One of the most detailed, serious and professional channel I've ever found
@yanivhoffman
Жыл бұрын
Wow 🤩 thx a lot
@muslimpathx
Жыл бұрын
true
@mos8541
Жыл бұрын
AND a nice office/hotel room view, assuming it was real i mean
@yanivhoffman
Жыл бұрын
@@mos8541 it’s my house :) so I will share the good feedback with my wife 😂
@IvanToman
Жыл бұрын
Most important tip = use multiple independent backups of all important data. If any account gets compromised, you don't lose your data, which is the most important thing.
@mrcryptozoic817
Жыл бұрын
I think it's best to use the "cloud" 𝒑𝒍𝒖𝒔 external. So I individually back up to 0, and -1 generations but it's so cheap, I also keep the -2 generation.
@klauserwin9860
Жыл бұрын
100% agree. I have several "cold" backups with full disk backups as images on (encrypted!) hard disks. 1x local backup in my home 1x Mom's house (+ 1x as rotating backup) 1x workplace 1x car 1x in my bug out bag I used old unused hard disks and I only need about 1 - 1.5 TB HDDs.
@rafhi
Жыл бұрын
100%
@shawnio
Жыл бұрын
here is another tip, dont store anything on the internet. I come from when the internet started, to think someone would send off their important data to a website and expect that website to be secure absolutely stupifies me.
@IvanToman
Жыл бұрын
@@shawnio Hm but what's the point of cloud accounts then if not to make data available anywhere you go? The problem is if it is your only available source of that particular data...
@mariotabali2603
Жыл бұрын
Told everyone I know they are fooling themselves if they think 2FA in a phone means total security. No one listens. So relieving to arrive here, you won a new subscriber
@marcocaruso3965
Жыл бұрын
Maybe the best video on KZitem regarding 2FA. Thanks a lot for your valuable insights. Enlightening!
@yanivhoffman
Жыл бұрын
Thank you buddy ❤️
@i11Playz
Жыл бұрын
But This Video Is Paid
@yanivhoffman
Жыл бұрын
@@i11Playz nothing sponsored . Not true
@ReligionAndMaterialismDebunked
Жыл бұрын
@@i11Playz where's your proof for your bold claim?
@igamse
Жыл бұрын
Things make so much sense now!!! My friend got his account hacked on a website after downloading a suspicious file, and we were super confused because he didn't type his password anywhere. Now after learning this Cookie thing I can imagine how it happened! Thank you so much for this video!
@everjan66
Жыл бұрын
This should be shown in every school, uni and every company.. would minimize security risks by A LOT
@levieux1137
Жыл бұрын
One of the biggest grief I have against 2FA is that many people I'm seeing use it as an excuse for having the browser record passwords and pre-fill them. In the end it's just a 1FA but with a very short code, and it's much worse than a strong password. The first ever rule to enforce before even deploying 2FA is to configure browsers to never ever record passwords for sites! A password should only be known from the user, not from a program, otherwise it authenticates the program, not the user.
@levieux1137
Жыл бұрын
@@fyks6447 I personally prefer to build memorizable passwords that involve some common radicals that depend on the category of the site, with some characters that depend on the site itself. It can occasionally require me 2 or 3 attempts to figure the right one, but that way they do not appear anywhere outside of my head. The biggest difficulty is to deal with sites having some horrible rules. In this case I can take some notes such as tr ',;:!' '1234' to know what needs to be replaced in my common radical without even disclosing which char is in use among the set. It's really not that difficult.
@Raletia
Жыл бұрын
@@levieux1137 How do you feel about local password managers? Personally I use the open source one, KeePass. It encrypts the database, has options for extra security on the database as well as different ways to access it aside from a password, has protection for snooping when copy pasting (if I recall), and will clear the clipboard, can be configured to auto type instead of copy paste. It has the option to add extra entropy in generated passwords by user random input, like moving the mouse around. And can be set to lock the database after some inactivity. But most importantly, you are in full control of your database. I don't like those online services. But I couldn't do without KeePass now. I have nearly 200 saved accounts now, accumulated over years. All with unique passwords as strong as each account allows. I couldn't keep up with it manually.
@wertigon
Жыл бұрын
I used to think like you did then age hit, my memory started failing me, and I found myself locked out of several sites as I required dozens of passwords. A password manager is the way to go here with one STRONG passphrase of atleast 20 characters. Also obligatory XKCD 936.
