How to secure your GMAIL account like a pro | YubiKey Tutorial
HTML-код
- Опубликовано: 8 сен 2024
- Still using email and SMS verification codes to protect your gmail account? This security tutorial will make you think twice about those options by showing you how to lock down your Gmail account like a pro using a physical token like a YubiKey.
#YubiKey #Security #HackProofGmailAccount #TristanBolton
LINKS* -
Buy YubiKey 5 NFC (US Amazon): amzn.to/2QKBG6z (affiliate)
Buy YubiKey 5 NFC (Canadian Amazon): amzn.to/3buvQ0X (affiliate)
Yubico Products: www.yubico.com...
Yubico Authenticator: www.yubico.com...
Other Videos:
How to secure your DROPBOX account like a pro: • How to secure your DRO...
How to secure your LASTPASS account like a pro: • How to secure your LAS...
How to secure your AWS account like a pro: • How to secure your AWS...
SUBSCRIBE for more videos in the series!
Leave a COMMENT below for what you'd like to see a tutorial on :)
----
Instagram - / tristan.bolton
Twitter - / tristanbolton
Facebook - / tristan-bolton-8700984...
Website - tristanbolton....
Thanks Guys! Have a great day! 😊
*Just a quick FYI - as an Amazon Associate I earn from qualifying purchases. Thanks!
I lost my RUclips account and years of work and income through my Google account. Tremendous damage can be done to people. Crooks can't benefit from theft of my videos, but really crushed me. I will learn how to protect my new channel. Thanks for this video! Rich
That sucks about losing your RUclips account - Glad you're finding more security tips like this to prevent that from happening again. Stay safe!
Hi Rich, I just wanted to say I'm really sorry to hear that happened. I hope you have been able to come back from it.
@@johnbod It was a blow, for sure. Years of hard work gone. 2200 videos, gone. Since I love to make videos I kept going and my new channel is doing pretty well. Thanks. Rich
@@richdavis4007 hi I am sorry for your Channel But can you Please help Me secure my Gmail account from hackers because my account is important
@@arunaslasiunas6699 I'm not an expert on this. Best wishes.
Thank you for this video. I watched about 10 just like this and what I liked about this one is how easy it was to follow and how clear you were in explaining.
Glad it was helpful!
If someone tells you something can't be hacked, they're either trying to sell you something or they don't really understand hacking. There are lots of "unhackable" things that have been hacked.
We’ll you can’t hack my grandma’s toaster.
Yes.. there is a thing called life hack..
Yes you are right about that one day and I am very sure that it's going to be better for the both of happiness to get as long as this world has to much of lifetime beautiful weather and the way it has been trying to see if that was something safety and an amazing opportunity too cherishing the fact of lifetime beauty and the nature of lifestyle that everyone has too having an amazing female friends who will love too different things for all the right reasons when they are asking for from their good friends and gentleman who is really and who has been trying to make her understanding of this situation in life now
Newest (2023) FIDO Passkey tech is now supported by Google for Google (Gmail) authentication
Essentially makes your phone device operate like a Yubikey. More secure and more convenient than SMS based 2FA when set up on devices that are not shared with others.
Wow great explanation to security issues in Google
He did a very good job imo. Explaining the basics step by step. English is not my first language and I have no experience in using DAWs
you deserve a medal. exactly what I was looking for. However, your statement that you will show the ultimate secure method where losing the key means losing the account isn't true because of the backup codes, right?
You're right, you want to stay secure but you don't want to risk loosing your data. So use a yubikey as a primary second-factor and the printed codes in a safe as a backup.
I Only using Backup codes And google prompt
@@tristanbolton I etched the backup codes in a steel plate with my laser cutter for ultimate disaster survivability.
@@arunaslasiunas6699 i don't think google prompt is safer than using regular OTP
Excellent video thank you. The piece that I am a little fuzzy on is the Yubico authenticator piece. You answered all my questions especially about the recovery phone and email.
Hands down, tNice tutorials is THE best beginner video I've watched. Others want to brag about all the sample, loops, etc they have. You keep
not know , but just know you've affected my life, and apparently tens of thousands of others, in an imnsely positive way. Thank you
if a Ubikey was built like a usb drive, I would use one. But the one I had a few years ago was just a piece of cheap plastic with the metal contacts exposed. It would not set correctly in the usb port and 60% of the time had a loose, intermittent connection, which caused failure errors
Just locked down all my accounts but all my Gmail did what you suggested, removed phone number recoveries and everything is printed and in the fireproof part of the safe!
Wow, great video, Tristan. Thanks so much. Clearest explanation for securing a gmail account I have ever heard.
