How to secure your GMAIL account like a pro | YubiKey Tutorial
Вставка
- Опубліковано 12 гру 2019
- Still using email and SMS verification codes to protect your gmail account? This security tutorial will make you think twice about those options by showing you how to lock down your Gmail account like a pro using a physical token like a YubiKey.
#YubiKey #Security #HackProofGmailAccount #TristanBolton
LINKS* -
Buy YubiKey 5 NFC (US Amazon): amzn.to/2QKBG6z (affiliate)
Buy YubiKey 5 NFC (Canadian Amazon): amzn.to/3buvQ0X (affiliate)
Yubico Products: www.yubico.com/products/yubik...
Yubico Authenticator: www.yubico.com/products/servi...
Other Videos:
How to secure your DROPBOX account like a pro: • How to secure your DRO...
How to secure your LASTPASS account like a pro: • How to secure your LAS...
How to secure your AWS account like a pro: • How to secure your AWS...
SUBSCRIBE for more videos in the series!
Leave a COMMENT below for what you'd like to see a tutorial on :)
----
Instagram - / tristan.bolton
Twitter - / tristanbolton
Facebook - / tristan-bolton-8700984...
Website - tristanbolton.com/
Thanks Guys! Have a great day! 😊
*Just a quick FYI - as an Amazon Associate I earn from qualifying purchases. Thanks! - Наука та технологія
I lost my UA-cam account and years of work and income through my Google account. Tremendous damage can be done to people. Crooks can't benefit from theft of my videos, but really crushed me. I will learn how to protect my new channel. Thanks for this video! Rich
That sucks about losing your UA-cam account - Glad you're finding more security tips like this to prevent that from happening again. Stay safe!
Hi Rich, I just wanted to say I'm really sorry to hear that happened. I hope you have been able to come back from it.
@@johnbod It was a blow, for sure. Years of hard work gone. 2200 videos, gone. Since I love to make videos I kept going and my new channel is doing pretty well. Thanks. Rich
@@richdavis4007 hi I am sorry for your Channel But can you Please help Me secure my Gmail account from hackers because my account is important
@@arunaslasiunas6699 I'm not an expert on this. Best wishes.
Thank you for this video. I watched about 10 just like this and what I liked about this one is how easy it was to follow and how clear you were in explaining.
Glad it was helpful!
Wow, great video, Tristan. Thanks so much. Clearest explanation for securing a gmail account I have ever heard.
He did a very good job imo. Explaining the basics step by step. English is not my first language and I have no experience in using DAWs
Wow great explanation to security issues in Google
Thank you Tristan! You've just helped me save a lot of time and this was easy to follow.
Thank you . You really make sense of these keys .
You train so well! It's like you comprehend my tempo...
Truly liked the way you have explained how to secure one's account. This is very very useful. Thanks !!!!!
not know , but just know you've affected my life, and apparently tens of thousands of others, in an imnsely positive way. Thank you
Hands down, tNice tutorials is THE best beginner video I've watched. Others want to brag about all the sample, loops, etc they have. You keep
Thx .Nice easy beginners guide. helped plenty!
Good job Tristan .
Thanks!
very clear and detailed! thanks
Great video! Thanks
Your a Genius man I got trolls trying to fish my crypto! =) Strange emails and all types of BS. Thanks.
Helped A Lot! Thanks!
I love your tutorials
Your'e awesome, thanks. really helpful.
p0ppp
PP
PP
Ppplppplpp
Ppllpppppppppppppppp
Ppllppppppppp
Ppplppppppp
P
P
Pp
Ppppl
just beca a subscriber keep up the good work Sir.
Thank you for great explanations.
Thanks man for the info it is really useful👌
Nice video, thanks!
Great video indeed, thanks!
Thank you so much! TNice tutorials video helped produce fire soft thanks bro❤️
Thank you so much for so good information
Man thanks so much! Just got myn
Excellent video thank you. The piece that I am a little fuzzy on is the Yubico authenticator piece. You answered all my questions especially about the recovery phone and email.
wow. thank you for the amazing video
Thanks so much for tNice tutorials bro
YO THANK YOU SO MUCH
Absolute W video. I had a lot of money softowing in in a good ti of my life where I would spend it on dumb stuff. But one of the few good
Thank you bro !!!
excellent guide
Tristan, how does yubikey on my google account effect my youtube tv account? Will I need the yubikey to stream UA-cam tv?
Thanks for sharing
drums softing good start learning how to make your own lodies. Good luck bro!
Huh?
Thank you.
Keep on doin what u doin
Would you recommend backup on usb or better on paper?
