How does enabling 2FA affect the use of mapped drives when you are on your LAN? I assume the OS can still access the NAS without going through 2FA? Also, what about the operation of Time Machine backups to a NAS?
I’m sorry but I seem to have misunderstood: what the point of the security of this 2fa if hackers can always use the ‘select different sign in method’ then go ahead and play with passwords? OR the second option is available only if the mobile device is out of reach?
Hi. well, first of all you have the option for a second factor or a complete passwordless login. they are a bit different from each other. when it comes to stopping hackers - hacker dont usually sit on a desk and manually try to type passwords one after the other. they usually have certain automated tool that try to reach exposed devices and then run a dictionary attack or a brute force attack. having the option to "fall back" to typing a password serves 2 functions: 1. is to make sure you will be able to login even if you lost your phone or your phone is not near you. 2. just by having the 2fa promt first instead of the classic username and password makes the brute force tools unable or at least have to work harder in order to be able to even begin typing password in the login page simply because they will not be presented with one
This is a really helpful video and something I should have set up a long time ago. Tech me Out and Wundertech are at the absolute top of my subscriptions list now. Keep up the good work guys!
nas synology If you lose your mobile phone And need to disable 2 factor authentication (2fa) will not be able to access any settings. User will have to enter OTP code. Is there a way to fix this? thank you
I'm having a hard time seeing how Passwordless sign-in is supposed to be added security when you can just bypass it and use (and possibly brute force) your regular password?
Passwordless sign is based on "something you have" e.g your mobile phone that only you have. You can still use a user name and a password but when you have 2fa enabled, brute forcing becomes a lot more difficult for an attacker as he will need to find a way to programmatically tell the nas to fall back to using classic login. Hacking is a game of effort vs gain and 2fa makes the effort a lot higher
@@TechMeOut5 I agree with you on 2FA if it is actually enforced (that option wasn't shown in the video) As I see it passwordless implemented this way (being able to ignore it) though is ONLY a convenience thing and nothing more. Quite a lot of effort for the small benefit of not having to remember a password IMHO :)
You are forgetting one big gain of enabling 2fa, in any way, the very fact you need to go through the 2fa screen and not going straight through to the username and password login screen reduces the ability of certain scripts to just hit your nas and execute a dictionary attack on you. Attacks that are most common are not yet designed to take a 2fa login screen. But, as i said in the video, 2fa is not the cure for everything, you stiil to use a complex password, disable the built-in admin account and rotate your password regularly. 2fa will strengthen your security posture but it wont stand just on its own
@@TechMeOut5 I see your point and I agree. And you're right that passwordless might provide some small measure of extra security (at least until attackers adjust their scripts). But TBH I see it the same way that I see the obsession with changing the 'admin' username, and changing standard service ports. To me that's security through obscurity which has varying degrees of success, and should never be seen as enough on its own. Restricted firewall settings, auto block, even logging in via VPN (if that's your thing) and strong passwords on the other hand are the bread and butter of security IMHO :)
apparently it's crappy. It never accepts the codes the I get in the mobile app. account has an email address, ntp is working on the NAS. Time is correct on both DSM and mobile.
Passwordless sign or 2fa is based on "something you have" e.g your mobile phone that only you have. You can still use a user name and a password but when you have 2fa enabled, brute forcing becomes a lot more difficult for an attacker as he will need to find a way to programmatically tell the nas to fall back to using classic login. Hacking is a game of effort vs gain and 2fa makes the effort a lot higher
Hi. i must assume you have missed something along the way, otherwise, you would have been able to log in to your nas just fine. but in any case, you have a few options to choose from for getting access toy your nas: 1. in the login screen you can choose to enter a password rather than a 2fa login. if that doesn't work you, you can use a paper clip to press on the reset button on your nas for 4 seconds until you hear a beep. this will not erase your data and only reset your network settings and login settings (will cancel 2fa and reset the admin password)
Exactly what I was wondering. I’m using this for DSM 6. Now I have to use Synology’s Authenticator for DSM 7? I don’t want to install yet another Authenticator on my phone.
*Have you enabled 2FA on your Synology device? if so, hit the like button*
How does enabling 2FA affect the use of mapped drives when you are on your LAN? I assume the OS can still access the NAS without going through 2FA? Also, what about the operation of Time Machine backups to a NAS?
Hi. The 2fa prcoess only effect the logging in to the nas web interface.
@@TechMeOut5 Thank you!
Excellent explanation. Following your video i went with the passwordless option as well. thanks
I’m sorry but I seem to have misunderstood: what the point of the security of this 2fa if hackers can always use the ‘select different sign in method’ then go ahead and play with passwords? OR the second option is available only if the mobile device is out of reach?
