{"video_id":"D6fRdCF9jyQ","title":"Stay Safe Online WITHOUT an Internet Connection","channel":"Techquickie","show":"Techquickie","published_at":"2019-05-06T14:58:16Z","duration_s":271,"segments":[{"start_s":0.0,"end_s":6.68,"text":"Thanks for watching TechWiki. Click the subscribe button, then enable notifications with the bell icon so you won't miss any future videos.","speaker":null,"is_sponsor":0},{"start_s":6.96,"end_s":14.12,"text":"So you're going about your day when you get an alarming sounding email telling you that some miscreant has gotten into one of your accounts","speaker":null,"is_sponsor":0},{"start_s":14.12,"end_s":19.56,"text":"and they might be rifling through your embarrassing personal files at this very moment.","speaker":null,"is_sponsor":0},{"start_s":19.56,"end_s":26.8,"text":"Oh, if only you'd enabled two-factor authentication like we urged you to in this video here.","speaker":null,"is_sponsor":0},{"start_s":26.8,"end_s":33.16,"text":"So you frantically change your password, set up two-factor so you'll get login codes on your smartphone,","speaker":null,"is_sponsor":0},{"start_s":33.5,"end_s":40.66,"text":"and after a short period of relief when you realize it was just a throwaway account you used for online dating back when you were single,","speaker":null,"is_sponsor":0},{"start_s":41.04,"end_s":48.74,"text":"you get to wondering, how exactly does that code generator app sync up with the service that you're trying to log into?","speaker":null,"is_sponsor":0},{"start_s":48.96,"end_s":52.04,"text":"And does it work without an internet or cell connection?","speaker":null,"is_sponsor":0},{"start_s":52.82,"end_s":56.74,"text":"Well, as it turns out, generating a new string of numbers to punch in,","speaker":null,"is_sponsor":0},{"start_s":56.8,"end_s":64.58,"text":"every 30 seconds or so, doesn't require continuous communication with a server somewhere after initial setup.","speaker":null,"is_sponsor":0},{"start_s":65.0,"end_s":73.4,"text":"Although there are a number of services that do simply send codes over email or SMS without using their own apps,","speaker":null,"is_sponsor":0},{"start_s":73.76,"end_s":81.88,"text":"code generators are becoming more and more popular since they can even work when you're on a plane with no SMS reception.","speaker":null,"is_sponsor":0},{"start_s":82.84,"end_s":86.14,"text":"You see, these code generators are based on time.","speaker":null,"is_sponsor":0},{"start_s":86.14,"end_s":90.34,"text":"Whenever you're setting up two-factor authentication for a new account,","speaker":null,"is_sponsor":0},{"start_s":90.34,"end_s":96.9,"text":"the service will randomly generate a short string of characters or a key, which it will send to your phone.","speaker":null,"is_sponsor":0},{"start_s":97.1,"end_s":103.06,"text":"You commonly see this as a QR code, which your authenticator app can scan using your phone's camera.","speaker":null,"is_sponsor":0},{"start_s":103.46,"end_s":112.64,"text":"At this point, your authenticator app will start generating these codes by taking the current time and using the specific key the server assigned to it","speaker":null,"is_sponsor":0},{"start_s":112.64,"end_s":116.0,"text":"to run that time value through a cryptographic hash.","speaker":null,"is_sponsor":0},{"start_s":116.14,"end_s":118.86,"text":"Turning it into a totally different number.","speaker":null,"is_sponsor":0},{"start_s":119.3,"end_s":127.34,"text":"Which number the hash function spits out will depend on your unique key, and since that key is tied to your device,","speaker":null,"is_sponsor":0},{"start_s":127.6,"end_s":134.58,"text":"the only practical way to get the service to validate a login attempt is to have it physically.","speaker":null,"is_sponsor":0},{"start_s":135.04,"end_s":139.52,"text":"Now typically, this hash function will give you a new code every 30 seconds,","speaker":null,"is_sponsor":0},{"start_s":140.04,"end_s":145.28,"text":"invalidating the old one shortly afterward. This makes life very difficult for would-be attackers.","speaker":null,"is_sponsor":0},{"start_s":145.28,"end_s":154.48,"text":"Unless a hacker could steal a code with a keylogger or something and enter it, along with a valid password, in a matter of seconds,","speaker":null,"is_sponsor":0},{"start_s":154.48,"end_s":160.42,"text":"any