What do you think? Did Rob cross a line with his clickbait video or was his point strong enough to merit the argument? Let me know in the comments. And when you're ready to set up your own 2FA, watch this video: ruclips.net/video/ChKpf5HjcSY/видео.html
I am glad to see you cover this video that Rob posted. I thought it was just click bait or at the very least, not something I agreed with so I did not watch it. Yes the text type 2FA is not the best. Understood and whenever possible I do not use it. I do use either Google or MS Authenticator. Nice video.
It's a scam in that it is offered with ulterior motives in mind, such as to force people to give up their phone numbers. Just in case people like Google doesn't already have it. Because the "second factor" is usually a phone. Also 2FA hurts repudiability, because it weakens the third party stealing password credentials angle in legal cases. Of course the 2FA works and prevents casual access by your girlfriend into your email account. But depending on what you do, you may not want it. Scam yes, outright fraud not.
@@pmessinger ✅ nah, he’s doing one thing very different. That’s Sh;tting on a bigger creator and using their name he put into the title as CLICKBAIT since they are bigger than him that means this video will be seen more than his other ones.👍
I watched Robs original video a while ago and it was clear to me he was talking about using a phone number for 2fa. It's a way for big tech to get your phone number.
Yes but if you use phone just for 2FA. and only for that you prevent linking of your activity to a real identity. Which is why it is a scam. Bank login with random subset of your password or the card reader was pretty safe for decades. Why change? Microsoft bought GitHub essentially owning all of open source and train the AI. Now they introduced 2FA too to get in on the act and clearly increasing the value of all the data they collect.
Big tech can simply just ask you to make an account with them to use their software to get your phone #. They don't need to make you use your phone # as 2FA to do that...
I like you and Rob. I think many misunderstand Rob's comments. He does explain what he means by being a scam and you basically concurred that most of the 2FA is a scam. By scam, meaning a tool for them to cross reference you to various devices and or accounts. You both agreed that devices like ubikey or my favorite only key is not dependent on Google, Apple, etc. knowing who you are and what devices you have on their app.
The fact that people have these accounts and are signing up freely to hand their data over and allowing their activities to be monitored is the bottom line in all of this. I think this talk of “2FA is a scam” is just smoke and mirrors to distract from the reality that big data tracks us from the moment we create an account with them. So perhaps 2FA/MFA is in fact just a false sense of security as we are led to believe that the big threat is from the outside…
He never said it was a scam. He shows how big Corp uses it in an evil way to link you as a real person to all your digital activities. He even states more than once that in a cybersecurity aspect, it’s a great method. He’s referring to a PRIVACY aspect.
Rob is very knowledgeable, but viewers should not forget that he is also trying to sell you his security and privacy products. So there might be some bias. Personally, I have learned a lot from watching his videos, but I have not bought anything from him. He raises privacy/security awareness, and that is a good thing.
@@views8962idk. I think his intention is to sell his own privacy suite and de-googled phones. So if he's making money, then communication and fail is a success.
I'm glad you are addressing this. I've seen Rob's videos and scratched my head. We must challenge all things and stay alert and skeptical to ensure we follow the path of best practices.
I wouldn't say 2FA is a scam but it is vulnerable. SIM Swap Attacks are real and I believe there are SIM Copies out there as well, when you or I receive a 2FA code so does the person trying to steal your identity. They basically get a text when you do. And most likely have access to your financials. It's crazy what hackers can do.
Agreed - there is no 100% fool proof security measure. But SMS text is just one type of 2FA...and just because it's not strong doesn't mean that everything else is a scam.
I'm against 2FA, not because of security risks or because of privacy risk, but risk of single point of failure. I don't want phone companies or governments blocking me from access to something that I could otherwise have provable access to. 2FA is definitely 100% not provable access. You have to be "good" with whatever authority controls the phone number. Not worth it for some people.
Another excellent reason why Rob is correct about 2fa as its used by most companies now (SMS) and why all things secured is talking rubbish about rob (is he paid by google?)
i picked up pretty quick he was over sensationalising the issue so clicked on the 3 dots in the recommended videos on the right next to his video and picked "Do not recommend his channel"...
Yea I was confused there too for a second... him saying 2FA is a scam. The first thing that came to my mind is TOTP and the different authenticator apps I have on my phone... since like you said... these are 2FAs. Rob should have been more specific and say that "2FA using phone SMS can be exploited"... and I have read an article on this before how it is done. The best thing to do is use a password manager like Bitwarden and use the built-in random password generator it has for all your password needs. Use at least 20 characters long of random letters, numbers, special characters with a mix-up of small and capital letters. Even more important is secure your password manager with a long master password (at least 16-20+ characters long) that you haven't used anywhere else. It's even better if you can afford to use a hardware 2FA authenticator like Yubikey to secure your most important accounts. Just make sure you buy a minimum of 2 keys so you have a back-up.
Great points, but Rob isn't wrong if you look at his context of identity/privacy management. He's advice is the same as to not have any one company have all your information. He uses Gmail only so that he can access Google services but does not use it anywhere else. Of course he is sensationalizing for clicks in part and you are absolutely right but in the end you are both suggesting the same advice.
We may both be suggesting the same advice, but based on the emails I've received from numerous people asking me why I recommend 2FA because "Rob Braxman says it's a scam"...there was a bit of confusion that needed to be addressed.
Oh, I remember when that video came out. It was such blatant fear mongering with obvious inaccuracies, and my comments were deleted when I challenged him on it.
I think Rob is telling about the 2fa by google app.... He told that even google has Totp option they implement and promote the 2fa by google app inorder to track our devices...
I just remembered what he means, because my employer finally forced 2FA for our Google accounts (work accounts). I just noticed that when you set up 2FA in your Google Account, they exclusively offer using the "Google Authenticator App" whereas every TOTP app like Authy or Yubico Authenticator would and does work if you select that option. This really IS misleading and will make most consumers believe that the only option is to use Google's app. So in fact I do agree with Rob here 100%.
I gotta tell you.... I don't know why you made this video. I watch you and Rob and other privacy oriented channels (and instant karma and cat videos). Anybody that watched his vids, as you say you do, knows that he is talking about SMS text 2FA as being unsafe. He's made dozens of videos about it. Thanks for the 99.99999% of the videos you make. I'll finish this one, even like it, but, I hope you don't continue down this path.
Thanks for watching the video, and hopefully by the time you were done you saw that he's not just talking about SMS text 2FA. That was literally just the first 30 seconds. What he's railing on is the requirement by many companies (i.e. Google) to download a special app (Smart Lock) in order to use a 2FA key to log into Gmail. And I agree with him - that seems unnecessarty, but that doesn't mean that all 2FA is a scam.
@@AllThingsSecured Thanks for the reply. I will rewatch and re-evaluate. I am always open to discussion. I don't always agree with Rob, nor, anybody else for that matter. Thanks for always presenting an intelligent view of things. Cheers
You sure do 'passive aggressive' very well. Glad to see that you wouldn't use 'click bait' [Is 2FA a SCAM? (I react to Rob Braxman's video)]. I notice Rob has many more subscribers than you do.., I have an idea use this title 'Is 2FA a SCAM? (I react to Rob Braxman's video]', and then 'virtue signal' a desperate offer for him to come on YOUR show... Your purpose here is malicious, knowing that 'is' helpful.., a verbal thumbs up for that.
Its not so much the Subscriber count thats important, its the amount of views and time spent watching. When views are low the creator makes a video like this to pull people from another channel. Rob does this also, its all about the views, to make a living.