@joergkalisch7749
Жыл бұрын
Not to forget using the 2FA device as the primary access platform making it pretty useless. Worse , banks try to push customers towards mobile apps and then again 2FA on the same device 🤦♂️🙈
@Raletia
Жыл бұрын
@@joergkalisch7749 Yeah, the idea too of having it all tied to my phone.. which can be broken, lost, stolen, etc. feels scary to me. I use WinAuth as my primary means of 2FA, it's been pretty good so far and I feel pretty in control of my 2FA data with it. Also allows me to setup redundant methods for 2FA so I'm not ever locked out due to a single device failure, etc.
@jonathandavis3312
Жыл бұрын
The most common way sadly is just sending the end user an MFA push to their phone and waiting for them to hit approve out of habit... or send them so many that they hit approve just to shut it up (MFA Fatigue). There's also a social engineering aspect like what happened to the guy at Uber.
@BazWhite
Жыл бұрын
Yes, we had an instance of that. We then switched to only use SMS text messages ONLY. Within Microsoft options you can set which MFA options - preventing the use of an app. They then cannot simply hit 'Approve'
@jonathandavis3312
Жыл бұрын
@@BazWhite SMS has issues too. Another way is to enable number matching in Microsoft authenticator. That way they have to type in the number they see on the computer screen.
@ronescholz-nielsen3559
Жыл бұрын
@@jonathandavis3312 has that new method been released yet? I’ve heard about a release date of 28th of February, but haven’t seen it on my tenant yet.
@jonathandavis3312
Жыл бұрын
@@ronescholz-nielsen3559 you should be able to enable it for all users. Microsoft announced recently that they’re going to start enabling it by default.
@ronescholz-nielsen3559
Жыл бұрын
@@jonathandavis3312 okay. It might be released shortly then. I just haven’t seen it yet. Looked for it the other day then adding some Fido keys. Kinda strange that it’s not added yet, since it has been an option for the private/consumer part of 365 for a while.
@henri0661
Жыл бұрын
Thank you Yaniv for the detailed information. This deserves a sequel.
@yanivhoffman
Жыл бұрын
Thank you 🙏
@strandvaskeren
Жыл бұрын
One of the main ideas behind 2FA is to use more than one device, so that an attacker has to compromise more than one system. I know loads of people that do for example home banking from their phone while authenticating with a 2FA app on the same phone, which renders the whole idea pointless, the attacker only needs to compromise that one device, your phone.
@CTZS
Жыл бұрын
I actually do this. Ppl call me crazy haha. I go beyond and actually have multiple platforms for authentication purposes. The login and authentication devices are almost always not the same, whether PC, Android phone or apple ipad. My family and corporate bosses always wanted me to set up the authentication method for them on the same device for convenience and cost savings, and I never accept those requests, even offering to resign (my employer) if they insist. It's something I absolutely refuse to be even remotely connected if shit goes south.
@cornoc
Жыл бұрын
is that still true if you use biometric login for your banking app?
@napillnik
Жыл бұрын
The one thing that 2FA is supposed to do is to make it insufficient to just know the password. You also have to Own something. The problem is not if it's on the same device. The biggest problem is phishing, and people giving up their passwords voluntarily, either by being lied to, or by having very simple passwords. That's the VAST majority of account compromises that happen. Physical device compromise is insanely rare and difficult to pull off, since today's devices are reasonably secure. That's not the scope of 2FA. Nor should it be, as any layer of additional security makes the system simply harder to use, and if you go for securing the very unlikely vectors of attack, you make the security measure very unattractive and people will just not use it. Best example of overzealous security policies that don't actually protect against probable attacks, is having a corporate policy to change your password. This ends up being less secure because people are more likely to store passwords in unprotected places rather than remembering them, or make people forget their latest password, get locked out frequently, and having an IT department that has to bypass this security measure entirely, leaving you exposed to social engineering attacks. 2FA that force you to have an actual physical device or an extra program just for that, is just bad.
@sashakelly2025
Жыл бұрын
Who are all of these "loads of people" you know? I need to know one of them.
@redmafia9011
9 ай бұрын
Has nothing to do with switching devices once they phish you on one and get your credentials and information they need your account is useless to them
@marknichols2027
Жыл бұрын
Yaniv, excellent information! First time for me on your channel. Now I’m looking forward to the next one. Thanks!
