What is replacing all your PASSWORDS?
Вставка
- Опубліковано 15 гру 2023
- Finally - NO more passwords! Passkeys are replacing passwords and everything is about to change forever.
What are they and how do you set them up?
Check out NordPass: nordvpn.com/liron
SUBSCRIBED YET?
ua-cam.com/users/LironSege...
#TheTechieGuy
Want to protect yourself from scams?
What is the best security?
How do you keep safe online?
Then you are in the right place!
We cover everything from Security and Scams to How Tos, Tips and Tricks, Faster Internet.
My name is Liron Segev, aka TheTechieGuy, and I make tech simple for everyone to understand!
Liron Segev aka TheTechieGuy
TheTechieGuy.com
FYI: As an Amazon Associate I earn from qualifying purchases - Наука та технологія
I thinking more and more of reverting back to an old flip phone. These pocket computers are getting ridiculous with the security measures.
yeah to revert back to flip phones for no tracking, but no to reverting back to old phone as the security is just that much better now
yeah ... I dont like giving my bio data to anyone. no face scan , no finger print , no nothing.
As I said, you aren't giving your bio data to anyone. Nothing is leaving your device. If you don't want to unlock your device with your biometrics, thats perfectly fine - use a hardware key or use NordPass so you don't have to.
@@LironSegev Hmmm ... but when i use those services.. I have to agree for using them. So if you think any kind of passwords are only for your eyes to see... yeah... sweet dreams.
@@LironSegev and what about zero click ?
wise don't give out your data plus you will agree for your data to be given to third parties whatever segev says
🤦
I'll always stick with passwords where possible. My job and lifestyle has the regular ability to mangle my hands and face. I pretty regularly get my fingerprints ground or burned off. I'd be locked out of everything. Tried the fingerprint on my laptop once and could not get in to it for two weeks once.
oh dang!!! I don't know what you do but it sounds insane lol
@@LironSegev Nothing to odd, just heavy machinery mechanic. But the amount of times I've taken a piece of metal to the face or messed up my hands I can't trust my phone or computer to recognize me. and we use safty gear but it can only do so much. Like I heard on a TV show once "The hard hat is just to protect your dental records".
Do love your vids though. Helps me keep up on things.
@@6spacin9 Older people often have problems with finger prints not being recognized.
Some in the medical field, who have to constantly wash their hands all day, literally have been known to lose their fingerprints.
Thank you! Your explanation is the clearest by far. I finally understood what is passkey now haha!
Glad it was helpful!
Sounds nefarious to me. Just one more step to total control of everything we do. Yuck
So better to have your identity stolen and your accounts compromised? Then we complain they aren't doing enough to secure us and sure companies when our data is leaked. So which is it?
@@LironSegev They're abstracting the security and taking away the control from the user. They should just give users control back instead of acting like they know better.
@StijnHommes they tried that. How long have they been saying to use complicated passwords? Then they made it mandatory. When these were hacked they said use password manager, people still didn't. They said use a hardware key, people didn't. So we had control but most people didn't . So now they made it seamless to have a unique complicated password that has a hardware key. Not sure what the issue is?
Who is "they"? That's the issue. @@LironSegev
@@yooperlooper "they" are the industries that offer services who have to deal with customers who keep getting hacked. Imagine if your bank just said no password requirement - do what you want. And then someone steals all your money. Who are you going to hold accountable for crappy security? Imagine if the same thing happens with you email and then someone used your email to commit fraud and now you have to deal with the police. You would be furious. So 'they' are the global standards that watch how hackers are attacking consumers and they come up with methods to mitigate those attacks . Like forcing stronger passwords as a minimum.
I actually like using the hardware pass key from Google much better than using my phone and your video was very helpful for me to understand how this works. Thank you.
Glad it helped! I also still use my hardware keys and prefer not relying on my phone.
i bet you like face masks and silly jabs as well
How did you did you figure out my password algorithm?
Another GREAT video!
I don't follow the question?
@@LironSegev dang spell check - I corrected the message.