code that they steal would be about as worthless as front-row tickets to last night's big game.","speaker":null,"is_sponsor":0},{"start_s":160.92,"end_s":167.6,"text":"This half a minute window also gives your phone a bit of buffer in case its clock isn't exactly synced up with the server,","speaker":null,"is_sponsor":0},{"start_s":167.82,"end_s":174.56,"text":"because it's much more likely that your phone's time is within 30 seconds of a server than within a hundredth of a second.","speaker":null,"is_sponsor":0},{"start_s":175.28,"end_s":180.22,"text":"And since all your phone needs to know is the current time and the secret key,","speaker":null,"is_sponsor":0},{"start_s":180.52,"end_s":186.52,"text":"your phone can be missing a SIM card, have a broken Wi-Fi transponder, or even a cracked screen,","speaker":null,"is_sponsor":0},{"start_s":186.8,"end_s":189.2,"text":"but it can still give you valid codes.","speaker":null,"is_sponsor":0},{"start_s":189.66,"end_s":190.16,"text":"Cool.","speaker":null,"is_sponsor":0},{"start_s":190.64,"end_s":198.7,"text":"And because this implementation is quite simple, free apps like Google Authenticator and Authy can support loads of different websites,","speaker":null,"is_sponsor":0},{"start_s":198.7,"end_s":204.76,"text":"meaning that you don't need a dedicated app littering your home screen for every service that you use.","speaker":null,"is_sponsor":0},{"start_s":205.28,"end_s":208.22,"text":"Of course, this convenience doesn't mean that it's perfect.","speaker":null,"is_sponsor":0},{"start_s":208.22,"end_s":211.78,"text":"Your phone could suffer a battery problem that could mess up its clock,","speaker":null,"is_sponsor":0},{"start_s":211.88,"end_s":214.6,"text":"the encryption could be broken by brute force,","speaker":null,"is_sponsor":0},{"start_s":214.6,"end_s":220.26,"text":"or an attacker could just get really lucky and guess your six-digit code,","speaker":null,"is_sponsor":0},{"start_s":220.26,"end_s":225.12,"text":"which, winning the Powerball is far less likely, and that worked for Judy F. from Clifton.","speaker":null,"is_sponsor":0},{"start_s":225.12,"end_s":227.12,"text":"I gotta go buy some lottery tickets!","speaker":null,"is_sponsor":0},{"start_s":227.84,"end_s":229.16,"text":"Bye!","speaker":null,"is_sponsor":0},{"start_s":229.16,"end_s":232.01,"text":"This video is brought to you by Cheddar.","speaker":null,"is_sponsor":0},{"start_s":232.01,"end_s":233.57,"text":"Over on Cheddar's YouTube channel,","speaker":null,"is_sponsor":0},{"start_s":233.57,"end_s":235.37,"text":"they've got a variety of different segments,","speaker":null,"is_sponsor":0},{"start_s":235.37,"end_s":237.81,"text":"covering a wide variety of topics.","speaker":null,"is_sponsor":0},{"start_s":237.81,"end_s":240.43,"text":"One segment is called Cheddar Explains,","speaker":null,"is_sponsor":0},{"start_s":240.43,"end_s":243.99,"text":"where they take a particular topic and, well, they explain it.","speaker":null,"is_sponsor":0},{"start_s":243.99,"end_s":249.19,"text":"So you can check out Cheddar's video on robotic, exotic dancers,","speaker":null,"is_sponsor":0},{"start_s":249.19,"end_s":250.61,"text":"not kidding,","speaker":null,"is_sponsor":0},{"start_s":250.61,"end_s":251.97,"text":"through the link below,","speaker":null,"is_sponsor":0},{"start_s":251.97,"end_s":255.01,"text":"where they take a look at how jobs for actual humans,","speaker":null,"is_sponsor":0},{"start_s":255.01,"end_s":257.33,"text":"including pole dancing,","speaker":null,"is_sponsor":0},{"start_s":257.33,"end_s":262.77,"text":"may be impacted in the future by robots that are designed for companionship.","speaker":null,"is_sponsor":0},{"start_s":262.77,"end_s":264.53,"text":"So thanks for watching, guys!","speaker":null,"is_sponsor":0},{"start_s":264.53,"end_s":265.13,"text":"Like, dislike,","speaker":null,"is_sponsor":0},{"start_s":265.13,"end_s":265.63,"text":"check out our other channels,","speaker":null,"is_sponsor":0},{"start_s":265.63,"end_s":265.67,"text":"and don't forget to subscribe!","speaker":null,"is_sponsor":0},{"start_s":265.67,"end_s":268.61,"text":"If you like our channels, leave a comment with video suggestions and subscribe!","speaker":null,"is_sponsor":0},{"start_s":268.61,"end_s":269.83,"text":"Subscribe!","speaker":null,"is_sponsor":0}],"full_text":"Thanks