@yanivhoffman
Жыл бұрын
Thank you ! Next one will be released today (Wednesday , 9am Est ) and super interesting on Hacking SCADA systems with Master Hacker OccupyTheWeb.
@kaveeshathilakarathna8063
Жыл бұрын
I wonder how could I missed this channel. Great content and nice explanation.
@yanivhoffman
Жыл бұрын
Thx so much
@n2productions
Жыл бұрын
The YT algo has showered favour upon you, sir... and I'm really glad it did!
@mochenmat
Жыл бұрын
Top tier video appreciate you willing to explain this to the masses! One small thing, you are saying retrieve wrong, you're focusing on the I in the word change that sound to an E so: RE-TREE-VE rather than RE-TRY-ve. (please don't take that the wrong way, I would want someone to tell me if I was pronouncing something wrong) with that said your English is amazing
@animusadvertere3371
Жыл бұрын
Thanks is for this. This is what should be on KZitem, not all the other crap. 👍🏼👍🏼
@yanivhoffman
Жыл бұрын
Thx a lot
@mos8541
Жыл бұрын
what ar you some sort of content censor person? whats "crap" to you mite actually be mediocre or even so-so to everyone else.... SFMF
@powerfullmind7724
Жыл бұрын
This is pure professionalism !! with very much knowledge to apply…that achieved only by listening to him to understand…. ! and not listening to just reply back… ! ✅ Thanks for teaching me ,Master!.
@deltaplan996
Жыл бұрын
It is always some kind of combination of the 3 things: something that you know (your password/paraphrase), something you have (Ubikey, otp token generator) and something you are (fingerprints, voice bio capture and verify). Thanks, Yaniv -- this is a good intro into the MFA world. חזק וברוך!
@yanivhoffman
Жыл бұрын
True and important view. Thx a lot
@jdtechsolutions
Жыл бұрын
First time I've seen one your videos, it made me subscribe to your channel. Good explanation, and the video itself is very professional. Keep it going!
@sals79
Жыл бұрын
3 minutes in and i had to hit the subscribe button! thanks for all that you do. :)
@yanivhoffman
Жыл бұрын
Wow so nice to hear. Thank you
@elijahwilt
Жыл бұрын
To prove identity, one can provide: - something they know - something they have - something they are
@saimandebbarma
Жыл бұрын
Hacker's will need user's consent anyway which they can obtain by tricking us in their ways. So, be aware & alert ! Thankyou 🙏
@MrRodsch
Жыл бұрын
Thank you for your compact roundup on this 2FA flaws topic. Eye opener. Brilliant integrated videoscreen background picture of a nice city and sofa by the way ;)
@justlisten82
Жыл бұрын
If someone from Isreal is teaching about hacking, I'm listening. They are world class.
@yanivhoffman
Жыл бұрын
Thx 🙏 😂
@yelmoralardclaw
Жыл бұрын
I am not sure I am well-qualified for the talks about cyber-security, but... 6:38 well sure, they re-route traffic, but SSL is commonly used to encrypt traffic, and even if the authentification token is somewhere in there, the hacker won't be able to get it through MITM attack... Unless the traffic is encrypted not before, but after proxy? And assuming (which is bloody reasonable) the encryption is assymetric, the hacker will not have the key to decrypt traffic... So how's Evilgnix supposed to work?
@rationalism_communism
Жыл бұрын
amazing video you clearly explained everything top notch! you earned a sub.
@yanivhoffman
Жыл бұрын
Thank you so much!!!! Appreciate it
@aaronperelmuter8433
Жыл бұрын
You mentioned in the vid that you’ll include a link in the description to your recommendation for a password manager. I couldn’t find this anywhere, could you please let us know which one you recommend? Thanks very much
@yanivhoffman
Жыл бұрын
Yes sorry - added two of my recommendations (1) 1Password and (2) NordPass also (3) RoboForm is good in my view
@Sissy_Scarlett
Жыл бұрын
@@yanivhoffman what about bitwarden? I am using it right now
@yanivhoffman
Жыл бұрын
@@Sissy_Scarlett bitwarden is good and one of the most common one. It uses and open source code while 1Password has proprietary one. Yet 1Password is more secured in my opinion. Look at this link: if you still have question let me know. cybernews.com/best-password-managers/bitwarden-vs-1password/
@Sissy_Scarlett
Жыл бұрын
@@yanivhoffman it's better than using no password manager tho, right?i will switch to 1password when i have good money.