@@STONE69_ 'Fair play' if that's all it was.., but the "self proclaimed" comment, and being accused of ''click baiting', aren't meant as compliments. Dude comes across jealous, desperate and hypocritical with a 'Stelter like' delivery.
@@dn734 2fA is just another way for big tech to to track your other devices or devices, so in a way, they are trying to fish people into this. I don't sync my devices or do 2fA, its none of their business. I also use Linux and use the 2 Browser system. Once my phone is done, I will use something like Lineage. In my opinion Rob is right, it is a scam.
"you also have the option to use authenticator apps and security keys". Wrong, most banks don't give you this option but force you to use SMS messages and lose your privacy. Its an excuse to get more data on you and opens you up to SIM jacking frauds which actually reduces your security.
Great video Josh! Glad you made this as I do trust your knowledge and suggestions. I, too, follow up on your topics with a significant amount of research on both sides of subjects so that I can weigh in my thoughts, beliefs, needs. Then look at as many pros and cons as possible and then make my final decision on what's best for me.
In most 2fa occasions, the app providers already know your registered identity which is the target for 2fa to protect. When talking about privacy here, it is about how you can prevent the app provider to link your registered identity with other identities or identifiers you might have. 3rd-party open-source TOTP is a more reliable solution than the authenticators provided by big companies. It maybe less secure but definitely more private. I think this is what Rob mentioned.
Maybe you should have had a conversation with Rob before pulling the trigger on your click-bait video and calling out someone else who by your own admission do not know and more than likely don't understand! Where does Rob say he uses Gmail? Get your facts straight before falling for peer pressure/ putting the cart before the horse video creation.
Just like Television, if you don't like what is on one channel, change it to something you do like or agree with. The internet and RUclips provides lots of options!
And posting clips rather than Rob's entire video is misleading and takes his words/meanings out of context which makes your viewers think Rob is misleading everyone. Kicking Rob under the bus before knowing his true intentions and talking to him about something you are confused about is disinformation and disingenuous on your part. If you want your followers to respect you, engage brain before putting mouth/keyboard in gear!
Thanks for the feedback, Bill. I'm not sure if you're worried about Rob's feelings here? He's a big boy, he can handle it. I'm more worried about my audience. I have tried reaching out to Rob but he hasn't wanted to interact with me. I've received more than my fair share of emails from my audience who were confused by his claim that 2FA is a scam, so I felt like it was worth doing a reaction video. You can disagree with somebody you don't know, and do so respectfully (which I tried to do). I believe I do understand what he was trying to communicate, and I agreed with him, but in the end, I wanted to set the record straight and I'm sorry if you think that's putting the cart before the horse.
@@AllThingsSecured Yeah I know he's a big boy and can handle it, doesn't make it right to kick someone under the bus because you disagree with the way he presented it. I guess in this day and age people get itchy trigger fingers when their followers get confused and put pressure on someone they follow to say what THEY want you to say and what they want to hear. Speaking of being a "big boy", I'm sure most of your followers are as well and can change the channel to people like you whom they most agree with or turn it off - pretty simple really! But again, people would rather post a video for the public to hear and kick someone else down because they don't understand someone else. What happened to the live and let live mentality? The age of the internet has brought out the, "Internet Tough Guy" mentality and makes it very easy to trash talk someone else as you don't have to face the other person. Sounds like the liberal democrat fake news mentality. You may not be a liberal, and rino's aren't really republicans either.
@@AllThingsSecured If by your own admission you agree with him, why do you feel the need to as you put it, "set the record straight"? If you truly agree with him which I find hard to believe as you felt the need to post this video, what is the purpose?
Josh, I always appreciate your videos because you consistently present your ideas as suggestions, not one of "The Ten Commandments". You offer food for thought that begins a discussion and research from which the user can make their own decisions to do or not do. You clearly note that there is seldom a one-size-fits-all solution or THE answer. Kudos.
Robs the man and he's a pioneer in making people aware of how we are digitally raped by big tech, law enforcement agencies and our employers. He knows his stuff and I understood what he was saying in his video and can also read between the lines in RUclips video titles and the message of the poster.
He also says that altering the imei of a device is a federal offense and That is exactly what he does with His Brax 2 Phone a Udigimi A9 with his own Os on it and he spoofs a Pixle 4a IMEI so that his phone isnt blocked by us carriers
2FA texting may not be the best method, but it has saved me from people being able to log into a few accounts where I activate it. Usually, this is a result of me being lazy and reusing the same password for multiple sites and I guess one of the other sites had a security breach. It's my, "Hey dummy, you need to change your password now." Obviously, I use separate, unique passwords for my email and bank accounts so that can't be gotten from a security breach on a different site.
Glad to hear it saved you! And if it’s the only option, use it for sure. But when TOTP (Authenticator apps) and 2FA keys are an option, I would opt for that every time instead.
I have watched a lot of Rob's videos and I really have to wonder about him and his advice. I do my own research which includes watching his videos, your videos and many other videos from other content creators. In addition, I also do a lot of web based research. From that point, I can digest all of the information and make rational decisions. Sometimes I really believe that Rob is way off the rational cliff
Question for you: I'd love to change the 2FA to log into my bank's online banking site from SMS to TOTP. The only option they offer (and they're a major bank, one of the biggest in the US) is SMS. Is there anything that I can do about that?
Unfortunately, banks are one of the worst when it comes to 2FA. Most - even the largest ones - only offer SMS 2-factor authentication. Nothing you can do about it except complain to your bank.
@@MissBabalu102 Yeah, my primary financial institution is a credit union. I just have this one credit card with specific perks. I've been a big fan of credit unions for decades.
My credit union here in Australia uses SMS too. I don't want to change because they're excellent with their services, but i really wish they'd address 2FA properly.
I used to be subscribed to Rob but he became too 'Big Brother is out to get me' along with constant clickbait. Said goodbye after his 'antivirus does nothing' video. I can direct him to a few other professionals that DO work in pc security that showed the complete opposite.
I love your channel. But I have a question. Accessing through imap bypasses most of 2fa but I am not really sure if bypass the security key 2fa. Do you have idea? Thanks
Point taken. For information, I use Yubikeys whenever possible. I wish my bank and building societies, here in the UK, would allow it. With them, I use particularly long passwords, frequently changed.@@AllThingsSecured
Not sure the point of this video tbh. You basically said the same thing Rob said when I watched his. Only difference is that he padded his with a fair bit of explanation. While I agree that his title could be better I think his explanation made a lot of sense to me.
I obviously disagree. Rob had to pad his with a “fair bit of explanation” because he was making broad, incorrect statements (“2FA is a scam”). When you say half truths, it takes a lot longer to explain them.
Ok, not even 10 seconds into the video and already you are wrong. Rob did not say "ALL" 2fa was a scam. He said that you should use 2fa that does not require you go give up your personal phone number.
Haha! Appreciate your feedback. Definitely don't care about Rob's coattails, I can tell you that much. I produced this video because so many in my audience saw at least the thumbnail and first few minutes of Rob's video and emailed me asking if 2FA really was a scam. Because Rob's video is very misleading. But hey, I can already tell that you are one of those people who is going to defend Rob no matter what I say, so... :)
I'm that apple guy. :D You can even store passkeys in Keychain, just like an Yubikey but it's stored in the cloud, yay! :-) But I think about securing at least my Apple ID with Yubikeys. Is the YK5 more robust than the YK5C? (I feel the usb c connector may me not that robust...?)
I worry about cyber criminals making charges on my credit cards and making withdrawals from my bank/investment accounts. I don't worry about Google because I don't think Google would do that to me. I can't think of any way Google would hurt me. Google can't even show me ads because I use an ad blocker.