Nice video. With your suggested method if I want to connect from my friend’s computer to my gmail account I need to use the ubikey to unlock the authenticator on the phone, right? So the usbA is not an option to buy. Either nfc or lightning for iPhone users
help to get the basics and I'll jus move from there. Thank you!
It can't get anymore simple than this. Thank you soo much howtobasic!
If someone tells you something can't be hacked, they're either trying to sell you something or they don't really understand hacking. There are lots of "unhackable" things that have been hacked.
We’ll you can’t hack my grandma’s toaster.
Yes.. there is a thing called life hack..
Yes you are right about that one day and I am very sure that it's going to be better for the both of happiness to get as long as this world has to much of lifetime beautiful weather and the way it has been trying to see if that was something safety and an amazing opportunity too cherishing the fact of lifetime beauty and the nature of lifestyle that everyone has too having an amazing female friends who will love too different things for all the right reasons when they are asking for from their good friends and gentleman who is really and who has been trying to make her understanding of this situation in life now
Newest (2023) FIDO Passkey tech is now supported by Google for Google (Gmail) authentication
Essentially makes your phone device operate like a Yubikey. More secure and more convenient than SMS based 2FA when set up on devices that are not shared with others.
Just locked down all my accounts but all my Gmail did what you suggested, removed phone number recoveries and everything is printed and in the fireproof part of the safe!
Hi what camera system are you using?
The second you have backup codes, they key thing is worthless. Great, thanks
you deserve a medal. exactly what I was looking for. However, your statement that you will show the ultimate secure method where losing the key means losing the account isn't true because of the backup codes, right?
You're right, you want to stay secure but you don't want to risk loosing your data. So use a yubikey as a primary second-factor and the printed codes in a safe as a backup.
I Only using Backup codes And google prompt
@@tristanbolton I etched the backup codes in a steel plate with my laser cutter for ultimate disaster survivability.
@@arunaslasiunas6699 i don't think google prompt is safer than using regular OTP
really helpfull
I feel you
thanks alot
@Tristan is there a way to use those keys without have to install any app on the smartphone? just plug in or use NFC?
What are the differences from the regural and the free trial one
This video is gold
Hey this is nice. Thanks for the informative video. I am planning to buy one and was wondering how many accounts can we add on a single key?
Thx
12:07 what if you already have 2FA already setup? How would you get it onto the key?
tNice tutorialngs
Please do a video setting up the Yubikey with FaceBook. I ran into some very unexpected issues, like being asked for a PIN?
Do you know if the backup codes are vulnerable to brute force attacks? Thank you.
Great video, thanks for sharing! Is there a way to disable NFC of the Yubikey?
No. If you are worried about it, you just have to get one of the ones that don't have it. It would have to be a very targeted attack for someone to have something that can read and replicate nfc, get close enough to the thing to get them, and then know all the other information they need to log in then use the key. If you are someone that have risk of that level of Mr. Robot hacker, you'd probably be using the non-nfc enterprise keys anyway.
Your explanation is very clean and clear Thx
I like your teaching style. Thank you. Do you know if its possible to remove "google prompts" as a verification method after adding a security key to your account? It seems like that would be a weaker link in the chain if it cant be disabled.
After some research it appears that as of right now, the only way to remove google prompts is to sign out of Google on that device such as a phone. It'd be nice to be able to stay signed in on my phone while also not using it for prompts. However, that also raises the issue that the phone would still remain the weak link since your Google account could be accessed on the phone itself if someone was able to get past your lock screen.
anyone. I appreciate it!!
the Security Key NFC does not support OTP, correct? so for what you showed we need the higher price one?
Nice tutorial Micheal, great video to get us started. May you tell - how do I link two or more channels (in the rack channel) as to share the sa
You have mentioned about not given either the phone or the associated email to damage the virtue of the account, then, when google asked for the email requested, what's my option to op out? should I be brave enough to delete this email description? then how will I able to recover as asked? or the code in the yubikey will suffide?
i am confused. At 12:10 are you setting up the authenticator on the PC or on the phone? Your languages suggests u r setting it up on PC -- but the graphic shows "SCAN the QR CODE" -- so how did you scan the qr code on the laptop? My question is will this authenticator require a phone? Or can it just be installed on a PC?
if a Ubikey was built like a usb drive, I would use one. But the one I had a few years ago was just a piece of cheap plastic with the metal contacts exposed. It would not set correctly in the usb port and 60% of the time had a loose, intermittent connection, which caused failure errors
oh, you said, that every email has it's own code, and from the yubikey alone, but the passing code using in conjunction with the googe authenticator, will ea time generate a code for the to be copied and paste to be used in ea case, and the solo code, is not displayed. is it right?
Tristan, you've answered what support couldn't do for me.