Whether or not passkeys are secure is irrelevant if the website still allows you to use user/pass to login (and some do), bypassing the passkey
De-google your phone
you can but not sure how that will help with anything
If you set-up Nordpass on a laptop, when you switch to your phone, will Nordpass automatically work there as well? And if set up on one browser, when you log into a site on another browser, do you have to set thigs up again?
its like any other software - you download it to whatever device you have and sign in. When you do, you have acces to all your passwords, passkeys, info etc.
Now imagine the police forcing your finger or face to your phone.
Besides being illegal (and let's not get into that) how is that differnt than them forcing you to unlock your phone with your pin or current password?
Indeed. Some of us listened to Snowden.
I can imagine a lot of things. doesn't mean its gonna happen.
@@failsworth655 it’s already happened!
@@LironSegevIf you don't want to give your password, you won't (at least not until the threats and torture are too strong for you to bear). If you don't want to face your phone or put your finger on it, they'll just very easily slam the phone in your face or fetch a strong guy to grab your wrist and forcibly place your finger on your phone. Illegal (for now, at least) or not, it is still infinitely more easy to use your body against your will than it is to make you speak against your will.
everything is always being sold on the "convenience" angle...and they promise that no one else including the website will have access to your biometrics/ fingerprints/retina scan etc..pull the other one...i will stick to using a password
You realise that a password is literally on the website owner's website right? Those passwords if not secured correctly can be literally viewed by anyone with access in the company. Just making sure you realise that. If you are cool with that over this - you do you.
Hak5 had an interesting video about vulnerabilities in the most common Windows fingerprint sensors that allowed them to be spoofed. I believe an attacker would need physical access to the device, so not too much of a threat. Great explanation of the public/private key process, I'd always been a bit wary of using it so good to know it's not sending any biometrics.
yeah - I never use the laptop's sensors and always use either the password manager or an external key. I have trust issues lol
Great video! But how does face ID work for ladies? Since we we wear different hair styles, makeup or even glasses? And do you think Apple 🍎🍏 will bring back the fingerprint login?
Thank you and the other 2 videos were great information, too!
No problem for anyone with different hair styles, makeup or glasses. They mostly fixed that years ago. Re: apple and fingerprint, I have no idea since I don't use any apple products. sorry.
@LironSegev Great video!
I believe face ID uses a contour map of your face rather than a photo, so is unaffected by make-up etc. It projects dots and uses an offset camera (in infrared).
As the others mentioned hairstyles and makeup should not make a difference,. I am a 76 year old man and believe me the only change in my hairstyle during the last 25 years has been my receding hairline and the remaining hair turning from blond to grey. Despite this, I have trouble logging in with my face during cold winter days or hot sweaty summer time. Maybe I unconsciously distort my face during those times. Last year I fell on my face on the street, luckily nothing broke but I ended up with swelling on the right side of my face which also prevented face recognition from working.
I still write my passwords on paper and hide them in an A4 page full of text. the most secure method ever.
Only when your passwords are long, complex, random, unique for every service and don't contain any personal info.
So, if I don't have a PC with Hello, I need to unlock the site using my phone which is in the other room (oh, sorry, I always have my phone with me, right?)? Easy, peasy.
Now, what about remembering userids? Seems like I might need to look up what my userid is for the site. So, while I am at it, why not use a password app and pick up the password at the same time?
How would this work on jailbroken devices? If someone has accessed my device or can remotely access it, does it mean that me choosing this option will prohibit them from getting into my accounts? Can the finger print method be created by hackers in any way? Thanks.
yes! it can. I've you post a photo of your hand or fingers... when someone downloads that picture .. they can scan it and 3d print a thin plastic copy of your finger print. and voila they can unlock your phone in most cases.
So we'd need to go to every website we have an account and change the login to passkey (if they have it)?
That would be ideal. They usually will prompt you the next time you log in. Same with apps that support it
I'm not leaving my facial image recorded for A.I. to imitate it! 🧐
👍
Your last con @7:19 re account suspension is huge. This is the same reason you don't want to sign in to Windows with your Microsoft account. Should your account be suspended, you may not get it back, hence, you are 'screwed'.
I've got to reread the stuff on physical pass keys, if they are better. I've got a 70 year old aunt and she has trouble with passwords, etc. 'Course she has trouble with losing things, like passwords, so not sure how she would keep track of a physical pass key. At least she doesn't do internet banking.
Yubikeys are what I tend to use as well the Password Manager. So in your case, the password manager might be perfect!