The poster of this video does not understand english. He has shown a statement made by the other guy saying that 2FA could be done without revealing personal data (which is the main issue that this other video is focusing on, it does not criticize 2FA as non secure but as a way to obtain personal data) and the guy in this video responds immediately after the very clear sentence from first guy is over by asking mockingly what does he think is a secure way to do 2FA. Mastery of language should come before any pretense to understand any technology.
thanks for proving my point by showing a bully's attitude along with an inability to use language to answer on topic. for info i am not anyone's follower just pointing your inability to tell the difference between the words privacy and security. good luck with becoming an expert that does not need to advertise that status but would rather have said expertise recognized by a discerning audience that immediately gets the subtlety of your views, and should we be thick enough to not instantly recognize the expert in you perhaps you could take a couple of minutes to explain that you're not the kind of expert that advertises himself as such because that would be untoward. @@AllThingsSecured
i think you are either willfully or not misinterpretting english like yeah that is an appropriate phrase when consdering that this isn't the sort of options thats being provided.
You recommend to separate apple browser from Apple maps etc.but ypu recommend 2FA which connects two formerly separate activities. I'd be careful about critiquing Rob, he's clearly an expert and genuine.
Not a security expert, but is in the IT field. Yes, Mr. Braxman is being sensational. I think what Mr. Braxman may be complaining about is Google's push to make your smartphone the 2fa device. Right now if you enable 2fa on a google account and you do not use a hardware key, the google account will default to using a smart phone authentication as 2fa. When you log into the account, you will get a notification on your phone to approve or deny. You can tell the account to use a different method then use TOTP, but by default the smartphone is used and there is no way to override that default unless you disassociate the account from the phone entirely. I think Mr. Braxman is more concern with privacy than security. If he really wanted to be secure, he would push yubikey. Perhaps he does not because it's probable that hardware key can be used to ID you, but frankly they are not widely used enough in my opinion to bother. I agree with you that 2FA of any kind is better than non, but hardware key > TOTP > SMS. Now if we can only get more people to adopt hardware keys.
No, I don’t believe that a Yubikey can be used to ID you, and if Rob was more concerned about privacy, he would call himself a “privacy advocate” and not a “cybersecurity expert”.
Count me as one of those who wasted time watching the original video for 25 mins! I did wonder how it worked out that the solution to 2FA was to use 2FA back then when I watched it even to the point to actually look up TOTP to see if I was misunderstanding the difference as I always thought it was pretty much the same. Good informative video from yourself Thank you for clarifying I am not totally losing my marbles trying to work out why I could not see a huge difference in what Rob was saying!
How do you not see the privacy difference between giving a phone number to a company to send texts (for 2fa) and using an anonymous TOTP verification that'd does not (for 2fa) . Rob was clear about the difference. Its not confusing a phone number is tied to many things. TOTP is not tied to anything at all.
@@mq1563 I had to rewatch the video to understand why I made this comment over a year ago and to be able to better respond to you given the the comment was made over a year ago. The confusion was over "2FA is a scam" and "you can beat 2FA by using 2FA" that Rob implied in his video. At no point did I mention 2FA over text messages, So I don't even know why you are trying to imply that as my confusion and given how easy it is seemingly to get a mobile operator to send out a new sim card for your account to someone that is not you I would have in no way ever implied that 2FA over text was a good thing anyway. I see you are trying to explain away the difference between "2FA" and "TOTP" but the reality of it is there is no difference between them and there has not been for a very long time. There are countless website that will call it either "2FA" or "TOTP" and use the exact same setup like mobile authenticator, back up text message authentication, recovery codes etc etc My bank uses the term "TOTP" and use their own banking app as the authenticator to send codes but also text message as an option and those codes are time based too so it makes your point of trying to define a difference a little moot given these days there really is no difference. All Rob did was create a clickbait video that served one purpose and that was to confuse the less tech savvy but I guess clicks = monies to him and not much more. I will go out on a limb here and say that having 2FA/TOTP via text message is still more secure than not having one at all even if it is only marginal but then the average person is not likely to get their phone number spoofed either are they? The exceptions really are people with influence or power or wealth as they are a higher priority target than the average person and RUclipsrs should take notice and probably not use 2FA/TOTP over text message any way.
@@Nodster you are confused. TOTP is not the same as the kind of 2FA which uses a mobile number. TOTP requires no phone number. It doesnt even need a phone.
There is nothing secure about giving your phone number to a foreign transnational company like google that makes every penny it has from selling your data. Trusting them is the opposite of good security.
Ouch… you didn’t understand what rob is saying. To accuse him of click-bate's is - to put it nicely - ridiculous. All your statements drive inexperienced viewers right into the trap of big tech.
This issue stopped me before you even addressed the content. You said you exchanged emails with Rob Braxman. Really? Your claim of exchanging emails with Rob is hard to believe because Rob is known for using his own social networking site instead of email for all communications.
And yet somehow…we’ve emailed back and forth. I know I can’t force you to believe me, but it seems like a pretty stupid thing to claim if it wasn’t true 🤣
@@AllThingsSecured Either you are talking about a different 2FA video then the one I watched, or you watched it and "not so smartly" missed the point he was making about how big tech is are doing everything they can to identify you for advertising aka manipulation. I would have expected Rob to have pointed this out in any follow-up conversation. He appears passionate about striving to be anonymous
Nothing rob said was incorrect except that TOTP is technically still a form of 2FA, but its obvious that he was specifically criticising googles alternative form of 2FA using SMS. He also explained why he has to use Google services for his living, opting out will ruin his livelyhood. You didn't address the specific points he made anyway. In fact you said very little at all, just trying to create FUD. I've noticed exactly what Rob was talking about and frankly its one of the best internet security videos he's made. Yubi is a fine alternative but costly compared to free TOTP which can be backed up on paper.
I left a comment there before coming here lol but yea basically watched his whole video and its not that anything he said was wrong. I think that actually the majority of it was right but his title is misleading and forces you to watch the rest of the 30 min video to even hear there is a safer alternative. I do think its a little strange that he would have suggested using google authenticators over a open source one like aegis , just as i thought it was odd he said he used google voice instead of using private VOIP services in the past. these couple of things he mentioned kind of go against his purpose of avoiding big tech. that being said as i criticize his title i will slightly also criticize yours. your video suggests he's completely wrong. which also isn't the case, all he said was mostly valid and he did suggest TOTP which you say is accurate too. His title should be "don't use big tech 2fa there are better alternatives" Your title should be "Rob Braxman has a misleading title about 2fa"
Ha! I appreciate the feedback. I think the only place where you and I disagree is that I do think he goes too far on this idea that Google Authenticator is somehow a honeypot. Yes, I agree that requiring your mobile phone connection is a negative, I would say that using Google Authenticator without cloud backup is just as safe as using Aegis. I push back against his whole extreme mindset that says everybody is out to get me. So in short, I do think he's wrong. If he spends the first half of the video explaining how 2FA is a scam, only to take a few steps back in the second half of the video (when at least half of his audience has dropped out of the video statistically), I'd call that wrong.
@@AllThingsSecured it's just a matter of trust. Aegis is open source, which is always a green check in my book. Not because open source cant be malicious but devs showing us the code is sign of trust. And most of them do it out of the love of developing software rather then profit. Google on the other hand has this terrible track record of siphoning user data and selling it, and does everything for profit. I'm sure that you're probably right about Google authenticator but I personally feel much better using aegis 😅 just my opinion. No disrespect I appreciate all you do.
