STOP Using Google Authenticator❗(here's why + secure 2FA alternatives)

Подписаться 310 тыс.

Просмотров 481 тыс.

50% 1

It's a security app that isn't the most secure (although they have added Face ID for iOS since this video was published). I still recommend something like Authy OR, for a more secure option, consider a 2FA key: • Setup a 2FA Key for MA...
▶ Try Authy: authy.com/
▶ Try Microsoft Authenticator: www.microsoft.com/en-us/accou...
▶ Try 1Password (affiliate): www.allthingssecured.com/yt/1...
How to setup 2FA on one device (without scanning a QR code): • Setup 2FA Authenticato...
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured RU-vid channel (although we admit we're a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ Change these 7 Facebook Privacy Settings NOW! • How to Change Your Fac...
✅ STOP Using VPNs! (here's why): • Don't Use a VPN...it's...
✅ Are spy apps safe? • DON'T USE MOBILE SPY A...
🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Introduction
0:46 - Google Authenticator is Not Secure
2:00 - Authy App
3:34 - Microsoft Authenticator App
5:00 - 1Password App
6:05 - Summing Up Alternatives
*********************
2 Factor Authentication apps (2FA) are a must have if you'd like to secure your accounts, but you'll want to make sure you have a secure app that you can trust. The Google Authenticator app is not as secure as we think, and here are a few good alternatives.
#2fa #authenticator #persinfosec

Наука

Опубликовано:

4 авг 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 1 тыс.

@hyllaz 2 года назад

I think Aegis is an option more interesting, it allows you to backup in a encrypted file in a cloud of your choice, and also give You the option to do it manually exporting that file and save it wherever You want. And You can switch from Google authenticator exporting acounts and it Will read the que code without a problem.

@ryaniglesias6381 3 года назад

Great video.... I just dumped Google Auth all together. Question for you, authy looks good as I do like the multi-device option so I don't have to access my phone to get a 2FA code but I don't like giving them my mobile number. Microsoft auth backup in iCloud is great but would you happen to know the answer to this question - if I lost my iPhone and I decide to buy another iPhone three days later and I need a 2FA code before I get my new iPhone I am out of luck unless I have backup codes right?

@medmedmed333 3 года назад

Thank you for sharing, I just started using GA. I'm that type of person who might upgrade in just a few years (My old phone's screen broke just after 1.5 years) so having an option for multiple devices is much needed

@AllThingsSecured 3 года назад

Glad I could help!

@garyoak4175 3 года назад

Keep using GA. Try to find articles about someone being hacked with GA, you won't find any. Even a basic SIM-SWAP is hard work. Carriers aren't THAT retarded.

@thierry.lavallee 3 года назад

1password auto entering the 2FA code completely defeats 2FA. That's 1FA... The hen eats the egg.

@Vizaru 3 года назад

yeah that suggestion is honestly a step back from google authenticator.

@TheMack 3 года назад

Agreed. Trading security for convenience is never a good deal.

@Ahmed-Soudi 3 года назад

but some people may be willing to do the risk as 2fa config is sometimes forced to be done in some accounts on some sites.

@Stjarnadian 3 года назад

Only if your password database with the 2FA codes got compromised. If it's some other kind of attack, which 2FA could have prevented, it's not a big deal.

@garyoak4175 3 года назад

1password is garbage, this video is garbage. Surprising tbh. Auto-filler pass-mgr good one.

@gknotebook8298 3 года назад

That was really helpful. Thank you so so much

@speedracer123222 3 года назад

I factory reseted thinking I can’t get them so I turn off 2fa temporarily. Well discord didn’t turn it off and I almost lost my account. Luckly I had sms backup on but man not portable is very not fun. I still use google auth but I’m unsure if I trust the other apps.

@CyberMedics 2 года назад

Excellent presentation on the authentication apps. Well researched and clearly presented! Thank you. What do yo think of Yubico's authenticator app? I don't think it has a backup option. I don't like the necessity of tying in a cell number for Authy. Microsoft is good, but not sure you can backup the seed key for the app itself...do you know? Also it does not run on the desktop. I'm in the camp of not wanting all eggs in one basket, so don't recommend PW protection and authentication codes in the same app. Really enjoy your channel content. Keep up the good work in educating others!

@philtangerine 3 года назад

If a person doesn't use their device for anything important...never does banking on their phone, or anything "confidential", but just does it at home a PC...is there any reason to use 2FA? Thanks.

@Carlostype 3 года назад

Switched! Thanks for the heads up

@AllThingsSecured 3 года назад

Glad you made the switch!