for watching TechWiki. Click the subscribe button, then enable notifications with the bell icon so you won't miss any future videos. So you're going about your day when you get an alarming sounding email telling you that some miscreant has gotten into one of your accounts and they might be rifling through your embarrassing personal files at this very moment. Oh, if only you'd enabled two-factor authentication like we urged you to in this video here. So you frantically change your password, set up two-factor so you'll get login codes on your smartphone, and after a short period of relief when you realize it was just a throwaway account you used for online dating back when you were single, you get to wondering, how exactly does that code generator app sync up with the service that you're trying to log into? And does it work without an internet or cell connection? Well, as it turns out, generating a new string of numbers to punch in, every 30 seconds or so, doesn't require continuous communication with a server somewhere after initial setup. Although there are a number of services that do simply send codes over email or SMS without using their own apps, code generators are becoming more and more popular since they can even work when you're on a plane with no SMS reception. You see, these code generators are based on time. Whenever you're setting up two-factor authentication for a new account, the service will randomly generate a short string of characters or a key, which it will send to your phone. You commonly see this as a QR code, which your authenticator app can scan using your phone's camera. At this point, your authenticator app will start generating these codes by taking the current time and using the specific key the server assigned to it to run that time value through a cryptographic hash. Turning it into a totally different number. Which number the hash function spits out will depend on your unique key, and since that key is tied to your device, the only practical way to get the service to validate a login attempt is to have it physically. Now typically, this hash function will give you a new code every 30 seconds, invalidating the old one shortly afterward. This makes life very difficult for would-be attackers. Unless a hacker could steal a code with a keylogger or something and enter it, along with a valid password, in a matter of seconds, any code that they steal would be about as worthless as front-row tickets to last night's big game. This half a minute window also gives your phone a bit of buffer in case its clock isn't exactly synced up with the server, because it's much more likely that your phone's time is within 30 seconds of a server than within a hundredth of a second. And since all your phone needs to know is the current time and the secret key, your phone can be missing a SIM card, have a broken Wi-Fi transponder, or even a cracked screen, but it can still give you valid codes. Cool. And because this implementation is quite simple, free apps like Google Authenticator and Authy can support loads of different websites, meaning that you don't need a dedicated app littering your home screen for every service that you use. Of course, this convenience doesn't mean that it's perfect. Your phone could suffer a battery problem that could mess up its clock, the encryption could be broken by brute force, or an attacker could just get really lucky and guess your six-digit code, which, winning the Powerball is far less likely, and that worked for Judy F. from Clifton. I gotta go buy some lottery tickets! Bye! This video is brought to you by Cheddar. Over on Cheddar's YouTube channel, they've got a variety of different segments, covering a wide variety of topics. One segment is called Cheddar Explains, where they take a particular topic and, well, they explain it. So you can check out Cheddar's video on robotic, exotic dancers, not kidding, through the link below, where they take a look at how jobs for actual humans, including pole dancing, may be impacted in the future by robots that are designed for companionship. So thanks for watching, guys! Like, dislike, check out our other channels, and don't forget to subscribe! If you like our channels, leave a comment with video suggestions and subscribe! Subscribe!"}