I unfollowed Rob specifically because of his approach to conveying the information. I've seen the video in question and it's the video that turned me off to Rob's channel and ideas.
Interesting - I think his video could have been better such as "you're likely using a poor method of 2FA". Text 2FA is HORRIBLE Irony for me is, I'm using MS Authenticator for just a few things that need the most security but I still have a Authenticator backed up to my MS account in case my phone get's trashed lol, am I shooting myself in the foot tho for doing this?
Not really. Is there possibly a better way to do it? Probably. But you can work toward that. You're not "shooting yourself in the foot" in the meantime.
A lot of companies will offer the option of single-use backup codes in the event of loss of your authenticator app, I believe MS is one of them. You should be very careful with them though, they can be used by anyone who has access to them, so keep them in a safe place. People will typically either print them and put them in a fireproof safe or store them in an encrypted file, both options with multiple backups (on and off site).
@@hiddenlawyer never write you password on a peice of paper they used to say. Now thats considers the best security advice by the worlds largest tech companies.
@@mq1563Ha, yeah it is funny how it came to that. I personally go with the encrypted vault on my NAS that is also using a zero knowledge encryption backup service, but not everyone will put in that level of effort and money into just protecting 2FA, you kinda have to already have a lot of that in place. The trend here is decentralization, pushing the ability to override authentication to the edge so there isn't a single target with a high payout, now adversaries have to start shifting to attacking individuals. At least when someone uses a 2fa recovery code, there is (usually) a notification that goes out, so hopefully you will at least notice an issue.
why cant they have 2fa where an actual person calls you , gives you the code and helps you if your having problems with it ? what if i dont want to give a company my email or my phone number?
Everybody is trying to sell something. This is RUclips. Ads, affiliates, sponsors, personal website, patrons, etc etc... Let that go. Look at how they are trying to sell you something and what they are selling.
Rob is a privacy expert, not a security expert. There is a difference. Rob comes at this from the angle of not wanting to share data with big tech. 2FA is another interaction with big tech that can reveal personal data. Rob seems to mainly be thinking about political activists in places where big tech might provide data to the authorities, or places where that might be an issue in the future. PS Rob has to use a Google account for his RUclips account.
I would agree with you, except Rob’s own website does not say “privacy expert”…he self-identifies as a “Cybersecurity Expert”. You’re right that there is a difference, but Rob is not a shining example of what that should look like. He’s not well-respected in the privacy and security world.
Rob messed up because he didn't describe it for those with a 3rd grade comprehension level, so it's confusing to some. Unless you use self hosted 2fa like Authelia, it pretty much a scam, so they can gather information to sell.
I consider your video pretty cheap. You try to be the good guy and talk shit about some other ppl who are in the same business. And you're ripping Rob's video out of context, because 2FA who collect (or steal) and sell your data, that IS a scam. And that's exactly one of Rob's points - those huge amounts of money 'they' make by selling us out without caring if those information they sell will be used against us. And now comes Samaritan Josh and belittles Rob's contribution to us. Besides, talking about click bait: Rob's clip does exactly explain what it claims - while you did not clearly answer if 2FA is a scam or not. Be a good sport and don't try to make money by picking on others!
I don't think so. I think his intent was to spread FUD so he could share how much he hates big data, and in the process he smeared a security technology (2FA) that is very much valuable.
@@AllThingsSecured unfortunately you narrowly missed it, briefly you have "done" what he couldn't as he said. Poor boy needed a big daddy like you and then he was slapped and pouf gone💨
Lol. Y'all are just riding different marketing schemes. He sensationalizes headlines and you ride the SEO traffic by putting a more popular RUclipsrs name in your title. Nobody would find this video without rob Braxman. I don't buy your fake humility .
Ha! Your criticism would be fair if it weren't for the fact that the All Things Secured channel actually gets more daily views and is growing faster than Rob. I don't consider him a "popular RUclips" that I aspire to be.
Clickbait or not, I trust him more than any other security experts on RUclips without years of experience as him. Call me biased, no fugs will be given.
I still respect Rob Braxman very much. He escaped a communist country at a young age and is not naive. These are strange times on a global scale, so be much more private and careful. (I say that and post on googleyoutube all at once. Sigh...)
The Philippines is not a communist country. It has been capitalist for as long as european imperialists first conquered it. Its also highly religious, majority catholic.
What do you think? Did Rob cross a line with his clickbait video or was his point strong enough to merit the argument? Let me know in the comments. And when you're ready to set up your own 2FA, watch this video: ruclips.net/video/ChKpf5HjcSY/видео.html
I have to have a cell my ranch is off the grid , with mine I do not have internet on it and have put tape over the front and back cameras
I am glad to see you cover this video that Rob posted. I thought it was just click bait or at the very least, not something I agreed with so I did not watch it. Yes the text type 2FA is not the best. Understood and whenever possible I do not use it. I do use either Google or MS Authenticator. Nice video.
It's a scam in that it is offered with ulterior motives in mind, such as to force people to give up their phone numbers. Just in case people like Google doesn't already have it. Because the "second factor" is usually a phone. Also 2FA hurts repudiability, because it weakens the third party stealing password credentials angle in legal cases.
Of course the 2FA works and prevents casual access by your girlfriend into your email account. But depending on what you do, you may not want it.
Scam yes, outright fraud not.
You're doing nothing different from those you're attacking.
@@pmessinger ✅ nah, he’s doing one thing very different. That’s Sh;tting on a bigger creator and using their name he put into the title as CLICKBAIT since they are bigger than him that means this video will be seen more than his other ones.👍
I watched Robs original video a while ago and it was clear to me he was talking about using a phone number for 2fa. It's a way for big tech to get your phone number.
Big tech already has our phone numbers, which is why I wonder about a lot of what Rob says
@@johngreene6783 so big tech already invades peoples privacy so we should be suspicious of anyone who doesnt want to stand in lone and help.them?
Yes but if you use phone just for 2FA. and only for that you prevent linking of your activity to a real identity. Which is why it is a scam. Bank login with random subset of your password or the card reader was pretty safe for decades. Why change? Microsoft bought GitHub essentially owning all of open source and train the AI. Now they introduced 2FA too to get in on the act and clearly increasing the value of all the data they collect.
Big tech can simply just ask you to make an account with them to use their software to get your phone #. They don't need to make you use your phone # as 2FA to do that...
I like you and Rob. I think many misunderstand Rob's comments. He does explain what he means by being a scam and you basically concurred that most of the 2FA is a scam. By scam, meaning a tool for them to cross reference you to various devices and or accounts. You both agreed that devices like ubikey or my favorite only key is not dependent on Google, Apple, etc. knowing who you are and what devices you have on their app.
The fact that people have these accounts and are signing up freely to hand their data over and allowing their activities to be monitored is the bottom line in all of this. I think this talk of “2FA is a scam” is just smoke and mirrors to distract from the reality that big data tracks us from the moment we create an account with them. So perhaps 2FA/MFA is in fact just a false sense of security as we are led to believe that the big threat is from the outside…
He never said it was a scam. He shows how big Corp uses it in an evil way to link you as a real person to all your digital activities.
He even states more than once that in a cybersecurity aspect, it’s a great method. He’s referring to a PRIVACY aspect.
Exactly. And how they are making your identity so secure, you loose all privacy resulting in big tech knowing way too much about you
The title of his video is "2FA is a Big Tech Scam! You Must Resist!"
Rob is very knowledgeable, but viewers should not forget that he is also trying to sell you his security and privacy products. So there might be some bias.
Personally, I have learned a lot from watching his videos, but I have not bought anything from him. He raises privacy/security awareness, and that is a good thing.
