Stop Hackers Now: The ULTIMATE Guide to secure your Online Accounts!
Вставка
- Опубліковано 31 бер 2023
- If you use a Google Account, you are going to want to make these changes ASAP to secure your account!
Get $5 off when you use code: LIRON on any YubiKey 5 Series or Security Key Series purchased before 5/31/2023!
geni.us/YubioLiron
Get your YubiKey 5C NFC: geni.us/Yubikey5c
Get your YubiKey 5 NFC: geni.us/Yubikey5
Yubico's extensive catalog: www.yubico.com/works-with-yub...
Google Advanced Protection Program: landing.google.com/advancedpr...
SUBSCRIBED YET?
ua-cam.com/users/LironSege...
#TheTechieGuy
Need to get faster wifi and faster internet? Is your gaming lagging and your zoom buffering? What is a Mesh WiFi and WiFi 6?
I show you all you need to know about faster and better connectivity with the best router settings, wifi optimization, wifi tips and internet bandwidth performance tricks and even boosting speed apps.
My name is Liron Segev, aka TheTechieGuy, and I make tech simple for everyone to understand - I answer your technology questions making so you are more productive more efficient, and getting more out of your phones, gadgets, and apps
Liron Segev aka TheTechieGuy
TheTechieGuy.com
FYI: As an Amazon Associate I earn from qualifying purchases
Change 1 thing to protect your Google Account! - Наука та технологія
Don't use Google or any other provider (Facebook, etc.) to log into other sites. Use that password manager, and set up individual accounts on each site.
That is what I do. I am always suspicious when I am to have all accounts linked. I don't do it. Each has its unique password. And on the entertainment websites, like FB or YT, I don't even enter my real personal details LOL. It's none of their business.
also use a different email for each site. Makes it harder for them to build a profile. And if you start getting spam, you know which provider sold your info.
@@danwake4431 how do you do that? What's the best way to create a different email for each site?
But I'm 38 with a couple of decades worth of bad practice and ignorance under my belt. I want to start totally afresh, so much admin!
This is the way!
I remeber when Gmail allowed one to automatically logoout when you closed the tab but Google has switched to east of use vs security. This is why hackers are able to rename channels and do mass deletion of videos without having to supply and verification credentials. Ease of use vs security will bite you in the ass.
Never have I ever subscribed and pulled out my wallet to buy something I saw in a UA-cam video so fast. Thank you for the info, diving into the rest of your Chanel now.
Appreciate you hanging out here!
Liron,your a prince. Now I am a changing everything, though still queasy about most things "tech",hope Yubi isn't a disaster. Again,thanks for the very informative videos as I am a true tech incompetent. Keep them coming sir.
Yubico are amazing. Been using them for years!
Very Interesting
I usually just hover over a file and the description comes up for a few seconds, however, enabling the file names extension is actually very useful! Thanx!
Why thank you Liron, this is the best security video I've seen, very straightforward and easy-to-use advice that even I can understand. Well done!!
Appreciate you being here 🔥
Not for me. I didn't understand a word he said.
Great job on opening ppl'e eyes and letting them how they can protect themselves, especially with knowledge (knowledge is power!)
appreciate you being here!
Thanks a million for your educative videos ❤❤
My pleasure! thanks YOU for being here!
👍
The giveaway is the bad English they use in the emails.
@@ZergRadio What "giveaway?"
@@ritajain2453 wrote "What "giveaway?""
The giveaway, meaning they give themselves away in their email by not being professional. If it was a real promoter they would make sure the language was correct with good grammar and spelling.
Maybe next month Liron will explain how we can create our own inexpensive two-factor authentication usb key fob by using a very cheap flash drive.
Maybe I'm wrong, but I don't think many things will support a random USB that isn't specifically designed or something, like Yubikey.
Need more of this
Thanks 🙂
More to come!
