abdul reeyas don’t forget if two or more people shares the same device, due to the cost of buying more devices. Like a family shared desktop computer or laptop because the family could only afford one desktop computer or laptop.
Companies should be supporting the delegating of access to user accounts as required. If I want to give my child access, then I should have the flexibility of giving them full access or limited access to view/purchase content.
As a former developer, that line "keep 20-40 passwords" just hit me in the soul lol. I have a whole folder, filled with passwords and usernames jotted down on paper. Whenever I had to clear my cache, I cried a little.
I love how a lot of companies force you to reset your password every 6-8 months; depending of the company. And everyone is complaining that changing passwords is expensive. You’re literally forcing us to change them.
I read an article in Russian that recommended disabling all face and fingerprint recognition on your devices and instead use a password. The reason for that was the fact that a policeman can unlock your device without your permission and see your contacts, communication, etc., for example after arresting you during a peaceful protest
You are so right. If someone is robbing you you are screwed. Also, will a phone, PC, iPhone send you BIO data to Microsoft, google or apple to be stored, misused without your consent? I am sure a 3D printer in the near future will be able to print a copy of someones head from a picture to use it to unlock a device. Just look ar the software that can animate a person just from an old photo.
It would be cool if they worked out a deal to show the passwords to an email, but hide them so at least you'll know if they have your password or other info and can react accordingly, because if they had it, chances are someone else does.
@@PatThePerson Have I Been Pwned just gives you a "yes" or "no" response to data you enter, so you can try all of your email addresses and passwords and get an up or down response to whether they've been compromised without someone else being able to enter your email address and see all your hacked passwords (which you might still be using).
Exactly, someone may unlock my phone with my finger while I'm sleeping. Face ID is also bad, because I'd need to keep my camera uncovered to make it work - most of us know it's a bad idea, especially at home. Some kind of USB dongle (or any other physical object) has a similar problem like fingerprint scan - can be used when I'm sleeping. I use strong - complex passwords for my electronics and I'll continue using them.
Yup. There is a certain ancient prophecy that foretells that a world gov will force ALL to get a secure "mark', otherwise they cannot buy or sell. I think this prophecy is a warning, but I think big govs will, unfortunately ignore the warning.
@@Milesco You can fix this in settings, when your display goes dark, you only need to push power button and put your finger on the finger print sensor button without pushing it. Or you can push the home button and leave your finger on the sensor till it opens up your device. Stay safe, healty, strong, happy and be blessed ✌️🍀❣️
0:42 - The Problem with Password 4:47 - How Did We Get There 6:11 - Types of Authentication 8:02 - The FIDO Alliance 9:41 - A Passwordless Future 14:49 - Challenges
They want your bio-metrics; fingerprints, retinal scans, facial impressions etcetera for the coming Social Credit System. You will be "allowed" or "denied" service and conveniences based on what the government and big tech decide is good for them or you. You won't get to decide. Just like RUclips banning and ghosting accounts that don't support their agendas. Want to fly to the UK? Denied. Why? Who knows? The algorithm decided and there is no appealing these decisions. Want get an Uber to the next town? You don't qualify. Want to spend your money? Not today, you should be saving more. Want to get that burger? Not until next week. We know what's best for you. The social crediting system is already being implemented in China and testing in "smart cities" in Australia and Canada. None of this is for your benefit or to stop the terrorists or to save the planet. It is a means of total control. Totalitarianism.
Because I was thumb or face password for so long I forgot my actual password so when I bought a new phone I lost all my photos of my kids throughout the years. I try to recover it through email but same thing been so long since I typed in my password for my email I can’t remember it
@@zachw566 if you think you are not guilty of breaking the law you are asleep. If law enforcement wants to arrest you they will find something on you. There are over 300,000 federal crimes on the federal law books. That doesn't even count state, county, city, municipality laws.
Yes, yes you can get a court order to pony up passwords, plenty of people have gone to jail for failing to give up their passwords. If justice system decides to screw you over, you are going to get screwed over and no kind of IT security is going to stop that. Having functional IT security and having functional and fair justice system are two different and unrelated issues, you can't fix one with the other and there is no good reason to make policy of one based on policy of the other.
$50 a call to reset a password? Come on it takes 2-5 minutes of someone that gets paid about $12 an hour...I know I use to be that $12 an hour person long ago.
@Adithya R but it is open source with no first party android/ios app. Lasspass has chrome extension and Apps for phone which are synced. Which is more convenient.
@Adithya R Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass' servers, and are never accessible by LastPass
The ultimate advantage of passwords are: *You can't steal it from the person's mind* !! Finger print: you can unlock someone's phone when they're sleeping by simply placing the owner's finger. Face ID: Similar to above
So a hacker will sneak into someone house and slip into their bedroom and unlock their phone while the person sleeps? Impressive ninja skills. Or would a hacker cracks your password remotely be more feasible. I wonder which one would the hackers prefer.
@@prithvirajb1953 you dont need the face you only need the meta data saved for the face stored, you use the data hacked from the phone or fingerprint data to hack anything
Not to mention that our Supreme Court ruled that law enforcement could just force anyone to use their biometrics to open their phones, but could not force one to give up their password to open it.
I do worry what possibilities there may be in this respect. Can well imagine neural network technologies advancing to the point where this isn't difficult, especially with voices and faces
Of course, how else are lawyers supposed to make money if they're not out there defending you in an endless case of stolen identity where your likeness has been hi-jacked.?
Wrong. Some China hacker who lives in a basement isn't getting this. They are hacking using passwords. By using 2 factor or password less they aren't getting in.
....so to protect our information we must provide more information? Like facial features and biometrics on top of our passwords? Why does it sound like we're giving them more leverage... or....am I just paranoid.
Nope. This is a terrible idea. You are 100% right. We need to fight to preserve the password. It is the only way to preserve privacy and security. That is why big corporations and authoritarian regimes hate the password so much.
9:22 I'm glad that the director of the FIDO alliance is telling us that FIDO protects our privacy. Definitely a completely unbiased opinion from his side.
@Joe Blow there's a difference between the hospital having it, the government having it, and the private corporations having it. Most doctors and nurses are good people, government is accountable (because if it comes down to it you know who to revolt against), private corporations are a much bigger problem.
"Our bad habits?" Oh sure, we decided this was the way to do things, not the companies. And even though passwords suck, let's make a few things clear: the alternative is either more money for them and/or less privacy for us.
This seems like legit big brother. The NSA can't crack our complex 20 digit passwords, so they are going to force us to use face-id and then they can just hold the phone in front of us... and boom handcuffs for having the wrong opinion. Yes, I know I am paranoid. Honestly, just don't want my wife to get in my phone while I sleep.
CORRECT. This is herding the sheeple into the slave world. The power hungry oligarchies wet dream. Supreme court ruled Cops cannot force you to use your password, however they own your biometric data and can force you to use it.
It's now after November 5th 2024 (it's November 13th) & you are not paronoid anymore; your concern is now legitimate & now within good reason ! A 1 party (of sub-parties) government is being formed by those who plan to dismantle the governing bodies (as we've always known it) & replace it with family names of conglamorates & decietful stock holders!
Of course. Make an argument against how 'inconvenient' passwords are, and how you need 'help', then implement an argument for how convenient and secure fingerprinting is and voila, you have the masses convinced to give their true biological identity everytime they use the net. Oh, you complained about joe biden? Your fingerprint is linked to this comment, perhaps we will freeze your bank account for wrong think.
It’s not needed either. There’s systems used by hospitals for example that the company you log into creates a password for you before you log in that expires in a minute. I refuse to give my bio data either. It’s not needed. The current way of having two authentication steps is good enough. We all know now not to trust big tech. That are literally banning people from their service based on politics. They have no need to have our fingerprints, etc.
