OUR own Govt is collecting all citizens data with these "hacks'. Think about who hit--ler had spies collecting data on citizens...same same just easier for the govt to use the internet data hacks these days to get data on everyone. Its all part of the future e^il "social credit system" that is coming world wide including the US which will "allow" or "not allow" you to buy, sell, travel etc. Its already in Commie China. WAKE UP. ch tim truth, The healthy american peggy hall etc have info.
Sounds like they don’t like 2 factor authentication with how hard of a time they have getting into modern phones like Apple. Yah stop using 2 factor authentication sounds suspicious
@@DevilDogZakThey're warning against TFA by TEXT, not TFA per se. You can use a SECURE Authenticator App that generates the proper codes for whatever site you're trying to log into. Facebook, Amazon, Lastpass, Microsoft Live, Google? I haven't used Text-based TFA for those in years. Instead I use Microsoft Authenticator. I know Marines can't read but damn.
The banks are almost all requiring us to use standard SMS text messages for 2-factor authentication. Tell them to update their systems, because the customer has no choice.
Hello, sorry for the inconvenience, but I could use your help. The OKX wallet holds my USDT TRX20 and the recovery phrase [ clean party soccer advance audit clean evil finish tonight involve whip action ]. How can I send it to BitGet or OKX?
They did update the systems. They do this so that they can link geolocation data to every login attempt. They want to know exactly where you are when you log in. There's no other reason.
@ I don’t know what details of geolocation they are collecting. I am happy that they are checking for logins to my account from Russia or China or whatever.
The device makers already offer better more secure alternatives. The problem is that both users and websites refuse to switch to them. Using an authenticator app like Google Authenticator, Authy, Aegis, etc. are significantly more secure than SMS authentication because the one-time passwords are generated directly on your phone. Even better, use Passkeys are hardware security keys (like Yubikeys) if the website supports it. They are the industry standard best practice since they are resistant to phishing attacks.
I think new Apple iPhone has that feature because of their new chip. But even then it didn't work if other users didn't use the same iPhone models or supported models. I'm not sure if other phone also has it or not. It might be hard to do for older models because people don't change their phone with the new phone frequently. It might be also expensive. And I think it is nothing to do with the telecom because the internet is world wide and so many different infrastructures. You just need to check the apps you use whether they use the end-to-end encryption or not.
The journalists seem to be confusing three things: 1) Using SMS messages for second factor authentication 2) Using SMS messages for messaging 3) Phishing scams
This news piece was painful to watch. They made it seem like 2FA was somehow insecure and you should opt out of it entirely. That's not what CISA was saying AT ALL. For anyone reading this: the most secure and effective form of 2FA is Passkeys. If the website you're using doesn't support passkeys, the next best option is an authenticator app. If neither of those are an option, SMS 2FA is STILL BETTER THAN NOTHING.
He clearly doesn’t know enough about this issue to report on it. He seems to think that you can receive the 2-factor texts via WhatsApp, which it not true and would be a stupid idea anyway. More importantly, he doesn’t understand what an authenticator app is, because this is really the default recommendation if text messaging is declared to be unsafe.
lets get rid of cell phones and the inter-webs and the like and go back to a simpler time where our kids played outside until the street lights came on
Yes and No, there are people that use SMS texting of two-factor codes because they don't know how to use any of the other 2FA options available so they opt to just stick with the SMS text because it's easy and familiar even if offered other (better) methods.
But the people on the boards of these regulatory agencies are mostly former (or future) executives of big corporations with a vested interest in those corporations making huge profits.
Most big websites nowadays support more secure alternatives to SMS auth, like TOTP and Passkeys. The problem is people don't know how to use them or simply choose not to because they find it inconvenient and don't understand why it's so important. Really the only companies that haven't switched away from SMS at this point are banks.
The problem with this story is that they just quote the FBI like that's a good source. How about you do some journalism, do some research, and stop using the FBI as a primary source?
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
I told several companies I didn't want the two-factor authentication at all. Many of them had no other way to have me log on. I don't care if it's email or text.. It's vulnerable and time consuming as well as a pain in the arse.
Seriously. What is a “passbook”? Lol. 2FA via a time-based one time password (TOTP) from something like Authy or Google Authenticator is better, or via a physical security key (such as a YubiKey) is even better. The problem is, a lot of companies don’t support these more robust authentication methods, so you’re forced into SMS-based 2FA. As many others have pointed out, this issue is not our fault, and largely out of our control.
Maybe someone can better explain why this needs to be a concern, because I don't see any real issue at all. I only get the one-time code once I have already entered my username and password into the bank app. I then enter the code into the bank app and I'm in -- and the second I do that, the one-time code is useless. Even I can't use it again, so I don't see how hacking to get the one-time code would do a hacker any good.
How is it MY responsibility to make sure my bank info is safe?!! Geez. The banks should already be on this -- well ahead of what hackers know about THEIR accounts and the security of their holdings! I can't help the banks.
The Billionaire class (Corporations and Individuals) own our government. The people just elected one, again! So No... they aren't going to take responsibility. They are pushing their problems on to customers.
No, it's actually safer now than 20 years ago. Just don't use SMS, as it's a legacy system that doesn't offer encryption. We have safer alternatives today.
I mean, they (old people who used to work in early tech, and even some tech people now) said it would because people would get too comfortable and lax and depend on it for everything, so not a huge surprise. You'd never believe how many tech people I know who try to have as little tech stuff in their homes and lives as possible. They know it's too much, but people keep pushing it for convenience and such. It's why I would never have an Alexa or any of that in my house. I limit the smart stuff in my house.
@@boqoll SMS is really the problem as it's unencrypted and that's a global issue. Two factor is a good thing, just use a different kind wherever possible. Let's also not forget that the best a few years ago was RSA, which was breached quite thoroughly. There will be no "Our bad" because admitting fault could give them liability. They'll just be pretending they never told us to use any of this other stuff.
@@Sadames03 yes of course, but what people are being informed of is that unencrypted text is compromised and the best option right now is a 2FA app, which was always better than text 2FA.