@sahilbhatt4467 3 года назад

Aegis authenticator is the way to go.I prefer to use open source apps when compaed to closed source as it is quite reliable .

@hairystyles4212 2 года назад

yes!

@kierand9410 2 года назад

What is the advantage of open vs. closed source?

@gurnanis 2 года назад

Awesome video buddy … thanks. Can you suggest any easy way to move out of Google Authenticator? Also a recommendation for a future video - please… comparison between the new iOS 15 2FA vs 1Password. Thank You 🙏

@neuideas 3 года назад

I use 2fas on my phone, and Authenticator Pro on my tablet. Both allow PIN protection and various backup options, as well as export options.

@padraigr9305 3 года назад

Unless the desktop apps have an unlock PIN does it not defeat your stated purpose in switching from Google Authenticator?

@AllThingsSecured 3 года назад

They do. Sorry I didn't show that. You can create a "master password" for the Authy desktop app.

@garyoak4175 3 года назад

Besides the point.

@jamesdube7597 3 года назад

Funny I noticed this as well about GA, and this was my first experience with 2FA. Thanks Subbed!!

@AllThingsSecured 3 года назад

Thanks for the sub, James!

@Ninorc8 2 года назад

Josh, I have always used 2FA but only recently employed the Authy Authenticator app. I neglected to keep any backup codes when I was setting up my accounts. I didn't even consider this as an important step until watching this video. Is there a method of correcting this and storing codes now? Thanks for the great content.

@asdrubalivan18 2 года назад

Just did the switch thanks to this video! Thank you so much for sharing your knowledge!

@SSmithYT 3 года назад

Looking into switching as well, mostly looking for the convenience of an "Approve" request like I get with some Microsoft sign ins and other accounts, looking for an authenticator app that can do that for any account I use in it. These were some nice points though, unfortunately I don't like the idea of device sync, I'm sure you know, it's similar to the "all eggs in one basket approach."

@AllThingsSecured 3 года назад

Yea, I completely get that. I don't personally use device sync either, but I do keep a local backup of my file for protection against theft or loss of my device.

@bakasenpaidesu 2 года назад

Google need to add some kinda extra password to the qr so that only one get the access who knows the password

@JM.TheComposer Год назад

Responsible people will save the 2FA seed codes in a password manager, so losing your phone becomes a non-issue. Alternatives to Google Authenticator also exist, which enable you to backup your 2FA seeds into an encrypted file.

@vaiolover1997 3 года назад

I opened a Kraken account a few days ago. I didn't realize that they required 2F authentication until tonight or have a Yubi Key to buy/sell. So in order to facilitate the coming trades once my wire is accepted into Kraken, I would use Google authenticator and wait for the Yubi USB to arrive. My question: can switch from Google authenticator to the Yubi USB without any problems? I am not a technical person. Thanks in advance.

@JuliathePCGPinSW16 3 года назад

So glad I found your video, as I had been using it for a few logons without realising about the missing app lock - and that Microsoft does offer the feature.

@pushpendramakwana9910 3 года назад

Because 3rd party app lock is way more dangerous and Google knows this very well . Hacking in Gmail account is way more tough than hack some stupid 3rd party app lock in our phones .

@JuliathePCGPinSW16 3 года назад

I dropped Google Pay immediately after setting it up when I realised it didn't ask for any authentication on use. Switched to Samsung Pay, but that this no more :-(

@adrenaliner91 3 года назад

@@JuliathePCGPinSW16 you need to unlock your phone, that's something..

@garyoak4175 3 года назад

Microsoft has acknowledged the leak of 250 million client's information from 2005-2019 in 2020. Please, beautiful lady, listen to me and keep using Google Authenticator. Search the web for a single article about someone being hacked that was using GAuth, you won't find one for a reason. For the PIN thing, your phone already has a PIN function. If someone "Hacks your phone" he'll know both pins anyways. Hacking (Hidden Remote Administration) a phone is near-impossible if softwares are up to date (unless someone has physical access to your fully unlocked phone for a few moments)

@garyoak4175 3 года назад

@@pushpendramakwana9910 100% accurate.

@amosboi6103 2 года назад

Man, I know you probably won't see this; but I really appreciate the small things that most other content creators pass up, like timestamps.

@DJStompZone 2 года назад

Yeah that, or uh.. You know... He *could* focus on stuff like... NOT making videos around statements that are completely false? But hey at least he got the timestamps on there. (slow clap) very nicely done on those timestamps

@amosboi6103 2 года назад

@@DJStompZone Said false statements being...? (Not being an ass, genuinely wondering)

@diplod5000 2 года назад

You can make a back up of all your codes by taking a picture of a barcode for back up!!! There is an option in the settings!