@yanivhoffman
Жыл бұрын
@@Sissy_Scarlett yes ofcourse.
@CesarPeron
Жыл бұрын
Nice piece of information. So, speaking of security levels, in order from highest to lowest, would my listing be correct? 1) Hardware Key 2) Authenticator Mobile App 3) Mail Verification 4) SMS Verification
@yanivhoffman
Жыл бұрын
Yes 👍
@jaredcrown5812
Жыл бұрын
First time here, Subscribed!!
@DrVinylBcn
Жыл бұрын
I'm not English Native speaker and now i know how the people it's hard to understand me. 😂😂😂 Respect mate ! And awesome content
@reiniernn9071
Жыл бұрын
One simple tip. In referring to the mention in the video that a hacker could see the user of the device. If you do NOT use your webcam.....put a shield , pysical, before the camara eye . This makes it impossible for any hacker to use that camera even when he can activate the webcam due to a hack.
@jlarouche2
Жыл бұрын
Hi, great video! Does using a VPN could bypass the man in the middle proxy hackers (as mentioned around 6:00) ?
@austincromwell
Жыл бұрын
I was wondering the same thing.
@MrBharatyadav
Жыл бұрын
Much awaited video
@yanivhoffman
Жыл бұрын
Thank you 🙏
@ninocrudele
Жыл бұрын
Super interesting, thank you so much!
@yanivhoffman
Жыл бұрын
Thank you 🙏
@mussen1876
Жыл бұрын
Awesome thanks. I just subscribed. They should teach this stuff in schools.
@yanivhoffman
Жыл бұрын
Thx a lot
@mazalhoffman4914
Жыл бұрын
Thank you for the great information. Good to know ❤
@yanivhoffman
Жыл бұрын
Happy you liked it
@chbihmrabih9666
Жыл бұрын
Thank you man please keep doing what you do...
@yanivhoffman
Жыл бұрын
Thank you for the support
@tmurrayis
Жыл бұрын
I only understood about 20% of what he said but it was a very helpful 20%. I use a password manager and thought I a 15 character PW was overkill; time to rethink that for sure.
@yanivhoffman
Жыл бұрын
20% is a start continue to watch and it will improve. Thank you for the support
@yanivhoffman
Жыл бұрын
@Charles White 😂
@rafhi
Жыл бұрын
Amazing video, and much important, tnx 😊
@yanivhoffman
Жыл бұрын
Thank you 🙏
@achong007
Жыл бұрын
By the way, there is one more. Even if you have the cookie for the username, password, and token, Google will also check the IP address gateway you are using to make sure it is you. if not, they will send an sms to you. If you allow it.
@colbyhartman9467
Жыл бұрын
Nice video and this is one of a few that I have found that went into depth on this way in to peoples accounts thanks again
@colbyhartman9467
Жыл бұрын
What security key would work for for most of the common applications say emails say gaming battle net steam and stuff like that. That way say I wouldn't have to get 4 or 5 of the security keys for them is my question?
@yanivhoffman
Жыл бұрын
Thx appreciate it
@josefmazzeo6628
Жыл бұрын
There will come a time when not even super long passwords are not enough. With advances in quantum computing almost any sequence can be decrypted in seconds to minutes, eventually.
@esquilax5563
Жыл бұрын
While some forms of encryption are vulnerable to quantum computing, hash functions are not, as far as anybody's been able to tell. So your password is still secure
@cristibaluta
Жыл бұрын
Passwords are stollen anyway, don't think anyone is cracking them, websites have a limit of tries
@avnercoopman
Жыл бұрын
יניב, אחלה וידיאו. תשתדל להגיד פישינג עם פ רכה כמו דייג במקום פ קשה כמו פישינג (להשתין)
@yanivhoffman
Жыл бұрын
לגמרי , טעות שלי ואתקן . שוב תודה רבה על הפידבק ❤️
@badbabaji
Жыл бұрын
luv from odisha ❤
@KamilsView
Жыл бұрын
Great overview. Please, check the pronunciation of retrieve and launch.
@yanivhoffman
Жыл бұрын
Thank you 🙏
@Anvilshock
Жыл бұрын
Recommend you frame yourself more prominently in your videos. If you frame your figure like that, you diminish your presence. Look up videos on "cinematic composition" here on YT to learn what would be beneficial.
