Yubikey Backups - How to TOTP Across Multiple Yubikeys

Поділитися
Вставка
  • Опубліковано 26 лис 2024

КОМЕНТАРІ • 135

  • @nomade00
    @nomade00 2 роки тому +14

    "I'll put a link down below to my original video", checking description, only affiliate links. Great thanks man

  • @MicroOrbit
    @MicroOrbit 5 місяців тому +5

    Brother, quick tips:
    #1 - If you screenshot the QR code and save it on the same secure place as the back-up codes, you can always re-scan it when new hardware is purchased.
    #2 - Put a pin/password to access those TOTPs just in case you lose the Yubikey.

  • @F16_viper_pilot
    @F16_viper_pilot Рік тому +13

    A couple of side-notes:
    1) Up to a maximum of 32 TOTP codes can be saved per Yubikey. This can be a severe limitation for some people.
    2) One can password protect the Yubikey in the event of loss or theft.

  • @rdump
    @rdump 2 роки тому +22

    For durability of Yubikeys: Many seasons ago, my metal keyring broke and my years-old Yubikey was released to the wild while I was running. 4 months later as the snow melted, I spotted it on the path frozen into a muddy puddle. Still worked fine. GPG key and all. (Yes, yes, I'd already moved to a replacement HOTP + GPG set on a new Yubikey in the intervening months ;-) )

    • @analogdistortion
      @analogdistortion Рік тому

      I never really thought that if you lost your yubikey that someone would might be able to change your password and use your OTP to gain access to the account if your have previously been pwnd as they can see which email address you log in with due to it being stored on the yubikey for some accounts.

    • @F16_viper_pilot
      @F16_viper_pilot Рік тому +2

      @@analogdistortionYou can also set a password on the Yubikey so if the device is lost someone does not have access to the contents.

  • @ejsilberman1
    @ejsilberman1 3 роки тому +59

    You can also transfer the google authenticator to your new phone through the built-in export feature. This will maintain your TOTP Keys. You will need to verify some or most, but its better than starting over.

    • @devingalmarini2616
      @devingalmarini2616 3 роки тому +11

      Came here to say this as well - Three Dots in App > Transfer Accounts > Select Export/Import. Did it years ago when I switched devices.

    • @fbicknel
      @fbicknel 3 роки тому +1

      I was gonna say that not blindly enabling a new device with all your 2FA data was a feature not a bug. Good to know they have an export feature, though.

    • @danimoosakhan
      @danimoosakhan 3 роки тому

      Indeed

    • @mementomori29231
      @mementomori29231 2 роки тому +5

      Used to be a diehard user of Google authenticator. Switched to Authy and it's so much better, all data securely backed up with zero knowledge based encryption to the cloud, PIN / biometric protection for the app, instant update of codes across multiple devices, super secure after turning off multiple devices option so only existing devices can allow TOTP codes. Authy is everything an authenticator app should be.

    • @nri_raj
      @nri_raj Рік тому +1

      Now everything is synced on cloud

  • @BrianRossman
    @BrianRossman Рік тому +5

    I use a paper backup in a secure location. You can rescan them any time you need to add them to a new device.

  • @aragon1253
    @aragon1253 Рік тому +3

    Great video. I spent hours looking around UA-cam for this information and you laid it out properly. You probably saved me hours of downtime having been able to set up my backup key.

  • @BingoBongoMan
    @BingoBongoMan 2 роки тому +8

    I would not add 4 different backups like e.g. software ones since each additional backup creates an additional vulnerability in terms of hacks (software) or stealing/loosing (hardware) . I would recommend one hardware key for daily usage, one hardware key stored in a safe and handwritten recovery codes for each account at another safe place. I think 1 HW-key + 2 backups are more than enough and everything beyond this creates more risk! My humble 2 cents ;-)

    • @JESUSvsDEMONS
      @JESUSvsDEMONS 2 роки тому

      Agreed. I keep my google auth codes on an back up security iPhone I keep offline. I don’t agree with the 1 time passwords to print either. to easy for hackers to get.