@lastdaysguitar 3 года назад

Am I better off using my Ledger wallets 2FA application? Any concerns with Ledger - is the 2FA recoverable if my Ledger wallet is damaghed or lost? I am also concerned about what do I do if I lose my phone with Google Authentication?, thanks for any advice!

@enterprisefreenas-waters2355 3 года назад

I print out my QR codes and place them in a secure location. This allows me to restore my setup when I wipe my device twice a year. Also, I like the idea of not having a backup as I find it more secure :-)

@AllThingsSecured 3 года назад

Yea, I understand that. Also, why do you print out the QR codes instead of the text backup codes that they give you?

@johnsmithe4656 3 года назад

Be careful how you print. If you're on wifi there could be a man-in-the-middle attack on your LAN. Anyone running Wireshark could see your documents in plain text as they are sent to the printer. Also, some fancier printers (usually laser printers) have hard drives in them that store what is printed. Best option is to use a real cheap inkjet printer via USB cable, the old-fashioned way. If you're printing sensitive info, I would go this route. You can pick up a printer like that for $30, but ink refills are ridiculous.

@andrewmurray1550 3 года назад

"Not having a backup is more secure" - since when?

@xybersurfer 3 года назад

@@andrewmurray1550 it is in terms of others getting access

@CryptoRoyaleGameplays 3 года назад

@@andrewmurray1550 Having back up on other device is multiplying the chance of your 2FA being hacked.

@melisabell3420 2 года назад

Thank you for the video. Why am I learning this lesson right now! I never bothered with 2FA previously. I always thought it was an odd sort of overkill. I had used 2FA before at work to access specific tools for an employer but that was it. I enabled the feature recently given concerns about security. I must say, If I were not a better person I would have fallen out with Google over this. I am unable to access accounts. I should have done my research before hand. I am grateful that I am finding this out now I hadn’t had the accounts long but the experience has been a huge time suck. If I had of watched this video or absorb everything I have researching this topic I would have opted for an alternative.

@qualityposts2011 3 года назад

As of Feb 2021 Google Authenticator now allows for export of 2FA's for backup, and when installing the App for the first time set a pincode to access it. This makes the product now the best there is if one does not like using cloud storage.

@Pramanshu 3 года назад

I am using Microsoft Authenticatior app on Android, I accidentally deleted my app from phone. When i login same account with 'Already have account Begin recovery.' option but i didn't get any previous added 2FA account of other social media accounts. Backup and sync option was enabled. I didn't find and article or video tutorial for this. Is there any way to recover those backup? Please help

@garyoak4175 3 года назад

Microsoft Authenticator is garbage and microsoft has been leaking client info since 2005 due to bad opsec.

@hyperjack23 2 года назад

yup you're right bro. i also had a hard time with GA when i lost my phone. They have no back up or anything and I even emailed google about it. And they reply that it will lead to court because of the legality issues...BIG no to GA..

@uriasbt 3 года назад

I'll never be convinced that being able to backup codes is more secure than not being able to. Your first point makes sense, however its a app feature that could be easily implemented and until google does Ill just use third party security apps to lock access to the app. Also, as of now google authenticator has a option to transfer your codes to other devices.

@bahb00 2 года назад

So basically if Authenticator required biometric unlocking of app you might still use it. As for site code backup I just snap a pic of the setup QR codes with a cheap offline camera.

@QuantumKurator 3 года назад

Just curious if you have seen an issue with Authy where certain accounts do not sync between phone and desktop app.

@AllThingsSecured 3 года назад

Not me personally, but that doesn't mean it hasn't happened in the past. Either way, ALWAYS keep backup codes when setting up 2FA.

@syazone6782 3 года назад

I just wonder and you clarify it well , thanks 👍

@AllThingsSecured 3 года назад

Glad it was helpful, Ewan!

@Kaldrax 3 года назад

You can just export google authenticator OTPs and import them on a second device btw. I have them on my phone and on my iPad for backup.

@syIer. 2 года назад

update on the authenticator app: it now supports a lock screen so you have to enter your phone passcode, fingerprint or faceID

@FesteringRatSub 2 года назад

This is really great advice. I just freaked out that this could happen, like if my phone broke i am screwed

@adventureinventors 2 года назад

Only if you don't have all your original account info and passwords. If you wrote down your original account set up info you are not screwed.