@youms108
Жыл бұрын
Subscribed immediately, wow great content sir.
@yanivhoffman
Жыл бұрын
Thx you so much
@optiplex-gaming
Жыл бұрын
Sir make full dedicated video on Evilginx tool how to configure and use it humble request
@yanivhoffman
Жыл бұрын
Ok will plan
@ayanyemijoel6957
Жыл бұрын
What do you say about the risk of using password manager? If compromised it like the whole of your power house is exposed. I have always been sceptical about it.
@yanivhoffman
Жыл бұрын
Very good point . In nutshell the right approach involves combination of strong security practices, risk management and on going vigilance. If you follow it you can minimize the risk of a password manager compromise and protect your online accounts and personal info. I can elaborate if you wish
@ayanyemijoel6957
Жыл бұрын
@@yanivhoffman your quick reply quite intriguing to me. I so much appreciate that. Please elaborate, I am much interested.
@coles999
Жыл бұрын
You smashed that 100 likes, have you made a video explaining it yet?
@yanivhoffman
Жыл бұрын
Still not but in planning . Will update accordingly
@dc99yt
Жыл бұрын
SMS is not really 2FA, because for 2 factors to work, one has to be something you know and next is something you own. SMS is not secure and hackers could use MITM attack to intercept the one time passcode. Or, they could use a phishing attack and exploit vulnerabilities in the SMS account recovery process to get hold of the verification code. While you are still in procession of your phone (something you own).
@crissd8283
Жыл бұрын
Why does the number for 2FA have to be so long? I would think a 4 digit number is plenty as it is a random number and the site can easily limit guesses to 3 and generating a new random number if you fail 3 times. Instead I get a 10 digit number texted to me. I don't understand why this is nessisary?
@mbadakhoury2
Жыл бұрын
where are you located hoffman? im a devops engineer, and i like what you do, i think we're neighbors i would like to see more content creators from our country making video in english sharing our vast nation high tech knowledge and expertise way to go
@yanivhoffman
Жыл бұрын
Singapore
@mbadakhoury2
Жыл бұрын
yeah sure haha ;)
@chang112x
Жыл бұрын
Do you live in Bangkok? The view is very similar to Bangkok! Very good video btw
@yanivhoffman
Жыл бұрын
Thx a lot for the kind words. I live in Singapore 🇸🇬
@chang112x
Жыл бұрын
@@yanivhoffman cool! Looks very similar to BKK
@technocoh
Жыл бұрын
Interesting insight, thank you! :)
@yanivhoffman
Жыл бұрын
Thank you so much
@gregorymirsky8707
Жыл бұрын
If you are abroad and the second piece of authentication is sent over the phone, you may face a complete failure for plenty of reasons, one of which is your phone inability to work with the local system.
@benduffy4223
Жыл бұрын
Your accent makes it sound like you are saying "to f#ck the authentication" And i love it. :)
@0Ciju0
Жыл бұрын
Thank you for the video, I am glad I found you!
@yanivhoffman
Жыл бұрын
Thanks so much for the kind words. Appreciate it
@asicdathens
Жыл бұрын
You didn't mention the SS7 man in the middle attacks that are common as well. Also OpenBTS (and similar professional equipment depending on your connections and money) can be used to intercept SMS's .
@yanivhoffman
Жыл бұрын
True and thx for adding
@y.tzvilangermann7894
Жыл бұрын
תותח!
@yanivhoffman
Жыл бұрын
Thx 🙏
@DrVinylBcn
Жыл бұрын
Mate, you are in Thailand? because the background looks familiar for me.
@AskTheSloth
Жыл бұрын
ימלךך סרטון מושקע ומעניין תמשיך כך :))
@yanivhoffman
Жыл бұрын
Thx a lot 🙏
@SKIDDOW
Жыл бұрын
Recently someone hijacked my cookies. Nice explain
@creedine
Жыл бұрын
hi i wanted to ask does clearing cookies from google or logging out from any website that has your information protect you from when you download a exe file that contains a virus?
@malekyo
Жыл бұрын
Mr Hoffman, how about a way to mitigate the SMS attack is to use a second number/sim unknown to anyone else but you. And use that number to receive sms tokens. Not bulletproof but minimizes the impact of sim swap for your main sim/number which can be easily found.