Now they want our fingerprints and eyes face image? As users we can be as careful as we can, but the company's backdoors are wide open. There should be laws to force companies to secure the data and pay us, the victims, when it happens. There needs to be a law that limits the amount of time a company can hold on to our data if we aren't a customer of them. There needs to be laws governing this. It's ridiculous.
Working in InfoSec, it's not quite true. The best attackers can do today, is try to trick you, giving up your information yourself. If you use encrypted communication, create strong passwords and two factor authentication, it's much harder for attackers to get through.
There’s no such thing as 100% safety or security. But there is and can be tech that is way safer and more secure (ditto with privacy) than alternatives. E.g., text message 2FA is better than no 2FA. But authenticator 2FA is even better, and the latest passkey tech is even better.
I remember reading an article that although What's App is encrypted, the federal government can still access your texts. So if the feds can, who else can?
This happened to me in April. I got the money back but closing the account and changing every automatic payment was a nightmare especially my bi monthly mortgage payments
Exactly. The guberment hates actual safe private encryption because they cant spy and track everybody so they force companies to put bloody backdoors and holes in damn thing.
@@S5King7 Here's a hint, pen and paper..... Do you need to access two dozen accounts on a daily basis? I have that many different software programs, but I use different passwords and check on all of them once a month......
I've been using Roboform on my PC for years but I elected to store the passwords on my PC instead of the cloud although Roboform encrypts your passwords with a master password so that's not too bad.
The two step authentication codes expire almost instantly. 🤷♀️ I'm not sure how they would be utilized effectively to steal from you. This sounds like a fear mongering excuse to sell us more apps and security software.
The reporters are confused lol. Two factor authenticatjon is security. Those codes expire and can be used only once. Lol. Physhing is not the same as two factor setting. Just dont click on links both in your text msgs and email.
It's long been advised to not use SMS text for 2FA. This has been the recommendation for years now, since before the pandemic. Yes, the codes expire but they are also easy to intercept if someone was to hack the cell phone system as currently it is reported China has done with not one but two of the major telecom companies in the US and maybe other yet to be named telecom companies.
Exactly. The reporters don't even know the difference LMAO When has anybody ever done 2-factor over TEXT???? Are they serious???? or are they just plain stooopid. When in doubt, clear your browsers of all history and cookies, GO TO the website clean, ENTER your website with your passwords etc and CHECK it yourself
They make you use TOTP, not SMS 2FA. Completely different protocols. TOTP authenticator apps like Google Authenticator, Aegis, Authy, etc. generate their one-time passwords directly on the device. With SMS, the website generates the one-time password and transmits it via text message to your phone. The part that's insecure isn't the one-time password, it's the text message itself.
And to be clear: you are still better off using SMS 2FA than not using 2FA at all. CISA is trying to warn people that SMS is fallible and that there are better alternatives out there that are more secure, free, and easy to use.
@@LimitedWard Thank you for this clarification. The problem for non-techies (like me), is figuring out how to use Google Authenticator, etc. I've watched a couple of videos, and they were just confusing. Never could get context on what or where I'm supposed to be doing the thing that was being said in the video or instructions. But, based on this news, it's clear that it's time for me to figure it out!
Business and government: require you to use smart phones and texting even for basic services Also business and government: its unsafe to use your smartphone and texting. Please download more apps
You are so right! But those too will have inherent problems, and will need to be made even more "secure"! Biometric implant ...rfid in a hand or your forehead so you can be inputted into / tracked by a global network! Where have we heard that before?..@jer1776
True by far the dirtiest cops in the USA are in the FBI. But it makes sense as they report to America's version of the KGB, DHS, just like the DOJ, America's dirtiest and most despicable professionals, lawyers, and Secret Service incapable of walking on a sloped roof. What could possibly go wrong? ,
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
Thank you!! I do NOT want 2 step because if you ever use your phone you are screwed. But, so many firms require them. I HAVE NEVER WANTED TO USE THESE.
The telecom hack was China hacking the backdoor system the government made the telecoms install so they had the ability to wiretap them. Nothing bigger than a foreign government hacking 90% of Americans phones.
@@dabronxmom1120 No, they did not. Mask up! They said 2-factor is good in this case and not in the other. Then made the awful suggestion of using a password mgr app. The OP is 100% dead on.
I deal with patient insurance billing at a clinic and some of the insurance plans use two factor text auth to login. Availity is a huge clearinghouse that uses two factor auth.
Anyone else noticed the subtle push for biometrics that's going on..? Not looking forward to being robbed for my eyeball and finger, cash is less painful to give up.
Don't fingerprint sensors not work on the dead unless they're like really fresh because it needs to detect an electrical circuit or complete the circuit? Something like that. That's what I heard. Regardless, they're much more secure than passwords.
you should absolutely use 2FA. what you should avoid is sms-based 2FA and choose the authenticator/passkey option. this has always been the recommendation since it was introduced as it is based on private-public keypair encryption, but the recent telecom breaches make choosing this option more crucial. no 2FA : worst sms 2FA : risky key-pair 2FA (aka passkeys) : best
They are not telling you to opt out of 2FA!!! They are telling you to switch to a more secure form of 2FA like using an authenticator app or Passkeys. This news piece was PAINFUL to watch because they did such a poor job of explaining that point.
Advertising that uses pornography at that too, I reported 3 ads and have been requesting reviews for links that lead directly to nudity and they keep saying it's not against community standards. This is what happens when a company is given too much power to monopolize our online world.
The expert that you interviewed literally said two factor isn’t the issue. It’s clicking links. Don’t click links emailed or messaged to you. Go directly to the website that you know is valid.
If business wants my personal information, it’s up to them to keep it safe. If a billion dollar company can’t keep it safe, what’s a citizen supposed to do ? Nothing I do is going to increase the company’s security.
When we’re being told by our government to use an encrypted app, it makes you wonder if it’s really encrypted. Why would the government that loves to obtain people’s personal information? Encourage us to use an encrypted app?
@@DrzPapi126 You seem to be implying that my comment is some sort of conspiracy or something. Am I correct? If that’s the case, answer the question. Why would a government that’s charged with national security, encourage us to use an application that leaves all of our information or conversation encrypted. What control of national security would they have if my communications with other people are encrypted?