  • @PierreHernandez86
    @PierreHernandez86 3 роки тому +11

    Google authenticator is allowing to move to different phone and all related account are moved to new device in 1 go. At least I did so earlier this year

  • @lars7513
    @lars7513 3 роки тому +4

    Mine has been in the washing machine twice, still works

  • @chrisgabel8498
    @chrisgabel8498 3 роки тому +28

    Saving/printing the qr allows you to add new keys later for TOTP. Doesn't have to be all at once.

    • @jonnyzeeee
      @jonnyzeeee 3 роки тому +2

      Agreed. I save mine in Bitwarden for this reason and added convenience.

    • @futurecactus
      @futurecactus 3 роки тому

      @@jonnyzeeee does Bitwarden allow saving the QR code images or is there another way to save it?

    • @jonnyzeeee
      @jonnyzeeee 3 роки тому +2

      @@futurecactus No, BW saves a URI which includes the code you need to add an account to your 2FA app.
      And even better BW preps the TOTP in your clipboard so you can paste it when prompted for it. No need to use another app.

    • @fonte935
      @fonte935 3 роки тому +4

      Doesn't this start to tarnish, maybe not defeat, the purpose though? I struggle with that and backup codes... Where to store them. In Bitwarden? But I need my Yubikey to get into Bitwarden in the first place. And then if my Bitwarden is compromised, is my 2FA then compromised too?

    • @jonnyzeeee
      @jonnyzeeee 3 роки тому +3

      @@fonte935 All valid points. Some would describe this as putting too many eggs in one basket. But like you said, a Yubikey and a good master password will protect your BW vault. I am comfortable with this level of security, but to each their own.

  • @penultimatename6677
    @penultimatename6677 Рік тому +5

    You don't have to do them at the same time. Just write down the numbers. Displayed when you pick can't use qrcode. Then can be entered manually on the other keys.

    • @TomO-nx1bd
      @TomO-nx1bd Місяць тому

      Some of the other channels on YT say print and save the QR image but I'd worry the printed image could fade over time or not print well on your printer then later won't scan, so yes I agree saving the numeric code is better.

  • @JoopHbR
    @JoopHbR 3 роки тому +19

    It is possible to add a Ubiquiti key later on. However, you will need to take a screenshot of the QR code and save it to an SD-card, USB-stick and safely store it outside your computer. When you want to add it to a different key, just insert the storage device into your computer, fire up the authenticator and let it find the QR code on your screen. It works fine 😊

    • @randomabitbol7623
      @randomabitbol7623 2 роки тому +5

      Or just Right Click on the QR Code "Save this image" :)

    • @pctechnician64
      @pctechnician64 2 роки тому +1

      Couldn't you just use the secret code? If not, maybe a QR generator of the secret code?

    • @ricsip
      @ricsip 23 дні тому

      there is no such thing as a Ubiquiti key. Its called Ubikey.....

  • @leicaman
    @leicaman 2 роки тому +4

    I make a screenshot of the QR code and keep it in a secure note in 1Password. That way I can add keys with the same code at different times.

  • @elainth8628
    @elainth8628 2 роки тому +1

    Coming to this video late, it rules. Thanks so much!

  • @markfernandes2467
    @markfernandes2467 3 роки тому +3

    A couple of questions, 1. isn't it possible for a RAT malware to notice when the QR code pops up and take a screenshot without you knowing and then pass that SS onto it's control server, therefore compromising your security? 2. Same question for the backup codes which you generated, also, you said "store these codes somewhere safe" well, how can you? If they are on your computer or you copied them to the clipboard, then why can't a RAT see them or look for them anywhere you store them on your HD? 3. By backing up further with Google auth, you've just made that the weakest link in your "2FA security chain", which means there was no point to use a hardware key. If an attacker can steal the QR code your end, or the same token generated on hack the company server and find the QR code, you can be hacked using that. Therefore the Ubikey is redundant. The whole point of using a Ubikey is to not then use things like Google auth because the Ubikey keeps everything on the key and nothing goes to the website. So even if the website is hacked, no one can get into your accounts. Please let me know where I'm going wrong if you think that I am and please tell us if a RAT can just screenshot the QR or the codes and make copies of the token. Thanks.

