
Yubico YubiKey 5 Nano
amzn.to/3QmDO20
AuthenTrend Security Key USB-C: amzn.to/3BMFXxJ
AuthenTrend Security Key USB-A: amzn.to/3W2zyXk
AuthenTrend ATKey Card - FIDO2amzn.to/3PEFhQD
AuthenTrend ATKey.Hello USB amzn.to/3FEx76q
AuthenTrend Fingerprint Crypto Wallet amzn.to/3v7Zuot
AuthenTrend AT.Wallet + ATKey Pro USB Type C amzn.to/3W5A2Mm
AuthenTrend AT.Wallet + ATKey Pro USB Type A amzn.to/3BKTMgd
Feitian Dual-Connector iOS USB Security Key amzn.to/3YM4Q6K
In a previous video we detailed what was thought to be a flaw in adding a security key to outlook.com. Please see: Outlook Potentially Hackable with Yubikey • Outlook Potentially Ha... . This updated video (Hack Proof Your outlook.com) explains that full security of the hardware key is only available, if you remove the requirement for the password. This is a different approach from all other web based email systems: Gmail, Yahoo. AOL, Tutanota, Protonmail, etc. All of these email systems still require the use of a password, even after you add the hardware security key for authentication.
BitWarden Video: • Bitwarden Secured with...
Music Intro: Artist: audionautix.com/
#securitykey #yubikey #passwordless #password #security #securitybreach #security #fido #2fa #authentication #authentrend #biometric #biometrickey #biometricsystem #biometrics #identity #key #multifactorauthentication #encryption #passwordmanager #bitwarden #outlook #microsoft
I really appreciate your time and dedication in making this type of content based on our digital security, big hug bro
Thank you for the feedback it means a lot. Hope you will press like on the video and subscribe to the channel. Please let us know if you have any questions.
In a previous video we detailed what was thought to be a flaw in adding a security key to outlook. Please see: Outlook Potentially Hackable with Yubikey ua-cam.com/video/7HHFnMMBExU/v-deo.html. This updated video (Hack Proof Your outlook.com) explains that full security of the hardware key is only available, if you remove the requirement for the password. This is a different approach from all other web based email systems: Gmail, Yahoo. AOL, Tutanota, Protonmail, etc. All of these email systems still require the use of a password, even after you add the hardware security key for authentication.
im confused i have keys but i allso have 2 other emails that only work with pw an key. isit safe to add the pasworldes to if i have keys :S
@tommy-qy9lp it can be confusing sometimes. Microsoft has implemented as a passwordless account so that you can just use the key without a password. Some email systems are requiring the password and the security key. Passwordless accounts are considered fido2. Sites that use the key and require a password are considered fido u2f. Both are secure.
@@tommy-qy9lp please let us know if you have any specific questions and reach out to ask for help.
@@tommy-qy9lp do you need any help?
at 4:07, what happens if you click on "i don't have access to my authenticator app"
What do you think about Microsoft's implementation of the hardware security key? Would you prefer they kept the password option?
can we put many account on one yubikey??
@@faucetheaven3423 There is no limit of FIDO U2F or FIDO2 Webauthn accounts (what is shown in this video), since they use dynamically generated public/private key pairs unique to each account. But if you use Yubikey for storing Authentication TOTP codes the limit is 32 accounts. Thank for commenting & subscribing! Hope you gave the video a thumbs up. Let us know if you need any help.
@@CyberMedics thanks alot
On FIDO2 U2F there is no limit. FIDO2 passwordless account there is a limit of 25. Please view and comment on our detailed video on how YubiKey security keys work.ua-cam.com/video/TKhbGqHrZiQ/v-deo.htmlsi=etqTh3fWXA0k4VHG
What did you ultimately decide on security key is?