Thanks for another informative and useful video. I've been in the habit for many years now of logging out of everything once I've finished using the site and usually I'll clear all history, active logins, cache, cookies and form data at the end of the session. I don't store my passwords on my computer. I manually enter them every time I access a site. Seems like a huge inconvenience to most, but it makes me feel that my data is more secure. I've recently changed all my passwords following your suggestions and the brute force estimated time to crack is 15bn years. Still, the physical key sound like another useful layer.
thats hard core - but thats the right way.
..excellent program, 👌..
thank you!
Thank you bro! solid!
Any time!
Okay "Question" over the years, NFC was always stated as A no no for cell phone use, simply because hackers can get into your cellphone via NFC. Many security gurus and companies as well as youtube influencers as they are call now, have stated the same thing KEEP NFC OFF...
I would love to see a video for best settings for the xfi gateway from xfinify ! Or if u can point me in the right direction!! Thanks!!
Thank you for this. I appreciate it. Enjoy your day.
Thank you! You too!
FYI, this logs you out of google chromecast. It's very hard to authenticate with a Yubikey on a chromecast. There's an option for a one time code but accessing it on a separate laptop didnt work. Not sure what else might work. It also logged out my Google Nest display and speakers but I managed to re authorize them
Thanks for sharing. Have a good rest of the day. ❤🌿👣
Same to you
Great 👍 I have been unchecking the password box for ages
BEAUTIFUL!!!
Great Content
We can log out of Google? Thanks for the info!
Thanks so much
Thank YOU for hanging out here 👍
Thanks as always Liron
My pleasure!
Would love to see a video on accepting or rejecting cookies but also the less talked about legitimate interest.
Thank you my liron.
1. Do you mean login out of, let's say, Gmail every time, and also the browser profile? Or you only mean browsers when checking email, social media websites?
2. Do you recommend saving passwords on browsers like Brave or Chrome, so we can logout and login to reset the sessions more often, or only password management tools?
Thank you for the great videos! You have a new follower now.
Hi liron do you have a video on how to use the fing app? How to confirm devices? On my fing app two desktop computers. How do I know which is the correct one?
BTW Liron - if I login to Google using a Yubikey, is it still advisable to log out and back in from time to time? Or does the 2FA with Yubikey make that unnecessary? Thanks again!!
does advanced protection prevent google's ai from scanning through all your emails, or does it encrypt them at rest as well now?
Thank you! Are there better (as in more secure and private) platforms than Google? One hears all kinds of horror stories about all of the browsers but I have no idea how many of these stories are true. It seems that no matter which browser I switch to there are horror stories that come out a month or two later. If I were more paranoid I would suspect Google bots, but that's silly, isn't it?.....
Thanks
COOP
...
Great video.
2 questions:
Do you need to keep the key plugged in, or just to sign in?
In the unlikely event that you were to lose or damage both keys, is there any way of getting back in?
thanks Ron!
1. No you dont need to keep a key plugged in. You only need to use it when you log out of your account or the first time you sign into the account on a new computer or phone. You then plug it in (or tap it on the phone its its NFC) and then its done.
2. You can download Backup Code so if you lose both keys you can use that. You can also set up Authenticator and phone and a recovery email address to there is a way to get it back.
I would like your comments on security issues when using Windows sandbox vs booting to Linux from a USB key. My main concern is if some how my daily desktop got infected with a key logger that it would be able to record my entries into SandBox. But having to boot into Mint Linux from a USB drive is a pain.
Why use the USB when you can boot to linux every time and run windows as a KVM image. It's the best way to use windows, snapshot a clean known install and then revert back to it every time you suspect windows got infected (and it will).
Sorry for the OT question but it pertains to security, so: if you bookmark a web site, does its cookie on your device tell them that?
Thank you Liron
thank YOU for being here!
Hmm I think two keys is not enough. I want on in my pocket one in my house in a safe place and one in the bank safety deposit box. Is that possible or is the maximum set to two keys?