  • @NormanLamontedinburgh
    @NormanLamontedinburgh 10 днів тому

    Thanks for this - I just got my first Yubikeys today and tried to set up both with Paypal but couldn't as the QR code disappeared as soon as I'd confirmed the first key. I managed it following your instructions.

  • @hyperfluff_folf
    @hyperfluff_folf 3 роки тому +2

    in fact, not only can you move google authenticator tokens over to another phone through its built in export feature
    but there is also a python script that can decode the 2 codes for transfering the keys so you can then insert them onto a yubikey
    thats on the one hand a nice feature, but for some cases you want only one copy, thats when the yubikey is needed ;D

  • @KD_Puvvadi
    @KD_Puvvadi 3 роки тому +1

    Hey chris you can backup/migrate google authenticator to/from one device to another.

  • @morgaj21
    @morgaj21 2 роки тому +1

    Nicely done - happy to buy a backup key and set it up now.

  • @itsallaboutcars9068
    @itsallaboutcars9068 3 роки тому +1

    Thanks man! I looked everywhere for that explanation!

  • @gizmobently
    @gizmobently 2 роки тому +1

    That was a very clear explanation. For some reason, I was having issues with scanning the QR. I did not want to use my camera as it will store that photo shot on google photos and it literally can be hacked.
    I have a few questions that i really need some answer and would appreciate it very much if you can help.
    the first concerns backing up my iphone. I currently am using an iPhone SE 2nd ed. I thought, what if i lost this thing or it broke?? This would be devastating to me. So my question is this, Do you know if it is possible to back up an exact image of my iphone to another iphone that i have if I were to take out the SIM card and put it in this backup iphone? I am guessing it would have to have the same number as my current iphone as that is how all these algorithms are configured for TOTP using Yubico Authenticator? I want to back it up exactly like the old iphone then pull out the SIM card and put back in my current iphone. If it breaks or I lose it, I can get another SIM card from my provider and it will still have the same number.
    Is there any easier way to back this up with all these codes on it? Or not?
    I will send PM for the second question but it would be nice to do a video on it as no one has ever even discussed how this can be done, and it can.
    Edit to say i can't submit. Just beware that Google Authenticator can be hacked from your iphone or desktop. I don't know which one, but it happened to me and it was used to steal crypto accounts and they were able to produce correct 6 digit numbers even though my iphone was never out of my possession. This is why Yubikey is an absolute neccessity.

  • @macexpert7247
    @macexpert7247 3 роки тому +2

    You can also program the 2nd slot with a static password.

  • @MoritzLerch
    @MoritzLerch 3 роки тому +2

    I do it exactly the same as you, perfectly explained!

  • @supergamer3186
    @supergamer3186 3 роки тому +3

    Google authenticator can transfer the codes to new phones

  • @thetourminator
    @thetourminator 2 роки тому +4

    Yubikey rocks....the only thing that sucks is many entities STILL only allow for just SMS text 2 factor (total crap as we all know) or at the very best an authenticator app. Hopefully this will change by year 2024 or so.

    • @itsathejoey
      @itsathejoey 2 роки тому +1

      Yea it really shocks me that none of my banking apps allow for the use of a 2FA app.

  • @fredrickcallahan4292
    @fredrickcallahan4292 2 роки тому +1

    Love your videos Sir, thank you! May I ask about the rotary telephone in the background? Does that offer a form of security from alternate forms of phones? I've actually pondered the use of a rotary phone and wondered if it's disconnected nature could be of benefit, and here you have one at your desk! Could you please elaborate? Thanks!

