소스 코드
- 게시일 2020. 01. 20.
- The average office worker in the United States must keep track of between 20 to 40 different username and password combinations. With so many passwords to remember, many of us use the same ones over and over, or have a running list of passwords saved somewhere. Passwords are a very serious and expensive security risk. It’s why companies like Microsoft , Apple and Google are trying to reduce our dependence on them. But the question is, can these companies break our bad habits?
Update (January 21, 2020): A website mentioned in this video, WeLeakInfo, was shut down by the Federal Bureau of Investigation and other law enforcement agencies on Friday, Jan. 17, 2020. The site claimed to have more than 12 billion usernames and passwords from more than 10,000 data breaches.
Passwords are a very serious and expensive security risk. A report by Verizon looked at 2,013 confirmed data breaches and found that 29% of those breaches involved the use of stolen credentials.
Another study by the Ponemon Institute and IBM Security found that the average cost of a single data breach in the U.S. was more than $8 million. Even when passwords are not stolen, companies can lose a lot of money trying to reset them.
“Our research has shown that the average fully loaded cost of a help desk call to reset a password is anywhere between $40 or $50 per call,” says Merritt Maxim, vice president and research director at Forrester.
“Generally speaking, a typical employee contacts a help desk somewhere between 6 and 10 times a year on password related issues,” Maxim said. “So if you just do the simple multiplication of six to 10 times, times 50 dollars per call, times number of employees, in your organization, you’re talking significantly hundreds of thousands of dollars or even potentially millions of dollars a year.”
» Subscribe to CNBC: cnb.cx/SubscribeCNBC
» Subscribe to CNBC TV: cnb.cx/SubscribeCNBCtelevision
» Subscribe to CNBC Classic: cnb.cx/SubscribeCNBCclassic
About CNBC: From 'Wall Street' to 'Main Street' to award winning original documentaries and Reality TV series, CNBC has you covered. Experience special sneak peeks of your favorite shows, exclusive video and more.
Connect with CNBC News Online
Get the latest news: www.cnbc.com/
Follow CNBC on LinkedIn: cnb.cx/LinkedInCNBC
Follow CNBC News on Facebook: cnb.cx/LikeCNBC
Follow CNBC News on Twitter: cnb.cx/FollowCNBC
Follow CNBC News on Instagram: cnb.cx/InstagramCNBC
#CNBC
Why Big Tech Wants You To Ditch Your Password
![[하이라이트] "에이스? 어. 가능!" 니퍼트의 '초고속·초고층 투구'에 몬스터즈 투수진 초.긴.장.🔥 | 최강야구 | JTBC 240422 방송](http://i.ytimg.com/vi/qG8zMm8D4_4/mqdefault.jpg)
Windows hello at work: "Your face will expire in 3 days. Your new face must contain a special character"
😂
Underrated Comment
😂🤣🤣😁 Time to grow a beard!
LOL
More like: your new face cannot be the same as the old one
Passwords aren't sufficiently secure & it costs companies millions to recover. Saved you guys 17 minutes.
Thanks. I don't agree with it though...It's just because they want us to use our heads as chips in the end so whatever they say is for that final goal
Hero
Thx, can watch something else now :D
Thank you, I was like really 16 min to explain that? 🙄
Thanks bro
I love how a lot of companies force you to reset your password every 6-8 months; depending of the company.
And everyone is complaining that changing passwords is expensive.
You’re literally forcing us to change them.
Companies: get rid of passwords, they are not secure
Also companies: password required after phone is restarted
i don’t get why we need to enter a password after restarting a device.
@@navtejsingh9248 I’ll assume it’s because the phone is encrypted when it’s turned back on and the password unlocks everything
@@navtejsingh9248 : Hell, I have to enter my password every time the display times out and goes dark.
@@fkkyourlife : Yeah, I know, but I leave it that way for security reasons.
@@Milesco You can fix this in settings, when your display goes dark, you only need to push power button and put your finger on the finger print sensor button without pushing it. Or you can push the home button and leave your finger on the sensor till it opens up your device. Stay safe, healty, strong, happy and be blessed ✌️🍀❣️
A user is at fault for a weak password.
Companies are at fault for:
- public facing databases with no / default passwords,
- not securing user passwords (hash + salt, etc...)
- forcing dumb and insecure security schemes (security questions, what's your first pet, etc...)
- disclosure of personal information via insecure API's and such,
- not disclosing being hacked in a timely manner
- sharing user personal details with and without consent,
The list goes on.
😗😘😍👏👏👏👏👏👏.Password should not be killed off its the companies should have tightened security and transparency or use fake identities via TOR.
@@cosmicentity9899 TOR? What kind of crack are you smoking I want some
Most of this list is redundant
This video doesn't seem to realize that Bio-metrics are basically a password that you can't ever change. If the really on that than once someone gets it you are done for.
@@sanneberg1728 Multiple types of biometrics, and I'm pretty sure Michael from the office changed his foot biometrics with the waffle maker incident
As a former developer, that line "keep 20-40 passwords" just hit me in the soul lol. I have a whole folder, filled with passwords and usernames jotted down on paper. Whenever I had to clear my cache, I cried a little.
Idc.
@@cookingwithlynjasbiggestfan ooh so salty, did your mom deny you McDonalds?
1. Photograph all the pages of the folder mentally.
2. Burn the folder.
There buddy. Saved you from having your life stolen! :)
Fking Christ dude, just use a password manager like KeePass. What the hell
I read an article in Russian that recommended disabling all face and fingerprint recognition on your devices and instead use a password. The reason for that was the fact that a policeman can unlock your device without your permission and see your contacts, communication, etc., for example after arresting you during a peaceful protest
You are so right. If someone is robbing you you are screwed. Also, will a phone, PC, iPhone send you BIO data to Microsoft, google or apple to be stored, misused without your consent? I am sure a 3D printer in the near future will be able to print a copy of someones head from a picture to use it to unlock a device. Just look ar the software that can animate a person just from an old photo.