I have been having strange things happen to my computer a matter of fact I just checked my Windows computer and in Privacy under Phone calls it was set to allow phone calls on this device as well allow apps to make phone calls both settings where set to on and I know for fact that both settings were set to off in allow phone calls on this device. What do you think is the cause of this Liron Segev ? and I do watch all of your informative videos Thank you Sir.
Can you use the same physical key for multiple google accounts?
Thanks, this is very useful.
what I understand (thanks to your answers in comments) is that you can't log out without your Yubikey (and that you can't get logged out by a malware).
what I deduce is that you can stay logged in and use your accounts just as before, without the threat of getting the session cookie used, even if they steal it. That would be perfect for me. Am I right?
so lets say you ran the malware and they get your session and are able to log into your account.
If you had the key set up and they tried to remove it, they would need to put in the password first.
Since they don't have it, they wouldn't be able to, therefore you would be able to log back into your account.
If anyone wondering ... the password on downloaded files are so that the servers (of Dropbox, Google, etc) cannot scan them and know it is a virus.
Yes - I'm an email admin and we see this daily - they password protect email attachments so scanners will not inspect the files. Many companies actually block attachments that are encrypted with a password but others do not.
getting these keys have been on my to do list for a while
Do it!
0:57 The 4% of people who answered "I have no Google account" lied, how would they have logged into YT without the big G?
That depends where the poll was made? I watch youtube without logging in on my tablet.
@@D.von.N
To answer to a poll or give a thumbs-up/-down or to write a comment you have to log in.
So if you're just looking but not changing anything you don't need to log in but as soon as you contribute anything you need an account.
@@Lampe2020 I was not sure whether this poll was on UA-cam, that's all.
Cant I just regularly do a search and delete of all *.scr files? Excluding of course a list of any window ones. How to identify the bad ones from the list?
How do you sign out of your google accounts with out "deleting"your account or "removing" your account in google according to google?n
What happens if you lose your hardware keys, you phone and computer? This can happen in US in case of a tornado or flood. I've lost all 3 and it was a pain to recover my AWS account and all others that I use 2FA.
Firstly lock up the backup key. In a fireproof and waterproof safe (or keep it off site at a fried or family). Secondly you have a recovery backup code. Download those and keep them in the safe too.
Keep your keys for BIOS secure boot on a pendrive.
@@JuxZeil I've already done that, they are useless when get wet by a flood.
@@coisasnatv All rarely used or valuables/important documents you don't keep on your person should be kept in a waterproof and fireproof safebox/safe...or you're not doing it right.
You can even get waterproof(to a degree) HDD's or pendrives if you think it's worth it.
@@JuxZeil I keep my important stuff encrypted with gnupg and uploaded in different servers. After a tornado and a flood destroyed everything, I stop trusting hardware altogether (thumb drivers, HDD's, etc).
How many yubi keys can I get? Only two? If I want more, where do I get them? In other words, I want to keep at least one in something really secure, like a bank vault, just in case I have a house fire.
Do I need 2 keys? Will the system work with a single key? (another great video)
2 keys are needed as you have one as a backup which is locked in a safe. I am not sure I would risk it with just one key. Will is let you sign up with just one? I am not sure.
@@LironSegev Thanks
What if you loose these keys, you have to carry them with you when you are traveling, nit good either
you lock up your house when you travel and take the key with you, don't you? Whats the difference?
Also you can use another way to access your account like a Backup Code if you happen not to have your key with you.
And remember you don't need the key EVERY SINGLE TIME you log in. Its only if you are signed out or if you are using a new device.
When cookies walk away it will still be a problem?
Ah jeez, liron, either my google acct, or my desktop PC, or my security key, doesn't like me using it for my accounts. I've tried several times to set it up. whats the next best thing i can do? Could you please help thx,
Leave it to Liron to scare me half to death!
Only half? I have failed 🤣
@@LironSegev The other half is for the next video! Lol! Keep up the great work!