  • @ulkesh78
    @ulkesh78 3 роки тому +1

    I think Google Auth will allow you to backup TOTP to the cloud now and restore to new phones. I was able to do that with Lastpass and Google Auth when I got my Pixel 6

  • @elsangre85
    @elsangre85 Місяць тому

    Hi Chris, what are your thoughts on the new Apple Passwords app and the TOTP capability across all mac devices?

  • @zolartan4442
    @zolartan4442 Рік тому

    Google Authenticator has a Export function that generates a high density QR style code with all the codes embedded in it, you scan what with your new phone's Google Authenticator. Transfer done. Easy as pie. Been there for years (video is a year plus old at this point). Now, I doubt anything but GA can understand the format of that QR code, you also can't screenshot it, GA Export disable screenshot while its on screen.

  • @Mexenheister
    @Mexenheister Рік тому

    Good video!
    I've some basic question: I'm using Yubico authenticator which opens when attaching my primary Yubikey to the smartphone. How do I add a backup Yubikey to the authenticator for the case the first key get lost?

  • @Blake219Blake
    @Blake219Blake 16 днів тому

    I can't find "SCAN QR CODE". Did they take it out of the newest version of the Yubi Autheticator app, or where can I find it?

  • @BillVikara
    @BillVikara Рік тому +1

    Can you delete a yubikey and reuse it?

  • @mrxmry3264
    @mrxmry3264 3 роки тому +1

    is there an update on that scammer? is your airtag still sitting in that warehouse?

  • @cx1291
    @cx1291 5 днів тому

    After listening to your video I am unable to create a second backup 5C NFC for my Pixel 7 because I didn't backup my first 5C NFC
    the first time. On my Pixel 7 do I turn off Google 2 Factor so I can scan the individual codes to my second 5C NFC? Great video. Thanks

  • @pctechnician64
    @pctechnician64 2 роки тому +1

    You said you have to make these keys all at once, but couldn't you just use the secret code at a later date? I see "add account" under the "scan QR code" option. I use WinAuth to back up the secret code to an encrypted file and then you keep them for a later use. You can even use otpauth format to set up some authenticators to use 8 digit code such as the one used for Battle Net. BTW, when I close my eyes, you kind of sound like John Ritter.

  • @gmmxn
    @gmmxn 2 роки тому

    First I will recommend you Bitwarden.
    Second, once you have the codes INTO yubikey authenticator... how do you use them? You didn't mention that... Do I need only the key or I must copy the code from the program?

  • @btgroff1818
    @btgroff1818 2 роки тому +1

    What happens if you get a new computer, how are the codes that are on Yubikey Authenticator transferred to the new computer?

    • @karlmilton8136
      @karlmilton8136 2 роки тому +2

      The yubico authenticator app does not store anything. The keys themselves store the TOTP details, so all that you need is to install the app on a new machine and plug in your existing key(s)

  • @calebsmith5550
    @calebsmith5550 2 роки тому

    Microsoft Authenticator allows you to backup your TOTP and restore it, I stopped using Google's for this exact reason. I formatted my old phone and soon realized everything was gone on the new phone. Luckily I had all my backup codes, but definitely did not like the experience.

  • @svenmichelsde
    @svenmichelsde 3 роки тому +10

    Hey, just a note why it's actually good not to be able to "copy" your second factor like that (and why usually software solutions do not offer an easy transfer of your tokens): security. If you can copy it, everyone else can too. Even worse when you do it via a cloud service like Google.
    The idea behind that second factor is to use something that's in your possession. Also a reason why a software on the same device (not talking about the yubikey solution, that requires a hardware device) doesn't make a lot of sense.
    Services should offer support for more than one device if you want to do it right, or, even better, use the security codes as is. If you lost one of your keys, do you know exactly what copies it holds? You would need to cycle all accounts on it again to ensure there is not a device out there that holds your tokens.
    So instead of creating copies, which is against the idea of having a second factor only once, maybe store the Backup Codes in a (digital) safe you could protect with another Yubikey. And yes, not as convenient as having a copy on multiple devices, but this should be about security.

