Today I watched and took notes on a bunch of videos to try and better understand cybersecurity. I also wanted to find out what the general public knew about cybersecurity (through comments).
Here are the videos I watched:
- “Gmail security key?”- https://www.youtube.com/watch?v=h2fEPUtxMhc
This guy in the video didn’t really have much of an understanding about U2F tokens. He didn’t dispel rumours about losing your token. Many believe it’s dangerous, but it’s not. U2F tokens are write only- thus your encrypted information can never be read. Also, he said the token works with an UNLIMITED number of accounts. This is partially true…but you’d have to erase other account slots if you wanted to keep using it for other things. Most tokens hold a set number of accounts. For example, the U2F zero has 16 slots.
Comments on this video didn’t even want to try the tool because it was Java based, or because if you lose it others have the second factor to get to your account.
- “A lesson in password security”- https://www.youtube.com/watch?v=FgXRi3_a80U
The same guy from above got his iTunes account hacked by someone in China. He had the same password on multiple accounts (including his iTunes that had loads of credit), and never changed it even after knowing that the password on a different account had been breached.
- “6 best U2F security keys of 2018”- https://www.youtube.com/watch?v=tmZOtTV2PVo
Did you know that there’s a biometric U2F token? It uses thumbprints and works with USB! Also, Yubico is a MAJOR player in the security token market.
- “Enable 2FA to improve your security”- https://www.youtube.com/watch?v=r8tHr3p14BU
This guy was pretty cool. Talked about SMS codes, one-time passwords (OTPs), timed on-time passwords (TOTPs), and security tokens.
- “How NOT to store passwords”- https://www.youtube.com/watch?v=8ZtInClXe1Q
How different websites store users data. I can’t believe some major companies still store in plain text! That’s just asking for trouble.
- “How to choose a password”- https://www.youtube.com/watch?v=3NjQ9b3pgIg
The safest passwords aren’t the ones we’re conditioned to use (a word where some letters are replaced with symbols and numbers), but instead 4 random, lower case words. Want to make that 4 word password even harder to break? Add a random symbol in the middle of one of the words.
- “The attack that could disrupt the whole internet”- https://www.youtube.com/watch?v=BcDZS7iYNsA
Learning about Denial of Service (DoS) Attacks, and what happens when you have Amplified Denial of Service Attacks.
- “Public Key Cryptography”- https://www.youtube.com/watch?v=GSIDS_lvRv4
Finally got around to learning more about the basics of public vs private key. (One is just for you, and one is out in the open- makes it easy for you to easily encrypt and decrypt messages and know they’re secure).
I also did some reading and note taking today on electronic circuit components and their symbols.
After all this, I was curious again about what Amazon has to offer in terms of security tokens. I managed to stumble across this:
Somehow, it is a password manager, 2FA security key, and secure communication key all in one….I don’t really understand how.
The great thing about this device is it has mostly decent reviews. However, it can take days to set up it’s so complicated, and GET THIS, it saves its password manager information in plain text. If you accidentally nudge the device, it types your passwords out on the screen in plain text.
Lastly, I spent the rest of my day working on my desoldering and all of the below image off a board.
Note: I picked today’s quote because I was feeling kind of sluggish today.