@@Noblyuntruthful sir.... I 100% agree. Privacy is important and I am a computer science major. I wouldn't trust any company with my finger print and any face recognition network. I will never let the government have that much power over us.
Yes, this is exactly what it's about. The biggest risk is to join your accounts by using for ex Google or even (horror) Facebook. Do not use biometrics on things like phones. The secret must be in your head. Dont use the same user I'd, dont join the accounts. Clear webbrowser after every use, use reasonable vpn.
Remember how you had your photo take at the staff function ........ There's been some files that have been / taken / altered / stolen /deleted and your / fingerprints / facial photo / is the link .....
In india, police can retract passwords that you have even forgotten or used in previous life within an hour of special custody in police station. Lmao, crazy technology we have.
Indeed. I encourage people to search for "surveillance capitalism". I'm very uneasy about handing over biometric data. From the sounds of it, that FIDO standard is supposed to protect user privacy by keeping everything local at least.
@@janguvpes7518 Yeah, I'd like to know more about how that works. Okay, you can access the local device, but what happens if you need to borrow a friend's phone or computer to look something up on your RUclips account? Without passwords, how do you identify you're you without giving biometric data to the receiving company? You buy a new computer, but you still have your old one because of the data stored on it. How do you reestablish all of your accounts on the new computer if the receiving end has no way of authenticating who you are? I'd be very interested in knowing more about how this is all kept "local".
@@c182SkylaneRG I believe it works by communicating a hash number to servers, so that this could be in common across devices, but what's not communicated is some key on a local device, which is translated via an irreversible algorithm locally. Or something like that... I'm not especially well informed about it. But you can see how the principle is in play with the biometric dongles used in MS in the news report.
@@janguvpes7518 Actually, the news report shows you literally nothing reassuring, just that you put your fingerprint into a magic black box and it grants you access. However, your mention of "hash" and "irreversible algorithm" reminds me of a few videos Tom Scott has made on the subject, which I'd forgotten about. He DOES go into the details about how the mathematical algorithms work to force passwords to only go in one direction, and not be visible on the other end, while still authenticating the user.
@@davidabulafia7145 Sure David, with roof toss you can splat. The fact is that the entire notion of security is a sham with entities like israel around f*cking with humanity. You assholes have taken unauthorized butt pic selfies of mine. Is it only coincidence that these were the moments that I was reaching out to you with fresh dung offerings?
I was waiting on the discussion about how crappy biometrics actually is at security but I'm at the 11 minute mark and it's just an ad for tech companies... nvm.............
@P Ciprian very, very wrong. This isn't 2005 biometrics. Unless it's optical you 100% cannot imprint the biometrics. Even if you could that's still 1000000x safer then passwords lmao
@@omarh1315 you do realize that the data must be transmitted at some point, right? simply having access to its binary representation is enough. Some website IS going to leak it, and at that point, hackers have a guarantee that you use the same password everywhere else, and you can't even change it.
Uhhh what if I want to share my computer with someone? I call home and need my wife to email a paper to me at work?? How can I tell her the password if there isn’t one lol
Individuals protect their passwords. I know I do! Corporations don’t seem to be able to protect our passwords. They get hacked all the time. So they don’t want passwords because they can’t protect our passwords. Then they would be legally liable. That actually makes sense.
I keep all my passwords in a spreadsheet, but they're "encrypted", that is, written in a way that only I understand, so they help me remember what each password is for each site or service.
Just use a password manager. Preferably one open source and capable of auto fill on all devices like Bitwarden. You can self-host a lightweight Rust implementation in bitwarden_rs if you don't want your vault to live in Azure servers.
@jeffrey vaughan If it's behind a 7 word diceware passphrase good luck with that. Not to mention if a hacker has local access to your computer to take advantage of that you've already been hacked.
Yea and that's exactly why they are doing this push... A fingerprint is literally just a password when it comes down to it, except one that can't be changed... And one they already know since they pretty much have everyones fingerprint already.
YourTV Unplugged the cops dont have everyones fingerprint. They put your fingerprints in a database when you get arrested, so the only people that would be vulnerable to this are people who got arrested before
Biometric data is not shared to the internet. Your Android, Windows, iOS, or MacOS devices, do not share your finger print data or facial recognition data to the internet, all the detection and analysis is done on the device and it is impossibly difficult for hackers to steal your device, and then physically unencrypt that data.
Remember the "Demolition Man" scene where the eye was speared on a pencil to access via retinal scan. It can't be by the revealing of identifying information, it has to be a challenge response of a one time password not the revealing of something static such as a fingerprint or a retinal scan. Unfortunately, to make a challenge response one time password convenient requires implanted chips or a token device such as a phone which represents your identity.
Khan Piesse it’s still able to steal. if analysis is done on device, surely you just hack the device. Call me stupid I’m fine, but nothing is unhackable. Hackers will do anything they can in their power to steal your data.
@@KhanPiesseONE That's the thing, you have no way of knowing that. You're relying on their word. The software is proprietary, so you can't actually know what it does.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Facial recognition and thumb print is a good way to ensure that you do not put a piece of tape over the camera allowing them to record your actions at will.
There's the cost of infrastructure to establish the programme, the training, the software and hardware required, not to mention the lost productivity. If you're going to say something, at least make it sound like you're not aged eleven.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Yeah, I know that when I call India I am paying 50 per call, what a lie. This is biometric registry propaganda. They left out the real reason passwords no longer work. Qbits
Anyone who has been arrested, even for minor offenses has their fingerprints and Photograph recorded. In some cases, swabs are taken for DNS records under the pretense of undertaking a drug test.. Biometric data security also has as many holes in it as a Swiss Cheese.
@@andrew_koala2974 Just for being arrested? In my contry all of my fingerprints were scanned when I was getting my citizen ID. Not gonna lie, they do use it for authentication, as later that day I had to authenticate and any of my fingers could do
Imagine having ur full name as ur username and you post selfies online but complain about face n fingerprint readings in the wrong hands.....lmfao what on earth would a criminal need or want ur selfies or prints for 😭😭😭😭😭
And people thought Skynet was fantasy. You get addicted to the technology and they force you to sacrifice your privacy and identify. It's weird and disturbing.
"And then you type - and possibly mistype" XD During that he literally sounds like one of those infomercial guys, only missing was the greyed out background footage of people trying the most stupid and impractical ways to type in passwords with a big red x across the screen
Sounds like a bad idea: If they hack their system they can steal my password, but I can change it later. If they steal my fingerprints / retina how am I supposed to change it later? Also by stealing my eBay password, they will never be able to log on my Instagram account, but if they steal my retina / fingerprint they will be always able to log in in every platform I use.
I agree with you. Lately I found different videos about this topic. It seems that even voice recognition is rather "easy" to bypass using a laser beam directed to a mini microphone. I don't remember correctly how it worked but SmarterEveryDay made a good video about it. Fingerprint is something we let behind us everyday and anyone could find and copy them. The face is even worth, there are video surveillance everywhere. I also saw some guy unlocking his smartphone by showing a video of himself on an other smartphone. Password managers like KeepassXC with a (one) good password and a Key File seems like a much safer option to me. And as a bonus we do not need to give our face and fingerprint infos to company like Google that are very well known for not giving a sh** about user privacy.
If these companies get hacked, no one is stealing your password... they're stealing an artifact that has been generated by your password called a "hash". It's not the actual password. Let me repeat that again. Google, FB, etc. do NOT store your passwords. Similarly, they won't actually store your biometrics.