So the news reporter says don't use two-factor authentication. But then when they talk to the professional the first thing he says is the biggest problem isn't two-factor authentication. It's people who don't text often but click phishing links 🤦🏿♂️🤦🏿♂️
the reporters dont understand the technical issue they are reporting... you should absolutely use 2FA. what you should avoid is sms-based 2FA and choose the authenticator/passkey option. this has always been the recommendation since it was introduced as it is based on private-public keypair encryption, but the recent telecom breaches make choosing this option more crucial. no 2FA : worst sms 2FA : risky key-pair 2FA (aka passkeys) : best
@@radfordmcawesome7947 *_"choose the authenticator/passkey option."_* Can you explain how to do this in simple terms, for those of us who aren't overly tech saavy? What is the authenticator option?
Whoever scripted this or helped these journalists prepare should be **helped more**. What a hot mess of reporting. OR This is how it was supposed to go out. 😂
😂great comment I was thinking the same! And he said different passwords for everything!! No way plus change them often?? They don’t know my brain 🧠 to many drugs back then & now to old…😂
This sounds suspicious right after the Luigi Mangione case it sounds so they can get into your account without a warrant to me. Why is it the FBI and not the NSA or an actual branch of the government that deals with computer security? Also, something they didn’t touch on people who use iPhones and some android androids to have this the messages are encrypted.
Are they going to force companies to comply? You are forced to use two-factor authentication against your will with many services. Try logging into almost any bank in America, they all use two-factor authentication for the most part. They won't even let you use something like an authenticator app with most of them.
Yes, it makes it harder for the CIA/FBI to access your data with it turned on so please turn them all off so they can access it easier. They need instant access to your data not forced to use work-arounds to get access.
The telecom hack was China hacking the backdoor system the government made the telecoms install so they had the ability to wiretap them. So they're saying, move from a method we hacked, but now a Foreign Government has hacked.
Considering they generate random numbers, the only risk is if a hacker can intercept your SMS and hack in by obtaining the code needed to confirm they are you.
Password managing apps? So a place where all your passwords are stored online? No way. Get a physical authentication key. Why aren’t they suggesting that?
It's not the code itself that is the issue, it's the method you get it. If someone intercepts your sms based 2fa code it's harder for you to prove you were taken for the fool.
@@csexecutiveservices the code only lasts for a few minutes. So they would need to have your account info, know the website you are accessing, and then enter the code before you do. Right... 🤨
@@csexecutiveservices You mean intercepts it between WHEN the bank sends it and you USE IT in the middle of the log-in you requested the code during?! WHEN does your bank EVER send you a 2F code and you're NOT trying to log in?!
Yeah, me too. I don't even do EMAIL on my phone! I have an actual wired house phone so I almost NEVER give out my cell number! Is it awkward? Sure... but I run a biz and do most of my banking online. I wouldn't use a bank that didn't have doors on it, why would I use a phone that was wide open?
@@elenorsnow8970 I wish they would teach technology and digital security in school. The simplified explanations I've heard over the years really isn't helping in the long run.
There is a big problem with all of this that most aren't taking into account. Switching to WhatsApp or other encrypted software is great, however if both people at both ends sending and receiving the message don't have the encrypted software, then it's not encrypted. Both have to have the encryption software -- without that the message is not encrypted.
Maybe the government and law enforcement agencies should hold all those who are CEOs of all social media platforms accountable for allowing this to happen to us USA citizens and stop violating our privacy constitutional rights and do something about it for real
The telecom hack was China hacking the backdoor system the government made the telecoms install so law enforcement had the ability to wiretap them. This particular hack is the Government's fault.
With an authenticator app, nothing is sent anywhere. Your device's app and the service you're logging in to calculate a code using cryptography that has to match. They change every 30s or so. The FBI are just saying to not use SMS for authentication codes because they can be intercepted, and some services online let you choose between SMS and authenticator apps. They're saying to make the switch away from SMS. Some corporations, like some banks, don't give you the option to switch under your security settings and only send codes via SMS, "for your convenience". Consider banking somewhere else.
What I find funny about authenticator apps is that at the core they just use another password (secret string) that could (in theory) be compromised and used by an attacker to generate OTPs. But the password has the qualities of a) having far more entropy than your average user will employ and b) being by default hidden from the average user. Basically authenticator apps are an admission that your average user can't manage their own passwords effectively (rather they will use "Eagles1979!" for all their accounts).
We must unite as citizens to compel the government to enact laws that prohibit businesses from selling our personal information without our consent or knowledge.
Companies already do get our consent in the lengthy TOS they make you accept when they require you to create an account to use their websites and services.
Seems to me, many login sites only give the option to SMS text the 2FA code and don’t give option to be emailed the 2FA code. So, how does one use One Time Password in that situation?
Passkeys everywhere possible since it uses asymmetric cryptography which prevents phishing. If passkeys aren’t available, applications should support TOTP like Microsoft Authenticator, 2FAS, etc.
That is the one they are warning about. It's not secure. Encrypted authentication apps from reputable sources (not WhatsApp) are best. They are using the wrong terms warning against 2FA.
Please tell this to the banking institutions that still, in the last month of 2024, only offer SMS texted code 2FA. Also pass this on to Lyft as well, I don't know what the hell that modern era tech company is doing not utilizing username and password and solely relying on phone number/text account authentication/login.
It’s very important for real journalistic news outlets, to find the negligence and the accountability inside the organizations who are paid billions of dollars to prevent these problems to expose their personal and organizational weaknesses and to hold them accountable in the court of public opinion, even if you do get advertising revenue from them
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
People resist change, just look at the move to EV's. The push back from the public is so massive that politicians have had to do a 180 about-face just to not lose their voters.
From the Ashin interview. "The biggest worry is not two-factor." But the FBI says to stop. Stop what? Is it spying on messages or stopping codes for identification? By conflating text messages with temporary ID codes, the "what to do" question is never answered for texts, ID codes because the solutions offered were never specific for ID codes or texts.
Wait…the same FBI that never investigated Hunter’s abandoned laptop…..and a bunch of “former” intelligence operatives signed a letter that said such laptop was “Russian Misinformation”….?
I never used 2-step authentication because when you look at it objectively (and as seems to have proven out here) that just introduces another avenue to expose yourself. Why introduce additional variables that create more opportunities for people to find a way into your stuff?
