10 Computer Security Myths to Stop Believing

@ 9:30 Congrats, you all are now a computer GLENUIS

As a 35-year software developer, let me give you props on a good video. You hit the nails on the head and got good points across without diving into too much techspeak.

As I learned in college getting my cybersecurity degree:
The user is the weakest link to security. You can have all the best practices and procotols in place, but even those can't prevent everything.

As a network security professional, I can tell you that most companies still enforce myth 1 religiously. This has the unintended consequence of people choosing weak password, re-using the same password but just incrementing any numbers that are used, or worse of all, writing them down (my favorite is the sticky on the bottom of the keyboard--no one will EVER look there!).

I used to maintain a website. In the website logs are the unencrypted usernames of everyone who logged in. Every once in a while someone accidently put their password where their username should go and vice versa. Of course, the server denied them access. Then a few seconds later there was another login attempt with the username and password in the correct order. The password isn't logged. By searching the logs for gibberish usernames, followed by proper usernames from the same IP address I was easily able to find several passwords a week. I reported this vulnerability to my management, but I don't know what they did about it (if anything).

Also VPNs aren't really completely private. They're great for getting around geo-restrictions, and for remote work, but as you mentioned in another myth - if you log in or if a website uses cookies, they can still gather information about you. Generally speaking, if you want security or privacy, you can't rely on only a single piece of software - you use multiple strategies that cover different aspects of security and privacy.

I work in IT and you'd be amazed how many clients get angry and demand to know how they got infected when they have an antivirus installed. No antivirus software is going to catch 100% of stuff, especially if you're going around downloading and installing everything you come across online.

Overall, pretty good. A few technical issues I have though.
Myth #2, the "padlock icon" or "secured notice" in your browser just means that the browser is detecting that the SSL cert info matches the web server info and is saying that it's "verifed". It does NOT however mean that "no-one is in the middle messing with it". Man in the middle attacks still intercept secure traffic links to harvest PII. The attacker spoofs the secure connection and you browser can't detect that there is an third party in the mix.
Myth 8, more of a technicality, but keyloggers don't take over your computer, they just collect info on what you type to harvest passwords and other PII. Rootkits allow other software to take advantage of vulnerabilities. They allow other malicious software and users to exploit vulnerabilities and gain access to a machine. Technically, neither are capable on their own to take over your computer.

You did a good job trying to inform people on the myths you listed. I have been working in IT since 1978 and have seen so many changes in the industry overall. My focus currently is with network security in business environments. It amazes me how many business owners either believe these myths or know little to nothing about their network environment. Sometimes the hardest part is getting them to invest in their own security. The alternative can be far more devastating. Thanks for putting this video out!

Myth 1: You need to change your password frequently. (Creating a single really strong password is better than using weak passwords that you change often).
Myth 2: The padlock icon means a site is safe or trustworthy. (It only means the connection is secured).
Myth 3: Incognito mode makes your internet activity untraceable. (Websites can still track your IP address or recognize you when you login).
Myth 4: Strong passwords are just to stop people from guessing it. (If a website gets hacked, all the encrypted passwords will be shared with hackers who use computers to try to crack them).
Myth 5: A strong password must be complex. (Making your passwords longer is often better than just adding numbers or symbols, unless you're using words alone).
Myth 6: If you're good with computers, you don't need anti-virus. (There are zero day exploits and vulnerabilities that can affect even the most careful users).
Myth 7: Anti-virus will always protect you from everything. (Be careful and use common sense.)
Myth 8: If you have a virus, you'll know it or it will be obvious. (Except for ransomware, most viruses or malware today are spyware that you won't know is on your device).
Myth 9: A strong password is all you need to secure your accounts. (Two-factor authentication is very important).
Myth 10: Deleted files or formatted drives can never be recovered. (Deleted files and quick-formatted drives can usually be recovered with special software).

Here's one I heard too many times in my IT career: "I don't need antivirus, I have a Mac!"
I deliver auto parts now. Much less stressful than arguing with idiots.