@MichaelSoulier32Pens
Жыл бұрын
If my logins are already encrypted I fail to see how a VPN makes me any safer. Am I missing something?
@RokeJulianLockhart.s13ouq
Жыл бұрын
Obviously TOTP codes don't have to be kept on a user's smartphone. That's a stupid thing to mention. Have you never used Bitwarden or the WSA?
@deangreenhough3479
Жыл бұрын
Subscribed, great work thank you
@yanivhoffman
Жыл бұрын
Thank you 🙏
@Jacmac1
Жыл бұрын
All of this stuff requires being able to attack a user's browser, which means the attacker has at least network access, or some form of man in the middle. For the most part, the idea behind 2FA is not to protect from these two situations. 2FA is merely a method of protecting against what you "have" vs what you "know". As a hacker, you may know a password, but you may not have a hardware token. Hacking a way through that with man in the middle or direct network access is not the point of 2FA, other tools are supposed to protect a user from that.
@wanderatimothy5595
Жыл бұрын
Any suggestions on how Software Developers could write more secure code and minimize the chances of a breach.
@lamjeri
Жыл бұрын
- Get your devs some pentest, or security training. If they can see how attacks are done in real life and what caused the malfunction in the code, they are more likely to write it better - Reduce your software stack. If your tech stack has more letters in it than the whole lgbt acronym, it's hosted in cloud with CDN in front of it and the app just displays a random picture of a puppy every time you visit it, it's over engineered. - Use tested and verified open source projects when you can and contribute if it's missing a functionality, instead of writing the thing from scratch. Easier to check the code for problems and you give back to the community a little. Let's be honest, we all owe it a lot - Don't use Javascript unless... Just don't
@mucholangs
Жыл бұрын
@@lamjeri Can you talk more about why Javascript is bad? I doubt there is a website today that does not use JS.
@lamjeri
Жыл бұрын
@@mucholangs Well, that's kinda the problem. JS is used everywhere, even in places where it doesn't have to be. It's often installed just 'cause, even though the project doesn't need / use it (static websites). Just of the top of my head, I remember 3 major incident involving Java script. - There was the infamous Log4j. Library used by what seemed to be every project on earth with vulnerability, which allowed for remote shell. And it was so stupidly simple to take advantage of it, that you just had to type command into Minecraft chat to misuse it. - Recently, there was a bug in library which handled (ECDSA ?) certificate checking. Problem was that the code didn't check if the client data wasn't 0, which breaks the math that does the actual check. The guy who wrote the library didn't even bother to read the wiki page, where it says in the first few paragraphs, that this is a mandatory check for things to work. Result was that you could just send a few zeroes instead of your certificate and it would be considered valid. - Then there was the leftpad incident. Which is more of a funny story than a security vulnerability, but it just shows that Javascript might have a very deep problem with its package management system. I guess it's kinda inevitable with popular languages (I wonder if Python will be a subject to this as well) and a lot of unskilled people starting their career with it cause of hype. Especially when it's a publicly facing code that can be accessed and broken by more skilled individuals around the world. But considering these (and much more over the years), I consider Javascript a really big *hit hole that everyone keeps using and every now and then, things just overflow.
@mucholangs
Жыл бұрын
@@lamjeri Vulnerabilities exist in every software. That is one of the reasons that patches, and new versions are constantly being released. I remember when SQL injection attacks were so common and trivial in MySQL. I also recall when popup bombs were common in Javascript. But all those have been fixed. The Log4 vulnerability you mentioned has been fixed too. Telling people to not use Javascript makes no sense to me.
@lamjeri
Жыл бұрын
@@mucholangs Yes, that is true. Some software is worse than others though. Injection attacks are not problem of the language itself, but wrong handling of user input. I don't argue that it's needed currently, as there is virtually no alternative in certain use cases. But I do think that the language has some deeply embedded problems and the combination of inexperienced people and publicly facing code is disastrous.
@psurendranathmenon6394
Жыл бұрын
Good evening. Do you think the password managers or the passcode storage is a safer place to store all you pass codes for various accounts. Will it be all the eggs is one basket? It's always a frequent hassle "forget you password?' Could you please comment. Thanks.
@starshine_Ultra
Жыл бұрын
I was wondering why my old telecom sent me a sim from their main company (smart) and i was using another sim (sub service) from a sub company from them. I never asked for a sim update also. Then next thing i know my devices were all being hacked and controlled.