Thank you Tristan! You've just helped me save a lot of time and this was easy to follow.
Thank you . You really make sense of these keys .
You train so well! It's like you comprehend my tempo...
Truly liked the way you have explained how to secure one's account. This is very very useful. Thanks !!!!!
Tristan, how does yubikey on my google account effect my youtube tv account? Will I need the yubikey to stream RUclips tv?
Hey this is nice. Thanks for the informative video. I am planning to buy one and was wondering how many accounts can we add on a single key?
How do you that that the maker of these Keys can be trusted?
HEY!! DO NOT USE OTP IF THERE IS HARDWARE KEY SUPPORT!!!
You are giving up the best feature that only a hardware token can provide: phishing prevention. If you put your credentials into a phishing website, the FIDO hardware key will NOT log you in and prevent you from getting hacked. If you copy in your OTP, the attacker can happily log in on your behalf, regardless of what generates you OTP, app or a hardware generator.
This is the reason why they stop attacks so well, not because they are not on your phone (BTW: modern versions of Android have a secure store functionality to prevent your tokens form being exported by mistake!).
If you must, at least do not use the OTP functionality unless you absolutely have to, do not make it a habit!
Also, please do /thorough/ research and make sure to fully explain the security implications of what you are recommending. If I did not know any better, I'd get the impression that yubikey OTP is as secure, IT IS NOT!
The author should have explained how TOTP is not as secure as FIDO2 private/public key pairs. Much worse though in the case of Google, is that if you have an android phone or tablet, Google will make "Google Prompts" the default 2FA authentication method as soon as you login, no matter what else you have setup. If virtually eliminates any advantage of a hardware key, without the user even knowing it.
What are the differences from the regural and the free trial one
The second you have backup codes, they key thing is worthless. Great, thanks
Lah video ini masuk di playlist stand up comedy Raditya Dika 😂, apa bang Radit lupa ya? Wkwk
The big question is, Who in the world would want to be posing as Tristan, is like "Hello, tricksters hackers and thief have some respect for themselves"
help to get the basics and I'll jus move from there. Thank you!
In the GMS switch the “Program” to Analog app 1 TE
The only tNice tutorialng I learnt myself in soft soft is pressing tab in the keyboard to bring up the channel rack
i am confused. At 12:10 are you setting up the authenticator on the PC or on the phone? Your languages suggests u r setting it up on PC -- but the graphic shows "SCAN the QR CODE" -- so how did you scan the qr code on the laptop? My question is will this authenticator require a phone? Or can it just be installed on a PC?
ive been making complete verses on a single soft, it seems everyone of these tutorials i find like to put a single instrunt on each
clips. I use a drum loop and afterwards I want to record a appguitar. What happens.. the drumloop starts to record again along the
What?
I'm not sure but an alternative second step like backup codes does not appear in my case. Maybe because I already added a second key or google remove this option.
Been working soft for a few years now... using it on Mac now and it crashes a lot Nice tutorialndering my progress on the tracks im working on ... I'm
12:07 what if you already have 2FA already setup? How would you get it onto the key?
5 seconds before you said thats a bit boring I was like dude thats sick
drums softing good start learning how to make your own lodies. Good luck bro!
Huh?
Your'e awesome, thanks. really helpful.
p0ppp
PP
PP
Ppplppplpp
Ppllpppppppppppppppp
Ppllppppppppp
Ppplppppppp
P
P
Pp
Ppppl
Questions:
1) backup yubikey? If app/website insert max 1? keys can be broken, stolen, lost
2) how can you login on mobile if you don't have NFC? Or I have key with USB-A and smartphone USB-C
Thx .Nice easy beginners guide. helped plenty!
Hi Tristan. Thanks for this video. I don't really understand how (or IF) a hacker could just view files on my desktop computer. I have a wireless network and use it with TiVo, but I HOPE my smart tv does not have access (I don't know how to tell for sure). My iPhone has nothing on it but my contacts - I don't use it for internet at all - just phone calls and text. I do zip/encrypt anything sensitive on my desktop data partition, such as financial info, identity info, password info, etc. (which carries to my backup/image files drives/partitions). Do I really need to do this? I noticed that you had checked to remember "this" computer, or not to require certain security things on "this" computer. If I only use the one desktop for everything online, can I consider that as long as "this" computer (that no one touches but me) is recognized, I don't have to be concerned about the files on my drives? Like if my password manager is unlocked, for instance - is there any way my passwords could be accessed by someone else?. How could someone have access to my files/folders on my desktop?
Thanks for the questions.