Surely though if the key pair are kept on the phone but phone backed up to Google then they have a copy, encrypted perhaps.
היי לירון. תודה על הסרט הנהדר. מה יקרה אם יגנבו למישהו את טביעת האצבע? (ראינו מספיק סרטים בשנות השמונים תשעים).
fingerprint stealing is not like it is in the movies which is simple to do. Also they need to specifically taget you. This is highly unlokly unless you are a hig-value target.
not infallible. Had one on my synology account. worked for almost a year than quit. Had to jump through hoops to get it fixed. Passwords are more reliable if you use them correctly.
Do you need a different pass key for each browser then?
Great question! If you are using a hardware key or NordPass you can use the same one for multiple accounts. If you are using the Passkeys, it will create a new one for each account you are trying to access.
Since lip prints are unique like fingerprints, I am waiting for the day when you see people kissing their phones to get access.😂
👄💋 sorry incorrect lips 😂
I'd say this is a step back in terms of security. Now you just have to wait for someone to sleep or knock em out to access their accounts and whatnot.
Just to make sure I understand you: you are saying that hackers and scammers from across the world, will now need to hire gangs to knock people out to access their accounts which is highly unlikly as its much more difficult to access accounts and that is a step back in terms of sercurity?
..."For instance, modern biometric systems often include liveness detection to prevent unlocking with a sleeping or unconscious person. Liveness detection can identify signs of life and alertness, such as eye movement or facial expressions, ensuring that the person is actively and willingly participating in the authentication process."
@@trilokatmadasa3180 doesn't work with a whole load of medical conditions.
@@trilokatmadasa3180 liveness on a fingerprint?
nah, bogus.
Liron, what happens when a person dies? Would a spouse or family member be able to access information, so they don't lose everything that's on the deceased person's google or apple account? Do you have a video on it?
If you use NordPass, what you can do is give a family member access to your system (that is what I do with my wife). So she can access all the info when she needs it. We also share username/ passwords to system like bank accounts, wills etc.
No you couldn't. But no one inside Google and Microsoft cares about that. Only real people do.
Life was so much easier in the 70's. We just put some money in our pocket and went to the pub. I miss those days.
The way this functions is similar to how PGP encryption worked back in the day. You create a private key and when you send out encrypted stuff they have a public key that allows them to access the content.
100% - and its how PGP still works to this day :)
@@LironSegev ... I always wondered why PGP encryption techniques were not implemented more in the security of things online. Glad to know PGP still operates that way. Last time I used PGP itself is back when it just got 256 bit encryption.
It's complicated for the non technical user. Today we have services that do it for you without the users knowledge that it's happening or how.
@@LironSegev ... I have been using computers since 1983 and if I would have had my head out of my backside back then I would have graduated HS with an associates degree in computer science and programming.
The main difference between then and now is that they have made things more complicated and confusing than they really should be.
So every website which requires an ID and Password now has my phone numbers and or devices? And I can be shut out of my account because I said something deemed "bad" by Apple, Fakebook or UA-cam? That's a big no for me. I am tired of being tracked across websites and banned.
No. Watch it again. Nothing leaves your device. Not even your number.
Websites will track you in other ways but not through this.
Thanks Liron
np
I don't get the "Turn on Windows Hello" prompt and it automatically sets up a passkey on my windows machine that has no fingerprint sensor even after I select use a different device.
How does Nordpass work when I sit down at a computer that doesn't have Nordpass or anything I own installed?
If you are using another computer that you don't own, the when you are asked to login, you can choose to not use Passkeys and use another method like Google Authenticator which you have installed on your phone or hardware key like a yubikey.
It doesn't :) Enjoy!
Biometric are not for me. I'll stick to my current method until there is no other option. I've had a lot of problems with fingerprint id on a phone.
cool
Using a PIN would be another option.
Thanks, But which is the best password manager Dashlane?
I personally only use NordPass. Been using it for years because it is zero-knowledge which means that if you lose your Master password even Nord cant help me. I even tested it several times and I was told "sorry- its all gone" - thats a good thig!
Welcome to 1984!!!
we've been there for a while now
@@LironSegev And making it worse!!