@reed3863
Жыл бұрын
Very informative. Thank you, I learn something interesting today.
@lottan2197
Жыл бұрын
thanks for ur time, great learning
@yanivhoffman
Жыл бұрын
Thank you 🙏
@PerChristianFrankplads
Жыл бұрын
My brain kept hearing "TO F*CK TOROUGHTENTICATION" until it learned that it was just a strong Israeli accent.
@yanivhoffman
Жыл бұрын
Yes yes I’m sorry 😂 working on it
@PerChristianFrankplads
Жыл бұрын
@@yanivhoffman: Please don't! Much more fun with different accents all around the world. :)
@remifasolla2863
Жыл бұрын
I love your accent! Especially the way you say "two fuck-tor" 😉
@yanivhoffman
Жыл бұрын
😂
@salaheddinesalmi683
Жыл бұрын
All support to you , please keep up
@yanivhoffman
Жыл бұрын
Thank you 🙏
@mavadelo
Жыл бұрын
Wish I had seen this when it got posted. I fell for it just last week (No harm done, I was quick enough noticing something went wrong and fixed it right away)
@jimmybrad156
Жыл бұрын
wat hapend?
@mavadelo
Жыл бұрын
@@jimmybrad156 I had a moment of "being an idiot" !
@jimmybrad156
Жыл бұрын
@@mavadelo clicked on a funny link? did something a stranger on the phone said to do? got me all curious now!
@mavadelo
Жыл бұрын
@@jimmybrad156 I trusted a link from a long time steamfriend. Sadly it seems he fell for it too. A "vote" link for some compteition. Knowing he was into modding I trusted the link, "logged in with Steam" and basically noticed straight away something was funny (login procedure was ever so slightly bugged) so gladly I was quick enough to avoid major damage. A few friends were contacted with the same message I got so I was able to warn them not to click. Never trust a link on Steam, not even from long time friends.
@LeonSteelpaw
Жыл бұрын
Why do I think the people who created the security depended solely on obscurity to keep it from being compromised?
@nomore-constipation
Жыл бұрын
Not sure I like the suggestions for a password keeper. Why you like those specifically makes me feel you like it because they have ads that support this channel.
@yanivhoffman
Жыл бұрын
Thx for feedback. Just to be clear , I’m not sponsored by any password manager or anyone actually ! Its only my preference
@nomore-constipation
Жыл бұрын
@@yanivhoffman Appreciate your honesty.
@YTesting
Жыл бұрын
Great video, thanks
@avramvr4451
4 ай бұрын
אחלה סירטון אחי נהנתי מכל רגע
@yanivhoffman
4 ай бұрын
תודה רבה!!🙏
@dem0nsl4yer
10 ай бұрын
Yaniv, I love your videos buddy but you need to stop saying "P"ishing, as it cracks me up each time, as in English or slang UK dialects of the language, it means the same as the act of peeing, urinating or relieving one's self :-) We pronounce it "F"ishing (like you would do with a rod or net), even though the spelling is Phishing. That aside, thanks for great explanatory videos even though I am an IT veteran of 36 years myself. I started as a techy nerd in the early 80's with the first home computer then it became a career and business through the evolution of distributed systems, networks and the internet. I'm still a nerd at heart, although I'm a more senior one these days, so keep them coming!👍
@yanivhoffman
10 ай бұрын
Thx a lot for the kind words . I’m working on the slang as well :)
@wgrosa
8 ай бұрын
Thanks for the great content!
@yanivhoffman
8 ай бұрын
Happy you enjoyed
@John-oz1do
Жыл бұрын
Excellent summary.
@yanivhoffman
Жыл бұрын
Thank you 🙏
@austincromwell
Жыл бұрын
I think password managers are a terrible idea as you're effectively trusting an unknown entity on the Internet with all of your passwords. Wasn't one of them compromised recently?
@yanivhoffman
Жыл бұрын
Password managers are only part of an holistic solution and can’t stand by themselves .
@Yeni...
Жыл бұрын
Hallo, zou je misschien ook video's kunnen maken in 't Nederlands. Leert wat sneller❤️💪🏽 respects ga zo door!!!
@lherfel
Жыл бұрын
thanks good overview of topic
@waleedelhadidy4879
Жыл бұрын
really thanks a lot for the great information and the easy demonstration...after that video and I'm already subscribed to ur channel.
