STOP Using Google Authenticator❗(here's why + secure 2FA alternatives)

preview_player
Показать описание


If you care about your personal security and privacy online, download my free security checklist here:

🔹🔹🔹What You Should Watch Next🔹🔹🔹

We've got a lot of great privacy- and security-related content here on the All Things Secured YouTube channel (although we admit we're a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:

🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!

*********************
Video Timestamps
*********************
0:00 - Introduction
0:46 - Google Authenticator is Not Secure
2:00 - Authy App
3:34 - Microsoft Authenticator App
5:00 - 1Password App
6:05 - Summing Up Alternatives
*********************

2 Factor Authentication apps (2FA) are a must have if you'd like to secure your accounts, but you'll want to make sure you have a secure app that you can trust. The Google Authenticator app is not as secure as we think, and here are a few good alternatives.

#2fa #authenticator #persinfosec
  1. All Things Secured
  2. 1password
  3. 1 password
  4. authy
  5. microsoft authenticator
  6. google authenticator app
Рекомендации по теме
STOP Using Google 0:06:55

STOP Using Google Authenticator❗(here's why + secure 2FA alternatives)

How to Reactivate 0:02:53

How to Reactivate Google Authenticator Codes When You Lose Your Phone

Forget Google Authenticator. 0:05:19

Forget Google Authenticator. THIS Secure Method is Even BETTER

Why I would 0:00:50

Why I would never use Google authenticator

Why you shouldn't 0:02:35

Why you shouldn't let Google Authenticator sync your accounts

STOP using this 0:05:05

STOP using this Two-Factor Authentication (2FA) method!

How to Fix 0:00:37

How to Fix Wrong Code on Google Authenticator (2024)

Fix Google Authenticator 0:02:15

Fix Google Authenticator | Value is too short Problem Solved

BITUNIX - How 0:02:27

BITUNIX - How to add GOOGLE AUTHENTICATOR to your Bitunix Account (Step-by-Step)

Recover Google Authenticator 0:02:42

Recover Google Authenticator • How to Restore Google Authenticator Codes • 2 Factor Authenticator...

3 MISTAKES You're 0:06:36

3 MISTAKES You're Making with 2-Factor Authentication (2FA)

watch BEFORE you 0:00:45

watch BEFORE you update

NEW Google Authenticator 0:03:59

NEW Google Authenticator w/ Backup (should you use it?)

STOP USING 2-Factor 0:12:22

STOP USING 2-Factor Authentication!

Google Authenticator Migration: 0:10:20

Google Authenticator Migration: Don't Wipe Your Old Phone Until You've Done This Crucial S...

the BETTER way 0:00:21

the BETTER way to store 2FA authenticator codes (TOTP)

How to recover 0:00:30

How to recover Facebook account | two factor authentication code problem fix|how to show backup code

How to Migrate 0:06:05

How to Migrate Google Authenticator 2FA Codes (but first, do this...)

How to Set 0:04:14

How to Set Up Google Authenticator for 2-Factor Authentication (2FA)

Google Authenticator (2FA) 0:00:41

Google Authenticator (2FA) Tutorial In English

Setup 2FA Authenticator 0:03:32

Setup 2FA Authenticator WITHOUT Scanning QR Codes!

Fake Google Authenticator 0:08:39

Fake Google Authenticator Malware

How to Fix 0:04:03

How to Fix Google Authenticator Wrong Code Try Again Error on Android Phone | Android Data Recovery

The best Google 0:02:28

The best Google Authenticator trick!

Комментарии
Автор

Google authenticator is designed to be the equivalent of a hardware token on your phone. In other words, it's something you have and cannot be easily duplicated. While I agree that having the option of protecting my MFA is an extra layer of security, I believe that the biggest benefit is that someone only has access while they have my phone – i.e. they can't make a clone of it.