Living overseas US banks do not call a foreign smart phone. Had to purchase a US based Skype number in order to receive log in permission.
eh...ok - but not sure what has to do with anything since with Passkeys there is no calling or texting
One day, I will tell my grandchildren, "When I was your age, we had to remember complicated passwords. And we were glad!"
Hey Liron, hope your well, Ya, i use my Yubi key for all my passkeys. I dont trust my own phone lol
Haha I still use it too
I have no problem with password all important accounts have unique password with 20-35 characters and 2 pass authentication
Great info
Thanks
COOP
...
By the way, thanks to passkeys you can no longer log in on public computers. Great idea!
eh...what? You can use any computer (not that you want to log onto a public computer) but if you have multiple devices say a desktop and a laptop and an iPad and a work computer, you can log onto each one with Passkeys as the authentication happens on your phone. So I am not sure what you mean?
if the cell phone gets stolen or lost , is there any danger of accessing the pc with the Google información?
Must admit my data is in a plain text file but then encrypted. Copies of encrypted data kept in case lost.
To Many Steps And To Complicated Fer This Old Man
But I Love Your Videos
Appreciate you 👍 just make sure you have a long complicated password please 🙏 keep safe
@@LironSegev
I Do, And Several Passwords
I Use 18 to 24 Characters To Make Them Strong And Safe
Thank You
My iPhone regularly forgets my fingerprints after about 3-4 days. It's a pain to return to a six-digit passcode. The Army took my fingerprints many times years ago so it really doesn't matter to me.
Sounds like it needs to be taken in to he checked. It definitely shouldn't do that.
Good Lord! I wouldn't trust Google with my location let alone my biometrics.
You aren't trusting Google with anything. Watch the bit again when I said how public and private keys work.
@@LironSegev If you use passkeys, you trust that the nonsense Google is spewing actually works.
They already lied by saying it is uncrackable. It's only a matter of time before they think up something else and treat it like the best thing since sliced bread even though it isn't secure.
Pass NON-Words are still the Best, IF a Person really wants to get in your Banking account, all they have to do is use a High quality Photo, or Copy your Fingerprint off any device you have touched.. NEVER USE a PASSWORD, use Numbers, Characters, and digits, also in important Financial accounts, use at least 16+ characters!..
eh...nope. You can't use a photo to confuse FaceID and you its not like in the movies where you can easily print someone's fingerprints. Not saying its impossible, but saying that the amount of work to do that is highly unlikely that it will happen unless you are a high value target. You can try it yourself. Set your phone for FaceID and then use a photo and see if you can unlock your own phone.
Thanks ❤
In other words: a password. A password doesn't have to be a word. Like you said, it's better if it's not.
I do plastering for a living , Do you think my finger print works?
Not At ALL !
you can use FaceID instead
I agree as I learned years ago if you haven't got identical clean prints like original it gets rejected!😂
@@LironSegevidentity theft waiting to happen especially with A.I.
Of course not, but do you really think someone in a Google office would think that through?
Cloning your biometrics is actually easier than cracking a long password. Enjoy!
I would love to see you back that up with a link to a whitepaper that shows that. Don't worry, I'll wait.
Let's give Nord pass a shot
What if you refuse to switch?
you dont have to
@@LironSegev yet .....just like u didnt have to get the jibby until they told u that u will lose ur job
Oh yay, google, apple, et all have all my biometrics ... NOT ... bad enough that the DMV already has my iris ... which will be the tracking surveillance of the near future when we are in full on social credits mode.
Not sure if you missed the entire section of how they don't get you info but ok
How do you do this on phone
Same way - when you go into your Google account from your phone, follow the prompts under the security options.
the fun begins when you lost or change your phone
Not really. You can always get back in. You have backup codes
There is no damn way I'd submit that bio info.
Well, it isn't submitted. It doesn't leave your device.
@@unmapped89361 So they tell us.
I never heard of a hardware key
Check it out geni.us/Yubikey5c
Surely they can’t force us to
Its still rolling out as I said, so it will take a while berfore this is the standard and even then, I belive we will have options. Like we all know now to make our passwords: Passwords123 and yet every year its still the most commonly used password that hackers expose.
It's not so simple a solution when you don't have a cell phone. I simply want a password and it will not accept me.
