WEBVTT

00:00:00.000 --> 00:00:06.680
Thanks for watching TechWiki. Click the subscribe button, then enable notifications with the bell icon so you won't miss any future videos.

00:00:06.960 --> 00:00:14.120
So you're going about your day when you get an alarming sounding email telling you that some miscreant has gotten into one of your accounts

00:00:14.120 --> 00:00:19.560
and they might be rifling through your embarrassing personal files at this very moment.

00:00:19.560 --> 00:00:26.800
Oh, if only you'd enabled two-factor authentication like we urged you to in this video here.

00:00:26.800 --> 00:00:33.160
So you frantically change your password, set up two-factor so you'll get login codes on your smartphone,

00:00:33.500 --> 00:00:40.660
and after a short period of relief when you realize it was just a throwaway account you used for online dating back when you were single,

00:00:41.040 --> 00:00:48.740
you get to wondering, how exactly does that code generator app sync up with the service that you're trying to log into?

00:00:48.960 --> 00:00:52.040
And does it work without an internet or cell connection?

00:00:52.820 --> 00:00:56.740
Well, as it turns out, generating a new string of numbers to punch in,

00:00:56.800 --> 00:01:04.580
every 30 seconds or so, doesn't require continuous communication with a server somewhere after initial setup.

00:01:05.000 --> 00:01:13.400
Although there are a number of services that do simply send codes over email or SMS without using their own apps,

00:01:13.760 --> 00:01:21.880
code generators are becoming more and more popular since they can even work when you're on a plane with no SMS reception.

00:01:22.840 --> 00:01:26.140
You see, these code generators are based on time.

00:01:26.140 --> 00:01:30.340
Whenever you're setting up two-factor authentication for a new account,

00:01:30.340 --> 00:01:36.900
the service will randomly generate a short string of characters or a key, which it will send to your phone.

00:01:37.100 --> 00:01:43.060
You commonly see this as a QR code, which your authenticator app can scan using your phone's camera.

00:01:43.460 --> 00:01:52.640
At this point, your authenticator app will start generating these codes by taking the current time and using the specific key the server assigned to it

00:01:52.640 --> 00:01:56.000
to run that time value through a cryptographic hash.

00:01:56.140 --> 00:01:58.860
Turning it into a totally different number.

00:01:59.300 --> 00:02:07.340
Which number the hash function spits out will depend on your unique key, and since that key is tied to your device,

00:02:07.600 --> 00:02:14.580
the only practical way to get the service to validate a login attempt is to have it physically.

00:02:15.040 --> 00:02:19.520
Now typically, this hash function will give you a new code every 30 seconds,

00:02:20.040 --> 00:02:25.280
invalidating the old one shortly afterward. This makes life very difficult for would-be attackers.

00:02:25.280 --> 00:02:34.480
Unless a hacker could steal a code with a keylogger or something and enter it, along with a valid password, in a matter of seconds,

00:02:34.480 --> 00:02:40.420
any code that they steal would be about as worthless as front-row tickets to last night's big game.

00:02:40.920 --> 00:02:47.600
This half a minute window also gives your phone a bit of buffer in case its clock isn't exactly synced up with the server,

00:02:47.820 --> 00:02:54.560
because it's much more likely that your phone's time is within 30 seconds of a server than within a hundredth of a second.

00:02:55.280 --> 00:03:00.220
And since all your phone needs to know is the current time and the secret key,

00:03:00.520 --> 00:03:06.520
your phone can be missing a SIM card, have a broken Wi-Fi transponder, or even a cracked screen,

00:03:06.800 --> 00:03:09.200
but it can still give you valid codes.

00:03:09.660 --> 00:03:10.160
Cool.

00:03:10.640 --> 00:03:18.700
And because this implementation is quite simple, free apps like Google Authenticator and Authy can support loads of different websites,

00:03:18.700 --> 00:03:24.760
meaning that you don't need a dedicated app littering your home screen for every service that you use.

00:03:25.280 --> 00:03:28.220
Of course, this convenience doesn't mean that it's perfect.

00:03:28.220 --> 00:03:31.780
Your phone could suffer a battery problem that could mess up its clock,

00:03:31.880 --> 00:03:34.600
the encryption could be broken by brute force,

00:03:34.600 --> 00:03:40.260
or an attacker could just get really lucky and guess your six-digit code,

00:03:40.260 --> 00:03:45.120
which, winning the Powerball is far less likely, and that worked for Judy F. from Clifton.

00:03:45.120 --> 00:03:47.120
I gotta go buy some lottery tickets!

00:03:47.840 --> 00:03:49.160
Bye!

00:03:49.160 --> 00:03:52.010
This video is brought to you by Cheddar.

00:03:52.010 --> 00:03:53.570
Over on Cheddar's YouTube channel,

00:03:53.570 --> 00:03:55.370
they've got a variety of different segments,

00:03:55.370 --> 00:03:57.810
covering a wide variety of topics.

00:03:57.810 --> 00:04:00.430
One segment is called Cheddar Explains,

00:04:00.430 --> 00:04:03.990
where they take a particular topic and, well, they explain it.

00:04:03.990 --> 00:04:09.190
So you can check out Cheddar's video on robotic, exotic dancers,

00:04:09.190 --> 00:04:10.610
not kidding,

00:04:10.610 --> 00:04:11.970
through the link below,

00:04:11.970 --> 00:04:15.010
where they take a look at how jobs for actual humans,

00:04:15.010 --> 00:04:17.330
including pole dancing,

00:04:17.330 --> 00:04:22.770
may be impacted in the future by robots that are designed for companionship.

00:04:22.770 --> 00:04:24.530
So thanks for watching, guys!

00:04:24.530 --> 00:04:25.130
Like, dislike,

00:04:25.130 --> 00:04:25.630
check out our other channels,

00:04:25.630 --> 00:04:25.670
and don't forget to subscribe!

00:04:25.670 --> 00:04:28.610
If you like our channels, leave a comment with video suggestions and subscribe!

00:04:28.610 --> 00:04:29.830
Subscribe!