An important note on the last point: Formatting an SSD will not write zeros across the whole drive. SSDs have their own controllers and maps that strategically write data to their flash chips, the OS doesn't have access to the true locations of the files. I have heard of an alternative protocol that does allow the OS to control the SSD more directly but as far as I know it's not really in use anywhere. The reason SSDs are setup to manage their own data is to ensure proper wear leveling which preserves the life of the drive for as long as possible. Having said all that, for better or worse, it should also be much harder to recover data that was deleted from the recycling bin.

Note that even a "*slow*" format doesn't do a secure delete. Some drives might have a secure delete operation, but most consumer drives do not. With spinning-rust drives, you're generally fine if you ensure the disk actually writes out 0s to the physical sectors. With SSDs, wear leveling can keep you from ever writing the physical sector again. Bottom line, you should keep sensitive data encrypted, and keep the encryption keys somewhere you *can* delete them (like a hardware key), or at the least keep _them_ encrypted with a password.

As someone currently working in infosec, I'd like to point out an issue with the NIST recommendation for never expiring passwords. NIST is designed for government agencies that are already following all of the other guidelines. This means that bodies who follow this will also have modern 2FA, good minimum complexity requirements with phrases, no one is reusing the same passwords, SSO is configured everywhere possible, and these passwords are not being stored in an insecure manner. Not changing passwords IS the best practice if every other best practice is also being followed.
For example, I can guarantee you that many companies have not adopted 2FA more advanced that an SMS message and most users will still be reusing the same passwords for multiple accounts anyways. Also, many of those users will be using the infamous password spreadsheet instead of a manager.

I love how the AI interpreted the "sketchy link" prompt as a literal link that had been sketched.

Everything spot on except number 10. With modern flash storage, there is a feature called TRIM on the SSD itself which overwrites files as they are deleted so file recovery now is a bit complicated. An exception is with Full Disk Encryption because TRIM only works on entire files, so when it sees an encrypted file system , it sees a delete operation as an update rather than a delete so TRIM doesn't kick in.

The private browsing thing I find funny, because all incognito and private mode landing pages I've seen explicitly tell you what it does and doesn't do. Usually even explaining that your ISP, Employer/School, and the website you are visiting still see the activity.

I like the way you explain stuff, it's very easy to follow along. Would you mind making a tutorial about those yubico authenticators including showing how to add them to various popular services?

The LastPass password management suggestion really didn't age well in four months given what we've learned about the hack, their security practices, and their subpar browser extension. If the dev groups I frequent are an indication I think there's a mass exodus to Bitwarden, a company which seems to take security much more seriously by comparison.
Also, Incognito Mode doesn't use the cookies/site data stored in the browser picked up during non-incognito mode. That's why you would need to log in to sites again if in incognito mode.

I really appreciate that besides good information, concise, but clear, you have went through the length of mentioning every single edit, its source and provided even links to locations you went to for checking something. That's good editing, and crediting the spots elements you added to your video.

Great content, as usual.
Quick add-on: Incognito mode also deletes all cookies when you close the browser. Great for when you're wanting to log into the same site with different credentials, like when you're alpha testing a website.

Hey Joe, I just realized that I've been watching your videos for over 10 years now. From the troll videos I used to watch in primary school and actually trying them out and being disappointed/angry to today, where I'm studying computer engineering, I gotta say I always enjoyed your videos even if it's about something I understand to the core of it.
You've always been one of my favorite tech youtubers as your videos are always entertaining to watch. Not much else to say besides cheers to another 10🍻

The deleted files thing is a bit more complicated with SSDs. On mechanical hard drives, it's true deleting (or quick formatting) does not remove the actual data. On an SSD though, deleting a file will, sooner or later, also wipe the data due to the TRIM command. Windows sends this with every file IO (and for quick formats). Linux uses FSTRIM which is usually scheduled to run (ie once per day or whatever). And different SSDs handle the trim command differently.