How about laws that prohibit businesses from selling our personal data? Why does every scammer out there has our phone numbers?
Vizio makes more money from selling personal data then selling tvs .
Walmart owns Vizio now
OUR own Govt is collecting all citizens data with these "hacks'. Think about who hit--ler had spies collecting data on citizens...same same just easier for the govt to use the internet data hacks these days to get data on everyone. Its all part of the future e^il "social credit system" that is coming world wide including the US which will "allow" or "not allow" you to buy, sell, travel etc. Its already in Commie China. WAKE UP. ch tim truth, The healthy american peggy hall etc have info.
Sounds like they don’t like 2 factor authentication with how hard of a time they have getting into modern phones like Apple. Yah stop using 2 factor authentication sounds suspicious
Nice try AI. Per google, AI-generated anchors to debut on Channel 1 in 2024... Look at the mouth it's clearly fake...
@@DevilDogZakThey're warning against TFA by TEXT, not TFA per se. You can use a SECURE Authenticator App that generates the proper codes for whatever site you're trying to log into. Facebook, Amazon, Lastpass, Microsoft Live, Google? I haven't used Text-based TFA for those in years. Instead I use Microsoft Authenticator. I know Marines can't read but damn.
The banks are almost all requiring us to use standard SMS text messages for 2-factor authentication. Tell them to update their systems, because the customer has no choice.
Hello, sorry for the inconvenience, but I could use your help. The OKX wallet holds my USDT TRX20 and the recovery phrase [ clean party soccer advance audit clean evil finish tonight involve whip action ]. How can I send it to BitGet or OKX?
Exactly
They did update the systems. They do this so that they can link geolocation data to every login attempt. They want to know exactly where you are when you log in. There's no other reason.
@ I don’t know what details of geolocation they are collecting. I am happy that they are checking for logins to my account from Russia or China or whatever.
Biometric ID or have the code sent to your email
Stop warning USERS. Warn the telecom and device makers to STOP using unencrypted methods.
The device makers already offer better more secure alternatives. The problem is that both users and websites refuse to switch to them.
Using an authenticator app like Google Authenticator, Authy, Aegis, etc. are significantly more secure than SMS authentication because the one-time passwords are generated directly on your phone.
Even better, use Passkeys are hardware security keys (like Yubikeys) if the website supports it. They are the industry standard best practice since they are resistant to phishing attacks.
That requires regulation though and republicans hate regulation. They'd rather get hacked than have laws.
I think new Apple iPhone has that feature because of their new chip. But even then it didn't work if other users didn't use the same iPhone models or supported models. I'm not sure if other phone also has it or not. It might be hard to do for older models because people don't change their phone with the new phone frequently. It might be also expensive. And I think it is nothing to do with the telecom because the internet is world wide and so many different infrastructures. You just need to check the apps you use whether they use the end-to-end encryption or not.
Wait shouldn't apple or android apps have encryption? wtf!!!
@@hiddenintheshadows530 I rather meant at the SMS level.
The journalists seem to be confusing three things:
1) Using SMS messages for second factor authentication
2) Using SMS messages for messaging
3) Phishing scams
This news piece was painful to watch. They made it seem like 2FA was somehow insecure and you should opt out of it entirely. That's not what CISA was saying AT ALL.
For anyone reading this: the most secure and effective form of 2FA is Passkeys. If the website you're using doesn't support passkeys, the next best option is an authenticator app. If neither of those are an option, SMS 2FA is STILL BETTER THAN NOTHING.
Yep. As others have noted, he was all over the place.
Horrible reporting! Where’s the fact checker for these TV news stations?
He clearly doesn’t know enough about this issue to report on it. He seems to think that you can receive the 2-factor texts via WhatsApp, which it not true and would be a stupid idea anyway. More importantly, he doesn’t understand what an authenticator app is, because this is really the default recommendation if text messaging is declared to be unsafe.
Yes, mixed up concerns.
All of the federal websites require two factor authentication
Precisely 😂
Our government has proven to be our enemy. Hopefully Trump will begin to turn that around. It will be a huge task.
@@Buddhavibez AND the code is not re-use: you enter it and it's DEAD!
@@Buddhavibezthe report clearly stated to NOT click on phishing messages. Geeeeesh.
WHATSApp is what China uses to spy and to impose a social score! Anyone who believes this BS should think twice, to say the least.
Forced into two factor authentication and now they tell us this. Crazy town. Upside down going on here.
Me and my closest friends only use Carrier Pigeons to communicate. I recommend everyone else do it too!
I intercepted your pigeons! Once the pressure was applied, they squealed like crazy....
Those "birds" are just drones 🤷♂️😬
I and most my friends were always tapping out messages
on train tracks but one lost his head over something I said.
Smoke signals during the day, LEDs at night. Works out great!
Same.
lets get rid of cell phones and the inter-webs and the like and go back to a simpler time where our kids played outside until the street lights came on
Why comment that? Everyone who's 10 and older knows damn well that's not happening unless WW3 starts and nukes are launched.
Would love that.
@@WoodrowThe3rd you know damn well that's not happening
interweb? lol. dagnabbit them varmits done gots my data stolen again
Woodrow, street lights? That's modern technology, isn't it?
This isnt something the public can control idiots. Make companies do it.
Yes and No, there are people that use SMS texting of two-factor codes because they don't know how to use any of the other 2FA options available so they opt to just stick with the SMS text because it's easy and familiar even if offered other (better) methods.
Exactly
But the people on the boards of these regulatory agencies are mostly former (or future) executives of big corporations with a vested interest in those corporations making huge profits.
@tncorgi92 exactly correct. What value is it to not correct it? I feel like I'm mossing something important.
Most big websites nowadays support more secure alternatives to SMS auth, like TOTP and Passkeys. The problem is people don't know how to use them or simply choose not to because they find it inconvenient and don't understand why it's so important.
Really the only companies that haven't switched away from SMS at this point are banks.
The problem with this story is that they just quote the FBI like that's a good source.
How about you do some journalism, do some research, and stop using the FBI as a primary source?
Weren't we told NOT to use WhatsApp about 4 years ago because of hacking?