    • @markfernandes2467
      @markfernandes2467 3 роки тому +2

      Hi, a couple of questions for you, 1. Isn't it possible for a RAT malware to notice when the QR code pops up and take a screenshot without you knowing and then pass that SS onto it's control server, therefore compromising your security?
      2. Same question for the backup codes which you generated, also, the guy said "store these codes somewhere safe" well, how can you? If they are on your computer or you copied them to the clipboard, then why can't a RAT see them or look for them anywhere you store them on your HD? I know you said something about a "digital safe" but how cna that prevent the RAT from taking the code if it appears on the sceen even for one moment?
      3. By backing up further with Google auth, he's just made that the weakest link in your "2FA security chain", which means there was no point using a hardware key right? If an attacker can steal the QR code your end, or your token by hacking the company server, which must store a copy, maybe even in plain text, you can be hacked using that. Therefore the Ubikey is redundant.
      The whole point of using a Ubikey is to not then use things like Google auth because the Ubikey keeps everything on the key and nothing goes to the website. So even if the website is hacked, no one can get into your accounts. Please let me know where I'm going wrong if you think that I am and please tell us if a RAT can just screenshot the QR or the codes and make copies of the token. Thanks.

    • @adzelbur6580
      @adzelbur6580 2 роки тому +1

      1. There is always a risk when doing things online. What’s important is we acknowledge the risk and find ways to reduce or mitigate it. I use my rapsberry for that. Its connection is behind a checkpoint router hardened to allow specific ports. Connection to the internet is very limited.Its offline and in a location (point 2) unless I have to enroll additional accounts to yubikey.
      2. Back up codes, qr codes ,private keys can be stored on a safe location. “Safe” is based on your risk tolerance. It could under a kitchen sink or in a safety deposit box inside a bank.

  • @TimGriess
    @TimGriess Рік тому

    Do yubikeys work with Coinbase and other exchanges when you have buy / sell limit orders set up? Will they execute?

  • @popperfrozy
    @popperfrozy 2 роки тому +1

    Nice video overview. Unfortunately, it's difficult to use the Yubico Authenticator app if you primarily use a Chromebook. The Android app downloaded on Chromebook doesn't seem to function properly and doesn't recognize my YubiKey from the USB port. I wish there was a good solution for Chromebooks. Also, the Authenticator app on my Android phone always gives an error when trying to use NFC. So, I can really only use it by plugging a USB-C key into my phone. This all sounds like a great system in concept, but just not working well for me. Oh well.

  • @manta567
    @manta567 Рік тому

    Does this backup method also work with passkeys?

  • @Brucel86
    @Brucel86 2 роки тому

    You can export all codes from google authenticator very easily as long as you have both devices just by clicking the 3 dots on the top right. You then scan a QR code on the new phone, then you get back all codes that easy.

    • @abcuughklkj
      @abcuughklkj Рік тому

      still not as reliable as the yubikeys and if a phone breaks or gets lost theres baiscally no bvackup.

    • @Brucel86
      @Brucel86 Рік тому

      @@abcuughklkj I personally have google authenticator as a backup and in the past I lost my phone. However I exported on my ipad and if you have an old iphone you can give it extra life.

    • @Brucel86
      @Brucel86 Рік тому

      @@abcuughklkj that's why Apple for example forces you to make 2 and that is why I have 3. I hope passkeys takes off we can so we won't need a bunch of passwords

  • @jacl4926
    @jacl4926 Рік тому

    Where to get the software. Mentioned ubiquiti network. I cannot find it.

  • @GerhardAEUhlhorn
    @GerhardAEUhlhorn 2 роки тому

    I can not find the link to the original video.