Twice so far I've caught my wife trying to use my finger print to unlock my phone while im asleep. Little does she know, I used my big toe. ;)
OMG wow you're a hound dog you must be
😂😂😂 your too funny.. i died when i stumbled across your comment!
lMAO!
Ha ha ha!
This is a real good one... is it a jock???
Tech companies: Don't use passwords, use fingerprints which can identify you even if you're unconscious
Hong Kong Police: Excellent!
Exactly, someone may unlock my phone with my finger while I'm sleeping. Face ID is also bad, because I'd need to keep my camera uncovered to make it work - most of us know it's a bad idea, especially at home. Some kind of USB dongle (or any other physical object) has a similar problem like fingerprint scan - can be used when I'm sleeping. I use strong - complex passwords for my electronics and I'll continue using them.
@@john_gyver The cops don't need to wait for you to sleep. They can force your finger onto the sensor. Not a good thing.
@@asdfasdf-vy4pj Yeah, it's Brave New World.
Yup. There is a certain ancient prophecy that foretells that a world gov will force ALL to get a secure "mark', otherwise they cannot buy or sell. I think this prophecy is a warning, but I think big govs will, unfortunately ignore the warning.
@@dizzywow That's exactly what i was thinking. Law enforcement has got to love this future!!
This doesn't allow users to share prime and Netflix passwords
abdul reeyas don’t forget if two or more people shares the same device, due to the cost of buying more devices. Like a family shared desktop computer or laptop because the family could only afford one desktop computer or laptop.
You don't have to, business is business : )
Companies should be supporting the delegating of access to user accounts as required. If I want to give my child access, then I should have the flexibility of giving them full access or limited access to view/purchase content.
There can be many ways to allow others to login into your Prime or Netflix account..
Harshit Mishra can I borrow yours then?
you can't get a court order for a persons password, but you can use their face / fingerprint to unlock secured items like phones etc.
Nothing to hide nothing to fear
@@zachw566 if that was the case, why does the government have secrets?
National Security. The safety of its military interests and citizens. It’s economic prosperity, etc
@@zachw566 if you think you are not guilty of breaking the law you are asleep. If law enforcement wants to arrest you they will find something on you. There are over 300,000 federal crimes on the federal law books. That doesn't even count state, county, city, municipality laws.
Yes, yes you can get a court order to pony up passwords, plenty of people have gone to jail for failing to give up their passwords. If justice system decides to screw you over, you are going to get screwed over and no kind of IT security is going to stop that. Having functional IT security and having functional and fair justice system are two different and unrelated issues, you can't fix one with the other and there is no good reason to make policy of one based on policy of the other.
9:22 I'm glad that the director of the FIDO alliance is telling us that FIDO protects our privacy. Definitely a completely unbiased opinion from his side.
Jan 21 - There's a site called weleakinfo.com
Jan 22 - U.S Department of Justice - Say no more
Lmao the people who are fans of the site are probably trying to hack vox now
“I’m about to end this man’s whole career.”
It would be cool if they worked out a deal to show the passwords to an email, but hide them so at least you'll know if they have your password or other info and can react accordingly, because if they had it, chances are someone else does.
@@PatThePerson Have I Been Pwned just gives you a "yes" or "no" response to data you enter, so you can try all of your email addresses and passwords and get an up or down response to whether they've been compromised without someone else being able to enter your email address and see all your hacked passwords (which you might still be using).
I can't believe it took a video to let the DOJ finally do something. Lol
0:42 - The Problem with Password
4:47 - How Did We Get There
6:11 - Types of Authentication
8:02 - The FIDO Alliance
9:41 - A Passwordless Future
14:49 - Challenges
Heres your medal 🎖
I love ppl like u
You forgot 13:10, apple trying to sell more Apple watches. Lol what a joke.
They want your bio-metrics; fingerprints, retinal scans, facial
impressions etcetera for the coming Social Credit System. You will be
"allowed" or "denied" service and conveniences based on what the
government and big tech decide is good for them or you. You won't get to
decide. Just like KRplus banning and ghosting accounts that don't
support their agendas. Want to fly to the UK? Denied. Why? Who knows?
The algorithm decided and there is no appealing these decisions. Want
get an Uber to the next town? You don't qualify. Want to spend your
money? Not today, you should be saving more. Want to get that burger?
Not until next week. We know what's best for you. The social crediting
system is already being implemented in China and testing in "smart
cities" in Australia and Canada. None of this is for your benefit or to
stop the terrorists or to save the planet. It is a means of total
control. Totalitarianism.
Thank you, good sir!
This seems like legit big brother. The NSA can't crack our complex 20 digit passwords, so they are going to force us to use face-id and then they can just hold the phone in front of us... and boom handcuffs for having the wrong opinion. Yes, I know I am paranoid. Honestly, just don't want my wife to get in my phone while I sleep.
CORRECT. This is herding the sheeple into the slave world. The power hungry oligarchies wet dream. Supreme court ruled Cops cannot force you to use your password, however they own your biometric data and can force you to use it.
Real talk. Also what if someone just holds up a picture of you. Can the device tell the difference between a picture of somebody and the real face?.
@@thomasmills8954 imagine if someone 3d prints your face
facts
Imagine a future where anonimity is impossible.
@Gary Basra considering it would give a lot of power to authoritarian govts its not exactly a fair tradeoff
Government collection of bio-metrics. And CNBC pushing their agenda by dissing passwords.