@huntermcclovio4517 2 года назад

DO NOT LISTEN TO THIS GUY!! First of all you can password secure your phone with a password or a pin to block anyone from accessing your google authenticator. Second, yes you can make a backup with the key given to you when setting up the authentication procedure. Third, install the google authenticator on an airgapped used (old) cell phone for better security, DO NOT INSTALL ON MULTIPLE DEVICES!! you expose yourself and your keys!! and last and very important do not backup to your cloud, if anyone gets to your SIM card or calls the telephone company to get your SIM card replace they will have access to your cloud and all your apps including your authenticators. VERY IRRESPONSIBLE VIDEO!!

@bobmcalister 2 года назад

I'm on android and neither allows me to import accounts. Can I pay you to set mine up?

@prhasn 3 года назад

This was really helpful. I thought all apps had same issues as Google's. Glad to know there is a solution.

@zedgama3 3 года назад

Google authenticator is designed to be the equivalent of a hardware token on your phone. In other words, it's something you have and cannot be easily duplicated. While I agree that having the option of protecting my MFA is an extra layer of security, I believe that the biggest benefit is that someone only has access while they have my phone - i.e. they can't make a clone of it. Best practice, in my opinion, is to use a password safe that contains my backup codes. Since most MFA systems only allow for one OTP seed, this forces me to retire the lost seed and then generate a new one.

@AllThingsSecured 3 года назад

Thanks for the input here, JT.

@garyoak4175 3 года назад

GA is perfect. ATS Clickbaiting

@PutsOnSneakers 2 года назад

Until ya drop ya phone, all gone.

@portman8909 2 года назад

@@PutsOnSneakers Have a second phone stored in away at home.

@vyilettwebb9320 2 года назад

Thank you this video was very helpful😀

@LadyEtWatch Год назад

What's a fa key... ? I need slow down n explain for beginners. Is thus Android or iPhone?

@einyv Год назад

Google added the transfer option which gives you a single QC to important to another but I just took a picture with another device them provider it out and put it in the safe as a backup.

@Afura33 Год назад

Wait a backup cloud option would bring itself some security issues. Even if they are (like they say) encrypted, someone who knows what he does and get access to these cloud saves can still decrypt them and get access now to all of your 2fa codes. It's better to write down the backup or recovery codes instead of using backup cloud saving, but the issue is that some sites like paypal or amazon do not provide any backup or recovery code for 2fa which is a shame.

@robwin0072 3 года назад

How to move from Google Authenticator to Microsoft Authenticator? Do I have to set up each one separately or is there a transfer option? What I need to know is my Microsoft Authenticator on my old phone has a backup. How do I restore the backup of Microsoft Authenticator from my old iPhone to my new iPhone?

@ruairigogan7342 2 года назад

Newbie, so can I get rid of the OTP sms? Sms doesn't work when I'm out of the country. TIA

@anation2351 3 года назад

I just learnt something I didn't even know I needed. Thank you for the wake up call!

@AllThingsSecured 3 года назад

Glad it was helpful!

@vladimirolujic6637 3 года назад

Hey, man! You're good! Very good! Clear explanation, calm voice, real emotions, no faking, no overdoing it, no squeaking noises coming out of your mouth to make it "fun" and "cool", by some standards. No loud or annoying music... I was looking for Shakepay 2 step authentication explanation and stumbled upon your authenticator video. Don't know when you started your channel, but I wish you get hundreds of thousands subscribers soon! All the best!

@AllThingsSecured 3 года назад

Thanks so much, Vladimir!

@ColtraneTaylor 2 года назад

I'm not even watching the video but I applaud the uploader for this effort and agree with your sentiment. Hate those trendies.

@aamairbeebs1695 3 года назад

Switched from Andriod to iCloud and used Microsoft Authenticator. However, at present Microsoft doesn't allow the switch to take place smoothly between the two platforms. As a result, I had to use my old phone to access all the accounts and then add them to iOS.

@walshythemusician 3 года назад

If Authy requires the app to be linked to your phone number then your 2FA codes are visible to a SIM swap attacker right?

@NigelDraycott 2 года назад

Once authy is setup on your devices you can disabled multi device model which stops any further devices from being added. I think this would stop a simple swap exploit.

@darkmugetsu6572 3 года назад

Might pick Authy, I can install this on my main and old phone and only use the old phone when I need backup access if the current phone is lost/breaks.

@AllThingsSecured 3 года назад

Love it. The backup idea is perfect.