@@MaximusAlcarinque I guess www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/#41d954f2411c, or maybe haveibeenpwned.com/PwnedWebsites#DemonForums I guess nobody really uses these, but some sites like haveibeenpwned.com/PwnedWebsites#Tokopedia are still using salted MD5s. And haveibeenpwned.com/PwnedWebsites#Tokopedia, SHA-1s, essentially the same in hashes I guess
"Ethical hacker" =)) . The passwords are like locks for the door, everyone with a certain knowledge could lockpick it or with raw power could break a window or the door and not care about the lock, but you still lock the door because it acts like a discouragement and a psychological barrier. Keep your passwords safe and have a nice day.
Facial recognition security cameras are already being deployed by government agencies, and I have to imagine they'll inevitably be available for the consumer market. May not be 10 years, or even 20 years, but there will be machine learning/facial recognition cameras widely available. Facebook already has the largest database of available faces to test against. 100% spot on when you say it's not a good idea to wear your password on your face when ANYONE will be able to scrape that information. What will happen then? Probably won't even need physical access to the device to feed spoofed credentials into it via camera api or whatever.
The more you cost to them the more they're apps will cost you and the more data about you will be collected to be sold, so you should stop antagonizing big companies, if you don't like them just don't use their services
"phishing attacks are caused by passwords"? phishing attacks are used to gain passwords. Microsoft needs a new taklking head. That was an unclear statement at and just wrong at worst.
Well, the existence of passwords is what causes phishing attacks to exist in the first place. They aren't wrong. No passwords means there is no use of phishing attacks so they won't exist.
So what they know what your right thumb or left eye looks like? That isn't you just a tiny fraction of your body. Plus fingerprints aren't even unique.
Retinal scanners is a way better security protocol to have, it's like your fingerprint can't be used without having the eyeball present...or the rest of the head.
Me: *wears makeup* Laptop: I have never seen this woman in my entire life. Funny enough, it has no problem recognizing me with no makeup and hair partially covering my face
The 2 are very distinct issues. You could have an alphanumeric password that appears to have an entropy of 128 bits but if you generate that password “randomly” using software that had a vulnerability in its random number generator, it’s possible that password generation is deterministic in nature (not truly random) making your password vulnerable. This is mostly applicable to encryption keys and such, not so much service provider websites where the number of attempts to log in may be too limited.
I like the idea of question and response for a password. The question and response should both be completely free form though. You don't have to remember a complicated password because the computer will simply ask you to recall the answer to a question you told it to ask. If the answer the computer requires can be a full sentence rather than a single word, that makes it far more secure as well.
Apple's 1 in 50k was actually a downgrade. If 1 in 50k random fingerprints unlocks your phone that is like having a 3 letter password. It would take the same number of tries to try all combinations. Same with the face id 1 in 1 million. Having an 8 character password gives billions of combinations and is much more secure. All these biometric systems such as voice and face scans can be faked by a computer AI. You would really need to have some way of making sure that what it is looking at is alive and not a recording which is not possible on a system that a person has physical access to. If I can get at the wires of a camera or biometric sensor I could feed it a video I took while walking past you and get in. Imagine if the government arrested you and wanted to get into your phone. They drill a hole in the back of the case and solder some wires to the camera and attach it to a computer USB port. The USB port outputs a video/data feed that was recorded with another iphone while walking past you in an interrogation room and the phone unlocks. A password however is encrypted inside the phone so without knowing what it is you would need to crack the encryption on that password. The only secure password is a long password that you know and nobody else.
I know this post is old, but if you're full time your employer is paying their portion of social social tax, unemployment benefits, health insurance, and 401K or 403B match. Plus there is the expense of internet, power, property rent, software licenses, and equipment required for each call that comes into a help desk. Together it's a lot more than just the hourly rate.
To me, that's way less secure than just making you pick a complicated one and sticking with it indefinitely. People that have to change their passwords regularly come up with patterns to help them remember them. Very obvious patterns. Usually a common word and a pattern of digits. The digits change, following a pattern, but the word never does.
Yes, I hate this policy so much. Every time they make me change mine something gets screwed up on the backend and I get locked out or single sign on fails and I can't do any work. I have to call the helpdesk for them to reset it to Password123 or whatever so I can get back into my system, then they tell me to change it again in 24 hours but I this last time I just left it alone. Every 3 months I follow their directions to change the password and it screws up in the backend every time, so I'm just keeping it as Password123 this time. If it gets hacked then oh well, fix the backend.
Remember. The court cannot force you to say anything, including your password, to prove yourself guilty but the court can force you to surrender any hardware keys which might get you convicted.
Not too sure I'm comfortable giving my cell phone company facial recognition/voice recognition/fingerprints that they can turn around and sell to the highest bidder.
I unlocked a tablet with face recognition by downloading a photo of the owner to my phone from facebook and putting the phone screen with the photo in front of the tablet camera to unlock it.
It seems like most of these companies are trying to go from one-factor authentication with passwords-only to one-factor authentication with biometrics-only. Problem with biometrics is they don't require you to cooperate with someone who wants in (likewise for keys). If your phone uses fingerprints only, and someone has you tied up, they can just force your finger onto the sensor and get in. Now, if you combine biometrics with a password, forcing a finger onto a sensor only gets you halfway there if the person won't cooperate and tell you the password. Of course, the best approach is to combine all three methods and have a password, a physical key, AND a biometric scan, and require all three to be valid before giving access.
KeePass is a solid free open source password manager that stores all of your passwords wherever you choose (not a centralized database) and will auto generate a password for you depending on the parameters you set for it. For anyone who doesn't want some James Bond style fingerprint lifted off your scotch glass and then open all of your accounts.
I feel like password managers where very intentionally left out to serve their agendas. Cmon.. password managers are great, you get really tough passwords, can share access to Netflix without even sharing the password, login info gets inputed automatically if you want. And if you don't trust the companies providing the service (they say your passwords never get to them unencrypted, i.e. they couldn't use them even if they wanted to), you can always run a service like that locally
Yup, and on top of that, you can layer the unlocking of your database file with something like a Challenge-Response from a Yubikey on top of your master password. Only threat you face then is somehow leaving it open on a device, or getting a clipboard malware/keylogger on your computer. I don't see how the file itself could possibly be cracked with both a long master password as well as a Challenge Response on it. Still, it reduces a lot of other threats, leaving only highly targeted attacks. (As far as I know I'm not a professional)
Apple & Microsoft: 'Passwords are insecure' Also Apple & Microsoft: 'Your cats name seems like a fine password to me' How about shipping a password manager with the os ...
Passwords aren't sufficiently secure & it costs companies millions to recover. Saved you guys 17 minutes.
Thanks. I don't agree with it though...It's just because they want us to use our heads as chips in the end so whatever they say is for that final goal
Hero
Thx, can watch something else now :D
Thank you, I was like really 16 min to explain that? 🙄
Thanks bro
This doesn't allow users to share prime and Netflix passwords
abdul reeyas don’t forget if two or more people shares the same device, due to the cost of buying more devices. Like a family shared desktop computer or laptop because the family could only afford one desktop computer or laptop.
You don't have to, business is business : )
Companies should be supporting the delegating of access to user accounts as required. If I want to give my child access, then I should have the flexibility of giving them full access or limited access to view/purchase content.
There can be many ways to allow others to login into your Prime or Netflix account..
Harshit Mishra can I borrow yours then?
Windows hello at work: "Your face will expire in 3 days. Your new face must contain a special character"
😂
Underrated Comment
😂🤣🤣😁 Time to grow a beard!
