WEBVTT

00:00:00.000 --> 00:00:06.660
Thanks for watching tech wiki click the subscribe button then enable notifications with the bell icon so you won't miss any future videos

00:00:06.860 --> 00:00:13.800
Have you ever heard? Oh, well, sorry my account got hacked as an excuse for an incredibly inappropriate

00:00:14.020 --> 00:00:15.990
post on social media

00:00:15.990 --> 00:00:21.270
Well for me, it's kind of becoming the modern equivalent to the dog ate my homework

00:00:21.790 --> 00:00:26.070
Especially because so many major web services offer two-factor authentication

00:00:26.070 --> 00:00:33.230
to keep intruders out of your account a feature that asks for something else in addition to your password

00:00:33.570 --> 00:00:37.730
Typically one of those six-digit codes from an authenticator app on your phone

00:00:38.130 --> 00:00:40.670
So you can learn all about how those work up here

00:00:40.850 --> 00:00:46.530
But what if you're tired of punching in that string of numbers whenever you log in well

00:00:46.530 --> 00:00:53.950
Then you might be interested in a physical security key using the universal two-factor or u2f standard

00:00:54.110 --> 00:00:55.990
You see instead of a code that

00:00:55.990 --> 00:00:59.510
Changes every 30 seconds u2f relies on a small

00:01:00.050 --> 00:01:06.170
Physical chip on a little gadget that looks a bit like a USB flash drive that you can keep on your keychain

00:01:06.730 --> 00:01:09.050
Or in some kind of safe location

00:01:09.510 --> 00:01:15.770
Typically all you need to do to set one up is tell whichever service you're using that you have a u2f key then

00:01:16.290 --> 00:01:20.390
Inserted into a free USB port some of them even support NFC

00:01:20.390 --> 00:01:26.290
So you can use them with your Android smartphone and iOS users very recently got support for u2f

00:01:26.310 --> 00:01:31.370
Devices over NFC with the UB key neo if you're using an iPhone 7 or newer

00:01:31.550 --> 00:01:36.310
So after you insert or tap your key a number of things happen in the background

00:01:36.450 --> 00:01:41.950
The key will randomly generate a public and private key pair with the private key

00:01:42.090 --> 00:01:47.590
Never leaving the physical u2f key and the public key will get sent to a server

00:01:47.910 --> 00:01:54.430
Your key will also send the random number that it picked to generate these keys originally called a nonce as well as a checksum that serves to a server.

00:01:54.430 --> 00:01:55.430
As well as a checksum that serves to a server.

00:01:55.430 --> 00:01:55.930
As well as a checksum that serves to a server.

00:01:56.310 --> 00:01:59.030
To identify that specific physical key

00:01:59.530 --> 00:02:03.770
Then when it's time to come back later and log in you enter your username and password

00:02:04.150 --> 00:02:11.130
Like you normally would and the server will send you that same nonce and checksum back to your u2f key

00:02:11.270 --> 00:02:17.810
along with a different number your physical key will then use the nonce and checksum from the server to

00:02:18.310 --> 00:02:24.890
regenerate the private key and since each physical u2f key uses a different secret for key generation

00:02:24.890 --> 00:02:29.050
Only the original key you used to register will work

00:02:29.610 --> 00:02:36.310
Your u2f key then signs the number that was sent to it with the private key and the result is sent to the server

00:02:36.370 --> 00:02:42.550
Which then unlocks it with your public key from your u2f key to allow you to access it

00:02:42.550 --> 00:02:44.190
It sounds complicated

00:02:44.190 --> 00:02:51.850
But all of this happens without any intervention from the user other than simply plugging in a USB stick and the benefits are

00:02:52.510 --> 00:02:54.710
definitely worthwhile because it also

00:02:54.890 --> 00:02:56.890
protects against phishing attacks

00:02:57.390 --> 00:03:02.530
Numeric authentication codes are definitely way better than having no two-factor protection at all

00:03:02.710 --> 00:03:07.810
But they can still be stolen if you accidentally enter them on an imposter website

00:03:08.510 --> 00:03:14.230
u2f helps to stop this by using the original domain of the site as part of the

00:03:14.610 --> 00:03:18.450
Secret sauce it uses to generate the private key for that account

00:03:18.770 --> 00:03:24.690
So if you use your physical key to log in to an attackers website the response it will

00:03:24.890 --> 00:03:29.250
Send to that hostile server will be completely useless and the bad guys

00:03:29.510 --> 00:03:32.430
won't be able to use it to get into your account and

00:03:32.810 --> 00:03:39.210
The companies that make u2f keys have added their own additional security features on top of this base

00:03:39.530 --> 00:03:46.990
public key encryption strategy the ever popular YubiKey for example requires you to touch a sensor on the USB stick

00:03:47.570 --> 00:03:54.790
Before it authenticates ensuring that there's an actual human trying to gain access and not some kind of malware box

00:03:55.410 --> 00:03:59.570
With all of that said as great as this kind of physical security can be

00:03:59.850 --> 00:04:05.530
You still need to make sure you don't do anything dumb like drop your keychain in a shady part of town which

00:04:10.080 --> 00:04:14.940
Racing against the clock as a freelancer. Well, it's challenging but thanks to the growth of the internet

00:04:14.940 --> 00:04:20.940
There's never been more opportunities for the self-employed and to meet this need fresh books created their cloud accounting software

00:04:21.380 --> 00:04:28.300
Designed for the way you work fresh books is the simplest and easiest way to be more productive more organized and perhaps

00:04:28.320 --> 00:04:34.320
Most importantly get paid faster. You can create and send professional-looking invoices in less than 30 seconds

00:04:34.320 --> 00:04:38.260
You can set up online payments with just a couple of clicks and get paid up to four days faster

00:04:38.260 --> 00:04:42.360
You can see when your client has seen your invoice and put an end to the guessing games

00:04:42.360 --> 00:04:45.360
And they've got fully featured apps for both Android and iOS

00:04:46.120 --> 00:04:52.260
So you can take the fresh books experience with you on the go. They're offering a 30-day unrestricted free trial to our viewers

00:04:52.260 --> 00:04:58.020
So to claim it go to fresh books comm slash tech wiki and enter Techquickie in the how did you hear about us section?

00:04:58.320 --> 00:04:59.700
We'll have that linked below

00:04:59.700 --> 00:05:04.870
so thanks for watching guys dislike or like check out other channels leave a comment with video suggestions and

00:05:06.130 --> 00:05:09.570
What was he gonna say?

00:05:09.570 --> 00:05:14.830
You guys I know what I was gonna say not you. I meant the viewer was supposed to guess subscribe

00:05:14.830 --> 00:05:16.830
You know what forget it. I quit