Correct. Now we’re being encouraged to use it. Something doesn’t smell right with this.
@@brayleeparkinsonauthor Maybe the govt rewrote it?
Right and because WhatsApp sells your information 🙄 NewsNation is not a trustworthy news station and neither is your government
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
Wasn't that Telegram?
I told several companies I didn't want the two-factor authentication at all. Many of them had no other way to have me log on.
I don't care if it's email or text.. It's vulnerable and time consuming as well as a pain in the arse.
🤦♂️
I argued with my bank too who said it wasn't up to them. It's just how the "system" is.
Please redo this story. You guys have FAILED at explaining the issue! The reporter was all over the place.
Right! The experts info was nothing to do with his point.
Don't use text 2FA since your texts are compromised. Use a 2FA app. They said it multiple times.
The report is total crap other than don’t clip on links that are texted to you. They want people using WhatsApp because the FBI has access to it.
Seriously. What is a “passbook”? Lol.
2FA via a time-based one time password (TOTP) from something like Authy or Google Authenticator is better, or via a physical security key (such as a YubiKey) is even better.
The problem is, a lot of companies don’t support these more robust authentication methods, so you’re forced into SMS-based 2FA.
As many others have pointed out, this issue is not our fault, and largely out of our control.
Maybe someone can better explain why this needs to be a concern, because I don't see any real issue at all. I only get the one-time code once I have already entered my username and password into the bank app. I then enter the code into the bank app and I'm in -- and the second I do that, the one-time code is useless. Even I can't use it again, so I don't see how hacking to get the one-time code would do a hacker any good.
Computers and tech,ruined life
and the fbi
How is it MY responsibility to make sure my bank info is safe?!! Geez. The banks should already be on this -- well ahead of what hackers know about THEIR accounts and the security of their holdings! I can't help the banks.
True
The Billionaire class (Corporations and Individuals) own our government. The people just elected one, again! So No... they aren't going to take responsibility. They are pushing their problems on to customers.
It's just an excuse so the banks can steal your money and then act like the customer was negligent by not using a different type of authentication.
My bank uses and only uses SMS 2FA. They are the ones that need to change.
Technology has become a bigger problem than help.
that's what IM saying! 😮💨
Time to go back to all cash, shut off internet, and visit the people you need to stay in contact with.
No, it's actually safer now than 20 years ago. Just don't use SMS, as it's a legacy system that doesn't offer encryption. We have safer alternatives today.
I mean, they (old people who used to work in early tech, and even some tech people now) said it would because people would get too comfortable and lax and depend on it for everything, so not a huge surprise. You'd never believe how many tech people I know who try to have as little tech stuff in their homes and lives as possible. They know it's too much, but people keep pushing it for convenience and such. It's why I would never have an Alexa or any of that in my house. I limit the smart stuff in my house.
@@simonp37wrong. This isn’t true at all.
They want us to use fingerprint and face recognition for passwords.
Then they have everything
Next, the FBI be like, “Ooops, the. authentication apps we told you to use has a security flaw that compromised your accounts. Sorry, our bad” 🙄
Is this two factor authentication problems just the U.S, or the EU as well?
It is text 2FA. Not 2FA apps.
@@boqoll SMS is really the problem as it's unencrypted and that's a global issue. Two factor is a good thing, just use a different kind wherever possible. Let's also not forget that the best a few years ago was RSA, which was breached quite thoroughly. There will be no "Our bad" because admitting fault could give them liability. They'll just be pretending they never told us to use any of this other stuff.
@@BicycleFunkwhat OP meant is that nothing is 100% foolproof , and that even the 2MFA apps can be compromised too.
@@Sadames03 yes of course, but what people are being informed of is that unencrypted text is compromised and the best option right now is a 2FA app, which was always better than text 2FA.
Now they want our fingerprints and eyes face image? As users we can be as careful as we can, but the company's backdoors are wide open.
There should be laws to force companies to secure the data and pay us, the victims, when it happens.
There needs to be a law that limits the amount of time a company can hold on to our data if we aren't a customer of them.
There needs to be laws governing this. It's ridiculous.
it doesn't matter what security protocol is implemented, people will continue to find a way around it.
If they know how to make it they know how to break it
Give hackers 15 years hard-labor! Maybe having to work for Taylor Swift but not be paid.
Yup! like an old 95 flip phone. Doesnt ping off Any cell tower.
True
Facts
It would have been great if the field reporter had said "and don't call me Shirley"😂
If something can be built, it can be broken. Nothing is safe.
BINGO!
@@jacobac07 disconnect from the internet
Working in InfoSec, it's not quite true. The best attackers can do today, is try to trick you, giving up your information yourself. If you use encrypted communication, create strong passwords and two factor authentication, it's much harder for attackers to get through.
There’s no such thing as 100% safety or security. But there is and can be tech that is way safer and more secure (ditto with privacy) than alternatives.
E.g., text message 2FA is better than no 2FA. But authenticator 2FA is even better, and the latest passkey tech is even better.
I remember reading an article that although What's App is encrypted, the federal government can still access your texts. So if the feds can, who else can?
The telecom hack was China hacking the backdoor system the government made the telecoms install so they had the ability to wiretap them. So, China.
This happened to me in April. I got the money back but closing the account and changing every automatic payment was a nightmare especially my bi monthly mortgage payments
Exactly. The guberment hates actual safe private encryption because they cant spy and track everybody so they force companies to put bloody backdoors and holes in damn thing.
Give all your passcodes to a third party app? Umm no thanks.
Yeah, that advice is whack. I use one (for its random passwords), but never for anything that can be used to access my finances.
The idea of remembering 2 dozen random passwords is also not realistic.
@@S5King7 Here's a hint, pen and paper..... Do you need to access two dozen accounts on a daily basis? I have that many different software programs, but I use different passwords and check on all of them once a month......
💯agree
I've been using Roboform on my PC for years but I elected to store the passwords on my PC instead of the cloud although Roboform encrypts your passwords with a master password so that's not too bad.
What are we supposed to do when our bank doesn't even have authenticator app support?
As a veteran, try logging into my health vet and see how many times you get redirected and how many codes they have to send you to get in
Exactly.
Army retired pay acts like it's Fort Knox.