LOL
More like: your new face cannot be the same as the old one
As a former developer, that line "keep 20-40 passwords" just hit me in the soul lol. I have a whole folder, filled with passwords and usernames jotted down on paper. Whenever I had to clear my cache, I cried a little.
Idc.
@@Marzapanmars ooh so salty, did your mom deny you McDonalds?
1. Photograph all the pages of the folder mentally.
2. Burn the folder.
There buddy. Saved you from having your life stolen! :)
Fking Christ dude, just use a password manager like KeePass. What the hell
I love how a lot of companies force you to reset your password every 6-8 months; depending of the company.
And everyone is complaining that changing passwords is expensive.
You’re literally forcing us to change them.
I read an article in Russian that recommended disabling all face and fingerprint recognition on your devices and instead use a password. The reason for that was the fact that a policeman can unlock your device without your permission and see your contacts, communication, etc., for example after arresting you during a peaceful protest
You are so right. If someone is robbing you you are screwed. Also, will a phone, PC, iPhone send you BIO data to Microsoft, google or apple to be stored, misused without your consent? I am sure a 3D printer in the near future will be able to print a copy of someones head from a picture to use it to unlock a device. Just look ar the software that can animate a person just from an old photo.
Jan 21 - There's a site called weleakinfo.com
Jan 22 - U.S Department of Justice - Say no more
Lmao the people who are fans of the site are probably trying to hack vox now
“I’m about to end this man’s whole career.”
It would be cool if they worked out a deal to show the passwords to an email, but hide them so at least you'll know if they have your password or other info and can react accordingly, because if they had it, chances are someone else does.
@@PatThePerson Have I Been Pwned just gives you a "yes" or "no" response to data you enter, so you can try all of your email addresses and passwords and get an up or down response to whether they've been compromised without someone else being able to enter your email address and see all your hacked passwords (which you might still be using).
I can't believe it took a video to let the DOJ finally do something. Lol
Tech companies: Don't use passwords, use fingerprints which can identify you even if you're unconscious
Hong Kong Police: Excellent!
Exactly, someone may unlock my phone with my finger while I'm sleeping. Face ID is also bad, because I'd need to keep my camera uncovered to make it work - most of us know it's a bad idea, especially at home. Some kind of USB dongle (or any other physical object) has a similar problem like fingerprint scan - can be used when I'm sleeping. I use strong - complex passwords for my electronics and I'll continue using them.
@@john_gyver The cops don't need to wait for you to sleep. They can force your finger onto the sensor. Not a good thing.
@@asdfasdf-vy4pj Yeah, it's Brave New World.
Yup. There is a certain ancient prophecy that foretells that a world gov will force ALL to get a secure "mark', otherwise they cannot buy or sell. I think this prophecy is a warning, but I think big govs will, unfortunately ignore the warning.
@@dizzywow That's exactly what i was thinking. Law enforcement has got to love this future!!
Companies: get rid of passwords, they are not secure
Also companies: password required after phone is restarted
i don’t get why we need to enter a password after restarting a device.
@@navtejsingh9248 I’ll assume it’s because the phone is encrypted when it’s turned back on and the password unlocks everything
@@navtejsingh9248 : Hell, I have to enter my password every time the display times out and goes dark.
@@smoke.it.eat.it.grow.it420 : Yeah, I know, but I leave it that way for security reasons.
@@Milesco You can fix this in settings, when your display goes dark, you only need to push power button and put your finger on the finger print sensor button without pushing it. Or you can push the home button and leave your finger on the sensor till it opens up your device. Stay safe, healty, strong, happy and be blessed ✌️🍀❣️
0:42 - The Problem with Password
4:47 - How Did We Get There
6:11 - Types of Authentication
8:02 - The FIDO Alliance
9:41 - A Passwordless Future
14:49 - Challenges
Heres your medal 🎖
I love ppl like u
You forgot 13:10, apple trying to sell more Apple watches. Lol what a joke.
They want your bio-metrics; fingerprints, retinal scans, facial
impressions etcetera for the coming Social Credit System. You will be
"allowed" or "denied" service and conveniences based on what the
government and big tech decide is good for them or you. You won't get to
decide. Just like RUclips banning and ghosting accounts that don't
support their agendas. Want to fly to the UK? Denied. Why? Who knows?
The algorithm decided and there is no appealing these decisions. Want
get an Uber to the next town? You don't qualify. Want to spend your
money? Not today, you should be saving more. Want to get that burger?
Not until next week. We know what's best for you. The social crediting
system is already being implemented in China and testing in "smart
cities" in Australia and Canada. None of this is for your benefit or to
stop the terrorists or to save the planet. It is a means of total
control. Totalitarianism.
Thank you, good sir!
One thing this report failed to say…
The same Password still required to reset, change or even remove biometric security
It's said but in the case of Apple's Face ID recognition fail
Because I was thumb or face password for so long I forgot my actual password so when I bought a new phone I lost all my photos of my kids throughout the years. I try to recover it through email but same thing been so long since I typed in my password for my email I can’t remember it
Alvaro Arellano you should download google images so u can store everything there aswell. Just as a back up & it’s completely free
@@alvaroarellano5922 i guess thats why two factor auth is better. You have to use both
@@alvaroarellano5922 it's better to write down your password in a diary or something. I store mine in last pass because I have so many accounts.
you can't get a court order for a persons password, but you can use their face / fingerprint to unlock secured items like phones etc.
Nothing to hide nothing to fear
@@zachw566 if that was the case, why does the government have secrets?
National Security. The safety of its military interests and citizens. It’s economic prosperity, etc
@@zachw566 if you think you are not guilty of breaking the law you are asleep. If law enforcement wants to arrest you they will find something on you. There are over 300,000 federal crimes on the federal law books. That doesn't even count state, county, city, municipality laws.
Yes, yes you can get a court order to pony up passwords, plenty of people have gone to jail for failing to give up their passwords. If justice system decides to screw you over, you are going to get screwed over and no kind of IT security is going to stop that. Having functional IT security and having functional and fair justice system are two different and unrelated issues, you can't fix one with the other and there is no good reason to make policy of one based on policy of the other.
$50 a call to reset a password? Come on it takes 2-5 minutes of someone that gets paid about $12 an hour...I know I use to be that $12 an hour person long ago.
kevinsmak it’s not just the cost of the person. It’s the whole cost of the systems, labor, office space, etc to handle the calls.
very nice 3 call each day and you are set for the daily work.
They can just have you reset the password via email instead of call a person.
@@dannydaw59 And if its the companies email password they need? Some companies bans the use of gmail/hotmail etc.
Someone didn't get paid $$ / got ripped-off..
🤣🤣🤣
Blames user for using passwords.
Never blame themselves for having a weak security system and infrastructure.
Pretty crappy way of avoiding lawsuits.
Part of protecting data against hackers is making the data itself more complicated to replicate.
@@JustCrayZ which is accomplished by hashing algorithms and salting. Not by using stronger passwords...
@@JustCrayZ what game channel said!
One of the most used passwords (for phones) is the person birthday lmao
Plus ”Password” and ”Querty”
Twice so far I've caught my wife trying to use my finger print to unlock my phone while im asleep. Little does she know, I used my big toe. ;)
OMG wow you're a hound dog you must be
😂😂😂 your too funny.. i died when i stumbled across your comment!
lMAO!
Ha ha ha!
This is a real good one... is it a jock???
Imagine a future where anonimity is impossible.
@Gary Basra considering it would give a lot of power to authoritarian govts its not exactly a fair tradeoff
Government collection of bio-metrics. And CNBC pushing their agenda by dissing passwords.
Next....
cryptography.... its a part of nature....
anonymity* btw
and its always possible
That's their goal. It'll be hard to achieve...