@yanivhoffman
Жыл бұрын
Thanks and welcome
@waleedelhadidy4879
Жыл бұрын
@@yanivhoffman some one hacked my fb account using that technique...can he login again with that cockie with him despite of I already changed password after that immediately.
@joshuadean7846
Жыл бұрын
Very Nice Information but can you have me to recover my Facebook Account???
@bilalahmad9638
Жыл бұрын
You earned a subscriber
@yanivhoffman
Жыл бұрын
Thx a lot
@yourname91110
Жыл бұрын
Instantly subbed
@user-qr4jf4tv2x
Жыл бұрын
i wish there was a way to country block logins or make it very region locked and rather than just way way of loging in you have to verify authenticator app and sms.
@NickAskew
Жыл бұрын
Thanks for the video. I'm a software developer and not a security expert, a distinction a lot of people cannot understand. About a week ago my neighbours came around to my house to explain that their bank had blocked their account. It seems that one of them had accidentally installed an app that was malware on the phone (some kind of PDF AI scanner) but that phone also had an app from the bank. They wanted my help to try and retrieve as much of their own information from the phone before they planned to do a factory reset. What happened next surprised me, it was an Android phone and we opened the play store and went to play protect. It immediately came back with an alert that some harmful software had already been detected and removed from the phone. My question is then, does Android actively scan for such harmful software? Is it possible that other apps running on the phone have access to an API so that they can be alerted if malware is detected and so restrict their own functions? I mean how did their bank know that one of them had malware and to block their account just in case?
@kobusdowney5291
Жыл бұрын
It may be that the malware attempted an illegal action on the banking software, which the bank detected and locked their account. This is rather a testament to how a bank should react to anomalies and attempted attacks.
@exol511
Жыл бұрын
The SIM swap at least where I am is not a problem as you would need to somehow do a real life impersonation with a stolen ID card at the service providers store. If you somehow managed that the owner of the phone is likely to notice that his phone stopped working fairly quickly so this would only really work in a highly oragnized and targeted attempt.
@AxGryndr
Жыл бұрын
SIM swap attacks are a huge issue for One Time Passcodes that financial institutions send before allowing you to do certain actions with your accounts. For example, a sim swapped device looks like the trusted user, allows them to add a new Zelle payee and the money is transferred out of the account in mere moments. In this case, the damage was stealing your money not your identity.
@cristibaluta
Жыл бұрын
I also don't get how the sim swap works, he didn't explain it. Also how do they know your number? It must be something very targeted.
@AxGryndr
Жыл бұрын
@@cristibaluta In most cases, SIM swap is the result of social engineering / ID theft. The fraudster convinces the mobile carrier to port the SIM from the current device to a device they control. When this happen, the real user's phone stops working and the phone the fraudster controls is enabled. From this point, 2FA is sent to this new device. This allows the fraudster to cause a lot of damage. This is why the suggestion is to not have all 2FA go to the same device / app.
@exol511
Жыл бұрын
@@AxGryndr yes but how exactly will the thief get my Sim without impersonating me at the local service provider shop? Where I am the shop is not going to sell you a SIM copy without disabling the old one and the shop will want the actual contract signer for the phone number to be present (with ID) before making you a new SIM, so you will need to steal the persons identity first before actually getting the SIM copied. So how exactly are they going to get my SIM without literally stealing my phone or doing a Mission impossible face mask trick (as just making a convincing copy of the identity card does not work, since they write in the number and into the system and your mandated pic is going to show up in the program)?
@AxGryndr
Жыл бұрын
@@exol511 They don't need the actual SIM because they convince the carrier to do the swap over the phone.
@sccrothers77
Жыл бұрын
You have conflated 2FA with '2 Step Authentication'. Two very different things. 2FA being much more secure. Unfortunately, you are not alone as an IT professional in failing to make the distinction.
@RenegadeAcre
Жыл бұрын
Thank you for this excellent video.
@yanivhoffman
Жыл бұрын
Thank you for the kind words
@makatron
Жыл бұрын
Great content, subbed.
@CalvinKleinPay
11 ай бұрын
Greetings, can you make a paypal bypass video?
@FlyingNacho
Жыл бұрын
What on earth? I thought 2FA was safe... Subscribed.
@yanivhoffman
Жыл бұрын
😂
@esquilax5563
Жыл бұрын
2FA is still better than 1FA. But in the end, no system is 100% unhackable
Пікірлер: 590