The two step authentication codes expire almost instantly. 🤷♀️ I'm not sure how they would be utilized effectively to steal from you. This sounds like a fear mongering excuse to sell us more apps and security software.
They steal your SIM card!
Tell this to our banks that still insist on using SMS text messages for multi factor authentication
My bank have their own two factor authentication built into their mobile banking app.
So, the title says avoid two-factor text authentication, but the video actually warns against links in texts? Nice job being accurate, folks.
The reporters are confused lol. Two factor authenticatjon is security. Those codes expire and can be used only once. Lol. Physhing is not the same as two factor setting. Just dont click on links both in your text msgs and email.
It's long been advised to not use SMS text for 2FA. This has been the recommendation for years now, since before the pandemic. Yes, the codes expire but they are also easy to intercept if someone was to hack the cell phone system as currently it is reported China has done with not one but two of the major telecom companies in the US and maybe other yet to be named telecom companies.
@killer2600
I'm really confused I thought the code was to agree to that exact amount from that specific purchase?
no, they can see the code since they are able to look at all sms messages so theoretically it’s almost like a sim swap scam
And always look at the headers of emails to see where an email is REALLY coming from.
Exactly. The reporters don't even know the difference LMAO
When has anybody ever done 2-factor over TEXT???? Are they serious???? or are they just plain stooopid.
When in doubt, clear your browsers of all history and cookies, GO TO the website clean, ENTER your website with your passwords etc and CHECK it yourself
The banks and companies requiring it don't exactly give you an option whether to use it.
That's rich! The federal government makes you use 2-factor authentication to get in to your TSP account and to your SSA Account.
They make you use TOTP, not SMS 2FA. Completely different protocols. TOTP authenticator apps like Google Authenticator, Aegis, Authy, etc. generate their one-time passwords directly on the device. With SMS, the website generates the one-time password and transmits it via text message to your phone. The part that's insecure isn't the one-time password, it's the text message itself.
And to be clear: you are still better off using SMS 2FA than not using 2FA at all. CISA is trying to warn people that SMS is fallible and that there are better alternatives out there that are more secure, free, and easy to use.
@@LimitedWard Thank you for this clarification. The problem for non-techies (like me), is figuring out how to use Google Authenticator, etc. I've watched a couple of videos, and they were just confusing. Never could get context on what or where I'm supposed to be doing the thing that was being said in the video or instructions. But, based on this news, it's clear that it's time for me to figure it out!
@@LimitedWard Limited, your first comment is very good. Your second comment is not.
2FA isn't a good system.
Codes are timebombed, single use items. I don't see the problem.🤷♂️
Business and government: require you to use smart phones and texting even for basic services
Also business and government: its unsafe to use your smartphone and texting. Please download more apps
Next theyll all want a pic of our face and fingerprint
You are so right! But those too will have inherent problems, and will need to be made even more "secure"! Biometric implant ...rfid in a hand or your forehead so you can be inputted into / tracked by a global network! Where have we heard that before?..@jer1776
Governments and companies never expected you to send personal information by SMS, as it has never been a safe communication channel.
‼️
So we can track you better. Because said companies aren't giving us enough information to spy like we want to
(Us govt)
If these companies get hacked and cause our data to be exposed because they don’t have proper security, then they need to be held liable for damages.
So true
Yeah, the Republicans are all about corporate responsibility
SMS has never been safe for communication since it was created, because it has never been encrypted. It's not exactly news.
Why?
@@earlysda because if you’re paying them and they’re expected to keep your data safe, then there should be consequences if they don’t
Some bank apps and others make it mandatory for two-authentication
Sorry fbi. You guys are the ones we need to watch out for.
Just confess now.
It will set you free.
“Permanent Record”, by Eduard Snowden.
It's damn frightening, how correct you are. The suggestion to use a password manager app is insane (to me, at least)
True by far the dirtiest cops in the USA are in the FBI. But it makes sense as they report to America's version of the KGB, DHS, just like the DOJ, America's dirtiest and most despicable professionals, lawyers, and Secret Service incapable of walking on a sloped roof. What could possibly go wrong? ,
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
Thank you!! I do NOT want 2 step because if you ever use your phone you are screwed. But, so many firms require them. I HAVE NEVER WANTED TO USE THESE.
Biggest cybersecurity breach so far, but it seems like there's always a bigger one just around the corner and then another and another.
I won't believe it until everything on the internet comes back '404 Not Found'
There will always be DIRTBAGS out there that want to take what YOU worked for !
Eduard Snowden’s “Permanent Record”. Read it. Food for thought
It's all on purpose.
The telecom hack was China hacking the backdoor system the government made the telecoms install so they had the ability to wiretap them. Nothing bigger than a foreign government hacking 90% of Americans phones.
Some sites don't give any options other than SMS for two-factor authentication.
This month alone has really strained my willingness to continue participating in this broken society.
distance yourself from the shit society as much as you can
Also put a PIN on your SIM card to reduce risk of your SIM being ported or hacked and the info on it being stolen.
👮♂️: Don’t do this.
💁🏻♂️: Oookkkaayy. Why not?
👮♂️: 🤐
Uhhh. They just explained why not
@@dabronxmom1120 No, they did not. Mask up! They said 2-factor is good in this case and not in the other. Then made the awful suggestion of using a password mgr app. The OP is 100% dead on.
@@dabronxmom1120 They SAID "Trust the govt!" THEY want you to stop using the bank's own 2F system. WTH!??!
The fbi said it, meaning they need your help to spy on you for the CCP. Oh I said it!
I deal with patient insurance billing at a clinic and some of the insurance plans use two factor text auth to login. Availity is a huge clearinghouse that uses two factor auth.
Anyone else noticed the subtle push for biometrics that's going on..? Not looking forward to being robbed for my eyeball and finger, cash is less painful to give up.
There’s been a data leak. Please change your fingerprints.
Dang you must have a lot of money to be worried about biometrics and losing your eyeballs for some cash.
Don't fingerprint sensors not work on the dead unless they're like really fresh because it needs to detect an electrical circuit or complete the circuit? Something like that. That's what I heard. Regardless, they're much more secure than passwords.