Next....
cryptography.... its a part of nature....
anonymity* btw
and its always possible
That's their goal. It'll be hard to achieve...
I would rather not lol
This video is sponsored by LastPass.
LastPass I used to use it but I never use it since if you forget your password then you would never get it back.
@@ReaganVFilms your job is to remember just one password. And there are redundancies if you forget your password.
@@ReaganVFilms you can enable recovery options against almost all password vaults
@Adithya R but it is open source with no first party android/ios app. Lasspass has chrome extension and Apps for phone which are synced. Which is more convenient.
@Adithya R Your data is encrypted and decrypted at the device level. Data stored in your vault is kept secret, even from LastPass. Your master password, and the keys used to encrypt and decrypt data, are never sent to LastPass' servers, and are never accessible by LastPass
This is literally just a push from big tech to get a hold of even more of your personal data
Of course. Make an argument against how 'inconvenient' passwords are, and how you need 'help', then implement an argument for how convenient and secure fingerprinting is and voila, you have the masses convinced to give their true biological identity everytime they use the net. Oh, you complained about joe biden? Your fingerprint is linked to this comment, perhaps we will freeze your bank account for wrong think.
Very hegellian.
It’s not needed either. There’s systems used by hospitals for example that the company you log into creates a password for you before you log in that expires in a minute.
I refuse to give my bio data either. It’s not needed. The current way of having two authentication steps is good enough.
We all know now not to trust big tech. That are literally banning people from their service based on politics.
They have no need to have our fingerprints, etc.
@@Noblyuntruthful sir.... I 100% agree. Privacy is important and I am a computer science major. I wouldn't trust any company with my finger print and any face recognition network. I will never let the government have that much power over us.
Yes, this is exactly what it's about. The biggest risk is to join your accounts by using for ex Google or even (horror) Facebook. Do not use biometrics on things like phones. The secret must be in your head. Dont use the same user I'd, dont join the accounts. Clear webbrowser after every use, use reasonable vpn.
The ultimate advantage of passwords are: *You can't steal it from the person's mind* !!
Finger print: you can unlock someone's phone when they're sleeping by simply placing the owner's finger.
Face ID: Similar to above
So a hacker will sneak into someone house and slip into their bedroom and unlock their phone while the person sleeps? Impressive ninja skills. Or would a hacker cracks your password remotely be more feasible. I wonder which one would the hackers prefer.
Face ID can actually detect if the person is sleeping
@@prithvirajb1953 you dont need the face you only need the meta data saved for the face stored, you use the data hacked from the phone or fingerprint data to hack anything
🤫😅
Not to mention that our Supreme Court ruled that law enforcement could just force anyone to use their biometrics to open their phones, but could not force one to give up their password to open it.
Blames user for using passwords.
Never blame themselves for having a weak security system and infrastructure.
Pretty crappy way of avoiding lawsuits.
Part of protecting data against hackers is making the data itself more complicated to replicate.
@@JustCrayZ which is accomplished by hashing algorithms and salting. Not by using stronger passwords...
@@JustCrayZ what game channel said!
One of the most used passwords (for phones) is the person birthday lmao
Plus ”Password” and ”Querty”
This will start an industry of lifting and duplicating voices and fingerprints.
Now there is a business opportunity selling voice changers.
I do worry what possibilities there may be in this respect. Can well imagine neural network technologies advancing to the point where this isn't difficult, especially with voices and faces
Of course, how else are lawyers supposed to make money if they're not out there defending you in an endless case of stolen identity where your likeness has been hi-jacked.?
You'd better get used to changing your voice and your fingerprints!
Wrong. Some China hacker who lives in a basement isn't getting this. They are hacking using passwords. By using 2 factor or password less they aren't getting in.
Individuals protect their passwords. I know I do! Corporations don’t seem to be able to protect our passwords. They get hacked all the time. So they don’t want passwords because they can’t protect our passwords. Then they would be legally liable. That actually makes sense.
Your password is most likely stored as hash, and if your password is secure enough it will not be recovered by an attackers
I trust my 24 char pass more than Google, Microsoft, Facebook that have multiple lawsuit for privacy breaches and now anti-trust lawsuit
Microsoft doesn't have anti-trust lawsuits (:
@@uploadsadlibitum6264 they did a decade or two ago
AMEN!
But how do you remember them?
@@carolynworthington8996 its called brain you train it and starts remembering you abandon it and you start believing that natzis were peacekeepers
One thing this report failed to say…
The same Password still required to reset, change or even remove biometric security
It's said but in the case of Apple's Face ID recognition fail
Because I was thumb or face password for so long I forgot my actual password so when I bought a new phone I lost all my photos of my kids throughout the years. I try to recover it through email but same thing been so long since I typed in my password for my email I can’t remember it
Alvaro Arellano you should download google images so u can store everything there aswell. Just as a back up & it’s completely free
@@alvaroarellano5922 i guess thats why two factor auth is better. You have to use both
@@alvaroarellano5922 it's better to write down your password in a diary or something. I store mine in last pass because I have so many accounts.
$50 a call to reset a password? Come on it takes 2-5 minutes of someone that gets paid about $12 an hour...I know I use to be that $12 an hour person long ago.
kevinsmak it’s not just the cost of the person. It’s the whole cost of the systems, labor, office space, etc to handle the calls.
very nice 3 call each day and you are set for the daily work.
They can just have you reset the password via email instead of call a person.
@@dannydaw59 And if its the companies email password they need? Some companies bans the use of gmail/hotmail etc.
Someone didn't get paid $$ / got ripped-off..