15:25 - If you truly need data gone you can only do a few things:
1. Do a 7 -12 data pass, using a mix of random data, all 0s and all 1s.
2. FILL up your drive with dummy data, and then do that a few times (all free space after deleting the file).
3. Replacing the drive and destroying the old one
4. If the drive is a spinning drive (not SSD), using a DEGAUSS machine (takes around 60seconds to finish) to modify the magnetic properties of the platters.
It's possible, using very sensitive forensics to recover data on platters, AS WELL as NAND flash used in SSDs, but obviously is expensive / used by higher agencies and targets. Also, it may not be possible to overwrite individual physical locations on an SSD unless the TRIM algorithm and memory controller have cycled through that cell enough times. SSDs usually have around 10%ish EXTRA flash cells for wear leveling, and may not "reuse" a cell for awhile if they instead use other cells to extend the life of the drive.
The best option is to physically destroy the drive. For 99% of users, deleting a file, and then running a 7-12 pass of random data (you can download free programs that do this) is enough to conceal files recovered via "sector based recovery" programs.

Unless that changed recently, long formatting doesn't even overwrite the old data, it just checks every sector. The low-tech technique I use is to create a "filler" file with data from ond of my big files with nothing I worry about in. Then, once I've deleted everything, I re-fill the drive with that filler, and then re-delete it. The data left on the drive is now that filler repeated over and over, not my original files. Quite time-consuming, but worth doing before donating or discarding a PC.

I liked this video, it more or less echoes what I explain to people. You explain things in a very clear, concise and easy-to-follow way. Only thing I’d add is that these days with SSDs and TRIM, deleted files, whilst they may still be retrievable, are less likely to be so than with spinning rust disks.
One more thing - nothing to do with your actual content - I do feel that VPNs don’t quite do what they say. Unless I’m missing something, they are no more private than using your ISP without a VPN. You’re just moving the breakout point to the internet from your ISP to the VPN provider. Who do I trust more? But yes, they’re useful for watching foreign Netflix stuff but I really can’t see what privacy they offer that really matters. Obviously you as a content creator who gets sponsored aren’t going to be able to reply much…

4:51 hash functions are one way. "decrypting" in this context just means guessing the password a bunch of times, though obviously if the database is leaked the attacker is unlimited in the number of guesses they can do, unlike if they were to try to log on directly to the website.

Excellent information; clear and concise delivery !! Thanks !!!

Theo Joe: your browser history can be tracked even if you're using a VPN
Theo Joe 13 seconds later: private internet access VPN will prevent your browser history from being logged

10:05 That guy holding the notebook deserves an Oscar

Great video. One more myth I would add is that security questions make your account more secure. This really isn't the case. A security question is most often a simpler, shorter password that you can find the answer to from looking at the person's social media account. I always treat security questions as passwords and generate long answers (stored in my password manager)

Glad to know I already knew most of these. Only one I missed was part of number 1, that the best practices have shifted to only changing passwords when there's a suspended breach.
The mention of password managers is somewhat lacking, because they're not infallible either. I recall LastPass had a pretty serious breach sometime in the last few years.

Myth #6 is applicable to Linux. Sure, Linux has some additional protection because it's only about 1% of the operating system market and it relies on software repositories more heavily, but there has been an increase in supply chain attacks that threaten repositories.

While private browsing isn't perfect, it does more than you give it credit for.
Cookies are session only, so your searches aren't linked to your Google account and logins from private will be removed when switching back.
No data is stored clientside.
Web trackers get blocked.
Plugins are restricted.
The most important thing it doesn't protect is ip of you and the servers you're connecting to.

So helpful and informative. Thank you - subscribing now

Great video. Didn't really learn anything, but I know many people, including in the IT department at work who could use this knowledge. I especially liked when you said the length of a password is more important than complexity. I was very angry at my bank a few years ago when they wouldn't let me use my password because it was too long. It was 10 words long, not 10 characters, 10 words. I was also annoyed that I was not allowed to use the space bar in my password. Password rules are often preventing good passwords.
One other tip I would definitely add to computer security. Only be admin when you have to be. I have a separate admin account that I have to promote myself with with a password whenever I am making any meaningful changes to my home PC. It is amazing how many issues get blocked when I realize that no, I don't want to promote myself to admin for that.

Thanks for the awesome video ThioJoe, keep it up!

