@warwagon
As far as backing up I recommend putting the authenticator on every phone and tablet you own. I also recommend taking s a screenshot of that initial QR code that you scan in, giving it a site name and saving it to a couple disconnected USB flash drives and maybe a 3rd in a safety deposit box. This allows you to re-add those sites back into an authenticator should you have to.
@4ortytoon
It's really odd that google accounts are more secure than bank accounts. I really hope that'll change some time relatively soon. fingers crossed 🤞🤞.
@dono42
I am a little wary regarding biometrics. As I understand it, courts can compel someone to provide biometrics without concern of violating their rights. Passwords, on the other hand, may actually be forgotten (or better never known via password manager), so cannot be compelled. I guess it depends on the situation and if other security factors are also used in conjunction with it. Also, I have had problems using fingerprints in the past. I had it implemented on my phone for a while, but quite frequently it would not recognize me. I also have it set on one of my bank accounts for ATMs. It too often does not recognize me forcing me to try multiple times. My work PC uses facial recognition, but it too frequently does not recognize me causing periodic downtime. It is problematic when the actual person gets locked out of their own accounts.
@Cloudsifter
I should add that I'm sick of my credit union, and healthcare providers, not offering 2FA except via text and e-mail. The credit union also restricts how complex my password can be. I understand that their reasons for that (people will write it down or forget it), but I use KeePass (secured with a very strong dicepassword that I've memorized) and store very strong passwords within it. It is infuriating that I can secure my Amazon and e-mail accounts more than my financial and health accounts! Argh!
@MrWhipple42
You can prevent SIM swapping by locking your SIM card via your carrier. Verizon let me do this through my account on their website. I also have a PIN for my SIM card that requires me to enter it every time I reboot my phone. (It's a different PIN than the one to unlock my phone.) Using unencrypted SMS for 2FA is still vulnerable to man-in-the-middle attacks, but it's pretty straightforward to mitigate the risk of SIM swapping.
@EIRE55
I've been using a dumb phone for years, and will continue to do so. In fact, the demand and purchases of them have massively increased recently. Cheap, cheerful, and reliable.
@kublatom
3:49 In my opinion, storing TOTP in the same password manager as your password doesn't follow the best practice. It should be stored/accessible on/via a different technology. In this case, if an attacker breaks your password manager's database, he/she/they has access to both of your factors. The rest of the video is perfect and I like how you increase security awareness.
@thedude6712
One mistake of technicality, you incorrectly used the term 2FA once in the video. At around 5:55, you say using biometrics instead of 2FA. You correctly described biometrics as "something you are" just before that. The thing is, that "instead of 2FA" really should have been "instead of something you have". 2FA just means using two of the "something you know (pw)", "something you have (yubikey or phone/email)", and "something you are (biometrics)". 2FA does not mean using an authenticator, hardware key, or SMS/email. Password plus biometrics is just as valid of 2FA as password plus Yubikey.
@specialk9999
My bank and CC bank only offer sms also. It is frustrating.
@2011k1500
I don't care to use SMS messages to get codes for another reason. What if somehow you lose access to that phone number? (suppose you change your number) Do you have a list of all the places you used it for access? I prefer to use a security key. Also, I have three of them on any account that allows it. I'm too paranoid to just have two.
@terrytabor7042
I have concerns regarding usage of biometrics that I'd love to see a video from you about;assuming you haven't addressed these issues already... My concerns revolve around end of life issues. That is, if everything important is protected by 2fa that requires biometrics to open, how will my executor be able to access these accounts upon my death. I love your videos! Keep 'em coming!
@kentw.england2305
Web sites would do well to use persistent cookies to reduce 2FA usage. That "trust this device" checkbox indicates this is active.
@MyNameisPuddintane
Love the channel. Would also suggest backing up authenticator qr codes to encrypted drives or cryptomator and cloud.
@davidmaddox6829
After watching some of your videos I have switched to 1Password and purchased two Ubikey. My issue is carrying the Ubikey with me all the time. Any suggestions? Also, how do I get my Mac to ask for Ubikey when I login? Thank you
@shotelco
Josh, I don't know if you have touched on this before, but For the past 6 years, I have been using a Nymi Band (biometric fingerprint/EKG touchless device) as a multifactor (3FA?) security passport. I have physically hacked it so that it is part of the the bottom strap for my Smartwatch. When I approach my PC/laptop, it unlocks them. Same With my Android phone. I have created browser code to only allow my financial websites/apps to be opened when in proximity to the device. Problem is, most of this requires custom coding as FIDO2 simply isn't supported for most situations. And honestly, its overkill for anything less than strict obligatory compliance environments - and is probably why its mostly used in these types of organizations. But Nymi would be something for you to take a look at if you haven't already.
@penultimatename6677
Biometrics appear to be an excellent solution with one concern. I believe Finger recognition has an equivalent concern as Sim swap. In this case the smartphone is lost or stolen. Then someone lifts off the fingerprint on the phone. Kind of like sticking a paper on the back with the password in full view. One can argue this is extremely rare and nothing to worry about so no worries. Sim swapping a very rare occurrence is becoming part of the basic toolkit of hackers. Facial recognition is probably safer unless one has the tendency to squeeze the phone against one's face.
@coweatsman
Given that my phone fails to recognise my fingerprint 50% of the time I don't think I would want to rely on it solely.
@davinp
While many online systems offer 2FA, not all require it be enabled. I think it is a good idea to enable to protect your from being hacked
@viazel2796
I have friends works in the construction industry that have a hard time with fingerprints or face goggles! Other suggestions on 2FA? Thank you!
@AllThingsSecured