Glad to hear it! Stay secure out there
5 seconds before you said thats a bit boring I was like dude thats sick
I just got the soft soft , man tNice tutorials tutorial is perfect
Can be yubico authentication app work with most android apps like Facebook and Amazon?
Or would I have to log in on a browser or my laptop?
I'm not sure but an alternative second step like backup codes does not appear in my case. Maybe because I already added a second key or google remove this option.
Hi Tristan. Thanks for this video. I don't really understand how (or IF) a hacker could just view files on my desktop computer. I have a wireless network and use it with TiVo, but I HOPE my smart tv does not have access (I don't know how to tell for sure). My iPhone has nothing on it but my contacts - I don't use it for internet at all - just phone calls and text. I do zip/encrypt anything sensitive on my desktop data partition, such as financial info, identity info, password info, etc. (which carries to my backup/image files drives/partitions). Do I really need to do this? I noticed that you had checked to remember "this" computer, or not to require certain security things on "this" computer. If I only use the one desktop for everything online, can I consider that as long as "this" computer (that no one touches but me) is recognized, I don't have to be concerned about the files on my drives? Like if my password manager is unlocked, for instance - is there any way my passwords could be accessed by someone else?. How could someone have access to my files/folders on my desktop?
Thanks for the questions.
There are a number of ways both physically and with virus' that someone could get access to your data, too many ways to list here. First protect yourself from physical access to the data, if your computer is stolen, by using an encryption-at-rest option. Encrypting your zip files is one way, you can secure all your files by encrypting your hard drive. On a mac this can be done under System Preferences -> Security & Privacy -> FileVault on a Windows you'd turn on Bitlocker.
To protect against cyber attack's, make sure you have a good anti-virus / malware protection, and keep your most important data offline: Digital wallets on a USB drive, Two-Factor codes with YubiKey, and Passwords (better yet use Bitwarden: ua-cam.com/video/TcxZyfTOyYw/v-deo.html).
Hope that helps
Does that mean that all of my Authenticator Codes are stored on the key and all i have to do is to install the app to read them?
So if i set up 2FA for any site i could store the Authenticator Code on 2 yubikeys and have one as a backup, is that correct?
And does this work for microsoft authenticator to or just google authenticator?
Great video! Especially using Yubikey authenticator. Would it be safe to leave the key in the computer 24/7? Because constantly removing and inserting it may break something.
is safe as far as you use the non-NFC key. Like this there is need for a physical button push to actually send the pass/OTP to Google. And so far no malware can simulate that.
Greeat!
i agree
Thanks - Do you have to do this for every Google email address you have?
Depends on how important the account is but generally most of them are secured this way
Bro, Please answer If i only use backup codes and Google prompt So My account will still be safe right?
Great but can i use yubico authentication app on my phone without using the physical cable
In the GMS switch the “Program” to Analog app 1 TE
Thank you Tristan. Fantastic presentation on securing Gmail! Would you please address the inherent vulnerability of all authenticator apps. If someone gets a hold of your Authenticator OTP seed they can generate OTP codes for your account, even if the don't have your Yubikey security key. The is OTP seed is plain txt stored by your service provider Gmail.
Are you sure the OTP seed is stored in plain text by the provider? That would be a huge security breach potential. I think nowadays all providers of 2FA have to made sure that seeds are stored encrypted.
The big question is, Who in the world would want to be posing as Tristan, is like "Hello, tricksters hackers and thief have some respect for themselves"
I love it Sir can you help to edit
Can I used the yubikey with Authy
Yep
It really is
ive been making complete verses on a single soft, it seems everyone of these tutorials i find like to put a single instrunt on each
The default tempo for the soft is 120 and when i set the tempo to 100 and played it again, the midi plays again in 120 bpm in tempo. Can
Lah video ini masuk di playlist stand up comedy Raditya Dika 😂, apa bang Radit lupa ya? Wkwk
Been working soft for a few years now... using it on Mac now and it crashes a lot Nice tutorialndering my progress on the tracks im working on ... I'm
Can you use it to resetup s?
Ikr!
true
My phone doesn't have NFC and uses Micro B. Is there no option to use Yubikey with my phone?
with both security key and authenticator app (using Yubi Authenticator) setup, you can 2FA with any of those methods at any time, right? The other good thing about using Yubi Authenticator is you don't have to worry about migration when changing phones as the codes/info. are stored on the hardware itself?
Am I right in thinking if we lose Ubikey we can not have an access to Ubikey authenticator? Did I miss anything,
@@snehal6282 yes you are right so to be safe print your barcode when setting up authenticator very first time as that can be reused as many times you want with different authenticators
With a Ledger hardware Wallet you get a 24 word backup code. Why can’t yubikey use the same method?