🤣🤣🤣
title should read: How Big Tech Wants To Centralize Your Identity (to track you even better)
Gotta keep a tabs on all the cattle lest they get antsy and want to rebel.
Fear of Big Tech existing is such an American thing. Stop being so sensationalistic and get over yourself
**Goes to weleakinfo.com**
This domain has been seized by the Federal Bureau of Investigation.
Oh.
With finger prints you can get a sleeping or unconscious person to forcibly put their finger on their laptop or mobile.
@@davidabulafia7145 Sure David, with roof toss you can splat. The fact is that the entire notion of security is a sham with entities like israel around f*cking with humanity. You assholes have taken unauthorized butt pic selfies of mine. Is it only coincidence that these were the moments that I was reaching out to you with fresh dung offerings?
D.S Tice, You went to the wrong site
@420 Friendly " you must log in first " I find that funny
Bruh use tor browser, it works
$50 to reset a password, ok mate.
Yeah that was weird. I guess if you take two people's salaries for 10 minutes, plus some tech???
Wouldn’t it be lower because most of them use India it people, their wage costs are lower?
It's automated , the money spent is whatever the server spent processing your request . This is rubbish.
Ie the energy output.
S C I’m pretty sure he was just generalizing his figures, it’s not his math that we’re questioning
i work with servers and people woul call me everytime to reset passwords lol 🤣🤣
"Hey Jim, can I use your computer to print something?" "Sure, let me rip my face off so you can log in."
Remember how you had your photo take at the staff function ........
There's been some files that have been / taken / altered / stolen /deleted and your / fingerprints / facial photo / is the link .....
LOL. That was a good one 😄
Haha a joke...yay
LOL
Would a picture of the person do the job? or holding a phone in front of the person's face when they sleep? Hmm
Facial recognition and thumb print is a good way to ensure that you do not put a piece of tape over the camera allowing them to record your actions at will.
That's true! 🤣🤣🤣🤣 I have a piece of tape on my mobile front camera🤣🤣🤣🤣
"And then you type - and possibly mistype" XD During that he literally sounds like one of those infomercial guys, only missing was the greyed out background footage of people trying the most stupid and impractical ways to type in passwords with a big red x across the screen
2030 - Experts say that microchipping people is the only way to truly authenticate users
I don't have a microchip but that pesky cat that lives with me does.
She gets on instagram all the time when the human is at work.
sadly, probably accurate.
They can start it on you.
@@ferry602 anyone is up for grabs
Mitchell Malouf experts huh? I’ve raised 4 boys, would that make me an expert in raising children?
I'd rather my data gets breached than give you a retina scan ...
Fn right. Corporations can not be trusted anywhere anytime for any reason. You can trust them to use and abuse people.
I am working on a system that uses a rectal scan.
@@andrew_koala2974 lol
Wow just wait until you learn about drivers licenses and social security... 🙄
@@andrew_koala2974 LOL
Tech companies: "Use voice, face, and fingerprints".
2020: Wear masks, and gloves.
Tech Companies: Oh, FFS!
Samsung had the iris scanner going on in their older flagships, would have been about perfect for the situation now.
"Bad passwords are really easy to hack"
them: "the typical password is too easy to hack"
nope, still don't want to give my biometrics to these corporations
@Wuanslm then why the hell are you using their services?
GURken Why the government already has it
@@sanchitjain3498 Does that means that they are allowed to compromise privacy ??
@@linuxinside6188 Well they have policies which prevent them compromising with our privacy.
@@linuxinside6188 And the biometrics are stored in your own device, they don't have any access to it
Voice recognition isn't effective. What happens when you get a cold and loose your voice? You're screwed.
Carlo Cocciolo just use both fingerprints and norm password
I work in voice recognition tech -- voices are not that unique.
Does burning your hand on a hot pot change your finger print til it recovers? This would be another realistic issue
@Carlo Cocciolo Use your other finger (which hopefully isn't compromised)
Or just stay with passwords I suppose
@@mscolli3 and super easy to reproduce with a sample.
Sounds like a bad idea:
If they hack their system they can steal my password, but I can change it later.
If they steal my fingerprints / retina how am I supposed to change it later?
Also by stealing my eBay password, they will never be able to log on my Instagram account, but if they steal my retina / fingerprint they will be always able to log in in every platform I use.
I agree with you. Lately I found different videos about this topic. It seems that even voice recognition is rather "easy" to bypass using a laser beam directed to a mini microphone. I don't remember correctly how it worked but SmarterEveryDay made a good video about it. Fingerprint is something we let behind us everyday and anyone could find and copy them.
The face is even worth, there are video surveillance everywhere. I also saw some guy unlocking his smartphone by showing a video of himself on an other smartphone.
Password managers like KeepassXC with a (one) good password and a Key File seems like a much safer option to me. And as a bonus we do not need to give our face and fingerprint infos to company like Google that are very well known for not giving a sh** about user privacy.
If these companies get hacked, no one is stealing your password... they're stealing an artifact that has been generated by your password called a "hash". It's not the actual password.
Let me repeat that again. Google, FB, etc. do NOT store your passwords. Similarly, they won't actually store your biometrics.
@@swaggydaggy5579 Yes, however some companies will have bad storage techniques, such as plaintext or MD5 just like for passwords, will they not?
@@ericyang9404 What company is using plaintext or MD5 in 2020?
@@MaximusAlcarinque I guess www.forbes.com/sites/daveywinder/2019/07/02/confirmed-2-billion-records-exposed-in-massive-smart-home-device-breach/#41d954f2411c, or maybe haveibeenpwned.com/PwnedWebsites#DemonForums
I guess nobody really uses these, but some sites like haveibeenpwned.com/PwnedWebsites#Tokopedia are still using salted MD5s.
