I switched over to Aegis instead of Google Authenticator or Authy a couple years ago, and like it. It works pretty well, and it's open source which I *love* for security applications
@@Sammyli99 it's a bit of a process, but fairly straightforward. You disable 2FA from the account first, and then you enable it again. When the site gives you the QR code to scan, you just use Aegis to scan it instead of whichever app you were using before. Job done.
I'll be happy when more companies and organizations allow/support the Yubico Authenticator App. It's a great app and very secure, however, not many [mainstream] companies support the Yubico Authenticator App but I hope in time it catches on.
I’m contemplating moving from authenticator apps to a hardware solution. The keys I have don’t support TOTP codes. After a little research, the YubiKey 5C is the way to go
Super pissed at Google! They didn't give me an option to skip. Mine got backed up. I had to go into settings to disable it. Damage done though! I don't think it's that difficult to copy keys manually. It can be done via QR pretty fast so I don't want cloud backup. That 2FA directory Shannon mentioned is awesome though. I might switch banks now that I have a nice directory. I found one with Yubikey support and they keep trying to pay me to switch.
I use Bitwarden as my pswd manager and authenticator, i pay the yearly premium cost($10USD) because i cant be bothered hosting my own database, it is also opensource, Shannon has done a video on this before. I think its so worth it. I also have a few yubikeys which i still need to setup.
Great video - You can also not use the cloud by turning this off in the new Google authenticator app. This will make it more like the previous version before the new version. Also if you have a second device you can export your codes to another device as well. It will ask if you want the other device to be disabled but you can decide on that.
I don't know how true this is, but the wiki says that data from SIM cards can be read, especially if you use a smartphone at the checkout, and someone stands behind you and pretends to dig into his device, while in fact scans the devices of others for vulnerability... But the truth is that in the past it was better when people did not use mobile devices - this is evil! o.O! *Shannon Morse, Thank You =)!*
Authy with a strong Backup Password seems like a better option. Authy can be used wherever Google Auth can, and it's more flexible. I'm curious what others think of Authy's security in comparison.
Twilio has been hacked before, and some TOTP codes were compromised. I would stay away from them. I currently use 2FAS, which has a password-encrypted backup synched to Google. It's your option to use this feature. It will also allow you to create a password-encrypted local backup file, if you prefer. Aegis is also a solid choice.
Great advice as usual. I have 2 yubi keys which I am slowly trying to get on all my accounts and off of authenticator. I am REALLY considering bit defender for passwords, and I think they are still working on an auth code app, which they mention will be end to end encrypted from the start. Thanks for all the great information.
2 things, 1 that 2fa directory would greatly benefit from filters so I could see only services allowing software/hardware 2fa, and 2 yubico shouldn’t have raised the prices
What about Microsoft Authenticator? It's also a big company that also offers an authenticator and cloud backup like Google. Are they receiving those codes without encryption?
All banks here (Norway)use hardware keys. Combined with Mobile keys if you dont have you key with you. And its the same key (hardware and mobile) you use for all online shopping.
Hi Shannon. you mentioned the future and PassKeys again. I have several Yubikey 5 keys and have used FIDO2 (WebAuthn) to lock down my online accounts with these keys. Are PassKeys weaker than my USB devices?
How weird. I was literally looking at exporting my authenticator keys (not the cloud) an hour ago so that I can use them with a yubikey. (Spoiler. It doesn't work).
Authy says (at least currently) that the keys are encrypted on the device first then sent to their cloud backup so even if someone tries to intercept the encrypted keys between each end their still encrypted so how does ‘end to end encryption’ help? They used to do backups to windows desktop which was handy as you could backup to drive that was secured offline most of the time, but now it’s only to another mobile device or cloud it seems which is either more expensive to get a second device or less secure ‘just in case’ a hacker gets into authys cloud and manages to crack the encryption on the keys…if that’s realistically possible? Thanks for a good vid 👍🏻
Can you do a video about passkeys at Google ? I just really want to use my Yubikey everywhere as that is the only thing I trust whether that be USB on my PC or NFC on my Pixel phone.
Does this mean that if sync was on in google authenticator, we should delete all the authentication methods within each service and add it back in after sync has been disabled?
