For exclusive travel vlogs and early access to content check out my Patreon account here: https://www.patreon.com/cryptotips
Earn BAT and Help support Crypto Tips by joining Brave Rewards: https://brave.com/cry258
Find me on Steemit: www.steemit.com/@heiditravels
Twitter: @blockchainchick
Instagram: @hheidiann
Bit.tube: RealCryptoTips
Get that BRAVE Browser! : https://brave.com/cry258
Check out the new hardware wallet Ellipal HERE: https://order.ellipal.com/?ref=5c08236b8e68e
Thinking about purchasing a Ledger Nano Hardware Wallet? Browse their official website: https://www.ledgerwallet.com/r/67ef
Want to join coinbase to begin your crypto journey? Here’s a link to get free $10: https://www.coinbase.com/join/558828d
LINKS FOR ADDITIONAL READING FOR THIS VIDEO & ALL INFO IN TEXT DOWN BELOW:
Hackers Overcoming 2FA: https://www.csoonline.com/article/3399858/phishing-attacks-that-bypass-2-factor-authentication-are-now-easier-to-execute.html
Types of Phishing Attempts: https://blog.malwarebytes.com/101/2017/06/somethings-phishy-how-to-detect-phishing-attempts/
How to Avoid Phishing Attacks: https://www.tripwire.com/state-of-security/security-awareness/6-common-phishing-attacks-and-how-to-protect-against-them/
Digi-ID: https://www.digi-id.io/index.html
Hydro Raindrop: https://projecthydro.org/raindrop-phase/
Using an additional security layer like 2FA, or 2 factor authentication is something that I’ve been recommending since the start of this channel nearly 3 years ago.
For those who may not know what 2FA is or why it would be recommended, here is a brief review:If you use websites that require you to log in, and if your account there involves sensitive information like your bank details, create card details, or cryptocurrency wallets, simply using an email and password to protect that information is not the best line of defense. Reason being that typically people use the same passwords over and over again for multiple site, and often times these passwords can be easy to guess. There is also a threat of phishing attacks, but I’ll get into that later on in this video.
2FA is an additional layer of security that comes in the form of an app that you can download on your phone, the most popular being Google’s Authenticator App and the Authy App. Both are free and relatively easy to set up. These apps create 4 digit codes which reset every 15 seconds or so. If you enable 2FA on a website that allows it, when you log in, you’ll then have to reference the code provided by the 2FA app. This means that unless a hacker is in control of your phone at the time of your logging in they can’t gain access to your information.
Or at least that used to be the case.
There was an article which I tweeted about last week that shows how 2FA isn’t as infallible as we’d all hoped. In fact, not only has it been possible to circumvent for a while, now it’s becoming easier to do. I will provide a link to this article down below in the description so that you can dig into it yourself and hopefully learn something new about internet security in the process.
The key take away here is that the hackers are still relying on their potential victims to fall for their phishing attempts, to click on their fateful links that ultimately opens your digital door for them to step inside, poke around and steal everything that they can.
I can’t make a video about this topic without including how to avoid phishing attempts. Often times they present as emails that scare you into action. Something has suddenly gone wrong, your information is at risk and you need to click a link or respond with your login information like passwords or phone numbers.
Often times they are fake websites with URLs that look NEARLY identical to the real thing, but are slightly misspelled or they have the wrong ending like .co instead of .com. You proceed to log in with your information and you’ve given it all right over to the hacker.
That is the crux of this problem, the phishing attempts. If you never fall for them, you won’t be a victim of them. If you’d like additional peace of mind, there are other, new options that leverage the strength of blockchain technology in your favor to secure your information and enable you to verify your identity often in ways that are easier than traditional log in requirements. If you’re interested, check out DigiID, provided by the Digibyte platform. There is also Hydro platform’s application called raindrop. Both of these are new, meaning there aren’t many websites that have implemented them. But they exist, and there’s certainly a need for more options like this to crop up in the future so keep an eye out for them!
Even with your serious face you have a perma smile.
Digi-id/Antum-id All the way! DigiByte blockchain.
Looks like you are in Oz
Interesting article, thank you.
Nice intro. Nice trees. Nice video.
is the 2FA hackable, can the hacker replicate the factor ? or bypass it
Heidi, How about including a video on external devices for secure access (i.e. Yubikey). No need to use 2FA any longer
I see eucalyptus and red dirt, must be Osstraylia!
That looks like Australia.The trees,the road,thanx mate-BB Boys rip
Are you in Ozzstraylia?
I get the whole teaching newcomers about online security & 2FA but why present all these new type of solutions like Digi ID? Why not just recommend what every major web based platform offers as a standard 2FA login (Google Authenticator or Authy)??
Welcome to oz?☮️❤️
2fa has always been questionable. more less based on the provider. thanks for the information
good read Heidi, thx!
Good video. Have you also done a more basic one thst i can link for beginners?
Those white trees look cool.
?
Use the phishing code provided by the authenting site, keep changing it frequently. Bookmark the authentic sites. Try to use hardware keys with backup codes or offline smart phone for 2FA, as expert hackers can go for online hot 2FA. Educate yourself… Be safe.
Digi-ID is sooooo much better than 2FA. I use Digi-ID all the time. ☺
Sound and valuable advice. Good job!
That`s where the Beastie Boys should have done a second version of their "Sabotage" video!
Dear Crypto Bombshell,
Thanks for the vid about BOMB 🙂
I actually think a good strong password is better for the average user because they are very likely to lose access to their 2FA. It's very likely that 95%+ of people will use a custody service for their crypto anyway and will never hold any private keys. I just hope there will be hundreds of custody services worldwide to keep it decentralized. If everyone goes to Coinbase we are in trouble
it's not that 2FA fails, it's that there are ways to bypass it. So the focus should be on preventing those bypass methods rather than poo poo 2FA. 2FA is a reliable component of authentication in any chain of security protocols.
Other options… If you use Binance alot and have a Mac, they have a Mac client you can download. Avoids using browsers, which are most susceptible to the phishing attack. Also, there is a browser extension called Cryptonite that protects you from phishing attacks.
I feel so stupid Heidi that i didn’t buy BOMB at 80ct three days ago???
Thanks for this information!
Sabotage! What a tune. ??
2fa can fail in many ways…one way is from the backend, which happened with the gatehub hack, hundreds of people got their XRP stolen even with 2fa activated via backend access to private keys.