@leeanucha 3 года назад

My phone is always locked so g app doesnt need to

@groundexlight7850 2 года назад

im using it rn, now how do. i delete the app? do i logout out and delete or just delete the app, im kinda scared after u have said all this because i use google authenticator a lot

@ewaldfaugue4790 3 года назад

Thanks for those great information and tips. I get caught up in that situation with Google authenticator.

@AllThingsSecured 3 года назад

My pleasure.

@jonathanr3439 2 года назад

GA has a “privacy screen” setting, meaning face recognition is instantly required when opening the app, unlocking your phone and (re) opening the already running app, etc. Does this not resolve your no password concern for GA?? Seems secure to me.

@Dabs_Rulez 2 года назад

It wasn't there when this video was released but it is now

@vmaldia 2 года назад

@@Dabs_Rulez sooo the app team listened to criticism and just like space wolf said i acknowledge my mistake and will correct it

@centerpide 3 года назад

I totally get you. I always thought Google authenticator would have some backup feature to save all the account codes. To my horror when my phone got downgraded from Android 12 beta to 11, all my data was stored and could be restored except for Google authenticator. Had a painful time trying to recover each account one by one. Will be switching over to authy!!

@amansingh_797 2 года назад

Is the 2fa feature available now where we can see our 2fa 6 digit passcode from the 1password itself?

@valentinomarshal9496 3 года назад

Hello there, thanks for a very helpful video, I am not a fan of google authenticator too, and that's why I am trying to figure out how can I use Authy as 2FA app and not the google authenticator on Binance, can you please advise how can I do that? thanks

@bgtubber 3 года назад

4:08 Aren't cloud services also susceptible to hacking? I've seen plenty of news of clouds being breached - Dropbox, Microsoft, Apple iCloud etc. I wouldn't put any important information and files on the cloud without it being encrypted first.

@MrFooChops 2 года назад

More than that I wouldn't even trust those companies themselves with my private information so I wouldn't even use them anyway

@lussor1 2 года назад

Bitwarden is used by proprivacy people

@tonygil4137 3 года назад

Excellent content, thanks for the video. Definitely I’m switching from Google to Authy, however how simple it is to switch? Can we have a second application doing the authentication before disable the first one without compromising access to the account? Thank you.

@AllThingsSecured 3 года назад

YES! You can have multiple apps running the same 2FA as long as you scan the same code for both of them. So don't delete your Google Authenticator until you're absolutely sure that you have all the other codes successfully migrated.

@tonygil4137 3 года назад

@@AllThingsSecured Excellent and thanks again for your help. I just subscribed your channel and I will share it.

@FurNaxxYT 3 года назад

Some might see this as a security risk, but I don't mind taking responsibility of my own security: Aegis allows for the exportation and rescanning of your auth tokens. I have a few accounts that are shared and Aegis made it seemless for me to share the auth token

@centerpide 3 года назад

I am doing the switch right now. It's not as painful as imagined. You will be able to test out your authentication before saving the 2FA setting so that helps.

@staymad6739 2 года назад

"Putting all of your eggs in one basket" which is exactly the Google business model

@keesdejong4727 2 года назад

I don't totally get it: doesn't Google Authenticator generate a new 6 digit code for every time you login to some device / app using 2FA? (So that backing up these codes isn't necessary at all?

@theglobetrottersv 3 года назад

Thanks for opening my eyes with Google!!! I was starting using Microsoft authenticator before this video because has his own password, can backup and has his own password which found it much better for the situation in case lost my phone.

@AllThingsSecured 3 года назад

Glad I could help, Joel!

@01Phenom 3 года назад

i switched phones and i dint backed up my codes, now i need my old phone with G-authenticator. Good video

@AllThingsSecured 3 года назад

Yea, you're not the only one that has happened to. So sorry for the trouble!

@soccerguy2433 3 года назад

you can easily transfer from one device to the next. I literally just did that last month when i moved from OP 5t to a new samsung S21

@TechSmart_0101 3 года назад

You can export accounts to the other device like I did but actually switched to Authy!

@NathanElcoate 3 года назад

You can transfer from within the app..

@TheKoeman32 3 года назад

Omg

@ssg8335 2 года назад

How do you know your downloading the correct one to begin with?

@ricardohernandez9526 3 года назад

When I try logging into Facebook it ask me to enter the code from my authenticator app however when I go to the authenticator app which is the aforementioned Google Authenticator no code is displayed

@damesjean2848 3 года назад

Same problem, found any tipps?