  • @IssacBerry-nd8pt
    @IssacBerry-nd8pt 6 місяців тому

    hi, i used to use sms as 2FA, and then i added a yubico 5 as another 2FA. but i only have 1 key and i didn't remove the sms from the 2FA. so i am now as weak as on SMS, is it? thanks

  • @itsathejoey
    @itsathejoey 2 роки тому

    If you scan the QR code with multiple apps, say 2 yubikeys and 1 Microsoft authenticator. When it asks for the code in the next step you can only supply one, so will it work with codes from the other apps?

  • @johnwick884
    @johnwick884 Рік тому

    If you use Apple 2FA authentication, your codes come with you. but tbh. Why do you have your 4 backup on google etc.? Is they idea of an YubiKey not to storing your Passwords on servers which are connected with the Internet?

  • @clemens8715
    @clemens8715 2 роки тому +3

    Hi i was wondering. Why isnt he using the Yubikey authenticator?
    Isnt that way safer then using the google one?

  • @NickLeach-v9f
    @NickLeach-v9f 10 місяців тому

    How do all you Yubikey users integrate them into your life? It seems like people put them on keychains they otherwise carry everyday. I don't have one of those. It needs to be with me all the time but I don't want to have to constantly remember to bring one with me. Does it make sense to stash them all over the place? One in my office, one in my backpack, one in my car? That sees like it would get my 75% of the way but then I've got multiple copies of them which seems like a vulnerability to me.

  • @edgaremiroariza
    @edgaremiroariza 3 роки тому

    Puedo tener una sola Yubikey para controlar 3 cuentas de Gmail y 3 de binance?

  • @larryreid8562
    @larryreid8562 Рік тому

    Great value great product, needs accessories

  • @shaned7545
    @shaned7545 2 роки тому

    Can you also make a tutorial for Binance?

  • @ManuelEGaray
    @ManuelEGaray 2 роки тому

    Thank you!!! It really helps

  • @Altair123
    @Altair123 2 роки тому

    This was really usefull! thanks you!

  • @Bogomil76
    @Bogomil76 3 роки тому

    Nice for TOTP, but whats with Fido2? Backup is more complicated, so the service needs to allow to add anothe Key pair. But do you know one?

    • @CrosstalkSolutions
      @CrosstalkSolutions  3 роки тому +2

      Most FIDO2 enabled sites and services allow for multiple hardware keys. Check my recent Yubikey Bio video.

    • @aquatrax123
      @aquatrax123 3 роки тому

      @@CrosstalkSolutions Every site except AWS!

  • @MichaelToub
    @MichaelToub Рік тому

    Great Video!!

  • @Danielo515
    @Danielo515 2 роки тому

    Are the codes actually stored in the keys? Or just on the account you log in with your key?

    • @driedbark
      @driedbark Рік тому

      The key has a public and private key. The private key stays on the device and the public key is sent to the server.

  • @joncokrane9746
    @joncokrane9746 Рік тому

    You lost me the first thing. What is the box to the right of the screen? Where did that come from? Thank I will pass for now.

  • @auroran0
    @auroran0 3 роки тому +5

    Are Yubikeys durable? I accidentally drove over one of mine, so Yes, Yes they are durable. (Don't try this at home, or at a friends home)

    • @manny7886
      @manny7886 2 роки тому +2

      I once lost my YubiKey at one of the airport exit lanes where I used to work. When I found it the following day, I could tell by the many dents that it had been run over several times. Still works.

  • @cooldudesunny007
    @cooldudesunny007 2 роки тому

    How do you backup Yubikey BIO?

  • @RichardSparks1970
    @RichardSparks1970 Рік тому

    It does not seem to work the same for me as it does for you.

  • @danielthechampionoftheworl8490
    @danielthechampionoftheworl8490 2 роки тому

    Dude. This video is super confusing. What is Ubiquity. I have yubikey. I've never seen this Ubiquity thing and I've never had to input a passcode after inserting and touching the yubikey. Where does all of this come from?

  • @beerye3960
    @beerye3960 2 роки тому

    If you want to transfer your authenticator apps and keys from one iPhone to another, then you need to use an encrypted backup of your phone!