One of the reasons for changing passwords regularly is that people often see the first characters of a colleague typing their password. Over time they work out the whole password. It's definitely a valid procedure

My favorite myth is that everyone needs a VPN. You only need a VPN if you travel frequently and/or have a high security job. There are reasons to want a VPN like accessing region locked content or get around content filters. Privacy really isn't a reason to use VPN because you'll still be tracked around the web.

I used to be one of those people who thought I know what I'm doing, I don't need an antivirus. And I was okay for a few years until one day my computer started acting really strangely and I couldn't figure out what was going on. After a few days of googling and trying everything I could to fix it with no results, I downloaded a virus scanner and ran it. Sure enough, I had two viruses on my system that were causing all the problems. I recently had to disable my virus scanner when attempting to determine the source of a problem and I learned Windows incessantly bothers you, telling you don't have a virus scanner running if everything is turned off.

About the last one, I believe that if you use SSD and you have TRIM enabled, it's much harder to read that "deleted" data (but NOT impossible!)

Thanks! A great video and very informative 👍🏼

4.44 You keep repeating myths:
1. Passwords are not encrypted, but hashed - that's a huge difference
so: 2. There is no such thing as "decrypting passwords" in this case. Hackers can only find matching hashes with brute force, and this method (usually) requires more powerful hardware the longer the password is

Wow Thio. Super informative. I wish I could smash the like button many times. This was great. I love learning something new and you just offered me a few more sights for my arsenal. Thank you

I've never looked into what quick format does, but I figured it just overwrote the file table, and now that I went back and watched your older video, you confirmed exactly that. Neat that they just did the obvious.

Another security myth is that having strict password rules makes it more difficult to crack passwords. In reality, it just makes it easier for hackers because they can narrow down what the passwords will contain.
Also, requiring very long passwords is a terrible idea because most users will just go with the bare minimum length. IE: If the minimum length is 16, then most will just go with a 16, 17 or at most 18 character password. Now the hackers know the most likely length, and will know it must contain certain characters.
This is why tech giants like Google and Apple have fairly lax password requirements, I believe both of them require 8 characters, and may require at least one number. This greatly increases entropy because the hackers have very little information they can use to narrow down the possibilities.

Very good! As a software developer, yes: use a password manager, allow it to generate passwords as long and as complicated as the site will allow, rotate them regularly, don't click any links in emails from addresses you're not 100% sure off, don't visit websites you're not sure of, consider using a VPN, keep things up-to-date, and rock on.

Nice video. Some years ago, the word got out that 95% of people who had Windows intrusions, would have avoided it if only they had been using a NON-ADMIN logon account to their local machine. This is why a lot of companies have moved to a stance of nobody having an admin account for everyday use. It's annoying when you can't even use Task Manager to knock a misbehaving app out of memory, or install an updated mouse driver, but when companies started getting tough on that point with their employees, those companies started seeing a lot fewer actual intrusions, especially the really devastating one, ransomware.

A friend of mine was once going through his task manager when he noticed a program with no icon called "Internet Explorer". After some investigating it turned out that it was infact a crypto miner. He tried to delete it but it came back all the time. Windows defender didnt detect it. Then he installed Malwarebytes which finally fixed the problem...

In my experience all third party antiviruses are pointless because the built in Windows one is fine, and it doesn't slow down Windows too much. I still disable it because as a software dev it makes my life miserable.

Excellent job of quickly going through those things! WELL DONE.

Good video. I was an IT support person for years, the number of times I saw passwords written on Post-Its attached to monitors... I'm convinced that in most cases, computer security merely prevents honest people from getting their work done. Half of a tech calls to corp IT are from users who locked themselves out during a mandatory password change. Management smiles and keeps the policies in place.

I think a pretty big security myth is that security questions are anything but a super easy express lane to stealing your information. People will use basic biographical security questions such as "the city where you met your spouse" or "name of your first pet" which can be located on their public Facebook page in 5 minutes.

Some minor nitpicks:
LastPass and 1Password are proprietary and should NOT be trusted with your passwords. Also, both of them do cloud synchronization afaik which is another red flag.
Also, AntiVirus software is useless and does more harm than good. The same goes for 2FA (most of the time).

Very good advise and clear explanations. Thanks.