I don't understand, those codes change every 30 seconds, how and what you are going to back up? Sorry, I am new to this and have been halfway hacked recently.
what if somebody stole unlocked phone / saw code, and added his own fingerprint in phone settings? Are thieft's fingerprint going to work with Authy or Google Authenticator?
@@ShannonMorse That will be an interesting video and I'm here for it. I'm curious what will define "secure." Will it include using PGP or hiding behind TOR or be hosted in countries outside the reach of countries that like to "reach?" Free vs. paid? Down the rabbit hole we go!
youbikey is good if builtin pwd manager is implemented with cloud sync to personal drive option will be greater. yubico was super high priced litteraly stolen key fetch 1st hand basic android phone. who said mobile will be stolen rather than key. problem was auth/online pwd manager which most get hacked now a days. they can still stole key file which stored in pwd manager anyway. yubico save auth also that means is yubikey stolen and they use windows yubico auth and connects the will get access also.
SMS is still the ultimate backup option. It never gets old, specially in countries where cell service providers tie SIM numbers with social security numbers or national IDs
Would love a Yubikey, but they are just way too expensive. Sorry but I just can't get myself to pay that amount of money for what it is. Don't get me wrong it is a great product, and when I get rich I'll get one (guess I will have more money to protect then too)
The cheaper ones are around $20-30 (cheaper with a coupon) and can reliably protect your online accounts. It's a one time investment with no subscription, so I do think it's worth it compared to the cost of having your identity stolen but I hope you can afford one in the future ❤️
With SMS and social security numbers, you just call cell service provider to block the sim, then when you can visit their office and prove your ID and get a new working sim. Problemo solved.
I ditched Google Auth. years ago, when i found it was impossible to transfer my codes from one phone to a new one. Authy allows that. Also got a yubi but so few supports it. Steam used to until they messed up something.
I switched over to Aegis instead of Google Authenticator or Authy a couple years ago, and like it. It works pretty well, and it's open source which I *love* for security applications
And their exports are encrypted JSON's, if you so choose.
mate how can you switch when the "companies use one system". maybe I have not seen, that you can "select" the type of authenticator...
@@Sammyli99 it's a bit of a process, but fairly straightforward. You disable 2FA from the account first, and then you enable it again. When the site gives you the QR code to scan, you just use Aegis to scan it instead of whichever app you were using before. Job done.
I'll be happy when more companies and organizations allow/support the Yubico Authenticator App. It's a great app and very secure, however, not many [mainstream] companies support the Yubico Authenticator App but I hope in time it catches on.
I’m contemplating moving from authenticator apps to a hardware solution. The keys I have don’t support TOTP codes. After a little research, the YubiKey 5C is the way to go
Super pissed at Google! They didn't give me an option to skip. Mine got backed up. I had to go into settings to disable it. Damage done though! I don't think it's that difficult to copy keys manually. It can be done via QR pretty fast so I don't want cloud backup. That 2FA directory Shannon mentioned is awesome though. I might switch banks now that I have a nice directory. I found one with Yubikey support and they keep trying to pay me to switch.
I use Bitwarden as my pswd manager and authenticator, i pay the yearly premium cost($10USD) because i cant be bothered hosting my own database, it is also opensource, Shannon has done a video on this before. I think its so worth it. I also have a few yubikeys which i still need to setup.
Great video - You can also not use the cloud by turning this off in the new Google authenticator app. This will make it more like the previous version before the new version. Also if you have a second device you can export your codes to another device as well. It will ask if you want the other device to be disabled but you can decide on that.
Great info as always (and I love your hair)!
I lost access to all my accounts because of google authenticator's latest update. I'm done with Google. Subbed!
How?
I don't know how true this is, but the wiki says that data from SIM cards can be read, especially if you use a smartphone at the checkout, and someone stands behind you and pretends to dig into his device, while in fact scans the devices of others for vulnerability...
But the truth is that in the past it was better when people did not use mobile devices - this is evil! o.O!
*Shannon Morse, Thank You =)!*
Authy with a strong Backup Password seems like a better option. Authy can be used wherever Google Auth can, and it's more flexible. I'm curious what others think of Authy's security in comparison.
Authy is much better than google Auth. Its real easy to get you codes back when you change phone, not so at all with the Google pos.
Twilio has been hacked before, and some TOTP codes were compromised. I would stay away from them. I currently use 2FAS, which has a password-encrypted backup synched to Google. It's your option to use this feature. It will also allow you to create a password-encrypted local backup file, if you prefer.