And haveibeenpwned.com/PwnedWebsites#Tokopedia, SHA-1s, essentially the same in hashes I guess
Pretty sophisticated way to blame the victim, and not all the data miners like, Yahoo, google, banks, etc. who get hacked.
Feel like the FBI watched this and then went "oh snap!" and started snatching up these leaking sites lol
Matt S- Was thinking the same. Propably what happened, for real! The alphabet dudes really are just an inept bunch of dorks with pistols, it seems.
phones using fingerprint rather than password protection can be accessed by police
I mean it's going to be quite pricey
Yea and that's exactly why they are doing this push... A fingerprint is literally just a password when it comes down to it, except one that can't be changed... And one they already know since they pretty much have everyones fingerprint already.
Of course, how else are they supposed to jam your as$ up?
YourTV Unplugged the cops dont have everyones fingerprint. They put your fingerprints in a database when you get arrested, so the only people that would be vulnerable to this are people who got arrested before
@@MrAwesomenaut actually many jobs require you to have fingerprints taken
Will grandmothers be able to adopt to that ?
No unless they are cool grandmothers
Mine keeps forgetting hers. I know. She’s still alive.
@@jhlords2 Tbh they havnt adapted to passwords, they will be better off with biometrics.
How is storing biometric info on a server any safer than storing passwords on a server?
@@jhlords2 vc
V
Yeah, Im not giving up my fingerprint or eye scan for security. The thieves can take my money, I'll keep my body....
So what they know what your right thumb or left eye looks like? That isn't you just a tiny fraction of your body. Plus fingerprints aren't even unique.
You get to keep the finger or eye lol
I agree with you but I'm pretty sure they already have all that info about us, unfortunately.
Americans are so overly sensationalistic with their privacy and big tech... Get over yourself 😂
Retinal scanners is a way better security protocol to have, it's like your fingerprint can't be used without having the eyeball present...or the rest of the head.
It's not OK to be giving your biometrics to these businesses
I agree. It is for AI tracking and learning. It makes me uneasy. I refuse to use it on my phone.
Indeed. I encourage people to search for "surveillance capitalism". I'm very uneasy about handing over biometric data. From the sounds of it, that FIDO standard is supposed to protect user privacy by keeping everything local at least.
@@janguvpes7518 Yeah, I'd like to know more about how that works. Okay, you can access the local device, but what happens if you need to borrow a friend's phone or computer to look something up on your KRplus account? Without passwords, how do you identify you're you without giving biometric data to the receiving company? You buy a new computer, but you still have your old one because of the data stored on it. How do you reestablish all of your accounts on the new computer if the receiving end has no way of authenticating who you are?
I'd be very interested in knowing more about how this is all kept "local".
@@c182SkylaneRG I believe it works by communicating a hash number to servers, so that this could be in common across devices, but what's not communicated is some key on a local device, which is translated via an irreversible algorithm locally. Or something like that... I'm not especially well informed about it. But you can see how the principle is in play with the biometric dongles used in MS in the news report.
@@janguvpes7518 Actually, the news report shows you literally nothing reassuring, just that you put your fingerprint into a magic black box and it grants you access. However, your mention of "hash" and "irreversible algorithm" reminds me of a few videos Tom Scott has made on the subject, which I'd forgotten about. He DOES go into the details about how the mathematical algorithms work to force passwords to only go in one direction, and not be visible on the other end, while still authenticating the user.
"Our bad habits?" Oh sure, we decided this was the way to do things, not the companies. And even though passwords suck, let's make a few things clear: the alternative is either more money for them and/or less privacy for us.
For a second I thought dashlane was going to sponsor this video with it's one click complicated password ad
0:04 he is very determined 🤣
....so to protect our information we must provide more information? Like facial features and biometrics on top of our passwords? Why does it sound like we're giving them more leverage...
or....am I just paranoid.
Nope. This is a terrible idea. You are 100% right. We need to fight to preserve the password. It is the only way to preserve privacy and security. That is why big corporations and authoritarian regimes hate the password so much.
That sounds like a cool site, let me go che-- THIS DOMAIN HAS BEEN SEIZED
I activate PotOfDuality
Jofx what do you mean?
@@alexandremercier8851 Just a cross reference to Yugioh, nothing means related to video lol
@@jofx4051 better one HeartOfTheCards.
It always has the answer.
literally i was like omfg ive never seen this before
Apple's 1 in 50k was actually a downgrade. If 1 in 50k random fingerprints unlocks your phone that is like having a 3 letter password. It would take the same number of tries to try all combinations. Same with the face id 1 in 1 million. Having an 8 character password gives billions of combinations and is much more secure. All these biometric systems such as voice and face scans can be faked by a computer AI. You would really need to have some way of making sure that what it is looking at is alive and not a recording which is not possible on a system that a person has physical access to. If I can get at the wires of a camera or biometric sensor I could feed it a video I took while walking past you and get in.
Imagine if the government arrested you and wanted to get into your phone. They drill a hole in the back of the case and solder some wires to the camera and attach it to a computer USB port. The USB port outputs a video/data feed that was recorded with another iphone while walking past you in an interrogation room and the phone unlocks. A password however is encrypted inside the phone so without knowing what it is you would need to crack the encryption on that password.
The only secure password is a long password that you know and nobody else.
Oh, a such a shame we are costing Microsoft money. I'm so sorry for them!
🍷😆
The more you cost to them the more they're apps will cost you and the more data about you will be collected to be sold, so you should stop antagonizing big companies, if you don't like them just don't use their services
How can people not antagonizing them if they tell us such bs
@@nofanfelani6924 what bs are they telling us?
@@Veltorb Can't you tell from the original comment?