People commonly have misconceptions about IP addresses. Whenever someone says "I hAvE yOuR IP AdDrEsS!", I know that they have absolutely no idea of what an IP address *is*. Whenever someone asks me that, I'll just explain to them that "every website has your IP address. Your IP address is the *first* thing your computer gives to every website that you visit." The fact that those people think by simply saying some IP address thinking that others are going to be scared just infuriates me.

Just have unique password per account tbh thats enough using same passwords everywhere is one of the biggest risks

The password one is such a good one, the company I work for enforces a 30 day password expiration policy with no resuse for 6 months so all that happens is everyone has myfaveword1, myfaveword2 etc and then when they get to 6 or 7 they loop back around the first 1.

Thanks 👍 Thio. . . Really so complete... Helpful...
A Video Very Well Done!😇

That thing about deleting files made me think of a way to illustrate it, and then I realized that a lot of people wouldn't understand what I was talking about. It went something lie this:
The HDD in your computer works a bit like this. You have a collection of cassette tapes and on each tape you write down what you have recorded on that tape. So you have this C90 cassette with Lynyrd Skynyrd, and one day you realize that it's been years since you listened to it, and if you would want to do so you have the LP, so you strike out the name on the label and now the cassette is free to record something else on and you place it in the box with "empty" cassettes. That's the same as deleting a file on the HDD. Now if you don't record over or erase the cassette and you try to play it there's Lynyrd Skynyrd in all it's glory. Same with the HDD, if you read from the part of the disk where the file used to be stored it will still be there unless it has been over written by something else. Now if you record a EP single on that "empty" cassette that was your Lynyrd Skynyrd cassette then you will have the single recorded, but after that there's still the part of the Lynyrd Skynyrd LP that was not recorded over by the single you now recorded. Again that's the same with the HDD. If a small new file is recorded over a part of the sectors that contained the original file that was deleted you will now not be able to recover the entire deleted file, but parts of it can still be read.
I got that far and then I realized that a lot of people watching YT will never have had a cassette player. It's even possible they might never have seen one in real life!
And suddenly I felt old...

SMS authentication is the WORSE 2-factor. Always avoid it if the site/service allows other methods

For the password thing:
The reason stronger passwords are more secure is because of how they get the passwords.
When a password is hashed, it can't just be 'unhashed', so hackers will use the algorithm and out in passwords to see what hashes they get out of it for that password.
However, they won't go aaaaaaaa, aaaaaaab, etc. They will go in order of most used passwords so that they can get more passwords out faster.
By using a unique password, it is going to be further down in the list, and thus will be less likely to have been generated and hackers know what the password is.

Myth #2. That lock doesn't mean "secure" it just means "encrypted with a trusted chain of certificates." If you have security software installed on your computer, it can be intercepting your SSL/TLS traffic for "inspection". The browser shows a lock because the software installed a trusted root CA certificate so the software can provide a valid certificate for any URL. (for the software my former employer used, that inspection is done by a remote server, not my own laptop. and within the corp. network, that man-in-the-middle inspection happens at the perimeter firewall, not my laptop, so it can't be disabled.)
[That was a major pain in the ass for us, as every java runtime has it's own private keystore. That CA cert has to be manually installed in those keystores or nothing will work - certificate validation errors to all sites.]

Your info is so thorough. I just subscribed.

Your videos are very good. Keep up the good work! ✊🏻

*U recommended a password manager. How can one guy trust some password manager more than his memory. Cuz what if the password manager is not really secure and all of ur unremembrable passwords are store there may get leaked all at once by it. Can u please make a video on "Password Managers" on how they are more safe than having many unique passwords remembered. Is there any really free way to completely secure urself on the internet without buying a VPN or physical key?*

Great video. Just a word of warning though, Private Internet Access was bought recently by a company that used to make software for computer viruses, so you might want to change that.

3:23 Regarding Myth 3. Incognito mode AKA private browsing also has separate cookies from the regular mode and starts off with no cookies but can accumulate them. Private mode cookies are cleared when you close all private tabs/windows.

Thanks for the video. I’m concerned about password management sites like 1Password. What if these sites get hacked themselves then don’t all your passwords from emails to bank accounts get exposed all at once? Isn’t that inherent risk very serious?

