For the first question, wouldn’t passwords one and two be swapped because password 1 contains a common phrase while password two has a bunch of random characters despite being a bit shorter and not starting with a special character?
I disagree with the false option (SMS OTP). Sim swapping is incredibly difficult as of 2024, unless you are a high ranking person in the organization or political landscape. For 99% of employees, SMS OTP should be fine. Similarly, it might be the only non costly method to provide free 2FA to a user, as most TOTP software is offered for free when you have already purchased or paid for paid solutions or services. Is SMS 2FA bad, and if so, should banks up their game in their customers’ account security and abolish it?
Some phone carriers, still allow user verification with last four of social security number. For some reason they won't change the policy and basically all of our socials, names, addresses have been leaked by multiple companies. Also, a bad phone carrier employee can easily do malicious activities.
Bank example is for public hence very difficult to have all install authenticator app. That's done easily with employees, which is the exact use-case here. Nothing is probably 100% secure all the time for all cases. However, on balance of factors, I tend to agree with the authors of the video. From multiple experiences, employers commonly use Authenticators (Google, Microsoft, some even their own), whereas Banks use SMS. Is there a risk with banks using SMS? Yes. How do they address it? Multiple ways. Some banks also send email, some may even call up on suspected transactions (and ask security questions). That ssid, I've also seen banks use TOTP through their own mobile apps.
Singapore announced a ban on using SMS OTP for banking app. And if I remember correctly, Malaysia also has it banned too. So SMS OTP being considered insecure here is probably the right choice, and an up to date. Still, this is a CompTIA exam, so it’s gonna depend on them.
Hi Dennis thanks for the PBQ content related to password policies for Security+ exams, currently I have security+ certification, and would like to know what is the difference between CompTIA Security+ and CompTIA SecurityX.
You're the 10th or 11th UA-camr I've followed, and the most easy to follow along with. You're doing a great job of demystifying this stuff. Thank you.
Thank you for your videos, I passed my sec+ 701 today thanks to some of your PBQ’s.
On my way to take the sec+ exam!
Good luck!
@@cyberkraft1 passed!!! Thank you so muchhh
@@cristianyepez1507 Congrats! Taking mine in 3 weeks!
@@MLH8789 you got this!! Mine had a lot of acronyms
Thank you for this !
Good 1 bro
For the first question, wouldn’t passwords one and two be swapped because password 1 contains a common phrase while password two has a bunch of random characters despite being a bit shorter and not starting with a special character?
that's what I thought, too because that would be an easy pw to hack
I disagree with the false option (SMS OTP). Sim swapping is incredibly difficult as of 2024, unless you are a high ranking person in the organization or political landscape. For 99% of employees, SMS OTP should be fine. Similarly, it might be the only non costly method to provide free 2FA to a user, as most TOTP software is offered for free when you have already purchased or paid for paid solutions or services.
Is SMS 2FA bad, and if so, should banks up their game in their customers’ account security and abolish it?
Some phone carriers, still allow user verification with last four of social security number. For some reason they won't change the policy and basically all of our socials, names, addresses have been leaked by multiple companies. Also, a bad phone carrier employee can easily do malicious activities.
Bank example is for public hence very difficult to have all install authenticator app. That's done easily with employees, which is the exact use-case here.
Nothing is probably 100% secure all the time for all cases. However, on balance of factors, I tend to agree with the authors of the video. From multiple experiences, employers commonly use Authenticators (Google, Microsoft, some even their own), whereas Banks use SMS. Is there a risk with banks using SMS? Yes. How do they address it? Multiple ways. Some banks also send email, some may even call up on suspected transactions (and ask security questions). That ssid, I've also seen banks use TOTP through their own mobile apps.
SMS is vulnerable to SS7 attacks and it's use is deprecated in place of more secure alternatives. Sending SMS though low cost is not free
Singapore announced a ban on using SMS OTP for banking app. And if I remember correctly, Malaysia also has it banned too. So SMS OTP being considered insecure here is probably the right choice, and an up to date. Still, this is a CompTIA exam, so it’s gonna depend on them.
Hi Dennis thanks for the PBQ content related to password policies for Security+ exams, currently I have security+ certification, and would like to know what is the difference between CompTIA Security+ and CompTIA SecurityX.
The SecurityX is the new version of the CompTIA CASP+.
@@cyberkraft1 Thanks :)