Liron Whats the advants with opera browser?
Always upvote Liron.
You rock 🔥
A big red flag is if a 9.9 meg Zip extracts to 749 meg. I would love to turn on this security, but I'm a big user of Thunderbird and that would no longer work.
why not? it said in the video thunderbird and several apple products will work.
Can we store multiple Google accounts in a single key.
attacker send file like this also no only with name not including any scr or txt,pdfor anything like that what if the attacker sends like that
I think I missed something here. If your session cookies are stolen once you are logged in using your hardware key, how does the hardware key help in that scenario as you mentioned at the beginning of this video?
They can't remove your access from Google as they don't have the password to remove your yubikey. So you can never be locked out of your own account!
@@LironSegev I heard this isn't true. But I'm not sure how it is done.
do i need both keys
These keys look interesting but in the meantime what password manager would you recommend ?
Hi John - I personally use NordPass (go.nordpass.io/SH5Bd)
In the meantime use a token-based Multi-Factor solution like google authenticator and keep your backup codes … also use two devices, so scan the QR code with an Android, an iPhone, and a Tablet
I don't understand why Google does not let you use Windows Hello or Apple TouchID as a device. With Microsoft account (and also several other services) this is possible and makes it very convenient. You just read your fingerprint and that's it. No key you can lose or forget. It is like a Yubikey which is integrated to your computer/phone and I don't think that it is less secure.
I agree - here in my country those Ubikey devices are expensive. Why not give the option to use a USB flash drive - some site on the web explains how to do just this.
i cant uninstall antivirus software can you help me i have avast antivirus software
Would Windows Defender or any reputable anti-virus notice that the .scr file was not safe?
what would have happened if you opened that file on your linux computer, i suspect nothing
Now, can you help me find my two or one key that I lost😅
I had a similar email from a company and I noticed the scr end to the file and it went to the bin
nice!
Does that script run on LInux too, or is this basically a Windows problem?
Great!
How does the security key thing work when you have the session token? Doesn't it make the new security feature pointless or does it prompt with a security key verification when you log in with a session token?
the Yubico makes sure that you can get back into your account and lock THEM out. To remove the Yubico, they would need to have a password which they don't, so this ensures you always have access
@@LironSegev thx for being clear
About to Hit
1.000.000 million subscribers.
🎉🥳🎊🏆🙏❤✌💯👈
- Stay Blessed -
- Peace -
🙏❤✌
I don't know if I am login to Google or not
YA LIRON!!!!!
tell me Yubi isn't overpriced and then come up with a way to make your own! that would be nice...
Yubi is not Overpriced $50 - $55
@@dealwithit69420 yeah, it is. considering WHAT it is.
Use a software solution like google or Microsoft Authenticator.
@@pepeshopping it's... not a key.
My question dose the malware affect mobile phone or work on mobile phones
No💀
What makes so nervous is just a tap on the G-photos icon makes all media accessible to whoever is holding the android tablet or phone (e.g. left in a public restroom or stolen). Google doesn't allow sign-out on android phones or tablets. Does the Yubi key fix that or it only to lock your account on a computer?
eh....you can sign out of your Google account on your phone. I do it all the time as I have multiple Google accounts when I test various phone features.
@Liron Segev I'm not a business executive or UA-cam creator , I'm just a regular unemployed person who has a Gmail account . I literally can't remember the last time I needed to login to Gmail ( or UA-cam for that matter ) on my Android phone 📲 . Is there an app that can help me change my password(s) for Gmail/UA-cam and-or log me out of particular selected google accounts ( on my phone ) ? Please let us know IF there's a particular settings trick to use on our phones that let's us log out occasionally from these apps Or that let's us change our password(s) connected to said accounts . ♑️✍️🇸🇯🇦🇺
@@LironSegev I'd love if you'd tell me how! I've tried to log out from Gmail and Photos, there's no log out option, not under manage your account or settings. It only offers to delete account. I have a Motorola 2022 on Android 12.