@DarienAllen 3 года назад

I dropped Google authenticator last year for that same 2nd reason (no way to backup codes)

@AllThingsSecured 3 года назад

Yea, it's pretty scary, particularly if you keep your crypto backup codes on Google's app.

@shutthegate8232 3 года назад

and a software shouldn't be so crappy that you need a second/spare phone, just to do an export to google auth on that phone, to put it away as a spare. How crap is that design!

@maria-wu7us 2 года назад

there is a way though. Print the QR codes on paper and place them somewhere safe :) You could also print the emergency OTPs provided by the accounts that allow you to integrate 2fa. They are meant for scenarios like these :) Since the security risks for all these services are still non-zero, it would still be okay to use services that backup to the cloud though. Just know that they are less secure than using google 2fa.

@dandtech 2 года назад

1. In most Android phones an app can be secured within the phone. 2. When you enable 2FA, the website gives you 10 codes for backup to use for emergencies like when your phone breaks down, or lost, or stolen. Whene you switch phones the google authenticator has an option to transfer the registrations to your new phone, to the new authenticator. On the other hand if your app has somewhere a backup outside the phone guess what? That can be a target for hackers.

@PatrickFoxGaming 3 года назад

Google Authenticator has the ability to use Touch ID, and it also has a backup feature.

@davidblessing712 2 года назад

Some of these concerns are what I have with physical keys like yubikey. Unless I missed something with the gen5 it's like one I recently used. Anyone touches the key now has access. I wouldn't mind a pin option on the key. At least with Authenticator my phone is always lock unlike yubikey. But I'm look to switch Authentication apps for that second layer. Others that do switch, I hope don't do the mistake of using the same pin as a ATM card or worse, the phone pin. That would defeat the purpose.

@marktubeie07 3 года назад

Ok, then why do you still have your video on using Google authenticator on your channel from 7 months ago? Maybe delete it, it's confusing to have both. Cheers.

@bakasenpaidesu 2 года назад

Google need to add some kinda extra password to the qr so that only one can get the access who knows the password

@Ked4aa 2 года назад

Thank you very much sir! this video really helped me!!

@echoblades Год назад

One more authenticator with pretty good interface is Zoho OneAuth (India). At this moment it has iOS, Android and masOS versions

@SauI_Goodman 3 года назад

hey there man, i agree but the part you were talking about you can't lock the app is not true. many antivirus companies allow app locking which can be done easily but good video

@adrenaliner91 3 года назад

If you have an antivirus installed on the phone and most have not. I personally stopped using antivirus on android for many years because the only thing what it did is generate traffic and needs a lot of battery, as someone who can see if a website or mail is wrong, blocking ads and cookies and only install well known apps from Play Store an antivirus is just useless.

@sheethal_thomas 3 года назад

Using Bitwarden with Microsoft Authenticator for years 😊

@cocatfan 3 года назад

I don't understand the use of any authenticator. How is it different from using Bitwarden which I use?

@sheethal_thomas 3 года назад

@@cocatfan Bitwarden is a password manager mainly and not an authenticator. Yes, it does have TOTP authentication as premium feature. But the purpose of using an authenticator is to use a different device or app for additional verification. A person who can get into your password manager can also see your 2FA code if they are together and totally negates the purpose of 2FA.

@twb0109 3 года назад

Bitwarden + Microsoft? Like Privacy + Surveillance

@jorgemotta8290 3 года назад

@@twb0109 if it works well I'm ok with it. I also use both.

@twb0109 3 года назад

@@jorgemotta8290 yeah, people don't care about privacy

@FlyBoyDrummer 2 года назад

great video... how do we switch any Google-Authenticated Apps over to another authenticator like Authy?

@RicardoCorai 2 года назад

I have a problem with Microsoft Authenticator. . . I couldn't make it sync between different devices. When I install it on a new device I can't see the 2FA added on the original device. Do you know how to sort this?

@LaviArzi 3 года назад

I don't agree. 2FA is meant to be "something you have". Along with that you have the regular which is "something you know". If you have access to your phone, it should be all you need to qualify as the something you have.