If not, then alright. Have a nice new year!
I was waiting on the discussion about how crappy biometrics actually is at security but I'm at the 11 minute mark and it's just an ad for tech companies... nvm.............
How in the world did you come to the stupid ass conclusion that biometrics are crappy security.
It's MSNBC what did you expect. They are corporate crooks
@P Ciprian very, very wrong. This isn't 2005 biometrics. Unless it's optical you 100% cannot imprint the biometrics. Even if you could that's still 1000000x safer then passwords lmao
@@omarh1315 /facepalm
@@omarh1315 you do realize that the data must be transmitted at some point, right? simply having access to its binary representation is enough. Some website IS going to leak it, and at that point, hackers have a guarantee that you use the same password everywhere else, and you can't even change it.
Wish I made $50 every time I got a call for a password reset.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Help desk pay + PTO + cat sick days+ Loan forgiveness + physical cube inside of massive city center real estate+..... do I need to continue?
I'm starting to appreciate the 60's and 70's even more. Life was so much simpler.
And when the bad guys have your fingerprint then good luck changing that
DNA scan cannot be copied.
Touch ID looks underneath your first couple layers of skin so the bad guys would literally have to force you to put your live finger on the sensor for it to work lol even a chopped off finger won’t work because the cells underneath would be dead
They usually use ultrasonic to create 3d map of the finger. So u can't just use fingerprint and use tape to copy them and put them on your finger
@@KrishnaAdettiwar my point is that once the uniqueness of your fingerprint has been digitised and its public it can't be changed like a password can be.
Here's how to hack a fingerprint. First, let's just assume there's a data breach already and your finger print is easily accessible to a bad person. Because that's inevitable anyway and that's not the real challenge. But all you'd have to do is modify the device to bypass the sensor and upload the scan in the expected format. Maybe with some random noise. Im not saying it would be really easy. And it would mean you'd need access to the device long enough. But stuff like this is already out there. Fingerprint scans on there own are an effectively useless security measure once its been compromised.
Companies: we don't want to be held liable to our *plaintext password* leak anymore
I have watched the first Avenger movie so no thank you, I'd like to keep my eyeballs in their sockets.
It seems like most of these companies are trying to go from one-factor authentication with passwords-only to one-factor authentication with biometrics-only. Problem with biometrics is they don't require you to cooperate with someone who wants in (likewise for keys). If your phone uses fingerprints only, and someone has you tied up, they can just force your finger onto the sensor and get in. Now, if you combine biometrics with a password, forcing a finger onto a sensor only gets you halfway there if the person won't cooperate and tell you the password.
Of course, the best approach is to combine all three methods and have a password, a physical key, AND a biometric scan, and require all three to be valid before giving access.
"BREAKING NEWS!"
LiKe everything else... "security" IS AN (inconvenient) ILLUSION!
Watch when they want to chip us as the alternative to passwords.
I keep all my passwords in a spreadsheet, but they're "encrypted", that is, written in a way that only I understand, so they help me remember what each password is for each site or service.
Lol
Wowwwwwwwwwww so what’s your girlfriend like?
Just use a password manager. Preferably one open source and capable of auto fill on all devices like Bitwarden. You can self-host a lightweight Rust implementation in bitwarden_rs if you don't want your vault to live in Azure servers.
@jeffrey vaughan If it's behind a 7 word diceware passphrase good luck with that. Not to mention if a hacker has local access to your computer to take advantage of that you've already been hacked.
ISuckTiggos More beautiful than your non existent one may be
Remember. The court cannot force you to say anything, including your password, to prove yourself guilty but the court can force you to surrender any hardware keys which might get you convicted.
Thank you, FINALLY someone realizes how easy it would be to spoof a 2FA request. Too bad he was biased or wrong about basically everything else. 🙃
People fear their face and fingerprints being recorded and getting in the wrong hands.
Anyone who has been arrested, even for minor offenses has their fingerprints and Photograph recorded.
In some cases, swabs are taken for DNS records under the pretense of undertaking a drug test..
Biometric data security also has as many holes in it as a Swiss Cheese.
That's why doing it on the local device is so important
@@andrew_koala2974
Just for being arrested? In my contry all of my fingerprints were scanned when I was getting my citizen ID. Not gonna lie, they do use it for authentication, as later that day I had to authenticate and any of my fingers could do
for damn good reason!!!
Hong Kong anyone??
Imagine having ur full name as ur username and you post selfies online but complain about face n fingerprint readings in the wrong hands.....lmfao what on earth would a criminal need or want ur selfies or prints for 😭😭😭😭😭
NBC using "big tech" like they're not part of the establishment lol
I like the idea of question and response for a password. The question and response should both be completely free form though. You don't have to remember a complicated password because the computer will simply ask you to recall the answer to a question you told it to ask. If the answer the computer requires can be a full sentence rather than a single word, that makes it far more secure as well.
That kind of sounds like a password but with a hint
Have never used facial recognition or thumb-print biometrics, it just seems too open to abuse by a future authoritarian government if you ask me, particularly considering our cameras and mics can already be turned on remotely via the mechanisation of the apps we use. Facial recognition surveillance is made much easier when our biometric data is processed in the system rather than just some still photos. Plus biometric details can still be hacked anyway. So I stick with a complex password combination which I remember, but I change every so often, and I use Google authenticator or Authy where possible.. I don't see how Google authenticator is any less secure than biometric anyway since it's a very limited time code which has to be viewed in person..