Im so happy whenever this man uploads. Lets go dude, keep it up

You missed out something EXTREMELY important:
*Myth:* If you forget your password to your computer and you were signed in with a Microsoft account, your data is gone forever.
*Fact:* If you forgot your password to your computer and you were signed in with a Microsoft account, you can reset your password on the site, connect to your computer and try again. If that fails, you can always recover it by system restore. Also, your data isn't "gone forever", just access to that specific installed OS on the machine. You can use an external drive to collect your data since Windows doesn't lock a Hard Drive, just the OS installed on it. If you installed another OS, you can still access your files on the partition as if nothing had happened.
This is something frequent that you need to bring up. Too many people are falling for this and end up senselessly wiping important information.

Thank you very much for your videos and knowledge! Very helpful!

To be fair a web server should NEVER encrypt passwords but hash them with a password hashing function with a salt.

Really nice video! For myth 5, 15 character with lowercase symbols is 6.2X stronger than 11 character with lower and uppercase, numbers and symbols on shift number keys (not 10x). Myth 10 is becoming true for SSDs. Once you delete a file and empty the recycling bin, Windowos sends a TRIM signal. This causes the SSD to immediately return 0. However, behind the scenes, the data may not be garbage collected by the flash controller immediately. But to access the data, you need to contact data recovery (and they don't support all controllers. Unlike hard drives, you can't wait more than a year as SSDs lose their data when unplugged over time)

I'm going to binge your videos and claim the hours for work.... I teach a computer school for seniors and people with disabilities at a non profit and most of it is pretty basic stuff that I, as a millennial with a bachelor degree in business/marketing could do in my sleep. However, every once in awhile the more technical problems come up and you've summed up some of those answers really well just in this one video. Thank you!

instant subscribe
wow i love the way you explain, straight to the point

#6 & 7 i don't particularly agree with. Anti-Viruses are a pain for me as the local town tech. Most common day users in my area install anti-viruses without knowing what it does everyday, What most likely happens is they go off and buy a premium version thinking they need it but just ends up constantly scanning the disk daily, taking up disk resources and over all making it slower. The worst is when this goes on for a long period of time. Hard drives only have a 3-6 year life span and anti-viruses do not help this. Windows has one already built in, you don't need a third party anti virus unless you've disabled windows defender. As you mentioned before sites like VirusTotal are out there to help users determine if a file is trust worthy. Personally I have windows defender disabled in the registry because i have malware on my system in a contained environment that i like to mess with on VMs. If i do scan for viruses, it's with malwarebytes. I scan once a year, then make sure it is closed in the task manager after use and disabled on startup.

Good to know that channel that was once known for click baits is now making such great informative videos!! I'm loving these 🤩

As an IT professional, I knew all of these from my decades of experience on the Internet. One other option for your Myth 10 is a digital shredder like SafeIT. Those programs can either write 0s or 1s to the newly "freed" disc space. This makes files 100% irretrievable on SSDs and other flash-based memory storage devices. It can make HDDs irretrievable with multiple passes.
I knew a guy that went through cyber security training and was told that some REALLY sophisticated labs exist that could read shredded files off a HDD by looking at the physical surface of a disc platter. Something about the alignment of the magnetic rings can tell whether it had been changed from a 1 to a 0 "recently". I don't believe this was practical and only used in extreme cases when the FBI might have believed there was seriously dangerous information on a fully formatted HDD.

Awesome job Joe, thank you for informing us .

*The fact that many government websites in India doesn't have "Padlock" encryption certification and I have to click "Continue to unsafe site" and then enter my "Secure" information anyway. So it's useless. Even some websites are unopenable because of such security thingy.*

They biggest myth of all is that it's possible to keep your Microsoft Windows PC secure.

3:23 Myth #3 Incognito
I don't know about other browsers, but Chrome has a notice when you open an Incognito window:
"Now you can browse privately, and other people who use this device won’t see your activity. However, downloads, bookmarks and reading list items will be saved. Learn more
Chrome won’t save the following information:
• Your browsing history
• Cookies and site data
• Information entered in forms
Your activity might still be visible to:
• Websites you visit
• Your employer or school
• Your internet service provider
Block third-party cookies
When on, sites can't use cookies that track you across the web. Features on some sites may break."
It's basically good for when you're shopping for someone else who uses the same computer & you don't want to have the surprise be spoiled when the things you were searching for show up in your recent history or autofill into fields (such as when they start typing in a Google Search & it happens to start with the same letter).