I saw it and at the moment my account is configured exactly this way, but I would like to remove the option to request access through the app and just keep the yubikey because I am not sure if this way is the safest (if someone can generate the codes through the app). Another way would be how I have configured it on Google (first it asks for the password and after that step, it asks for the yubikey), this way seems safer to me. As in the video, if someone bypasses the microsoft authenticator, they gain access to the account and do not need to have the yubikey.
Totally agree. What good is the key if all you need is the app. I like Google's implementation better. All things Microsoft...overly complicated and sometimes nonsensical.
You may want to check out our videos on AuthenTrend’s biometric key. I think their implementation of the biometric process is much better than Yubico's.
We were able to create a video on bypassing the windows hello pin and forcing the Hardware security key for a profile tied to a Microsoft account. You may want to check out that video also
@@CyberMedicsFantastic, just one question: is it work in windows 10 also or just windows 11? Thanks for sharing your knowledge.
@@stormshadow0007 ua-cam.com/video/SKDkTg3YNeU/v-deo.html if you don't mind please come in on the video. I think it probably would work the same.
If you have a bunch of unsuccessful sign-in attempts currently with a password protected account that show up daily in Microsoft's activity log, will that translate in each one of those requests popping up on on the authentication app each time some random person is attempting to access our account? If so that would be a deal breaker for me.
Thanks for commenting & subscribing! Each time someone tries to access the account, a request will be sent to the authentication app phone notification. This is only true for the passwordless account. It will not pop up if a password is tied to the Outlook account. Hope this helps. You may be interested in our authentication app play list: ua-cam.com/video/RSihF3hNxbA/v-deo.html Giving the videos a thumbs up supports our efforts helping others. Let us know if you need any help.
@@CyberMedics Sounds like there's a security hole whereas someone could try to access your account and the request is approved on your phone even if you didn't intend this such as a family member pressing "Approve" when they don't know what they are doing.
@@butmunchass Yes, the phone is an attack vector if someone has access to it. Thanks for commenting and subscribing?
Its possible to have this security process to login at WIN 10?
Yes you can use the authenticator app for login to Windows 10: docs.microsoft.com/en-us/answers/questions/571281/can-i-sign-into-windows-10-pc-with-authenticator-a.html
It's annoying you HAVE to use MS authenticator. I don't want to have two different authenticator apps on my phone. Dumb. Make it universal
I agree, but you can use the MS authenticator for all accounts.
@@CyberMedics MS Authenticator can be used to authenticate MS services and apps and also as an OTP generator for other services. If you're on Android, Google authentication prompts use the Google system app, so you don't need to install another authenticator.
@@fallinginthed33p I also like the fact that it has cloud backup for both Android and iOS. So if you ever lost the app on the device or the device you could reconstitute the accounts. Thanks for commenting.
u dont need the app and disable the password for log in with the key just enable pass and disable app auth put the email and the opcion apeard to log in with security key
Thank you for the comment and explanation.
Hello, thank you for the video. I am a little confused. Can I use Gmail Yubikey secured accounts in Outlook via this metode? So when I log in to Google in Outlook, I no longer have the problem that the Yubikey verification fails?
I look forward to your answer, greetings from Spain
Hello from U.S. appreciate you subscribing & liking the video. Gmail secured accounts are separate. Logging into Google is separate from logging into outlook. However, you can use the same key on both accounts. Each time you register the key to a new account, a new private/public key pair is generated specific to each account. Not sure what you are referring to...."Yubikey verification fails?" Please give me a specific Time Stamp if your are referencing something in the video. Thanks for the great question. Would love to visit Spain some day!
Did we address your concern?
Great video, thanks however I followed the procedure but why is it that without the jubikey inserted and just entering the pin code it allows me to log in.
What I really want to do is that everytime you login into outlook it will ask you for the key and touch the key. I just dont know.
You are probably not clearing the cookies on the browser that you're using to access Outlook. In this case it will remember the key that was inserted and only require you to enter the PIN. To verify this try using the key on a Computing device that you have not previously logged in and see what the results are. I'm pretty sure it will ask you to touch the key. Please keep us updated and let us know your results. Thank you for commenting hope you gave the video a thumbs up.