Yes, don't do any of it
@oreli2556 lol I wish, just making a point. They might just want yr identity😉😁
No real thought in this segment. What you need is a security key like a Yubikey.
Most users can’t opt out from 2FA
Yep
you should absolutely use 2FA. what you should avoid is sms-based 2FA and choose the authenticator/passkey option. this has always been the recommendation since it was introduced as it is based on private-public keypair encryption, but the recent telecom breaches make choosing this option more crucial.
no 2FA : worst
sms 2FA : risky
key-pair 2FA (aka passkeys) : best
You can usually change the 2FA contact to your email. Which is about as secure as the mailbox in front of your house.
They are not telling you to opt out of 2FA!!! They are telling you to switch to a more secure form of 2FA like using an authenticator app or Passkeys.
This news piece was PAINFUL to watch because they did such a poor job of explaining that point.
My bank requires me to BE my phone, so I HAVE TO receive a text code to sign in.
So what happens when Google locks you out unless you do the phone text method without any other options? This is absurd.
We gonna talk about how Meta allows scammers to advertise on their app?
Advertising that uses pornography at that too, I reported 3 ads and have been requesting reviews for links that lead directly to nudity and they keep saying it's not against community standards. This is what happens when a company is given too much power to monopolize our online world.
The expert that you interviewed literally said two factor isn’t the issue. It’s clicking links. Don’t click links emailed or messaged to you. Go directly to the website that you know is valid.
If business wants my personal information, it’s up to them to keep it safe. If a billion dollar company can’t keep it safe, what’s a citizen supposed to do ? Nothing I do is going to increase the company’s security.
🎯
Pull your cash from the banks now. We cannot trust them any longer.
When we’re being told by our government to use an encrypted app, it makes you wonder if it’s really encrypted. Why would the government that loves to obtain people’s personal information? Encourage us to use an encrypted app?
Yah…this outlet has turned into propa- that means don’t do what they say. I watch to know what not to believe now
Good question! Something to ponder!
Sigh here we go
Right, first Whatsapps a favorite use by scammers, now it's recommended?
@@DrzPapi126
You seem to be implying that my comment is some sort of conspiracy or something. Am I correct? If that’s the case, answer the question. Why would a government that’s charged with national security, encourage us to use an application that leaves all of our information or conversation encrypted. What control of national security would they have if my communications with other people are encrypted?
It all depends on the website-if they only offer text messages 2fa, what can we do?
Exactly
This sounds like a Whatapp add.
Except that in order to change your two factor settings, you must text authenticate to do so…
So the news reporter says don't use two-factor authentication. But then when they talk to the professional the first thing he says is the biggest problem isn't two-factor authentication. It's people who don't text often but click phishing links 🤦🏿♂️🤦🏿♂️
the reporters dont understand the technical issue they are reporting... you should absolutely use 2FA. what you should avoid is sms-based 2FA and choose the authenticator/passkey option. this has always been the recommendation since it was introduced as it is based on private-public keypair encryption, but the recent telecom breaches make choosing this option more crucial.
no 2FA : worst
sms 2FA : risky
key-pair 2FA (aka passkeys) : best
@@radfordmcawesome7947 *_"choose the authenticator/passkey option."_* Can you explain how to do this in simple terms, for those of us who aren't overly tech saavy? What is the authenticator option?
Thank you!!! I heard the same thing.
Whoever scripted this or helped these journalists prepare should be **helped more**. What a hot mess of reporting.
OR
This is how it was supposed to go out.
😂
This is insane . I can barely remember my name let Alone a different password for each site!!
password manager..............
That’s what the password manager is for. All I need to remember is the main password to get in.
@@HopefulEmpathSure, that main password is the “weak link” in the security system.
😂great comment I was thinking the same! And he said different passwords for everything!! No way plus change them often?? They don’t know my brain 🧠 to many drugs back then & now to old…😂
Unlike with banks, you can use authenticator as 2FA for your password manager, plus a monster password. The Borg couldn't brute force my password.
This sounds suspicious right after the Luigi Mangione case it sounds so they can get into your account without a warrant to me. Why is it the FBI and not the NSA or an actual branch of the government that deals with computer security? Also, something they didn’t touch on people who use iPhones and some android androids to have this the messages are encrypted.
Are they going to force companies to comply? You are forced to use two-factor authentication against your will with many services. Try logging into almost any bank in America, they all use two-factor authentication for the most part. They won't even let you use something like an authenticator app with most of them.
Truth! I use Authy whenever it is available, but one of my banks does not support it, and I have to authenticate via SMS.
Makes no sense.
“Dont lock your doors”
“Okay Agent Smith!”
😂
Yes, it makes it harder for the CIA/FBI to access your data with it turned on so please turn them all off so they can access it easier. They need instant access to your data not forced to use work-arounds to get access.
Government: "Move from a hackable method to a method we already hack."
I detect stingray devices trying to sucker my phone!
The telecom hack was China hacking the backdoor system the government made the telecoms install so they had the ability to wiretap them. So they're saying, move from a method we hacked, but now a Foreign Government has hacked.
Considering they generate random numbers, the only risk is if a hacker can intercept your SMS and hack in by obtaining the code needed to confirm they are you.
Password managing apps? So a place where all your passwords are stored online? No way. Get a physical authentication key. Why aren’t they suggesting that?
Right!
Can those work on mobile?
smart way to use it store it in bank deposit box use it near by to check your finances and put it back
Some password managers are end-to-end encrypted. The password is encrypted on the device before it goes to the cloud to sync among your other devices
@@oreli2556 - Yes, hardware keys like Yubikey work with Mobile. They have NFC options, USB-C, USB-A, and Lightening.
Why am I only hearing about this by scrolling past a random yt vid and not straight from apple or verizon. WTF
It's a one time code
It's not the code itself that is the issue, it's the method you get it. If someone intercepts your sms based 2fa code it's harder for you to prove you were taken for the fool.
@@csexecutiveservices the code only lasts for a few minutes. So they would need to have your account info, know the website you are accessing, and then enter the code before you do. Right... 🤨
@@csexecutiveservices You mean intercepts it between WHEN the bank sends it and you USE IT in the middle of the log-in you requested the code during?! WHEN does your bank EVER send you a 2F code and you're NOT trying to log in?!