@Dabs_Rulez 2 года назад

No, authy requires a phone number to set up and then you either get a verification code by text or call to your number to access your app. Then after that you have to enter your backup password to access the accounts. And just so you know backup passwords are never stored by authy meaning if you forget it you can’t recover it. Same for the pin. So authy is still as secure as google authenticator. And plus authy has a better UI than google authenticator

@foopington 2 года назад

having 2fa codes on your password manager seems like a horrible idea lol

@princy._ 3 года назад

You mentioned that device sync isn't very secure, could you please explain why? Thanks

@aussierule 2 года назад

To reduce risk of MitM attacks. Instead of syncing with the device it gets sent to someone who can read that data and you still get it like nothing happened

@johnsmithe4656 3 года назад

What if I don't want to use my personal phone or computer for 2FA at all due to security concerns? Can I buy a different device that can do the same thing, hopefully without spending much? I read that Trezor Model T can do it, but I'm concerned about firmware updates and $160 is a pretty steep. Is there a good hardware solution specifically for doing 2FA and only 2FA that is secure and reliable?

@AllThingsSecured 3 года назад

You seem to be mixing up 2FA and crypto cold wallets. They're not the same thing. You can purchase 2FA keys, which are physical keys that you have to carry with you (such as Yubikey), but you still need a computer or phone to use the key.

@KngSovereign 2 года назад

3:35 - It should be known that Authy doesn't allow access to the seeds for the 2FA codes. This means that if you get locked out of your Authy account (for whatever reason) then you could have to reset your 2FA accounts individually.

@NicCrimson 2 года назад

Does 1password have this feature?

@mementomori29231 2 года назад

That's fine. Have the seeds backed up to an encrypted container locked in your safe, for worst scenario situations. Should have Authy on several devices. I have Authy on several devices - phone / tablet / PC. Once Authy is set up on several devices, turn off multiple device option and no one else can log into your Authy account unless you approve. Super secure and safe.

@KngSovereign 2 года назад

@@mementomori29231 how do you have the seeds locked up in a safe if Authy doesn't give access to the seeds? Also, I can do everything you just said with every other 2FA app AND STILL have plain text access to the seeds for my codes. 🤷

@kpopempire1475 2 года назад

See, I don't want my 2FA codes syncing to the cloud where hackers can get to it.

@AllThingsSecured 2 года назад

I get that.

@brandonkruse6412 2 года назад

I have a tattoo of my QR code sketched on my inner-thigh. You know, maximum security so nobody can see my weird search history.

@ibnabdal-khaliq8041 3 года назад

Nice video man! I'm using the Microsoft one but when I'm upgrading phones it's becoming impossible to migrate. How do I download the backup from icloud?

@AllThingsSecured 3 года назад

Thanks! What problem are you running into? Maybe this might help: www.howtogeek.com/682273/how-to-move-microsoft-authenticator-to-a-new-phone/

@garyoak4175 3 года назад

@@AllThingsSecured he said he uz microsof but upgrad no good how 2 backup icloud

@bufordmaddogtannen 3 года назад

Protip: save the various qr codes together with the security/recovery codes when you set 2FA, you'll be able to scan them on different devices.

@AllThingsSecured 3 года назад

Good tip!

@levielliott4673 3 года назад

Yeah, I snip the qr code, print that out then add the account to authenticator from that printout just to make sure the hard copy works. Label the paper and keep it somewhere secure with your other important documents. I recently re-flashed my phone and getting my accounts back in authenticator took 3 minutes.

@bufordmaddogtannen 3 года назад

@@levielliott4673 I use a password manager, but the concept is the same. Instant recovery in case I change phone. 😉

@levielliott4673 3 года назад

@@bufordmaddogtannen I use a password manager for passwords but figure the paper backup might be slightly more secure being a different basket to keep the 2fa in. Otherwise if the password manager were to get hacked they'd have my whole world. Same concept that people use for crypto and keeping private keys on paper rather than digitally on an internet-connected device.

@bufordmaddogtannen 3 года назад

@@levielliott4673 indeed. It's an additional layer of protection. Although I'd not be at ease putting qr codes together with, for instance, electricity bills (there they are unprotected) or in a safe (that's a target). Maybe I'll have to hide things under the floor. Like John Wick. 😁🤣

@CRK1918 3 года назад

It is generally, if you want to be convenient and easy to use, security will be exposed. Therefore, I generally do not use automatic cloud backup, I am backing up my own method（You can back it up with a file, then you have to modify the name of it, and then upload it to your cloud. ）. BTW, I using andOTP APP, Because it is a completely open source application, and it can encrypt your file backups. You also need a pin or password to get in.

@cxl520 3 года назад

Yep , conveniency come with the cause! andOTP is great and you can see the source code,so there no back door for third party to services to get in. All the security in your own hand!

@osamu_90 2 года назад

Security and convenience are always inversely proportionate. If you really want to be secure you shouldn't even use the same device for your password manager and 2FA authenticator and even use physical USB keys (eg. Yubikey) for them, but not many people do that because it's very inconvenient.