There are a number of ways both physically and with virus' that someone could get access to your data, too many ways to list here. First protect yourself from physical access to the data, if your computer is stolen, by using an encryption-at-rest option. Encrypting your zip files is one way, you can secure all your files by encrypting your hard drive. On a mac this can be done under System Preferences -> Security & Privacy -> FileVault on a Windows you'd turn on Bitlocker.
To protect against cyber attack's, make sure you have a good anti-virus / malware protection, and keep your most important data offline: Digital wallets on a USB drive, Two-Factor codes with YubiKey, and Passwords (better yet use Bitwarden: ruclips.net/video/TcxZyfTOyYw/видео.html).
Hope that helps
Please do a video setting up the Yubikey with FaceBook. I ran into some very unexpected issues, like being asked for a PIN?
the headphones plugged in but the soft still cos though the computer speakers . It really should be because bluetooth has a delay
Your a Genius man I got trolls trying to fish my crypto! =) Strange emails and all types of BS. Thanks.
Thank you Tristan. Fantastic presentation on securing Gmail! Would you please address the inherent vulnerability of all authenticator apps. If someone gets a hold of your Authenticator OTP seed they can generate OTP codes for your account, even if the don't have your Yubikey security key. The is OTP seed is plain txt stored by your service provider Gmail.
Are you sure the OTP seed is stored in plain text by the provider? That would be a huge security breach potential. I think nowadays all providers of 2FA have to made sure that seeds are stored encrypted.
Thank you so much! TNice tutorials video helped produce fire soft thanks bro❤️
Absolute W video. I had a lot of money softowing in in a good ti of my life where I would spend it on dumb stuff. But one of the few good
Thank you so much for so good information
I recommend you to use authy over google authenticator :))
I heard there was issues with Authy as well though? Can't remember the specifics though
@@anotheruniquehandle no i haven't faced any issue
I've just started playing with Authy - new videos coming soon :) - thanks for the recommendation
@@tristanbolton i m in india and I see last video uploaded 7 months ago!!!!
Thank you for great explanations.
This was interesting, but I know I would lose those keys. I use the backup codes, the android device prompt, and I have a special Google Voice number that I don't use for anything else than getting sms security codes. I'm the only person who knows that number and the Gmail account that is associated with it.
Nice tutorial Micheal, great video to get us started. May you tell - how do I link two or more channels (in the rack channel) as to share the sa
Nice content , question ? Why disable email recovery, I agree disable phone sms , but email 📧, if you fully control Gmail with the passkey, how can they access your email ? See my point ?. 🎉
very clear and detailed! thanks
The default tempo for the soft is 120 and when i set the tempo to 100 and played it again, the midi plays again in 120 bpm in tempo. Can
Helped A Lot! Thanks!
Would you recommend backup on usb or better on paper?
just beca a subscriber keep up the good work Sir.
I just got the soft soft , man tNice tutorials tutorial is perfect
Good job Tristan .
Thanks!
Great video! Thanks
I love it Sir can you help to edit
the right and it will soft like magic!!
I love your tutorials
My phone doesn't have NFC and uses Micro B. Is there no option to use Yubikey with my phone?
I feel you
style I downloaded the demo to soft soft yesterday, and I'm going to learn from you to make my own stuff, and I wanted to leave tNice tutorials
YO THANK YOU SO MUCH
sirin hamza fruity edition doesn’t have all the plugins or samples and it can’t record content either
It can't get anymore simple than this. Thank you soo much howtobasic!
Anyone know what version of soft soft he's using? Like do I have to buy the $200 version for the stuff in the video or is the $100 dollar
Someone recently stole my trusted device and almost reset my main account. Luckily they got distracted and got into my work account (an easy fix since we have admins). It made me realize how vulnerable my google really is. I have 700gb of files on google drive and Google Photos is the sole location for many of my photos. Kinda insane I thought a password and phone would be enough.
trying to learn soft so I am easily understanding everytNice tutorialng but I don't tNice tutorialnk it is for complete beginners who just opened the soft literally 5
Great video indeed, thanks!
Can I import my softs into soft soft and process without using a mic
anyone. I appreciate it!!
Even once you understand how to use soft soft, having the ear to make a good soft is a whole different story
Thank you bro !!!
Thanks so much for tNice tutorials bro
Security Key is MUST for the following:
1. Microsoft Account (Windows 11/10 sign in)
2. Gmail
3. Facebook
4. Instagram
5. Twitter
6.Tiktok
7. Reddit
8. Backup Services
9. Apple ID
Thx
Are u sure the BACKUP codes are secure ??? first using Physical key and then to get access via BACKUP codes ??? plz enlighten me sir
Yeah pretty much. They'll give you only a couple of tries, before they block the requests and you gotta wait for a period of time (pretty long I might add). It is highly unlikely a brute force attack would work (it would have to be extremely lucky) and a Spray Password attack has basically 0 chance, since those codes are random.