If Nordpass is hacked doesn't that expose your private passkeyy?
Nope as they are a zero-knowledge system. Which means that even if you lose your access to your own system they can't help you. So if their system get hacked, there is no value in the information
No, but it does expose the public that hackers can then use to impersonate Nordpass....
Well excuse me but I have to ask a rather silly question :
1) On the one hand I have my PC which I have equiped it with a *REAL TIME Premium* Internet Security software.
2) On the one hand ,this Pass-key , is mostly going to be used throught smartphones , which… as far as I can tell , they only have antivirus for periodic scans and *NOT real time* internet security.
So as far as I can understand someone proposes me to rely my internet-authentication on a device which has much🤯 less capable protection features compared to my PC !!
Am I missing something here because if I’m not then whomever proposes me to use a smartphone instead of my PC as a “safer” way to login then they must think I’m insane because there is no way in h@ll ,I’ll choose a less-protected device to log in my sensitive info !!
if you lose your device, are you locked out of everything.
Interesting that you are using an iPhone image to show how to setup a Passcode on your Pixel Fold (Android). Details matter...
Ok 👍🥱
Some one renders you unconscious or (ded) amd uses finger to unlock your phone and have a field day with you finances. Same with your face unlock. I used either a pattern or keyboard entry. (Words misspelled to calm the Yootoob nannies)
statistically speaking, unless you are a high value target, the odds of someone getting your passwords from a data hack are infintly greater than someone specifically coming to knock you out to get your thumbprint.
Anything that can be done remotely from any country in the world at any time is much more of a threat than a physical attack.
@@LironSegev well I'm that one that is going to get mugged
I would like to have a device as small as an Airtag.
who's soul purpose is to connect to internet and authorize me by being my passkey device in which I would just leave it at home. 😂😂😂😂
I'm not going to use my phone as my passkey. no one know when would I lose my phone somewhere.
Won't work on my windows phone LOL.
Why no promo code.
For NordPass? nordvpn.com/liron
simple to hack, if you think outside the box
well its been adotped world wide and tested by countless security firms for years so short of kidnapping the person or chopping off their finger like you see in the movies, do tell - how?
@@LironSegev ,i have no real fact just assumption, but i like to mess with peoples just as joke, with the amount of new technology being develop like AI and facial recognition software, would it a possibility to reverse engineer and 3D print out face mask data? nowadays we see modern store collect facial data at the checkout, would we be more concern with the peoples holding all the data?
Social engineering usually, or if it is someone you know or can get near, lift their fingerprint off a glass - that's how James Bond would do it.
you loose your hardware key ????
you have backup code that allow you in and then you remove the key that you lost and replace it with another
Get a Yubikey
.. lol .. Sounds perfect.. how 'bout we just use our DNA?
thats not how any of this works but ok
Thanks Liron - BUT!!! do Not do this!! What do You think is the best way to get the prints of the entire population (over 10) inclusive all linking to passwords, locations, habits and so on! I am really criticizing You in a negative way - who else should know better, or what?
Eh...a couple of things;
Firstly do you not have a driver's license? A passport? You need fingerprints so they have it already and much more.
second, everything you do is tracked online so they don't need your fingerprint for that's.
Thirdly, the tech doesn't work that way. "They" are not sent anything.
Fourthly, it you were that concerned you wouldn't be online let alone leaving a comment.
So as much as I love the whole "they" theory, they already have everything they need with or without your help.
But hey, each to their own, don't do it and let some rando kid in who knows where take over your identity, ruin your credit score, and put you into debt. You do you boo 👋
Sorry, Liron - it has been leaked without any official denial that it actually is the reason - with the excuse that "anyway it is optional....." so..... well - can't tell people ev'rything. Of cause You know that, and even those acting as "we gotcha-voices" are well planned and institutional, - so nothing new here. Already The Roman Empire had their "officially denying the legality of The Roman State" voices for keeping up the appearance of Free Speech and for knowing what non-conformers talked about.@@LironSegev
How easy is that NOT!
Yeah. Clicking a button and then pressing your finger on a phone can be really challenging 😜
I am not giving away any of my biodata.
NO THANKS!🙄😏👎
Ok. Good luck 👍
THAT is simple?
Absolutely
Liron are you Israeli?