Aegis is also a solid choice.
Great advice as usual. I have 2 yubi keys which I am slowly trying to get on all my accounts and off of authenticator. I am REALLY considering bit defender for passwords, and I think they are still working on an auth code app, which they mention will be end to end encrypted from the start. Thanks for all the great information.
Did you mean Bitwarden? 🤔
Your hair looks like candy. Thanks for the news :D
What about the 2FAS open source app? You don't need to supply your phone number or email like you do with Authy. Have you looked at it?
2 things, 1 that 2fa directory would greatly benefit from filters so I could see only services allowing software/hardware 2fa, and 2 yubico shouldn’t have raised the prices
Thank you for the great video. What are your thoughts on Microsoft Authenticator? Is there cloud backups encrypted?
What about Microsoft Authenticator? It's also a big company that also offers an authenticator and cloud backup like Google. Are they receiving those codes without encryption?
I am looking forward to when Google says the "Beta" is over for their Authenticator app and start charging per code.
equally likely is they will discontinue it.
@@pjohnson21211 Google Graveyard anyone?
Banks don't use hw keys because of heavy regulation and rigid policies that usually always inhibit innovation. That and the gerontocracy.
All banks here (Norway)use hardware keys. Combined with Mobile keys if you dont have you key with you. And its the same key (hardware and mobile) you use for all online shopping.
@@JoriDiculous .. consider yourself lucky. My bank .. is numeric password only with no 2FA. I personally want everything to be a hardware key only.
I have a hardware key from my bank.
The gerontocracy must be a bigger factor. Some countries have it worse than others. I don't know why any bank would want their accounts less secure.
U.S. banks cant seem to get PIN codes for their debit cards either rather than relying on easily faked signatures.
Best place for security is YOU...a memory key is great. And like sec. camera's I want them at HOME and DIRECT them to where I want..
Hi Shannon. you mentioned the future and PassKeys again. I have several Yubikey 5 keys and have used FIDO2 (WebAuthn) to lock down my online accounts with these keys. Are PassKeys weaker than my USB devices?
2FAS auth seems pretty good since it has auto cloud sync and can be password protected
ON Instagram
That's the one I use. I'm happy with it.
Not your cloud, not your data.
Why not set up your own cloud? Nextcloud, running on bare metal, Proxmox, Docker or your system of choice?
How weird. I was literally looking at exporting my authenticator keys (not the cloud) an hour ago so that I can use them with a yubikey. (Spoiler. It doesn't work).
I can't seem to find an actual explanation of why the lack of E2E encryption is risky.
My backup to my phone is my smartwatch. Not Google Authenticator, but there are others that work on your smartphone.
so if the website suddenly changed domain name like twitter suddelny changed to x. Isn't that will stop the yubikey from authenticating?
Keepass is your best option if you want otp backed up
No good excuse for why they are not sending the data over encrypted channels. Was it done on purpose?
Authy says (at least currently) that the keys are encrypted on the device first then sent to their cloud backup so even if someone tries to intercept the encrypted keys between each end their still encrypted so how does ‘end to end encryption’ help?
They used to do backups to windows desktop which was handy as you could backup to drive that was secured offline most of the time, but now it’s only to another mobile device or cloud it seems which is either more expensive to get a second device or less secure ‘just in case’ a hacker gets into authys cloud and manages to crack the encryption on the keys…if that’s realistically possible?
Thanks for a good vid 👍🏻
Do you still have the Nest Secure system and what are you planning to do with the upcoming shutdown of support in April 2023?
Hi! Thanks for this video :) I've show it's possible to backup the Yubikey keys to a Keepass. Have you already test it? 🧐
Can you do a video about passkeys at Google ? I just really want to use my Yubikey everywhere as that is the only thing I trust whether that be USB on my PC or NFC on my Pixel phone.
Yup!
Thanks for sharing!!
Does this mean that if sync was on in google authenticator, we should delete all the authentication methods within each service and add it back in after sync has been disabled?
Microsoft Authenticator is locked by biometric or pin, too
The question is if the backup is encrypted? I also use it, but if I lose my phone I need to back up my tokens
Do you have a video on authenticator apps: either Google or Authy? I need to use one and want guidance on which to use.