I would rather not lol
This video is sponsored by LastPass.
LastPass I used to use it but I never use it since if you forget your password then you would never get it back.
@@ReaganVFilms your job is to remember just one password. And there are redundancies if you forget your password.
@@ReaganVFilms you can enable recovery options against almost all password vaults
@Adithya R but it is open source with no first party android/ios app. Lasspass has chrome extension and Apps for phone which are synced. Which is more convenient.
@Adithya R Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass' servers, and are never accessible by LastPass
The ultimate advantage of passwords are: *You can't steal it from the person's mind* !!
Finger print: you can unlock someone's phone when they're sleeping by simply placing the owner's finger.
Face ID: Similar to above
So a hacker will sneak into someone house and slip into their bedroom and unlock their phone while the person sleeps? Impressive ninja skills. Or would a hacker cracks your password remotely be more feasible. I wonder which one would the hackers prefer.
Face ID can actually detect if the person is sleeping
@@prithvirajb1953 you dont need the face you only need the meta data saved for the face stored, you use the data hacked from the phone or fingerprint data to hack anything
🤫😅
Not to mention that our Supreme Court ruled that law enforcement could just force anyone to use their biometrics to open their phones, but could not force one to give up their password to open it.
This will start an industry of lifting and duplicating voices and fingerprints.
Now there is a business opportunity selling voice changers.
I do worry what possibilities there may be in this respect. Can well imagine neural network technologies advancing to the point where this isn't difficult, especially with voices and faces
Of course, how else are lawyers supposed to make money if they're not out there defending you in an endless case of stolen identity where your likeness has been hi-jacked.?
You'd better get used to changing your voice and your fingerprints!
Wrong. Some China hacker who lives in a basement isn't getting this. They are hacking using passwords. By using 2 factor or password less they aren't getting in.
....so to protect our information we must provide more information? Like facial features and biometrics on top of our passwords? Why does it sound like we're giving them more leverage...
or....am I just paranoid.
Nope. This is a terrible idea. You are 100% right. We need to fight to preserve the password. It is the only way to preserve privacy and security. That is why big corporations and authoritarian regimes hate the password so much.
9:22 I'm glad that the director of the FIDO alliance is telling us that FIDO protects our privacy. Definitely a completely unbiased opinion from his side.
I'd rather my data gets breached than give you a retina scan ...
Fn right. Corporations can not be trusted anywhere anytime for any reason. You can trust them to use and abuse people.
I am working on a system that uses a rectal scan.
@@andrew_koala2974 lol
Wow just wait until you learn about drivers licenses and social security... 🙄
@Joe Blow there's a difference between the hospital having it, the government having it, and the private corporations having it.
Most doctors and nurses are good people, government is accountable (because if it comes down to it you know who to revolt against), private corporations are a much bigger problem.
"Our bad habits?" Oh sure, we decided this was the way to do things, not the companies. And even though passwords suck, let's make a few things clear: the alternative is either more money for them and/or less privacy for us.
This seems like legit big brother. The NSA can't crack our complex 20 digit passwords, so they are going to force us to use face-id and then they can just hold the phone in front of us... and boom handcuffs for having the wrong opinion. Yes, I know I am paranoid. Honestly, just don't want my wife to get in my phone while I sleep.
CORRECT. This is herding the sheeple into the slave world. The power hungry oligarchies wet dream. Supreme court ruled Cops cannot force you to use your password, however they own your biometric data and can force you to use it.
Real talk. Also what if someone just holds up a picture of you. Can the device tell the difference between a picture of somebody and the real face?.
@@T-Dog_nation imagine if someone 3d prints your face
facts
It's now after November 5th 2024 (it's November 13th) & you are not paronoid anymore; your concern is now legitimate & now within good reason ! A 1 party (of sub-parties) government is being formed by those who plan to dismantle the governing bodies (as we've always known it) & replace it with family names of conglamorates & decietful stock holders!
Voice recognition isn't effective. What happens when you get a cold and loose your voice? You're screwed.
Carlo Cocciolo just use both fingerprints and norm password
I work in voice recognition tech -- voices are not that unique.
Does burning your hand on a hot pot change your finger print til it recovers? This would be another realistic issue
@Carlo Cocciolo Use your other finger (which hopefully isn't compromised)
Or just stay with passwords I suppose
@@mscolli3 and super easy to reproduce with a sample.
$50 to reset a password, ok mate.
Yeah that was weird. I guess if you take two people's salaries for 10 minutes, plus some tech???
Wouldn’t it be lower because most of them use India it people, their wage costs are lower?
It's automated , the money spent is whatever the server spent processing your request . This is rubbish.
Ie the energy output.
S C I’m pretty sure he was just generalizing his figures, it’s not his math that we’re questioning
i work with servers and people woul call me everytime to reset passwords lol 🤣🤣
This is literally just a push from big tech to get a hold of even more of your personal data
Of course. Make an argument against how 'inconvenient' passwords are, and how you need 'help', then implement an argument for how convenient and secure fingerprinting is and voila, you have the masses convinced to give their true biological identity everytime they use the net. Oh, you complained about joe biden? Your fingerprint is linked to this comment, perhaps we will freeze your bank account for wrong think.
Very hegellian.
It’s not needed either. There’s systems used by hospitals for example that the company you log into creates a password for you before you log in that expires in a minute.
I refuse to give my bio data either. It’s not needed. The current way of having two authentication steps is good enough.
We all know now not to trust big tech. That are literally banning people from their service based on politics.
They have no need to have our fingerprints, etc.
@@Noblyuntruthful sir.... I 100% agree. Privacy is important and I am a computer science major. I wouldn't trust any company with my finger print and any face recognition network. I will never let the government have that much power over us.
Yes, this is exactly what it's about. The biggest risk is to join your accounts by using for ex Google or even (horror) Facebook. Do not use biometrics on things like phones. The secret must be in your head. Dont use the same user I'd, dont join the accounts. Clear webbrowser after every use, use reasonable vpn.
2030 - Experts say that microchipping people is the only way to truly authenticate users
I don't have a microchip but that pesky cat that lives with me does.
She gets on instagram all the time when the human is at work.
sadly, probably accurate.
They can start it on you.
@@ferry602 anyone is up for grabs
Mitchell Malouf experts huh? I’ve raised 4 boys, would that make me an expert in raising children?
"Hey Jim, can I use your computer to print something?" "Sure, let me rip my face off so you can log in."
Remember how you had your photo take at the staff function ........
There's been some files that have been / taken / altered / stolen /deleted and your / fingerprints / facial photo / is the link .....
LOL. That was a good one 😄
Haha a joke...yay
Would a picture of the person do the job? or holding a phone in front of the person's face when they sleep? Hmm
@@jen_nice2059 what's funny about that? It's the truth.
The police would love no passwords, they'd just grab your thumb and place it on the scanner then testify "He opened it up when we asked him to!"
In india, police can retract passwords that you have even forgotten or used in previous life within an hour of special custody in police station. Lmao, crazy technology we have.
@@pun-ditji2937 wow, interesting!
@@pun-ditji2937 IK
@@pun-ditji2937 Our indian police even have 100 years old data 😆
oh yeah. that's a definite. then lie about it in court covering each others' asses.
It's not OK to be giving your biometrics to these businesses
I agree. It is for AI tracking and learning. It makes me uneasy. I refuse to use it on my phone.
Indeed. I encourage people to search for "surveillance capitalism". I'm very uneasy about handing over biometric data. From the sounds of it, that FIDO standard is supposed to protect user privacy by keeping everything local at least.