Seriously go get a physical security key (like a yubikey). They don't use any biometrics (well a new gen of Yubikey is introducing a fingerprint on the conductor but I'm nearly 100% sure that will only be stored locally on the key not on any server, but the 5 series just has a plain conductor button to prove your pushing the button) and dont use any personal information. The keys are not tied to your identity. They are also waaay more secure than facial or biometric data, they cannot be copied, cannot be spoofed, and are immune to phishing (unless you mail your security key to the scammer physically lol). Most major websites have integrated at least Yubikey, if not most U2F keys. Yubikey is also great cause they're designed very sleek and thin, even the USB-A plug in key is about 1/8 inch thin. You can look up plenty of youtube videos explaining how they work, how amazingly secure they are, and really are the best all in one option for both security and maintaining personal and biometric privacy.
Much more secure than Authenticator (although one-time password apps like Google Auth. and Authy are quite secure themselves unless you get Man in the middle'd or phished/fake websites that can enter your 6 digit passcode quickly, it's possible). But with security keys they need the physical key and to push a button on it physically to authenticate. Best option in my mind (and many top experts in the field).
Imagine wearing your password on your face, every day and everywhere you go.
Andy Hage Yup. Face ID is a joke. The Chinese already know how to do biometric scans on mass populace with cameras on the streets.
Facial recognition security cameras are already being deployed by government agencies, and I have to imagine they'll inevitably be available for the consumer market. May not be 10 years, or even 20 years, but there will be machine learning/facial recognition cameras widely available. Facebook already has the largest database of available faces to test against.
100% spot on when you say it's not a good idea to wear your password on your face when ANYONE will be able to scrape that information. What will happen then? Probably won't even need physical access to the device to feed spoofed credentials into it via camera api or whatever.
So now hackers are going to get my password but my face my voice, my retina, and my fingerprint. Thanks!
Biometric data is not shared to the internet. Your Android, Windows, iOS, or MacOS devices, do not share your finger print data or facial recognition data to the internet, all the detection and analysis is done on the device and it is impossibly difficult for hackers to steal your device, and then physically unencrypt that data.
Peter Mortensen yes
Remember the "Demolition Man" scene where the eye was speared on a pencil to access via retinal scan. It can't be by the revealing of identifying information, it has to be a challenge response of a one time password not the revealing of something static such as a fingerprint or a retinal scan. Unfortunately, to make a challenge response one time password convenient requires implanted chips or a token device such as a phone which represents your identity.
Khan Piesse it’s still able to steal. if analysis is done on device, surely you just hack the device. Call me stupid I’m fine, but nothing is unhackable. Hackers will do anything they can in their power to steal your data.
@@KhanPiesseONE That's the thing, you have no way of knowing that. You're relying on their word. The software is proprietary, so you can't actually know what it does.
I think its because of the proprietary password managers. You get dependant on for example of Apple's password managing systems and the switch to let's say an Android device gets harder and harder. Some 3rd party password managers do this too: The 1. Device to use the manager is free but you have to pay for more devices. The possible scenario: Your password manager changes all your passwords to a more secure one, but now, if you want to use your password on another device, the only easy option would be to pay the subscription for more devices. Because you depend on it.
14:37 this man really using the original iPad
And people thought Skynet was fantasy. You get addicted to the technology and they force you to sacrifice your privacy and identify. It's weird and disturbing.
They would argue that they have the users 'consent' as you have the choice to refuse their services.
"Ethical hacker" =)) . The passwords are like locks for the door, everyone with a certain knowledge could lockpick it or with raw power could break a window or the door and not care about the lock, but you still lock the door because it acts like a discouragement and a psychological barrier. Keep your passwords safe and have a nice day.
This analogy is entirely false. Nothing about passwords is comparable to door locks.
@@Luxalpa Then I might suggest you look on how a lock works. Virtual or physical, they both share the same principle and concept.
I never lock my doors, why would I? I have nothing worth stealing, don't care if I die tonight.
Update (January 21, 2020): A website mentioned in this video, WeLeakInfo, was shut down by the Federal Bureau of Investigation and other law enforcement agencies on Friday, Jan. 17, 2020. The site claimed to have more than 12 billion usernames and passwords from more than 10,000 data breaches
I feel like password managers where very intentionally left out to serve their agendas. Cmon.. password managers are great, you get really tough passwords, can share access to Netflix without even sharing the password, login info gets inputed automatically if you want. And if you don't trust the companies providing the service (they say your passwords never get to them unencrypted, i.e. they couldn't use them even if they wanted to), you can always run a service like that locally
Yup, and on top of that, you can layer the unlocking of your database file with something like a Challenge-Response from a Yubikey on top of your master password. Only threat you face then is somehow leaving it open on a device, or getting a clipboard malware/keylogger on your computer. I don't see how the file itself could possibly be cracked with both a long master password as well as a Challenge Response on it. Still, it reduces a lot of other threats, leaving only highly targeted attacks. (As far as I know I'm not a professional)
You all of a sudden have become a must watch youtube channel, good on you. Keep up the good work. Keep me informed.
Who else went to WeLeakInfo just to find out that it has been seized by the FBI.
That is illegal. The FBI has no right to interfear with a money making business. Companies have rights. Capitalism at work.
@@davidbeppler3032 It was the Dutch police, not the FBI perse.
the FBI seized a website without due process? not likely
It was done by German and Italian police. FBI just allowed it.
David Beppler are you stupid?
I did something to standard my passwords but make a difference one to every site. That's how i did.
> a normal password
> a symbol
> a upper letter based on the site/service name
> a number based on the site/service name
> another symbol
KeePass is a solid free open source password manager that stores all of your passwords wherever you choose (not a centralized database) and will auto generate a password for you depending on the parameters you set for it. For anyone who doesn't want some James Bond style fingerprint lifted off your scotch glass and then open all of your accounts.