@@user-ti3vp9mt3z same here, no more disconnect button on Android 11 !?
One thing I do when I eg play an .mp4 file is right-click and choose "Open with ...", so that if it were a hidden .exe (virus) file the video player I chose wouldn't be able to open it and tell me it's not a video.
About the Yubikey: I have one but never got it to actually work, my pc wouldn't recognize it ...
Nice idea! Not sure why it wouldn't work as it just runs in any USB port. Strange.
@@LironSegev I could try the USB ports at the back of my pc, I've got quite a few there (Stryker case 😎).
What will you do if you lost the key?
thats why you have two - one is a backup. Plus you make a copy of the Backup Codes and you obviously have a recovery phone/ email as a last resort.
Are the two keys interchangeable? If so, wouldn't losing one render the other one useless?
you can use both keys. Not sure what you mean by rendering one useless?
@@LironSegev What I mean is that if both are interchangeable then if you lose one the other is compromised and would need to be replaced with a new pair.
@@WatchesTrainsAmdRockets ahhh. No. If you lose one then you sign in with the other one, remove it, and replace it with a new one.
@@LironSegev Thanks. One more thing. You showed using them with a phone via NFC. Wouldn't that make it possible for the token information to be stolen by a third party via an NFC scanner?
What about a virtual machine to check your e-mail with?
Yup. BUT remeber that something like YTyler it does check to see if its been run on a virtual machine. So just a heads up
Very interesting, unfortunately I consider Google to be one of the biggest data thieving companies on the web so won't be going down this path.
Will be looking into the keys aspect.
Can this happen just by clicking the malware link in your browser without downloading anything and clicking the file?
This particular one needs to opened on the computer.
@@LironSegev thanks
Thanks, Liron, Another reason I seldom use Google
5:29 it also only allows app installs from the Google Play store💀
Is This An April Fools Video @LironSegev ?
😂 No. I release new videos every Saturday so...
@@LironSegev Oh, Ok. Thought It Was A Joke Cause Today Is April Fools. Lol
@@MrNueman If you don't already, you should check out the LockPickingLawyer for his video today. Just don't be drinking anything or you'll spit it out at some of his narration. The man is not only a genius with lock picking, but his yearly April 1st videos are hysterical.
Dumb question... Can I use one key for all the sites I use, or do I need one key for each account?
not a dumb question at all! And yes - you can use one key for multiple sites and services
Okay, thank you.
10/10
👍👍
But doesn't this make sure that only Google has your private information?
Not sure I follow. Why would Google have your info?
@@LironSegev You kind of mentioned it yourself, that 3rd parties could not have the information -- but guess who does?
@@archangel_one You're exactly right. And guess who sells your info to 3rd parties? Surely not -an advertising agency masquerading as a tech company- Google.
important to have a script blocker on your browser
*Seizure / Epileptic warning*
Video contains flashing colors/lights.
Linus Tech tips just dropped a video saying this is how his channel was attacked! A employee of his downloaded the "contract" & within hours Chaos! 😮
I'm leaving this videos with a sense of "... wat"
COUPCOUP COUPCOUP COUPCOUP they came for you
There’s nothing I can do but just leave the Internet go back to cash be done with all this technology stuff
snap these keys in half can you long into youtube no so do not use them use top instead with the iPhone icloud keychain instead better you will not get locked out they need to still your phone plus phones can be locked asap if lost so no worry even from apple watch they can be locked
Me who uses android:💀💀💀💀
Wait... Google offers this protection to "activists" and "people involved in elections enroll"? Why are these highlighted classes?
they are typically targeted by hackers and scammers
I thought .scr was a script file
Poor Linus
Nope I’m not going to do this. These keys cost a fortune! If they were free then I would.
Yeah. How dare a company charge for their products?!? Besides, it's probably better to have your identity stolen. 👍
800mb PDF 😂 that's scary