@@janguvpes7518 Yeah, I'd like to know more about how that works. Okay, you can access the local device, but what happens if you need to borrow a friend's phone or computer to look something up on your RUclips account? Without passwords, how do you identify you're you without giving biometric data to the receiving company? You buy a new computer, but you still have your old one because of the data stored on it. How do you reestablish all of your accounts on the new computer if the receiving end has no way of authenticating who you are?
I'd be very interested in knowing more about how this is all kept "local".
@@c182SkylaneRG I believe it works by communicating a hash number to servers, so that this could be in common across devices, but what's not communicated is some key on a local device, which is translated via an irreversible algorithm locally. Or something like that... I'm not especially well informed about it. But you can see how the principle is in play with the biometric dongles used in MS in the news report.
@@janguvpes7518 Actually, the news report shows you literally nothing reassuring, just that you put your fingerprint into a magic black box and it grants you access. However, your mention of "hash" and "irreversible algorithm" reminds me of a few videos Tom Scott has made on the subject, which I'd forgotten about. He DOES go into the details about how the mathematical algorithms work to force passwords to only go in one direction, and not be visible on the other end, while still authenticating the user.
nope, still don't want to give my biometrics to these corporations
@Wuanslm then why the hell are you using their services?
GURken Why the government already has it
@@sanchitjain3498 Does that means that they are allowed to compromise privacy ??
@@linuxinside6188 Well they have policies which prevent them compromising with our privacy.
@@linuxinside6188 And the biometrics are stored in your own device, they don't have any access to it
**Goes to weleakinfo.com**
This domain has been seized by the Federal Bureau of Investigation.
Oh.
With finger prints you can get a sleeping or unconscious person to forcibly put their finger on their laptop or mobile.
@@davidabulafia7145 Sure David, with roof toss you can splat. The fact is that the entire notion of security is a sham with entities like israel around f*cking with humanity. You assholes have taken unauthorized butt pic selfies of mine. Is it only coincidence that these were the moments that I was reaching out to you with fresh dung offerings?
D.S Tice, You went to the wrong site
@420 Friendly " you must log in first " I find that funny
Bruh use tor browser, it works
I was waiting on the discussion about how crappy biometrics actually is at security but I'm at the 11 minute mark and it's just an ad for tech companies... nvm.............
How in the world did you come to the stupid ass conclusion that biometrics are crappy security.
It's MSNBC what did you expect. They are corporate crooks
@P Ciprian very, very wrong. This isn't 2005 biometrics. Unless it's optical you 100% cannot imprint the biometrics. Even if you could that's still 1000000x safer then passwords lmao
@@omarh1315 /facepalm
@@omarh1315 you do realize that the data must be transmitted at some point, right? simply having access to its binary representation is enough. Some website IS going to leak it, and at that point, hackers have a guarantee that you use the same password everywhere else, and you can't even change it.
Uhhh what if I want to share my computer with someone? I call home and need my wife to email a paper to me at work?? How can I tell her the password if there isn’t one lol
🍷😆
Well you are sol guess you shouldve used a password
@George Armstrong you cant remote unless its already unlocked
life size print out or silicon head 😂
You should never be sharing your password with anyone. The shared rights should exist on the device or data inherently.
Individuals protect their passwords. I know I do! Corporations don’t seem to be able to protect our passwords. They get hacked all the time. So they don’t want passwords because they can’t protect our passwords. Then they would be legally liable. That actually makes sense.
Your password is most likely stored as hash, and if your password is secure enough it will not be recovered by an attackers
I keep all my passwords in a spreadsheet, but they're "encrypted", that is, written in a way that only I understand, so they help me remember what each password is for each site or service.
Lol
Wowwwwwwwwwww so what’s your girlfriend like?
Just use a password manager. Preferably one open source and capable of auto fill on all devices like Bitwarden. You can self-host a lightweight Rust implementation in bitwarden_rs if you don't want your vault to live in Azure servers.
@jeffrey vaughan If it's behind a 7 word diceware passphrase good luck with that. Not to mention if a hacker has local access to your computer to take advantage of that you've already been hacked.
ISuckTiggos More beautiful than your non existent one may be
Feel like the FBI watched this and then went "oh snap!" and started snatching up these leaking sites lol
Matt S- Was thinking the same. Propably what happened, for real! The alphabet dudes really are just an inept bunch of dorks with pistols, it seems.
I trust my 24 char pass more than Google, Microsoft, Facebook that have multiple lawsuit for privacy breaches and now anti-trust lawsuit
Microsoft doesn't have anti-trust lawsuits (:
@@milksliced they did a decade or two ago
AMEN!
But how do you remember them?
@@carolynworthington8996 its called brain you train it and starts remembering you abandon it and you start believing that natzis were peacekeepers
phones using fingerprint rather than password protection can be accessed by police
I mean it's going to be quite pricey
Yea and that's exactly why they are doing this push... A fingerprint is literally just a password when it comes down to it, except one that can't be changed... And one they already know since they pretty much have everyones fingerprint already.
Of course, how else are they supposed to jam your as$ up?
YourTV Unplugged the cops dont have everyones fingerprint. They put your fingerprints in a database when you get arrested, so the only people that would be vulnerable to this are people who got arrested before
@@MrAwesomenaut actually many jobs require you to have fingerprints taken
That sounds like a cool site, let me go che-- THIS DOMAIN HAS BEEN SEIZED
I activate PotOfDuality
Jofx what do you mean?
@@alexandremercier8851 Just a cross reference to Yugioh, nothing means related to video lol
@@jofx4051 better one HeartOfTheCards.
It always has the answer.
literally i was like omfg ive never seen this before
title should read: How Big Tech Wants To Centralize Your Identity (to track you even better)
Gotta keep a tabs on all the cattle lest they get antsy and want to rebel.
Fear of Big Tech existing is such an American thing. Stop being so sensationalistic and get over yourself
So now hackers are going to get my password but my face my voice, my retina, and my fingerprint. Thanks!
Biometric data is not shared to the internet. Your Android, Windows, iOS, or MacOS devices, do not share your finger print data or facial recognition data to the internet, all the detection and analysis is done on the device and it is impossibly difficult for hackers to steal your device, and then physically unencrypt that data.
Peter Mortensen yes
Remember the "Demolition Man" scene where the eye was speared on a pencil to access via retinal scan. It can't be by the revealing of identifying information, it has to be a challenge response of a one time password not the revealing of something static such as a fingerprint or a retinal scan. Unfortunately, to make a challenge response one time password convenient requires implanted chips or a token device such as a phone which represents your identity.
Khan Piesse it’s still able to steal. if analysis is done on device, surely you just hack the device. Call me stupid I’m fine, but nothing is unhackable. Hackers will do anything they can in their power to steal your data.
@@KhanPiesseONE That's the thing, you have no way of knowing that. You're relying on their word. The software is proprietary, so you can't actually know what it does.
Wish I made $50 every time I got a call for a password reset.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Help desk pay + PTO + cat sick days+ Loan forgiveness + physical cube inside of massive city center real estate+..... do I need to continue?
Facial recognition and thumb print is a good way to ensure that you do not put a piece of tape over the camera allowing them to record your actions at will.
That's true! 🤣🤣🤣🤣 I have a piece of tape on my mobile front camera🤣🤣🤣🤣
I have watched the first Avenger movie so no thank you, I'd like to keep my eyeballs in their sockets.
Companies: we don't want to be held liable to our *plaintext password* leak anymore
Tech companies: "Use voice, face, and fingerprints".
2020: Wear masks, and gloves.
Tech Companies: Oh, FFS!
Samsung had the iris scanner going on in their older flagships, would have been about perfect for the situation now.
lol $50 per call, that comment made me loose interest, this dude is just doing a sale pitch, dont bother watching
What? You mean you don't make $100 per hour answering phones?