So that corporations can know where we are, what we do and what we want.
Oh wait they already know all those things.
Oh wait they also already know all those things.
@@booomkiller it doesnt matter compare that when going outside.
dont forget to polish your tin hat to stop the 5G wireless signal from controlling your brain.
Shahnid Ismail what we think
Uhhh what if I want to share my computer with someone? I call home and need my wife to email a paper to me at work?? How can I tell her the password if there isn’t one lol
🍷😆
Well you are sol guess you shouldve used a password
@George Armstrong you cant remote unless its already unlocked
life size print out or silicon head 😂
You should never be sharing your password with anyone. The shared rights should exist on the device or data inherently.
My iPhone never lets me in by touch age and wear on my fingertips! I was a art print maker and used a lot of acid and solvents and then a housewife
same with some massage therapists.
Smart guy - Invents password
His colleague - *I am gonna do what is called a pro gamer move*
The photoshop work on the weleakinfo fbi seizure page looks like something i'd do when I was 12
lol $50 per call, that comment made me loose interest, this dude is just doing a sale pitch, dont bother watching
What? You mean you don't make $100 per hour answering phones?
There's the cost of infrastructure to establish the programme, the training, the software and hardware required, not to mention the lost productivity. If you're going to say something, at least make it sound like you're not aged eleven.
Maybe you are unaware that you are contacting a business for IT support or a division (of the same company) has to show a use case though profit. Any tech has to perform at certain matrix; one of those is dollars per hour, remember that is not how much the tech gets paid. The use case or profit is on the ROI. Wages are just a part of the P&L statement. Some of that has to pay for the equipment and facilities etc (e.g. bathrooms).
Yeah, I know that when I call India I am paying 50 per call, what a lie. This is biometric registry propaganda. They left out the real reason passwords no longer work. Qbits
Loose rhymes with goose and is the opposite of tight.
Keep in mind that right now for your phone or computer, the cops cannot make you tell them your password. But they can forcibly make you unlock with fingerprints, USB dongle, face recognition or RSA soft token that you possess. I agree that passwords are the least secure of them all, but I also think it is a valuable component when bundled as part of a multi-factor authentication environment in situations where you could be compelled against your will to unlock a secure device.
Security has always boil down to having both what you have and what you know. Passwords are what you know, second factor authentication is what you have. Unless they want to chip us and have challenge response authentication, we will never have security beyond these two aspects of authentication.
I'm surprised more people don't use password managers and use randomly generated passwords.
Agreed
Feds got WeLeakInfo
The feds seized weleakinfo 😫🙃
But why?
@@peacheskong2245 - Well, basically for theft of private information. Like stealing a flat screen and selling it on Craig's List.
Meh. Privacy already doesn’t exist if you use any google service.
Its ok, snusbase, dehashed, and like 100 other info leak sites are still out there with the same data.
There was a technology available in the early seventies which was just too late to market but could have displaced PINs and passwords. It was a signature recognition methodology involving both visible and physical characteristics (signature appearance plus the physical attributes of the person as they signed a document). Had this succeeded, passwords would have been moot, PIN security would have been irrelevant and customer acceptance would have been simpler and faster, with no requirement to remember anything, or to store offsets or encrypted passwords on computers anywhere.
My password is 46 characters long and I use 4 factor id settings to make sure all my accounts are secure. A password is essential. As a person who's had many personal security issues due to fraud and identity impersonation if I didn't have such long passwords and the other steps for logging in to an account I'd be in very bad shape financially.
10:00 so I have a camera on and shoved at my face at all time ?
Sweet.
Me: *wears makeup*
Laptop: I have never seen this woman in my entire life.
Funny enough, it has no problem recognizing me with no makeup and hair partially covering my face
this tells how many men are deceived by makeup everyday
@@pikachu5647 It's not deception when women do it.
@@pikachu5647 Simple men out there should take your advice...
He caused no harm but spent 5 years in prison? That s horrific.
I use a bookmarklet to compound a site url in the hash section ciphered user pass pair under a PIN number. If there is no hash section, it collect fields user and pass value, ask for a pin generating a LOGINURL in address bar that you can bookmark or copy. If bookmark contain a hash section you are prompted for a PIN, user pass are decyphered, to fill respective fields and SUBMIT triggered. Most of browsers know how to sync bookmarks between themselves, so you don't need to store bookmarks on Cloud or USB key. The process run within login page, nothing is typed on the keyboard, process stay in vacuum.
""Ï don't believe there's any such thing as a bad password, only a badly created password."
The 2 are very distinct issues. You could have an alphanumeric password that appears to have an entropy of 128 bits but if you generate that password “randomly” using software that had a vulnerability in its random number generator, it’s possible that password generation is deterministic in nature (not truly random) making your password vulnerable. This is mostly applicable to encryption keys and such, not so much service provider websites where the number of attempts to log in may be too limited.
Please give a definition of BAD.
"phishing attacks are caused by passwords"? phishing attacks are used to gain passwords. Microsoft needs a new taklking head. That was an unclear statement at and just wrong at worst.
Well, the existence of passwords is what causes phishing attacks to exist in the first place. They aren't wrong. No passwords means there is no use of phishing attacks so they won't exist.
Passwords are the best things in life to each and everyone that always would like to be tested for their instincts. It is the way people retrieved what needs to be retrieved from their own thinking respectively. It makes them certain in their many ways, while being accurate to details. Passwords are created not to harm, they are designed to be able to bring out the best things that every individual possesses.
Every single CNBC video..."Let's go back to the history of fire. Fire was first invented...." I'm a history buff and it STILL gets old. I honestly don't need context since the 1950s.
Meanwhile LastPass selling everyone's browsing history to ad companies >.