It should be illegal for companies to sell or share our info. Have my info being breached through companies I have never dealt with or connected to.
How do these hacks keep happening? Do all telecom companies use 12345 for their mainframe passwords?
yes they use very poor security. they just don't care about our data. some have been hacked multiple times
Sounds like the code some idiot would have on their briefcase!
How about we just write our passwords in a little password book, like we used to?
I paid for my telephone for MY use. I talk, text and take photos - nothing else. Sending me a bill via text is a sure way to not get paid!
I try to ensure I can touch my toes without bending my knees.
Yeah, me too. I don't even do EMAIL on my phone! I have an actual wired house phone so I almost NEVER give out my cell number! Is it awkward? Sure... but I run a biz and do most of my banking online. I wouldn't use a bank that didn't have doors on it, why would I use a phone that was wide open?
@@elenorsnow8970 I wish they would teach technology and digital security in school. The simplified explanations I've heard over the years really isn't helping in the long run.
Everything is left open so the FBI can get access in the first place lmfao
There is a big problem with all of this that most aren't taking into account. Switching to WhatsApp or other encrypted software is great, however if both people at both ends sending and receiving the message don't have the encrypted software, then it's not encrypted. Both have to have the encryption software -- without that the message is not encrypted.
I don’t trust Whatsapp. Very easily hackable.
WhatsApp is also owned by Meta who allows every hacker and FBI on the planet to access your stuff. No thanks!
Maybe the government and law enforcement agencies should hold all those who are CEOs of all social media platforms accountable for allowing this to happen to us USA citizens and stop violating our privacy constitutional rights and do something about it for real
The telecom hack was China hacking the backdoor system the government made the telecoms install so law enforcement had the ability to wiretap them.
This particular hack is the Government's fault.
With an authenticator app, nothing is sent anywhere. Your device's app and the service you're logging in to calculate a code using cryptography that has to match. They change every 30s or so. The FBI are just saying to not use SMS for authentication codes because they can be intercepted, and some services online let you choose between SMS and authenticator apps. They're saying to make the switch away from SMS. Some corporations, like some banks, don't give you the option to switch under your security settings and only send codes via SMS, "for your convenience". Consider banking somewhere else.
What I find funny about authenticator apps is that at the core they just use another password (secret string) that could (in theory) be compromised and used by an attacker to generate OTPs. But the password has the qualities of a) having far more entropy than your average user will employ and b) being by default hidden from the average user. Basically authenticator apps are an admission that your average user can't manage their own passwords effectively (rather they will use "Eagles1979!" for all their accounts).
As far as 2-factor authentication goes, some apps require it to access an account.
We must unite as citizens to compel the government to enact laws that prohibit businesses from selling our personal information without our consent or knowledge.
Companies already do get our consent in the lengthy TOS they make you accept when they require you to create an account to use their websites and services.
Really, is that what the government says!
OR, ya know, maybe the FBI can actually just arrest the hackers.
We do that all the time especially for Government logins etc
Cant keep up with this scamcrap….
No one thought of interviewing the providers/makers and ask them what their doing about this!?!
We started the sms codes in the first place because our emails got hacked.WE ain't safe nowadays and no where are we. 😮😮😮😮
Two step ID is required by most companies I deal with.
Why don't they do their job and catch these people???
Maybe they ARE the hackers. ever think of that.
Poor internet design so it is difficult to identify who to catch and no authority to. ISPs that allow hacking activity. F. Miller
Because the ones doing it are mostly overseas in corrupt and morally bankrupt nations with better programmers than the lazy coders in America.
Text messages are not secure? Now, who didn't know that already? 🤦🏻♂️
This feels like an ad for Whatsapp, more than anything else.
Oh please, for the love of god, Salesforce please do away with the Authenticator. It’s horrible.
Use One Time Password (OTP). Password will be sent to your email and can only be used once and expires within 2 to 3 minutes.
Seems to me, many login sites only give the option to SMS text the 2FA code and don’t give option to be emailed the 2FA code. So, how does one use One Time Password in that situation?
@dovmerrill804 it's up to the company behind the website to implement the OTP functionality. Developers can do this quickly.
Passkeys everywhere possible since it uses asymmetric cryptography which prevents phishing. If passkeys aren’t available, applications should support TOTP like Microsoft Authenticator, 2FAS, etc.
That is the one they are warning about. It's not secure. Encrypted authentication apps from reputable sources (not WhatsApp) are best. They are using the wrong terms warning against 2FA.
Hmmmm....we were told to stay away from whats app so now that's ok? That sounds fishy in itself.
The best thing is get back to using common sense which is rarely used anymore
The FBI has lost all credibility
Please tell this to the banking institutions that still, in the last month of 2024, only offer SMS texted code 2FA. Also pass this on to Lyft as well, I don't know what the hell that modern era tech company is doing not utilizing username and password and solely relying on phone number/text account authentication/login.
They want people to BE their phone.
It’s very important for real journalistic news outlets, to find the negligence and the accountability inside the organizations who are paid billions of dollars to prevent these problems to expose their personal and organizational weaknesses and to hold them accountable in the court of public opinion, even if you do get advertising revenue from them
Imagine if the government was proactive and not reactive.
Sloppy announcement by the FBI and these reporters. You should be okay if you have a strong password, uncompromises (not hacked) device/computer, and lock your SIM card! BANKS don't use authenticator apps as an option or a hardware key, so you are stuck with text or email teo factor auth options
People resist change, just look at the move to EV's. The push back from the public is so massive that politicians have had to do a 180 about-face just to not lose their voters.
From the Ashin interview. "The biggest worry is not two-factor." But the FBI says to stop. Stop what? Is it spying on messages or stopping codes for identification? By conflating text messages with temporary ID codes, the "what to do" question is never answered for texts, ID codes because the solutions offered were never specific for ID codes or texts.
Wait…the same FBI that never investigated Hunter’s abandoned laptop…..and a bunch of “former” intelligence operatives signed a letter that said such laptop was “Russian Misinformation”….?
I never used 2-step authentication because when you look at it objectively (and as seems to have proven out here) that just introduces another avenue to expose yourself. Why introduce additional variables that create more opportunities for people to find a way into your stuff?