@@CyberMedics Thanks for replying. Ok I will give it a try and let you know. I just gave a video a thumb up. Thanks
@@jbaudet I just went back on windows to re authenticate to outlook. I find Microsoft's implementation of this convuluted. First to add pass-wordless account access you have to add the authenticator app. If signing in on windows, I don't type in the account, just select the security key at the bottom of the screen. Once I do that it defaults to my account and the key process works just like you describe. If I type in the account first, then they want to go to the auth app.
When going to outlook.com For chrome login to outlook it forces the use of the auth app and you don't get a chance to use the key. Presently it will not allow me to remove the auth app, because I think it is inextricably tied to the passwordless account.
@@jbaudet Check Time stamp 3:39. You have to select sign in options to force the key. Doesn't seem to be intuitive for me.
How many Outlook Accounts i can secure with 1 Yubikey?
There should be no limit, sense the credentials of the key are stored within. You are exporting the credentials to the outlook account, so you are not storing anything in memory. That is assuming you are talking about u2f fido2 authentication. With TOTP there is a limit, but don't what that is exactly. Thanks for the question.
@@CyberMedics for ex i saw in 1 of your videos, to remove password u said and whenever i want to join i need to press/insert my Yubikey, so with this method can i use it on my 2 outlook Accounts? i also will add the Yubikey Authenticator App.
@@edonramadani8017 Yes you can use it on both accounts. Make sure you have the account recovery code stored in a safe location.
@@CyberMedics but what if i loose the key ,i cant also log in at yubikey auth app right? so i know i can log in with recovery code of my account,, but the question is what if i loose my recovery code of my account, and loose my yubikey i also dont have access to my yubikey auth app right?
@@edonramadani8017 Not sure you can use the yubico Auth app for outlook passwordless account. It would only let me scan qr code with MS Auth app. So the key and the MS Auth app are two different ways of authenticating to the account.
Another question is;
If you delete the password require to login at outlook account, how could we can login at the microsoft authenticator after an logout at the app. Cause smartphones does not capable to scan an fisical device like our yubikey.
You need to backup access backup methods, like alternate email addresses, & have the authenticator security seed key backed up. If you lose access to the authenticator app, you would have to have a hardware security key to login to your outlook account on the computer, or use a code from an alternative backup email address.
@@CyberMedics right, thank you
Success
Of i go password-less and use yubikey can i delete the authenticator app? I want to be able to use key just as gmail does, ie email address , password then confirm with yubikey.
It is one thing I don't like about Microsoft's passwordless implementation. You will still have to have the authenticator app in order to use passwordless with the account.
@@CyberMedicsI don’t like this either.
@@michaelhill7261 It doesn't make sense.
Can i secure my Gmail with 2Yubikeys(1 of them as a Backup)
and to save backup codes of my account in gmail
and to remove recovery phone number and email.
am i safe like this.
Yes that is a good plan. But I would consider adding a backup email address secured with a security key. Thanks for commenting and subscribing!
@@CyberMedics ah so 2 emails like this and connected to each other as recovery right?
and can i also secure 6 gmail account 2outlooks with the same yubikey?
and can i remove phone number not also from recovery option but also in personal info , to delete it all from my account not to exist, so to be secured only with yubikeys and email recovery.
@@TateMindsets you can link as many accounts as you want with a security key. I use a Google Voice number instead of a cell number on the accounts.
@@TateMindsets two emails for Recovery is a good idea. Just make sure they're both secured with a Hardware security key.
@@CyberMedics for the moment i dont have money to buy yubikeys :( but can i use recovery emails connected Gmail With Outlook? , some says they have problem not recieving code in outlook.
idk what to do now.
for the momeny my gmail account is secured with
+Recovery phone number
+two factor sms
+Authy app authentication
+Saved Backup Codes of my Account