There's the cost of infrastructure to establish the programme, the training, the software and hardware required, not to mention the lost productivity. If you're going to say something, at least make it sound like you're not aged eleven.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Yeah, I know that when I call India I am paying 50 per call, what a lie. This is biometric registry propaganda. They left out the real reason passwords no longer work. Qbits
Loose rhymes with goose and is the opposite of tight.
People fear their face and fingerprints being recorded and getting in the wrong hands.
Anyone who has been arrested, even for minor offenses has their fingerprints and Photograph recorded.
In some cases, swabs are taken for DNS records under the pretense of undertaking a drug test..
Biometric data security also has as many holes in it as a Swiss Cheese.
That's why doing it on the local device is so important
@@andrew_koala2974
Just for being arrested? In my contry all of my fingerprints were scanned when I was getting my citizen ID. Not gonna lie, they do use it for authentication, as later that day I had to authenticate and any of my fingers could do
for damn good reason!!!
Hong Kong anyone??
Imagine having ur full name as ur username and you post selfies online but complain about face n fingerprint readings in the wrong hands.....lmfao what on earth would a criminal need or want ur selfies or prints for 😭😭😭😭😭
Will grandmothers be able to adopt to that ?
No unless they are cool grandmothers
Mine keeps forgetting hers. I know. She’s still alive.
@@jhlords2 Tbh they havnt adapted to passwords, they will be better off with biometrics.
How is storing biometric info on a server any safer than storing passwords on a server?
@@jhlords2 vc
V
And people thought Skynet was fantasy. You get addicted to the technology and they force you to sacrifice your privacy and identify. It's weird and disturbing.
They would argue that they have the users 'consent' as you have the choice to refuse their services.
The photoshop work on the weleakinfo fbi seizure page looks like something i'd do when I was 12
"And then you type - and possibly mistype" XD During that he literally sounds like one of those infomercial guys, only missing was the greyed out background footage of people trying the most stupid and impractical ways to type in passwords with a big red x across the screen
Watch when they want to chip us as the alternative to passwords.
You all of a sudden have become a must watch youtube channel, good on you. Keep up the good work. Keep me informed.
Sounds like a bad idea:
If they hack their system they can steal my password, but I can change it later.
If they steal my fingerprints / retina how am I supposed to change it later?
Also by stealing my eBay password, they will never be able to log on my Instagram account, but if they steal my retina / fingerprint they will be always able to log in in every platform I use.
I agree with you. Lately I found different videos about this topic. It seems that even voice recognition is rather "easy" to bypass using a laser beam directed to a mini microphone. I don't remember correctly how it worked but SmarterEveryDay made a good video about it. Fingerprint is something we let behind us everyday and anyone could find and copy them.
The face is even worth, there are video surveillance everywhere. I also saw some guy unlocking his smartphone by showing a video of himself on an other smartphone.
Password managers like KeepassXC with a (one) good password and a Key File seems like a much safer option to me. And as a bonus we do not need to give our face and fingerprint infos to company like Google that are very well known for not giving a sh** about user privacy.
If these companies get hacked, no one is stealing your password... they're stealing an artifact that has been generated by your password called a "hash". It's not the actual password.
Let me repeat that again. Google, FB, etc. do NOT store your passwords. Similarly, they won't actually store your biometrics.
@@swaggydaggy5579 Yes, however some companies will have bad storage techniques, such as plaintext or MD5 just like for passwords, will they not?
@@eqton729v What company is using plaintext or MD5 in 2020?
@@MaximusAlcarinque I guess www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/#41d954f2411c, or maybe haveibeenpwned.com/PwnedWebsites#DemonForums
I guess nobody really uses these, but some sites like haveibeenpwned.com/PwnedWebsites#Tokopedia are still using salted MD5s.
And haveibeenpwned.com/PwnedWebsites#Tokopedia, SHA-1s, essentially the same in hashes I guess
"Ethical hacker" =)) . The passwords are like locks for the door, everyone with a certain knowledge could lockpick it or with raw power could break a window or the door and not care about the lock, but you still lock the door because it acts like a discouragement and a psychological barrier. Keep your passwords safe and have a nice day.
This analogy is entirely false. Nothing about passwords is comparable to door locks.
@@Luxalpa Then I might suggest you look on how a lock works. Virtual or physical, they both share the same principle and concept.
I never lock my doors, why would I? I have nothing worth stealing, don't care if I die tonight.
Imagine wearing your password on your face, every day and everywhere you go.
Andy Hage Yup. Face ID is a joke. The Chinese already know how to do biometric scans on mass populace with cameras on the streets.
Facial recognition security cameras are already being deployed by government agencies, and I have to imagine they'll inevitably be available for the consumer market. May not be 10 years, or even 20 years, but there will be machine learning/facial recognition cameras widely available. Facebook already has the largest database of available faces to test against.
100% spot on when you say it's not a good idea to wear your password on your face when ANYONE will be able to scrape that information. What will happen then? Probably won't even need physical access to the device to feed spoofed credentials into it via camera api or whatever.
Oh, a such a shame we are costing Microsoft money. I'm so sorry for them!
🍷😆
The more you cost to them the more they're apps will cost you and the more data about you will be collected to be sold, so you should stop antagonizing big companies, if you don't like them just don't use their services
How can people not antagonizing them if they tell us such bs
@@nofanfelani6924 what bs are they telling us?
@@Veltorb Can't you tell from the original comment?
If not, then alright. Have a nice new year!
NBC using "big tech" like they're not part of the establishment lol
"phishing attacks are caused by passwords"? phishing attacks are used to gain passwords. Microsoft needs a new taklking head. That was an unclear statement at and just wrong at worst.
Well, the existence of passwords is what causes phishing attacks to exist in the first place. They aren't wrong. No passwords means there is no use of phishing attacks so they won't exist.
Yeah, Im not giving up my fingerprint or eye scan for security. The thieves can take my money, I'll keep my body....
So what they know what your right thumb or left eye looks like? That isn't you just a tiny fraction of your body. Plus fingerprints aren't even unique.
You get to keep the finger or eye lol
I agree with you but I'm pretty sure they already have all that info about us, unfortunately.
Americans are so overly sensationalistic with their privacy and big tech... Get over yourself 😂
Retinal scanners is a way better security protocol to have, it's like your fingerprint can't be used without having the eyeball present...or the rest of the head.
So that corporations can know where we are, what we do and what we want.
Oh wait they already know all those things.
Oh wait they also already know all those things.
@@booomkiller it doesnt matter compare that when going outside.
dont forget to polish your tin hat to stop the 5G wireless signal from controlling your brain.
Shahnid Ismail what we think
The feds seized weleakinfo 😫🙃
But why?
@@peacheskong2245 - Well, basically for theft of private information. Like stealing a flat screen and selling it on Craig's List.
Meh. Privacy already doesn’t exist if you use any google service.
Its ok, snusbase, dehashed, and like 100 other info leak sites are still out there with the same data.
"Bad passwords are really easy to hack"
them: "the typical password is too easy to hack"
Me: *wears makeup*
Laptop: I have never seen this woman in my entire life.
Funny enough, it has no problem recognizing me with no makeup and hair partially covering my face
this tells how many men are deceived by makeup everyday
@@pikachu5647 It's not deception when women do it.
@@pikachu5647 Simple men out there should take your advice...
if the fingerprint is stored as mathematical data on the device, isn't it essentially just a password?
For a second I thought dashlane was going to sponsor this video with it's one click complicated password ad
""Ï don't believe there's any such thing as a bad password, only a badly created password."