Then you might ask, why the Standard login isn't as secure, asu it also allows only a handfull of tries? Because a) the Homo Sapiens is by far the dumbest species on the planet. Brute Force isn't an option, but Spray Password attacks are. So they'll try often used passwords (such as "Password1") and often have great success with that. If there is no 2FA setup, hackers will get in there in no time. Also if there are keyloggers or anything like that on the PC, they can just get the Passwords that way.
For the Yubikey and security - even if a hacker got remote controll over your PC and has the Password, still no success, as you need to physically touch that thing in order to work.
Nice video. With your suggested method if I want to connect from my friend’s computer to my gmail account I need to use the ubikey to unlock the authenticator on the phone, right? So the usbA is not an option to buy. Either nfc or lightning for iPhone users
Great but can i use yubico authentication app on my phone without using the physical cable
Can it works on Google tv? Or Maybe create a new account for non important access ?
im having a problem when i put gms and na the patter "app" it doesnt soft like what it was in the video its a loud annoying soft
I only have a USB yubikey. How can I {a} make a back up {b} use 2fa on my G account on my phone? Thanks for the video by the way very helpful
A: you can either have two yubikeys, set them both up at the same time (scan same QR code to both keys) and store the second key in a safe place. Or you can just print the backup codes and store those in a safe place.
B: when prompted on your phone for a 2fa, just plug the yubikey into your computer, get the code, and enter it on your phone. You will only have to do this during account setup
TNice tutorials was the first video I saw to get into soft soft, tNice tutorials year in May. Today I published a Resetup from XXXTentacion "Moonlight".
What if my laptop is hacked and I plug in my YubiKey into the hacked laptop? Wouldn't this make the authenticator apps on phones the better choice?
I asked a similar question about backing up files on Dropbox.
There are viruses all over attempting to gain access to authenticator apps on both computers and cell phones.
By having a yubikey the hacker would have to get the code at the same time you've plugged in the key and login less than 60 seconds from when you've plugged in the key.
If you're really concerned about the authenticator app getting hacked you could use a air-gapped device, often an old iPhone or Android device without a SIM card and off wifi, and use that to generate your codes.
Hope that helps!
@@tristanbolton It would just be done automatically by the malware. I think that there's ransomware out there that automatically activates when a USB flash drive is plugged in. The same principle applies.
how do i set this up on on firefox
Press F1 on your keyboard and its show you everytNice tutorialng you need to know...if you are stuck then watch the video
Man thanks so much! Just got myn
I like your teaching style. Thank you. Do you know if its possible to remove "google prompts" as a verification method after adding a security key to your account? It seems like that would be a weaker link in the chain if it cant be disabled.
After some research it appears that as of right now, the only way to remove google prompts is to sign out of Google on that device such as a phone. It'd be nice to be able to stay signed in on my phone while also not using it for prompts. However, that also raises the issue that the phone would still remain the weak link since your Google account could be accessed on the phone itself if someone was able to get past your lock screen.
Why don't you recommend keeping a YubiKey 5C Nano plugged in at all times? What risks do that carry?
It really depends on your computer security from a cyber threat and physical threat.
I do have a key that I keep plugged in all the time but my most critical accounts I have on other Yubikeys, some in a safe, stored offline to protect those accounts further.
It is possible you get a virus on your computer or someone steals your computer and they are able to use the codes on the yubikey to access your accounts. Keeping the yubikey unplugged adds some extra security.
If you want one to stay in the computer, I do like the Yubikey Nano series
I wonder if we just take off any way to get the password back. If you loose the password the account is gone so hackers can’t get in so basically write the password down and hide that physical copy. It’s the same as a key but free
Nice video, thanks!
Thanks man for the info it is really useful👌
You have mentioned about not given either the phone or the associated email to damage the virtue of the account, then, when google asked for the email requested, what's my option to op out? should I be brave enough to delete this email description? then how will I able to recover as asked? or the code in the yubikey will suffide?
Fantastic video, I liked it. Can you give us a quick tip on how to secure WhatsApp and Kik messenger? I had identity theft from someone on WhatsApp recently so I turned on two factor authentication (which is a pin code) and is that enough?
@Tristan is there a way to use those keys without have to install any app on the smartphone? just plug in or use NFC?
But how do I make s in tNice tutorials using my midi keyboard?
This video is gold