Rob is making great points though!
@@views8962idk. I think his intention is to sell his own privacy suite and de-googled phones. So if he's making money, then communication and fail is a success.
I'm glad you are addressing this. I've seen Rob's videos and scratched my head. We must challenge all things and stay alert and skeptical to ensure we follow the path of best practices.
As a cybersecurity studient I really love your video, especially when you explained "I'm not an expert, don't trust me" ... Oh god thanks !
My pleasure.
I wouldn't say 2FA is a scam but it is vulnerable. SIM Swap Attacks are real and I believe there are SIM Copies out there as well, when you or I receive a 2FA code so does the person trying to steal your identity. They basically get a text when you do. And most likely have access to your financials. It's crazy what hackers can do.
Agreed - there is no 100% fool proof security measure. But SMS text is just one type of 2FA...and just because it's not strong doesn't mean that everything else is a scam.
I'm against 2FA, not because of security risks or because of privacy risk, but risk of single point of failure. I don't want phone companies or governments blocking me from access to something that I could otherwise have provable access to. 2FA is definitely 100% not provable access. You have to be "good" with whatever authority controls the phone number. Not worth it for some people.
Another excellent reason why Rob is correct about 2fa as its used by most companies now (SMS) and why all things secured is talking rubbish about rob (is he paid by google?)
i picked up pretty quick he was over sensationalising the issue so clicked on the 3 dots in the recommended videos on the right next to his video and picked "Do not recommend his channel"...
Rob uses FEAR TO PROMOTE HIS PRODUCTS and he doesn't care about educating people in privacy
Yea I was confused there too for a second... him saying 2FA is a scam. The first thing that came to my mind is TOTP and the different authenticator apps I have on my phone... since like you said... these are 2FAs. Rob should have been more specific and say that "2FA using phone SMS can be exploited"... and I have read an article on this before how it is done.
The best thing to do is use a password manager like Bitwarden and use the built-in random password generator it has for all your password needs. Use at least 20 characters long of random letters, numbers, special characters with a mix-up of small and capital letters. Even more important is secure your password manager with a long master password (at least 16-20+ characters long) that you haven't used anywhere else. It's even better if you can afford to use a hardware 2FA authenticator like Yubikey to secure your most important accounts. Just make sure you buy a minimum of 2 keys so you have a back-up.
Great points, but Rob isn't wrong if you look at his context of identity/privacy management. He's advice is the same as to not have any one company have all your information. He uses Gmail only so that he can access Google services but does not use it anywhere else. Of course he is sensationalizing for clicks in part and you are absolutely right but in the end you are both suggesting the same advice.
We may both be suggesting the same advice, but based on the emails I've received from numerous people asking me why I recommend 2FA because "Rob Braxman says it's a scam"...there was a bit of confusion that needed to be addressed.
@@AllThingsSecured Totally agree, and love your videos by the way!
Oh, I remember when that video came out. It was such blatant fear mongering with obvious inaccuracies, and my comments were deleted when I challenged him on it.
Yea, he does that. He won’t talk to me anymore because of this video 😂
@@AllThingsSecured You should be harsher on him! He's clearly disingenuous and has a financial motive.
I think Rob is telling about the 2fa by google app.... He told that even google has Totp option they implement and promote the 2fa by google app inorder to track our devices...
I agree, and I say as much in this video...but you don't throw the baby out with the bathwater by saying "All 2FA is a SCAM!"
I just remembered what he means, because my employer finally forced 2FA for our Google accounts (work accounts). I just noticed that when you set up 2FA in your Google Account, they exclusively offer using the "Google Authenticator App" whereas every TOTP app like Authy or Yubico Authenticator would and does work if you select that option. This really IS misleading and will make most consumers believe that the only option is to use Google's app. So in fact I do agree with Rob here 100%.
I gotta tell you.... I don't know why you made this video. I watch you and Rob and other privacy oriented channels (and instant karma and cat videos). Anybody that watched his vids, as you say you do, knows that he is talking about SMS text 2FA as being unsafe. He's made dozens of videos about it. Thanks for the 99.99999% of the videos you make. I'll finish this one, even like it, but, I hope you don't continue down this path.
Thanks for watching the video, and hopefully by the time you were done you saw that he's not just talking about SMS text 2FA. That was literally just the first 30 seconds. What he's railing on is the requirement by many companies (i.e. Google) to download a special app (Smart Lock) in order to use a 2FA key to log into Gmail. And I agree with him - that seems unnecessarty, but that doesn't mean that all 2FA is a scam.
@@AllThingsSecured Thanks for the reply. I will rewatch and re-evaluate. I am always open to discussion. I don't always agree with Rob, nor, anybody else for that matter. Thanks for always presenting an intelligent view of things. Cheers
You sure do 'passive aggressive' very well. Glad to see that you wouldn't use 'click bait' [Is 2FA a SCAM? (I react to Rob Braxman's video)]. I notice Rob has many more subscribers than you do.., I have an idea use this title 'Is 2FA a SCAM? (I react to Rob Braxman's video]', and then 'virtue signal' a desperate offer for him to come on YOUR show...
Your purpose here is malicious, knowing that 'is' helpful.., a verbal thumbs up for that.
Its not so much the Subscriber count thats important, its the amount of views and time spent watching. When views are low the creator makes a video like this to pull people from another channel. Rob does this also, its all about the views, to make a living.
@@STONE69_ 'Fair play' if that's all it was.., but the "self proclaimed" comment, and being accused of ''click baiting', aren't meant as compliments. Dude comes across jealous, desperate and hypocritical with a 'Stelter like' delivery.
@@dn734 2fA is just another way for big tech to to track your other devices or devices, so in a way, they are trying to fish people into this. I don't sync my devices or do 2fA, its none of their business. I also use Linux and use the 2 Browser system. Once my phone is done, I will use something like Lineage. In my opinion Rob is right, it is a scam.
@@STONE69_ Yep, this Stelter like 'All Things Secured', is jealous of Braxman.
"you also have the option to use authenticator apps and security keys". Wrong, most banks don't give you this option but force you to use SMS messages and lose your privacy. Its an excuse to get more data on you and opens you up to SIM jacking frauds which actually reduces your security.
Great video Josh! Glad you made this as I do trust your knowledge and suggestions. I, too, follow up on your topics with a significant amount of research on both sides of subjects so that I can weigh in my thoughts, beliefs, needs. Then look at as many pros and cons as possible and then make my final decision on what's best for me.
Good for you, Karin. Glad to hear it!
In most 2fa occasions, the app providers already know your registered identity which is the target for 2fa to protect. When talking about privacy here, it is about how you can prevent the app provider to link your registered identity with other identities or identifiers you might have. 3rd-party open-source TOTP is a more reliable solution than the authenticators provided by big companies. It maybe less secure but definitely more private. I think this is what Rob mentioned.
Maybe you should have had a conversation with Rob before pulling the trigger on your click-bait video and calling out someone else who by your own admission do not know and more than likely don't understand! Where does Rob say he uses Gmail? Get your facts straight before falling for peer pressure/ putting the cart before the horse video creation.
Just like Television, if you don't like what is on one channel, change it to something you do like or agree with. The internet and RUclips provides lots of options!
And posting clips rather than Rob's entire video is misleading and takes his words/meanings out of context which makes your viewers think Rob is misleading everyone. Kicking Rob under the bus before knowing his true intentions and talking to him about something you are confused about is disinformation and disingenuous on your part. If you want your followers to respect you, engage brain before putting mouth/keyboard in gear!