  • @claireg.9732
    @claireg.9732 2 роки тому

    Some websites do not present a QR code so it's not possible to configure a backup. Example: FTX.

  • @greggcollins1821
    @greggcollins1821 3 роки тому

    Great video.

  • @ozgurinsan
    @ozgurinsan Рік тому

    google authenticator has no backup feature so its a no for me.

  • @andrewseamaster
    @andrewseamaster 3 роки тому

    MS authenticator will BKUP so you can restore on new device and if you were on android so would google Auth I assume. Some people dont like that I know

  • @poiuh34
    @poiuh34 Рік тому

    The problem i am seeing here is every time i have to have all 3 devices next to when i register to new account

  • @ShOookYx
    @ShOookYx 2 роки тому

    What will happen if i loset my yubikey ?
    How can i access my account

    • @U1TR4F0RCE
      @U1TR4F0RCE 2 роки тому

      When setting up TOTP there's a whole set of backup codes to keep for safe keeping.

  • @FC-mf5if
    @FC-mf5if 2 роки тому

    Muy buen vídeo.. pero si pudieras traducirlo al español te lo agradecería porque es un vídeo de gran utilidad!. Un saludo.

  • @casperghst42
    @casperghst42 3 роки тому

    Not fantastic secure, but most password managers support TOTP …

  • @jamessmoth8917
    @jamessmoth8917 3 роки тому +1

    Good luck with google authenticator if you got rid of your old phone with it still active

  • @kalidsherefuddin
    @kalidsherefuddin 3 роки тому +1

    Ok thanks

  • @btgroff1818
    @btgroff1818 2 роки тому

    What if you have a laptop and desktop? How does the authenticator app work on both?

  • @viltur83
    @viltur83 Рік тому

    Never use Google authenticator. It doesn't have password

  • @floridanelson
    @floridanelson 2 роки тому

    I hit subscribe when I saw that goblet of beer.

  • @Gutch220
    @Gutch220 2 роки тому

    I wish I knew this before somebody SIM-swapped/hacked my phone carrier and hi-jacked my phone/text/email/google authenticator.

  • @ragon747
    @ragon747 2 роки тому

    6:30 Microsoft auth is better than Google auth.

  • @Tntdruid
    @Tntdruid 3 роки тому

    Cost way to much.

    • @c_j73
      @c_j73 3 роки тому

      Depends on the price of what you're trying to protect...

    • @TANQ31
      @TANQ31 2 роки тому

      25 bucks? seriously?

  • @MikeHunt-rw4gf
    @MikeHunt-rw4gf 2 роки тому

    algorithm

  • @manslayerdbzgt
    @manslayerdbzgt 3 роки тому

    Yeah but here's the funny thing a lot of people think that 2FA can't be hacked and yes it can it's already been hacked a couple times

    • @CrosstalkSolutions
      @CrosstalkSolutions  3 роки тому +4

      So do you use that as an excuse to NOT do 2FA then? I sure hope not. "People have died in car crashes even when wearing their seat belt, so why even wear it?" Not a good argument.

    • @jameshuegli3534
      @jameshuegli3534 3 роки тому +2

      Can you site some examples where the exploit didn’t involve SMS?

    • @icipher6730
      @icipher6730 3 роки тому +1

      @@jameshuegli3534 There were a few unique cases of hacking involving sniffing TOTP from smartphone apps, but it *always* involved some sort of malware like Android trojans. And to get trojan on Android or iOS you need to install some super shady crap from super shady untrusted sources. Basically, it almost always happens via social engineering.

  • @RogueAmendiaresyourgirl
    @RogueAmendiaresyourgirl Рік тому

    Will this work for the BIO series as well or just NFC?

    • @estusflask982
      @estusflask982 Рік тому

      Just NFC, the BIO model doesn't have TOTP.

  • @estusflask982
    @estusflask982 Рік тому

    Great video