The 2 are very distinct issues. You could have an alphanumeric password that appears to have an entropy of 128 bits but if you generate that password “randomly” using software that had a vulnerability in its random number generator, it’s possible that password generation is deterministic in nature (not truly random) making your password vulnerable. This is mostly applicable to encryption keys and such, not so much service provider websites where the number of attempts to log in may be too limited.
Please give a definition of BAD.
Feds got WeLeakInfo
I like the idea of question and response for a password. The question and response should both be completely free form though. You don't have to remember a complicated password because the computer will simply ask you to recall the answer to a question you told it to ask. If the answer the computer requires can be a full sentence rather than a single word, that makes it far more secure as well.
That kind of sounds like a password but with a hint
Who else went to WeLeakInfo just to find out that it has been seized by the FBI.
That is illegal. The FBI has no right to interfear with a money making business. Companies have rights. Capitalism at work.
@@davidbeppler3032 It was the Dutch police, not the FBI perse.
the FBI seized a website without due process? not likely
It was done by German and Italian police. FBI just allowed it.
David Beppler are you stupid?
YOU KNOW WHAT ? IT'S TOO DAMN COMPLICATED ! IT'S GOING TO EVENTUALLY BE "DNA SCANNING ID" VERIFICATION.
Then they'll hook you up into a battery so you can produce power for the machine world.
Pretty sophisticated way to blame the victim, and not all the data miners like, Yahoo, google, banks, etc. who get hacked.
My password is so complicated I forget them
Password singular?? Ten years ago I had hundreds of passwords. Now probably thousands, and hundreds of 2FA codes.
" So complicated I forget them "
@@iangreen180
how do you have less 2FA codes than passwords when there will always be one generated when you log in.
@@iangreen180 you keep record of your TFA codes?
@@OggerFN Not every password has a 2FA code, but each 2FA code is for an account that has a password, so logically passwords outnumber 2FA.
Meanwhile LastPass selling everyone's browsing history to ad companies >.
Apple's 1 in 50k was actually a downgrade. If 1 in 50k random fingerprints unlocks your phone that is like having a 3 letter password. It would take the same number of tries to try all combinations. Same with the face id 1 in 1 million. Having an 8 character password gives billions of combinations and is much more secure. All these biometric systems such as voice and face scans can be faked by a computer AI. You would really need to have some way of making sure that what it is looking at is alive and not a recording which is not possible on a system that a person has physical access to. If I can get at the wires of a camera or biometric sensor I could feed it a video I took while walking past you and get in.
Imagine if the government arrested you and wanted to get into your phone. They drill a hole in the back of the case and solder some wires to the camera and attach it to a computer USB port. The USB port outputs a video/data feed that was recorded with another iphone while walking past you in an interrogation room and the phone unlocks. A password however is encrypted inside the phone so without knowing what it is you would need to crack the encryption on that password.
The only secure password is a long password that you know and nobody else.
How does it cost $50 per helpdesk call? I worked on that field and got paid 11$ an hour and those calls took 1-10 mins to resolve.
Who calls a help desk to reset their passcode?.
I know this post is old, but if you're full time your employer is paying their portion of social social tax, unemployment benefits, health insurance, and 401K or 403B match. Plus there is the expense of internet, power, property rent, software licenses, and equipment required for each call that comes into a help desk. Together it's a lot more than just the hourly rate.
10:00 so I have a camera on and shoved at my face at all time ?
Sweet.
Thank you, FINALLY someone realizes how easy it would be to spoof a 2FA request. Too bad he was biased or wrong about basically everything else. 🙃
It annoys me when my company wants me
To change my password every quarter
Same here, we clock in and out on our phones and it always makes me change mine right when I'm clocking in to work.
To me, that's way less secure than just making you pick a complicated one and sticking with it indefinitely. People that have to change their passwords regularly come up with patterns to help them remember them. Very obvious patterns. Usually a common word and a pattern of digits. The digits change, following a pattern, but the word never does.
studies have proven that making people regularly change their password makes them LESS secure.
Yes, I hate this policy so much. Every time they make me change mine something gets screwed up on the backend and I get locked out or single sign on fails and I can't do any work. I have to call the helpdesk for them to reset it to Password123 or whatever so I can get back into my system, then they tell me to change it again in 24 hours but I this last time I just left it alone. Every 3 months I follow their directions to change the password and it screws up in the backend every time, so I'm just keeping it as Password123 this time. If it gets hacked then oh well, fix the backend.
Invent your own secret script then you can have notes with passwords and other things you want to keep readable for yourself only.
CNBC has been choosing great subjects to the videos lately! Great job
Remember. The court cannot force you to say anything, including your password, to prove yourself guilty but the court can force you to surrender any hardware keys which might get you convicted.
Hacker: weleakinfo.com
Me: say no more.
Hey we leaking
Not too sure I'm comfortable giving my cell phone company facial recognition/voice recognition/fingerprints that they can turn around and sell to the highest bidder.
They already have it. Remember Snowden?
well, selling that kinda info should come with a death penalty to the ceo.
@xx xx Sounds good to me!
"BREAKING NEWS!"
LiKe everything else... "security" IS AN (inconvenient) ILLUSION!
Ironically, the “two-tier” password system is a way for tech companies to track and control access for specific monitored accounts
Idc.
I do not want to scan my face or fingerprint..EVER
I would also be in favour of a ban on facial-recognition tech.
This kills security - LOL. It is to take power from the user, interesting spin.
My iPhone never lets me in by touch age and wear on my fingertips! I was a art print maker and used a lot of acid and solvents and then a housewife
same with some massage therapists.
I unlocked a tablet with face recognition by downloading a photo of the owner to my phone from facebook and putting the phone screen with the photo in front of the tablet camera to unlock it.
It depends on OS, IOS saves a 3D model, Andriod saves a 2D model. K thx bai
It seems like most of these companies are trying to go from one-factor authentication with passwords-only to one-factor authentication with biometrics-only. Problem with biometrics is they don't require you to cooperate with someone who wants in (likewise for keys). If your phone uses fingerprints only, and someone has you tied up, they can just force your finger onto the sensor and get in. Now, if you combine biometrics with a password, forcing a finger onto a sensor only gets you halfway there if the person won't cooperate and tell you the password.
Of course, the best approach is to combine all three methods and have a password, a physical key, AND a biometric scan, and require all three to be valid before giving access.
It’s almost like we have known this forever.
0:04 he is very determined 🤣
KeePass is a solid free open source password manager that stores all of your passwords wherever you choose (not a centralized database) and will auto generate a password for you depending on the parameters you set for it. For anyone who doesn't want some James Bond style fingerprint lifted off your scotch glass and then open all of your accounts.
I feel like password managers where very intentionally left out to serve their agendas. Cmon.. password managers are great, you get really tough passwords, can share access to Netflix without even sharing the password, login info gets inputed automatically if you want. And if you don't trust the companies providing the service (they say your passwords never get to them unencrypted, i.e. they couldn't use them even if they wanted to), you can always run a service like that locally
Yup, and on top of that, you can layer the unlocking of your database file with something like a Challenge-Response from a Yubikey on top of your master password. Only threat you face then is somehow leaving it open on a device, or getting a clipboard malware/keylogger on your computer. I don't see how the file itself could possibly be cracked with both a long master password as well as a Challenge Response on it. Still, it reduces a lot of other threats, leaving only highly targeted attacks. (As far as I know I'm not a professional)
They sell private infos but dont get jailed even profits from it. Ok
14:37 this man really using the original iPad
Apple & Microsoft: 'Passwords are insecure'
Also Apple & Microsoft: 'Your cats name seems like a fine password to me'
How about shipping a password manager with the os ...