Thanks for the feedback, Bill. I'm not sure if you're worried about Rob's feelings here? He's a big boy, he can handle it. I'm more worried about my audience.
I have tried reaching out to Rob but he hasn't wanted to interact with me. I've received more than my fair share of emails from my audience who were confused by his claim that 2FA is a scam, so I felt like it was worth doing a reaction video.
You can disagree with somebody you don't know, and do so respectfully (which I tried to do). I believe I do understand what he was trying to communicate, and I agreed with him, but in the end, I wanted to set the record straight and I'm sorry if you think that's putting the cart before the horse.
@@AllThingsSecured Yeah I know he's a big boy and can handle it, doesn't make it right to kick someone under the bus because you disagree with the way he presented it. I guess in this day and age people get itchy trigger fingers when their followers get confused and put pressure on someone they follow to say what THEY want you to say and what they want to hear. Speaking of being a "big boy", I'm sure most of your followers are as well and can change the channel to people like you whom they most agree with or turn it off - pretty simple really! But again, people would rather post a video for the public to hear and kick someone else down because they don't understand someone else. What happened to the live and let live mentality? The age of the internet has brought out the, "Internet Tough Guy" mentality and makes it very easy to trash talk someone else as you don't have to face the other person. Sounds like the liberal democrat fake news mentality. You may not be a liberal, and rino's aren't really republicans either.
@@AllThingsSecured If by your own admission you agree with him, why do you feel the need to as you put it, "set the record straight"? If you truly agree with him which I find hard to believe as you felt the need to post this video, what is the purpose?
Josh, I always appreciate your videos because you consistently present your ideas as suggestions, not one of "The Ten Commandments". You offer food for thought that begins a discussion and research from which the user can make their own decisions to do or not do. You clearly note that there is seldom a one-size-fits-all solution or THE answer. Kudos.
Thanks so much. I appreciate the kind words.
Robs the man and he's a pioneer in making people aware of how we are digitally raped by big tech, law enforcement agencies and our employers. He knows his stuff and I understood what he was saying in his video and can also read between the lines in RUclips video titles and the message of the poster.
He is a sellout lol.
Rob is correct. 2FA only protects amateurs from their parents or brother, not the FBI or NSA.
That wasn't even Rob's point so...???
Bob is correct. Sunscreen only protects you against UV radiation... It's useless against a Nuke.
He also says that altering the imei of a device is a federal offense and That is exactly what he does with His Brax 2 Phone a Udigimi A9 with his own Os on it and he spoofs a Pixle 4a IMEI so that his phone isnt blocked by us carriers
2FA texting may not be the best method, but it has saved me from people being able to log into a few accounts where I activate it. Usually, this is a result of me being lazy and reusing the same password for multiple sites and I guess one of the other sites had a security breach.
It's my, "Hey dummy, you need to change your password now."
Obviously, I use separate, unique passwords for my email and bank accounts so that can't be gotten from a security breach on a different site.
Glad to hear it saved you! And if it’s the only option, use it for sure. But when TOTP (Authenticator apps) and 2FA keys are an option, I would opt for that every time instead.
I have watched a lot of Rob's videos and I really have to wonder about him and his advice. I do my own research which includes watching his videos, your videos and many other videos from other content creators. In addition, I also do a lot of web based research. From that point, I can digest all of the information and make rational decisions. Sometimes I really believe that Rob is way off the rational cliff
Question for you: I'd love to change the 2FA to log into my bank's online banking site from SMS to TOTP. The only option they offer (and they're a major bank, one of the biggest in the US) is SMS. Is there anything that I can do about that?
Unfortunately, banks are one of the worst when it comes to 2FA. Most - even the largest ones - only offer SMS 2-factor authentication. Nothing you can do about it except complain to your bank.
Complain and then take your money to a better bank. . Maybe support the local credit unions.
@@MissBabalu102 Yeah, my primary financial institution is a credit union. I just have this one credit card with specific perks. I've been a big fan of credit unions for decades.
My credit union here in Australia uses SMS too. I don't want to change because they're excellent with their services, but i really wish they'd address 2FA properly.
Yeah he does that...
Standard RUclipsr click bait & drag the video along, to make it longer than it has to be.
I used to be subscribed to Rob but he became too 'Big Brother is out to get me' along with constant clickbait. Said goodbye after his 'antivirus does nothing' video. I can direct him to a few other professionals that DO work in pc security that showed the complete opposite.
I keep getting pop ups on boot up synchronise all devices WTH That's how hackers not only take control of a device but your id access to everything.
I love your channel. But I have a question. Accessing through imap bypasses most of 2fa but I am not really sure if bypass the security key 2fa. Do you have idea? Thanks
An exaggeration to say Rob Braxman claims "All (my emphasis) 2FA is a scam". He doesn't say that about its use with banks.
The title of his video is literally "2FA is a scam"
Point taken. For information, I use Yubikeys whenever possible. I wish my bank and building societies, here in the UK, would allow it. With them, I use particularly long passwords, frequently changed.@@AllThingsSecured
Not sure the point of this video tbh. You basically said the same thing Rob said when I watched his. Only difference is that he padded his with a fair bit of explanation. While I agree that his title could be better I think his explanation made a lot of sense to me.
I obviously disagree. Rob had to pad his with a “fair bit of explanation” because he was making broad, incorrect statements (“2FA is a scam”). When you say half truths, it takes a lot longer to explain them.
@@AllThingsSecured can't argue about the title part. Could definitely have been better. But the content though upon watching made sense.
4:43 when you sign up for a Google account they require auth by phone.
Rob sells de-googled phones, now you gotta admit that sounds pretty slick.
Ok, not even 10 seconds into the video and already you are wrong. Rob did not say "ALL" 2fa was a scam. He said that you should use 2fa that does not require you go give up your personal phone number.
Haha! Appreciate your feedback. Definitely don't care about Rob's coattails, I can tell you that much. I produced this video because so many in my audience saw at least the thumbnail and first few minutes of Rob's video and emailed me asking if 2FA really was a scam. Because Rob's video is very misleading. But hey, I can already tell that you are one of those people who is going to defend Rob no matter what I say, so... :)
I'm that apple guy. :D You can even store passkeys in Keychain, just like an Yubikey but it's stored in the cloud, yay! :-) But I think about securing at least my Apple ID with Yubikeys. Is the YK5 more robust than the YK5C? (I feel the usb c connector may me not that robust...?)
I worry about cyber criminals making charges on my credit cards and making withdrawals from my bank/investment accounts. I don't worry about Google because I don't think Google would do that to me. I can't think of any way Google would hurt me. Google can't even show me ads because I use an ad blocker.
How does one prevent loosing their phone and access?
I see 2fa as another component in the Big Brother tech infrastructure. Just another way of putting every online action in their blockchain.
The poster of this video does not understand english. He has shown a statement made by the other guy saying that 2FA could be done without revealing personal data (which is the main issue that this other video is focusing on, it does not criticize 2FA as non secure but as a way to obtain personal data) and the guy in this video responds immediately after the very clear sentence from first guy is over by asking mockingly what does he think is a secure way to do 2FA. Mastery of language should come before any pretense to understand any technology.
Ha! Another mindless Rob follower has joined the chat 😂
thanks for proving my point by showing a bully's attitude along with an inability to use language to answer on topic. for info i am not anyone's follower just pointing your inability to tell the difference between the words privacy and security. good luck with becoming an expert that does not need to advertise that status but would rather have said expertise recognized by a discerning audience that immediately gets the subtlety of your views, and should we be thick enough to not instantly recognize the expert in you perhaps you could take a couple of minutes to explain that you're not the kind of expert that advertises himself as such because that would be untoward.