@2:51 it does a bit more than that.. on Firefox, it prevents service workers from being run. It also prevents cookies and other local storage methods from retaining data beyond the session. It also restricts certain JS related things and prevents some forms of user tracking and a few others I'm not mentioning..but saying it's the only thing is an incorrect blanket statement.

Remember that malware can be well-obfuscated and have little to no VirusTotal detections

pro tip: if you really need/want to change frequently ur passwords, change for a really secure password and note them in a physical notebook. No one in the digital world can mess with your analog stuff :)

Well done. Quite informative. I remember when Norton was selling his undelete utility in a ziplock bag. Some things never change.

Great information Thanks Although I miss your funny videos, these are good to watch.

I wouldn’t recommend being *crazy* suspicious, but yes, if you see something that looks weird, then stop and think where your vulnerabilities lie.
I know people who are convinced that everything they experience that seems weird must mean that somebody has hacked into their computers.
Most importantly, be aware by watching lots of ThioJoe videos!

Well looks like I didn't really believe in much of those myths. Some I did in the past, but I learned on my own that it's false. Like whenever I would update my passwords at least twice a year, I mostly try to make it longer. And I would possibly change them whenever there might have been a data breach.
As for Antiviruses, it seems quite obvious that you would always need one even if you're good with tech. Plus whenever there's new malware, then of course your antivirus isn't going to know about it.
I remember some frustrating things that happen whenever I make normal non-harmful applications. My antivirus can be like "Hold on! This file looks suspicious!", and I'm like "Come on! This isn't even a virus!". One time when I made an audio converter program, when I made it delete the old audio file. My antivirus saw it was ransomware. And I did of course get to restore it, since it wasn't ransomware. Sometimes an antivirus can get in the way of even the most normal stuff. But it's better to have one, than to get an actual virus or malware on your system.

A few comments I have (corresponding to each myth):
1. My school does this, it's so annoying! They should watch this video lol
4. Very well explained, thanks, I'll keep this in mind!
5. Good point!
9. I knew about physical security keys before, but I had no idea how good they were! Thanks, I'll keep this in mind as I might purchase one in the future.
10. Woah I actually had no idea, yet it makes so much sense! Thanks again!!

Myth #11: You will be a genius level expert, by the end of this video.
0:11
Kidding aside 😆

Last Pass is part of a data breach.

I learn new computer tricks and stuff with every video that Thio uploads, so thank you man for sharing your knowledge. That said, I have a question: is there a way to lowering the shutdown time of my windows 10? It takes forever to shutdown despite the thousands of tweak I did on my comuter. I could write the list of tweaks I did on my computer to deal with the slow shutdow but it would be too long and we'd be here for a week lol. So, do you know any good trick to make my comuter shutdow faster? Even with my computer knowledge I'm still not able to figure out what's causing this issues.

coming back 2 years later watching a video this guy is this making legendary videos.

“never underestimate windows security”

Excellent video! Only thing I would say is that multifactor authentication is a must for your email... Easiest way to break into other "secure" accounts is by hacking your email, and using forgot password link. Email password should be unique to that one site, and protected by multifactor... If you don't have a password manager, I personally think it's fine to use same password on stupid sites that don't matter much (aka don't have any personal or financial info). But your email, social media and financial sites should follow all recommendations he gave here.

10:13 I love how the guy slamming the MacBook had flipped the lid upside down and using keyboard as his screen lol 😂

Nice summary. Thanks!

My employer is one of those companies that makes employees change their company passwords every 90 days, and they make supervisors and managers change the company VPN login credentials every 30 days. It's frustrating and time-consuming, especially since almost everyone who works there, including the managers, are older people who are effectively computer illiterate. Most of them are so bad at remembering passwords that the supervisor keeps a paper document with their passwords in the drawer in the office.