@a-s7179 3 года назад

Authy for Bitwarden ! however, it doesn't work with my google accounts as "Google prompts" is the default one

@AllThingsSecured 3 года назад

It’s another level of security, sure. I don’t think it replaces 2FA, but it’s better than using only a password.

@tc970106 3 года назад

Excuse me for asking a dumb question here. What's the easiest way to switch from Google Auth to one of the recommended ones? Thanks!

@AllThingsSecured 3 года назад

If you’re willing to wait a week, I have a new video tutorial that will show you exactly how to do that! Subscribe to make sure you don’t miss it!

@pptx24 3 года назад

I use Microsoft authentication and I love it. I can recover my codes.

@AllThingsSecured 3 года назад

Good deal!

@rileynichol1016 3 года назад

where do you put in a code? I'm so lost

@pptx24 3 года назад

@@rileynichol1016 Microsoft authentication gives you another code (number) that works like a second password, that code changes every 30 secs so it’s so complicated to hack. You just need to download the app and scan the QR to link the website to secure with Microsoft authentication.

@rileynichol1016 3 года назад

@@pptx24 ty

@gto903 3 года назад

@@pptx24 what if I only have 1 device?

@ricp 3 года назад

Authy requires a phone number to setup.. that in itself makes it less secure than google authenticator. , > you can find hacking stories on this on reddit subs. also, having various 'backup' options in multiple devices might be good for convenience but bad for security. if you use google authenticator properly, i.e. downloading the backup codes as you should for your own security then there's no need to downgrade to authy

@likfrikbik 3 года назад

True.People just don't understand how google authenticator works. Using your phone number to setup anything is not secure at all.Because of a "sim swap" attack.

@iainpark1808 2 года назад

Can you help me get around this issue. Facebook account hacked, have been through ( around in circles mainly ) the suggested fixes from FB & various online suggestions. Everything comes back to generating a code - BUT YOU HAVE TO BE LOGGED INTO THE FACEBOOK ACCOUNT TO GENERATE THE CODE. If I could log into the account, I would not need a code! Initial set up of Google Authenticator asks to scan a QR code or enter set up key - both of which you get after you log into FB ( is this correct? ). Can I use another app to generate a code that I could enter in the FB recovery process? If you can help, thanks for your assistance.

@RawGuruRecords 2 года назад

how do we make the switch from google to one of these without losing all of our accounts?

@mattisfrommer8564 3 года назад

Do you know OTPAuth? You should give it a try. I thinks this app is awesome (Only available on iPhones)

@AllThingsSecured 3 года назад

Thanks for the tip, Mattis! I hadn't used it before. From what I see on the app store, I probably wouldn't use the notification center feature. Do you think it's worth the paid version when others like Authy are free?

@mattisfrommer8564 3 года назад

@@AllThingsSecured Absolutely. On the iPhone it should be free. Only the Mac app bust be paid.

@mattisfrommer8564 3 года назад

@@AllThingsSecured I am very satisfied with OTP Auth. It works well.

@wtg93 3 года назад

I agree, it's a much better option since it's open source. On Android "andOTP" is a great open source 2FA app.

@JohnLamjohnlsl 3 года назад

the reason I use Google sync is because it is totally off line you can back up Google Auth Back up by creating a qr code for a different device to scan just go to transfer account -> export account and you can backup the code you need (there is a small problem on the if you have too many as the qr code will be very big, the workaround will be splitting the code you need to backup to different group) I have been doing this the sync for all 4 of my device doing a cloud sync is a no no for me for security reason and for the app cannot be lock issue, I mean when you are in a location more then yourself, you should always fully lock you phone before it leave you hand..........

@altgene8372 3 года назад

Can I use my accounts with google authenticator disabled from the app settings?

@krisclem8290 2 года назад

Could use double blind with 1password, make a part of the password that you will remember and type in and don't include that part in the password manager. That way no one will have the complete password making it more secure despite the fact that your 2fa is integrated.

@Msasha2727 3 года назад

What about a physical key?

@AllThingsSecured 3 года назад

Absolutely! I use a physical key and I love it. The problem is twofold: 1) Some online accounts don't accept physical keys yet. 2) A physical key costs money. Some people are only willing to secure themselves as long as it's free (unfortunately). But if you can use a key...do it!

@speedracer123222 3 года назад

@@AllThingsSecured with yubikey you can download their Authenticator app and the codes are installed on the key. If you get nfc version it can be used on desktop and iPhones and android devices