@@AllThingsSecured
i think you are either willfully or not misinterpretting english like yeah that is an appropriate phrase when consdering that this isn't the sort of options thats being provided.
You recommend to separate apple browser from Apple maps etc.but ypu recommend 2FA which connects two formerly separate activities. I'd be careful about critiquing Rob, he's clearly an expert and genuine.
Clearly. You know, cause he’s on RUclips.
Thanks for the info. You've given me a lot to think about concerning privacy and security...
Glad to help
Not a security expert, but is in the IT field. Yes, Mr. Braxman is being sensational. I think what Mr. Braxman may be complaining about is Google's push to make your smartphone the 2fa device. Right now if you enable 2fa on a google account and you do not use a hardware key, the google account will default to using a smart phone authentication as 2fa. When you log into the account, you will get a notification on your phone to approve or deny. You can tell the account to use a different method then use TOTP, but by default the smartphone is used and there is no way to override that default unless you disassociate the account from the phone entirely.
I think Mr. Braxman is more concern with privacy than security. If he really wanted to be secure, he would push yubikey. Perhaps he does not because it's probable that hardware key can be used to ID you, but frankly they are not widely used enough in my opinion to bother. I agree with you that 2FA of any kind is better than non, but hardware key > TOTP > SMS. Now if we can only get more people to adopt hardware keys.
No, I don’t believe that a Yubikey can be used to ID you, and if Rob was more concerned about privacy, he would call himself a “privacy advocate” and not a “cybersecurity expert”.
I'm fairly certain that the "first form" wasn't text message based, given that I recall carrying an RSA token for years before smart phones.
ok
Count me as one of those who wasted time watching the original video for 25 mins!
I did wonder how it worked out that the solution to 2FA was to use 2FA back then when I watched it even to the point to actually look up TOTP to see if I was misunderstanding the difference as I always thought it was pretty much the same.
Good informative video from yourself Thank you for clarifying I am not totally losing my marbles trying to work out why I could not see a huge difference in what Rob was saying!
Yea, Rob's video ended up confusing a lot of people, so you're not alone.
How do you not see the privacy difference between giving a phone number to a company to send texts (for 2fa) and using an anonymous TOTP verification that'd does not (for 2fa) . Rob was clear about the difference. Its not confusing a phone number is tied to many things. TOTP is not tied to anything at all.
@@mq1563 I had to rewatch the video to understand why I made this comment over a year ago and to be able to better respond to you given the the comment was made over a year ago.
The confusion was over "2FA is a scam" and "you can beat 2FA by using 2FA" that Rob implied in his video.
At no point did I mention 2FA over text messages, So I don't even know why you are trying to imply that as my confusion and given how easy it is seemingly to get a mobile operator to send out a new sim card for your account to someone that is not you I would have in no way ever implied that 2FA over text was a good thing anyway.
I see you are trying to explain away the difference between "2FA" and "TOTP" but the reality of it is there is no difference between them and there has not been for a very long time.
There are countless website that will call it either "2FA" or "TOTP" and use the exact same setup like mobile authenticator, back up text message authentication, recovery codes etc etc
My bank uses the term "TOTP" and use their own banking app as the authenticator to send codes but also text message as an option and those codes are time based too so it makes your point of trying to define a difference a little moot given these days there really is no difference.
All Rob did was create a clickbait video that served one purpose and that was to confuse the less tech savvy but I guess clicks = monies to him and not much more.
I will go out on a limb here and say that having 2FA/TOTP via text message is still more secure than not having one at all even if it is only marginal but then the average person is not likely to get their phone number spoofed either are they?
The exceptions really are people with influence or power or wealth as they are a higher priority target than the average person and RUclipsrs should take notice and probably not use 2FA/TOTP over text message any way.
@@Nodster you are confused. TOTP is not the same as the kind of 2FA which uses a mobile number. TOTP requires no phone number. It doesnt even need a phone.
There is nothing secure about giving your phone number to a foreign transnational company like google that makes every penny it has from selling your data. Trusting them is the opposite of good security.
Ouch… you didn’t understand what rob is saying. To accuse him of click-bate's is - to put it nicely - ridiculous. All your statements drive inexperienced viewers right into the trap of big tech.
I think that this is an overall good discussion, mostly in the comment section.
Thanks.
This issue stopped me before you even addressed the content. You said you exchanged emails with Rob Braxman. Really? Your claim of exchanging emails with Rob is hard to believe because Rob is known for using his own social networking site instead of email for all communications.
And yet somehow…we’ve emailed back and forth. I know I can’t force you to believe me, but it seems like a pretty stupid thing to claim if it wasn’t true 🤣
@@AllThingsSecured Either you are talking about a different 2FA video then the one I watched, or you watched it and "not so smartly" missed the point he was making about how big tech is are doing everything they can to identify you for advertising aka manipulation.
I would have expected Rob to have pointed this out in any follow-up conversation. He appears passionate about striving to be anonymous
Apple has a built in Authenticator in passwords.
Nothing rob said was incorrect except that TOTP is technically still a form of 2FA, but its obvious that he was specifically criticising googles alternative form of 2FA using SMS. He also explained why he has to use Google services for his living, opting out will ruin his livelyhood. You didn't address the specific points he made anyway. In fact you said very little at all, just trying to create FUD. I've noticed exactly what Rob was talking about and frankly its one of the best internet security videos he's made. Yubi is a fine alternative but costly compared to free TOTP which can be backed up on paper.
😂😂😂😂
I left a comment there before coming here lol but yea basically watched his whole video and its not that anything he said was wrong. I think that actually the majority of it was right but his title is misleading and forces you to watch the rest of the 30 min video to even hear there is a safer alternative. I do think its a little strange that he would have suggested using google authenticators over a open source one like aegis , just as i thought it was odd he said he used google voice instead of using private VOIP services in the past. these couple of things he mentioned kind of go against his purpose of avoiding big tech. that being said as i criticize his title i will slightly also criticize yours. your video suggests he's completely wrong. which also isn't the case, all he said was mostly valid and he did suggest TOTP which you say is accurate too.
His title should be "don't use big tech 2fa there are better alternatives"
Your title should be "Rob Braxman has a misleading title about 2fa"
Ha! I appreciate the feedback. I think the only place where you and I disagree is that I do think he goes too far on this idea that Google Authenticator is somehow a honeypot. Yes, I agree that requiring your mobile phone connection is a negative, I would say that using Google Authenticator without cloud backup is just as safe as using Aegis. I push back against his whole extreme mindset that says everybody is out to get me.
So in short, I do think he's wrong. If he spends the first half of the video explaining how 2FA is a scam, only to take a few steps back in the second half of the video (when at least half of his audience has dropped out of the video statistically), I'd call that wrong.
@@AllThingsSecured it's just a matter of trust. Aegis is open source, which is always a green check in my book. Not because open source cant be malicious but devs showing us the code is sign of trust. And most of them do it out of the love of developing software rather then profit. Google on the other hand has this terrible track record of siphoning user data and selling it, and does everything for profit. I'm sure that you're probably right about Google authenticator but I personally feel much better using aegis 😅 just my opinion. No disrespect I appreciate all you do.
Hi Josh, I'm Josh. Great video, very well articulated. I appreciate the straightforward delivery.
My pleasure, “other Josh” 😉
And I’m Josh too. 😊
My BS detector goes off easily with this guy (All things secured guy).
I unfollowed Rob specifically because of his approach to conveying the information. I've seen the video in question and it's the video that turned me off to Rob's channel and ideas.