Not yet, but I can make a comparison video!
@@ShannonMorsewell I need to select one now because EverNote is requiring the use of an authenticator app.
I don't understand, those codes change every 30 seconds, how and what you are going to back up? Sorry, I am new to this and have been halfway hacked recently.
what if somebody stole unlocked phone / saw code, and added his own fingerprint in phone settings? Are thieft's fingerprint going to work with Authy or Google Authenticator?
Can you do a video of a top 5 or 10 secure email for 2023? and which one you prefer the most? Would be much appreciated, thank you!🙏🏻
Great suggestion!
@@ShannonMorse That will be an interesting video and I'm here for it. I'm curious what will define "secure." Will it include using PGP or hiding behind TOR or be hosted in countries outside the reach of countries that like to "reach?" Free vs. paid? Down the rabbit hole we go!
oh wow Hak5 have not heard of that name in a while
Negative. Every Chromebook I power wash shows the privacy notice. The log
Hi, I use a wifi iPad as an authenticator app backup. Works the few times I used it. Is that secure? (The iPad is a streaming "TV" iPad in my house.)
tried your code on a yubikey 5c fips and didnt get 5 bucks off. only available on non fips models?
I moved out of my country and changed the time zone and not getting correct codes. Any tips?
Ok, apropos of nothing and with no shred of sanity, I have never wanted to eat hair before, but yours looks delicious.
I'm sorry. 😭
Seriously, it looks like cake frosting.
Can you have multiple Yubi keys? One for the wife, me, backup in safe??
Yes, absolutely 👍
Passkeys recovery it’s the main problem
Another great video Shannon! I hope I can learn from your experience to improve my own You Tube channel
How can I recover my 2fa key when i lose my software key
I'm posting a video about recovering account access due to loss! Keep an eye on my page for that video to post this month
How secure is Mac os 😊😊
Google now has Passkey that works like a security key. I have both set up and deleted my other log in options.
I made a note about passkeys in the video. 😀
youbikey is good if builtin pwd manager is implemented with cloud sync to personal drive option will be greater. yubico was super high priced litteraly stolen key fetch 1st hand basic android phone. who said mobile will be stolen rather than key. problem was auth/online pwd manager which most get hacked now a days. they can still stole key file which stored in pwd manager anyway. yubico save auth also that means is yubikey stolen and they use windows yubico auth and connects the will get access also.
I miss TekThing!😢
I don't. 😂
How can I transfer all from Google authenticator to another 2FA app?
Huh, people still use Google Authenticator? Probably still use LastPass too. 🤣
is E2EE now available fot google auth.?
But you can lose a peripheral device.
Maybe not the best option...lol
10:46 And eBay
SMS is still the ultimate backup option. It never gets old, specially in countries where cell service providers tie SIM numbers with social security numbers or national IDs
🤣🤣🤣🤣
Would love a Yubikey, but they are just way too expensive. Sorry but I just can't get myself to pay that amount of money for what it is. Don't get me wrong it is a great product, and when I get rich I'll get one (guess I will have more money to protect then too)
The cheaper ones are around $20-30 (cheaper with a coupon) and can reliably protect your online accounts. It's a one time investment with no subscription, so I do think it's worth it compared to the cost of having your identity stolen but I hope you can afford one in the future ❤️
With SMS and social security numbers, you just call cell service provider to block the sim, then when you can visit their office and prove your ID and get a new working sim. Problemo solved.
I ditched Google Auth. years ago, when i found it was impossible to transfer my codes from one phone to a new one. Authy allows that.
Also got a yubi but so few supports it. Steam used to until they messed up something.
You can do transfers with the new version.
Please help me i have lost my access google 2fa apo
ON Instagram
Comment for engagement
authy for desktop is ending ...
This video is pretty old now but yes, I heard the recent news!
This video is pretty old now but yes, I heard the recent news!
3rd world countries are no good for yubi key purchase yet :'(
Authy is da best
Where's the backup codes on Google authenticator?
I'm working on a video all about backup codes!
@@ShannonMorse thank you!
Thanks
Crapola
✨⭐✨💞💖💞💖💖💞💖💞💖💞✨⭐✨
I'm in need of a girlfriend, who's as pretty as you Shannon. In body and character! Thank you
Dam I want to be your friend to.
Hi Shannon , how secure is apple mail , 😊