Best practice, in my opinion, is to use a password safe that contains my backup codes. Since most MFA systems only allow for one OTP seed, this forces me to retire the lost seed and then generate a new one.

zedgama
Автор

I print out my QR codes and place them in a secure location. This allows me to restore my setup when I wipe my device twice a year. Also, I like the idea of not having a backup as I find it more secure :-)

enterprisefreenas-waters
Автор

I'll never be convinced that being able to backup codes is more secure than not being able to. Your first point makes sense, however its a app feature that could be easily implemented and until google does Ill just use third party security apps to lock access to the app. Also, as of now google authenticator has a option to transfer your codes to other devices.

uriasbt
Автор

1password auto entering the 2FA code completely defeats 2FA. That's 1FA... The hen eats the egg.

thierry.lavallee
Автор

Aegis authenticator is the way to go.I prefer to use open source apps when compaed to closed source as it is quite reliable .

sahilbhatt
Автор

Man, I know you probably won't see this; but I really appreciate the small things that most other content creators pass up, like timestamps.

amosboi
Автор

I have a tattoo of my QR code sketched on my inner-thigh. You know, maximum security so nobody can see my weird search history.

brandonkruse
Автор

Hey, man! You're good! Very good! Clear explanation, calm voice, real emotions, no faking, no overdoing it, no squeaking noises coming out of your mouth to make it "fun" and "cool", by some standards. No loud or annoying music... I was looking for Shakepay 2 step authentication explanation and stumbled upon your authenticator video. Don't know when you started your channel, but I wish you get hundreds of thousands subscribers soon! All the best!

vladimirolujic
Автор

I think Aegis is an option more interesting, it allows you to backup in a encrypted file in a cloud of your choice, and also give You the option to do it manually exporting that file and save it wherever You want. And You can switch from Google authenticator exporting acounts and it Will read the que code without a problem.

hyllaz
Автор

As of Feb 2021 Google Authenticator now allows for export of 2FA's for backup, and when installing the App for the first time set a pincode to access it. This makes the product now the best there is if one does not like using cloud storage.

qualityposts
Автор

I totally get you. I always thought Google authenticator would have some backup feature to save all the account codes. To my horror when my phone got downgraded from Android 12 beta to 11, all my data was stored and could be restored except for Google authenticator. Had a painful time trying to recover each account one by one.

Will be switching over to authy!!

centerpide
Автор

I just learnt something I didn't even know I needed. Thank you for the wake up call!

anation
Автор

i switched phones and i dint backed up my codes, now i need my old phone with G-authenticator. Good video

Phenom
Автор

I don't agree. 2FA is meant to be "something you have".
Along with that you have the regular which is "something you know". If you have access to your phone, it should be all you need to qualify as the something you have.

LaviArzi
Автор

If an attacker can access your phone, he somehow got around whatever you use to unlock your phone. So if an app would use that same method, the attacker can most likely get around that just the same. So using a different method (for example I use a pattern for my phone to unlock, but a 4 digit number for authy) would make it a lot more secure.

Complaining about Google authenticator not being secure enough, but also wanting a backup method is a bit of a contradiction. Having your keys stored at an additional place, online, that has to be accessible without 2FA keys (at least by this method) does make it less secure. I do agree that this is a "Should have" feature, however, definitely not from a security standpoint.

And the iCloud Backup (luckily that is only the case for iPhones) is quite misrepresented as well. 04:17 "So it's not going to Microsoft, it's not going to Authy, it's your iCloud Account." Which means it goes to Apple. Or the other way around, it goes to YOUR Microsoft account or YOUR Authy account. I fail to see what the advantage of it being in stored in the iCloud.
Of course, everyone gets to have their own opinion, but this is clearly fanboy bullshit presented as a security feature.

pandabrain
Автор

1. In most Android phones an app can be secured within the phone. 2. When you enable 2FA, the website gives you 10 codes for backup to use for emergencies like when your phone breaks down, or lost, or stolen. Whene you switch phones the google authenticator has an option to transfer the registrations to your new phone, to the new authenticator. On the other hand if your app has somewhere a backup outside the phone guess what? That can be a target for hackers.

dandtech
Автор

update on the authenticator app: it now supports a lock screen so you have to enter your phone passcode, fingerprint or faceID

syIer.
Автор

Hold on a second, this just made me realize that if i lose my phone, i lose access to all my investments. Man thank you for explaining this. I am switching asap!

LORDxMINECRAFT
Автор

yup you're right bro. i also had a hard time with GA when i lost my phone. They have no back up or anything and I even emailed google about it. And they reply that it will lead to court because of the legality issues...BIG no to GA..

hyperjack
Автор

Thank you for sharing, I just started using GA. I'm that type of person who might upgrade in just a few years (My old phone's screen broke just after 1.5 years) so having an option for multiple devices is much needed

medmedmed