Yea, I get that. And this video always struck me as odd.
Todd you are a Globalist shill
Interesting - I think his video could have been better such as "you're likely using a poor method of 2FA". Text 2FA is HORRIBLE
Irony for me is, I'm using MS Authenticator for just a few things that need the most security but I still have a Authenticator backed up to my MS account in case my phone get's trashed lol, am I shooting myself in the foot tho for doing this?
Not really. Is there possibly a better way to do it? Probably. But you can work toward that. You're not "shooting yourself in the foot" in the meantime.
A lot of companies will offer the option of single-use backup codes in the event of loss of your authenticator app, I believe MS is one of them. You should be very careful with them though, they can be used by anyone who has access to them, so keep them in a safe place. People will typically either print them and put them in a fireproof safe or store them in an encrypted file, both options with multiple backups (on and off site).
@@hiddenlawyer never write you password on a peice of paper they used to say. Now thats considers the best security advice by the worlds largest tech companies.
@@mq1563Ha, yeah it is funny how it came to that. I personally go with the encrypted vault on my NAS that is also using a zero knowledge encryption backup service, but not everyone will put in that level of effort and money into just protecting 2FA, you kinda have to already have a lot of that in place. The trend here is decentralization, pushing the ability to override authentication to the edge so there isn't a single target with a high payout, now adversaries have to start shifting to attacking individuals. At least when someone uses a 2fa recovery code, there is (usually) a notification that goes out, so hopefully you will at least notice an issue.
You're good with the titles lol
why cant they have 2fa where an actual person calls you , gives you the code and helps you if your having problems with it ? what if i dont want to give a company my email or my phone number?
Rob is much more knowledgable than you sir.
Rob is also trying to sell something,when someone is doing this be skeptical.
Also true.
Everybody is trying to sell something. This is RUclips. Ads, affiliates, sponsors, personal website, patrons, etc etc... Let that go. Look at how they are trying to sell you something and what they are selling.
"self-proclaimed security expert" as described by a self-proclaimed not security expert? Maybe he knows something you don't-more than this.
😂 There’s a name for someone who allows a source to determine their own credibility: GULLIBLE. 😳
I've never been a Rob Fan. I find his video's comfusing.🥴🥴🥴
Does anyone know if a security key works with crypto currency exchanges when buy and sell limit orders are set up? Will the orders fill?
Rob is a privacy expert, not a security expert. There is a difference. Rob comes at this from the angle of not wanting to share data with big tech. 2FA is another interaction with big tech that can reveal personal data. Rob seems to mainly be thinking about political activists in places where big tech might provide data to the authorities, or places where that might be an issue in the future. PS Rob has to use a Google account for his RUclips account.
I would agree with you, except Rob’s own website does not say “privacy expert”…he self-identifies as a “Cybersecurity Expert”. You’re right that there is a difference, but Rob is not a shining example of what that should look like. He’s not well-respected in the privacy and security world.
Rob messed up because he didn't describe it for those with a 3rd grade comprehension level, so it's confusing to some. Unless you use self hosted 2fa like Authelia, it pretty much a scam, so they can gather information to sell.
I’m so glad we have such highly educated people such as yourself to help us poor stupid folk.
I’m so glad we have such highly educated people such as yourself to help us poor stupid folk.
Great video! Well explained & very much needed. 👏
Thanks! Really appreciate that.
Now this is a click bait lol
Thank you for this. I’m very familiar with Rob Braxman’s videos and I’m glad someone finally called him out on it.
Thanks for watching and commenting!
bravo for this video and how you deliver it! Love such content!
Thanks so much, Stef!
4:36 Google does now
Not gonna lie, 2FA saved my life a couple of times when my personal data had been compromised.
Glad to hear it! Keep using it!
Enjoyed the video and love the T-shirt!
Ha! Thanks 🙏
Unfortunately many services ONLY offer SMS 2FA.
This is rapidly changing. Most services now offer the Authenticator app option and are slow to adopt the FIDO security key option.
@@AllThingsSecured I was looking for banks the other day that offer operability with authenticator app. Can't find ANY. Ridiculous.
I consider your video pretty cheap. You try to be the good guy and talk shit about some other ppl who are in the same business. And you're ripping Rob's video out of context, because 2FA who collect (or steal) and sell your data, that IS a scam. And that's exactly one of Rob's points - those huge amounts of money 'they' make by selling us out without caring if those information they sell will be used against us. And now comes Samaritan Josh and belittles Rob's contribution to us. Besides, talking about click bait: Rob's clip does exactly explain what it claims - while you did not clearly answer if 2FA is a scam or not. Be a good sport and don't try to make money by picking on others!
You misinterpreted Rob’s intent.
I don't think so. I think his intent was to spread FUD so he could share how much he hates big data, and in the process he smeared a security technology (2FA) that is very much valuable.
Get raided and they have your key.
The Government can take your keys from your apps.
They can and do track you by 2fa (meta data)
Ok. It’s a depressing worldview you have.
with sms 2fa or totp?
I wonder why Techlore comment disappeared 💨
Which Techlore comment? I didn't see one on this channel.
@@AllThingsSecured unfortunately you narrowly missed it, briefly you have "done" what he couldn't as he said. Poor boy needed a big daddy like you and then he was slapped and pouf gone💨
When are you going to have Google free phones with removable batteries and removable ad cards?
Wrong channel. I don’t do that.
Not very convincing
Lol. Y'all are just riding different marketing schemes. He sensationalizes headlines and you ride the SEO traffic by putting a more popular RUclipsrs name in your title. Nobody would find this video without rob Braxman. I don't buy your fake humility .
Ha! Your criticism would be fair if it weren't for the fact that the All Things Secured channel actually gets more daily views and is growing faster than Rob. I don't consider him a "popular RUclips" that I aspire to be.
Clickbait or not, I trust him more than any other security experts on RUclips without years of experience as him. Call me biased, no fugs will be given.
I think you could have learned most of what you've said on your channel from Rob and that you are doing the exact same thing.
I think you don't need to use Rob's name to drive this channel. You don't look good doing this. It's a lack of respect
I use 5FA.
All that is hidden will be revealed
How so?
I use my security key with my phone all the time just keep a usb c adapter with Me
Yup. Or you can buy a Yubikey 5Ci that has a lightning adapter.
Totally Trolling 🤮
Trolling me? I'm confused.
Nope. Rob Braxman is the one to trust ... NOT his detractors.
Then you can stop watching this channel and continue with the FUD 😂
@@AllThingsSecured - I surely will, because I know truth and intelligence when I encounter it. And that ain't YOU -
Love the tshirt Josh
Thanks 🙏
Hackers love Robs idea 😂
Security key !!!
Got a Snyk ad before the video 👌
😂😂
Oh that’s going to be a very good one. What about is phone ?
I've never used his phone and don't plan to, so I can't say either way.
SMS 2FA is a scam.
Scam? I don't think so. Is it the most secure? Undoubtedly not.
@@AllThingsSecured it’s offered as a way of collecting PII, no reason to restrict access to TOTP without providing a phone number.
Greatly delivered!!!! Always with you👍🙏
Thanks again!
I still respect Rob Braxman very much. He escaped a communist country at a young age and is not naive. These are strange times on a global scale, so be much more private and careful. (I say that and post on googleyoutube all at once. Sigh...)
The Philippines is not a communist country. It has been capitalist for as long as european imperialists first conquered it. Its also highly religious, majority catholic.
Damn love your t-shirt. Hopefully one day I will maybe be able to wear it.
Ha! Glad you like it - it’s actually the brand that a friend of mine created.