Hi. well, first of all you have the option for a second factor or a complete passwordless login. they are a bit different from each other. when it comes to stopping hackers - hacker dont usually sit on a desk and manually try to type passwords one after the other. they usually have certain automated tool that try to reach exposed devices and then run a dictionary attack or a brute force attack. having the option to "fall back" to typing a password serves 2 functions: 1. is to make sure you will be able to login even if you lost your phone or your phone is not near you. 2. just by having the 2fa promt first instead of the classic username and password makes the brute force tools unable or at least have to work harder in order to be able to even begin typing password in the login page simply because they will not be presented with one
@@TechMeOut5 I recommend Tech Me Out to everyone.
This is a really helpful video and something I should have set up a long time ago. Tech me Out and Wundertech are at the absolute top of my subscriptions list now. Keep up the good work guys!
Thank you very much. We are flattered. Thanks for watching! @wundertech
Very nice walk through. I'm setting it up. Thank you.
Thanks for watching!
Awesome video - love the new 2FA features!
Thanks for watching
need to know how to configure the other 2 factor authentication other than passwordless sign in
nas synology If you lose your mobile phone And need to disable 2 factor authentication (2fa) will not be able to access any settings. User will have to enter OTP code. Is there a way to fix this? thank you
Amazing. Thank a lot for sharing.
Excellent video! Thanks!
Please, review the video. Min 9:09 you can read stuff before it is blurred in min 9:10
Thanks for the heads up! Its OK, its only a test device and it is no longer online.
I'm having a hard time seeing how Passwordless sign-in is supposed to be added security when you can just bypass it and use (and possibly brute force) your regular password?
Passwordless sign is based on "something you have" e.g your mobile phone that only you have. You can still use a user name and a password but when you have 2fa enabled, brute forcing becomes a lot more difficult for an attacker as he will need to find a way to programmatically tell the nas to fall back to using classic login. Hacking is a game of effort vs gain and 2fa makes the effort a lot higher
@@TechMeOut5 I agree with you on 2FA if it is actually enforced (that option wasn't shown in the video) As I see it passwordless implemented this way (being able to ignore it) though is ONLY a convenience thing and nothing more. Quite a lot of effort for the small benefit of not having to remember a password IMHO :)
You are forgetting one big gain of enabling 2fa, in any way, the very fact you need to go through the 2fa screen and not going straight through to the username and password login screen reduces the ability of certain scripts to just hit your nas and execute a dictionary attack on you. Attacks that are most common are not yet designed to take a 2fa login screen. But, as i said in the video, 2fa is not the cure for everything, you stiil to use a complex password, disable the built-in admin account and rotate your password regularly. 2fa will strengthen your security posture but it wont stand just on its own
@@TechMeOut5 I see your point and I agree. And you're right that passwordless might provide some small measure of extra security (at least until attackers adjust their scripts). But TBH I see it the same way that I see the obsession with changing the 'admin' username, and changing standard service ports. To me that's security through obscurity which has varying degrees of success, and should never be seen as enough on its own. Restricted firewall settings, auto block, even logging in via VPN (if that's your thing) and strong passwords on the other hand are the bread and butter of security IMHO :)
apparently it's crappy. It never accepts the codes the I get in the mobile app. account has an email address, ntp is working on the NAS. Time is correct on both DSM and mobile.
I don't have passwordless sign in, and 2fa only contains synology app...
Hello! What's the point of 2fa if there's also a password option/alternative on sign-in page.?
Passwordless sign or 2fa is based on "something you have" e.g your mobile phone that only you have. You can still use a user name and a password but when you have 2fa enabled, brute forcing becomes a lot more difficult for an attacker as he will need to find a way to programmatically tell the nas to fall back to using classic login. Hacking is a game of effort vs gain and 2fa makes the effort a lot higher
@@TechMeOut5 now it's clearer. Thanks for your instant reply and solid explanation
Since you took the time to blur your quick connect id I’ll point out that you’ve exposed it at 7:32
I did everything you said and now I can't log in to my NAS.
Hi. i must assume you have missed something along the way, otherwise, you would have been able to log in to your nas just fine. but in any case, you have a few options to choose from for getting access toy your nas: 1. in the login screen you can choose to enter a password rather than a 2fa login. if that doesn't work you, you can use a paper clip to press on the reset button on your nas for 4 seconds until you hear a beep. this will not erase your data and only reset your network settings and login settings (will cancel 2fa and reset the admin password)
Excellent!
Thanks for watching
Where is the google authenticator.......
Exactly what I was wondering. I’m using this for DSM 6. Now I have to use Synology’s Authenticator for DSM 7? I don’t want to install yet another Authenticator on my phone.