Stay Safe Online WITHOUT an Internet Connection
Techquickie
·Techquickie
·2019-05-06
·
775 words · ~3 min read
0:00
Thanks for watching TechWiki. Click the subscribe button, then enable notifications with the bell icon so you won't miss any future videos.
0:06
So you're going about your day when you get an alarming sounding email telling you that some miscreant has gotten into one of your accounts
0:14
and they might be rifling through your embarrassing personal files at this very moment.
0:19
Oh, if only you'd enabled two-factor authentication like we urged you to in this video here.
0:26
So you frantically change your password, set up two-factor so you'll get login codes on your smartphone,
0:33
and after a short period of relief when you realize it was just a throwaway account you used for online dating back when you were single,
0:41
you get to wondering, how exactly does that code generator app sync up with the service that you're trying to log into?
0:48
And does it work without an internet or cell connection?
0:52
Well, as it turns out, generating a new string of numbers to punch in,
0:56
every 30 seconds or so, doesn't require continuous communication with a server somewhere after initial setup.
1:05
Although there are a number of services that do simply send codes over email or SMS without using their own apps,
1:13
code generators are becoming more and more popular since they can even work when you're on a plane with no SMS reception.
1:22
You see, these code generators are based on time.
1:26
Whenever you're setting up two-factor authentication for a new account,
1:30
the service will randomly generate a short string of characters or a key, which it will send to your phone.
1:37
You commonly see this as a QR code, which your authenticator app can scan using your phone's camera.
1:43
At this point, your authenticator app will start generating these codes by taking the current time and using the specific key the server assigned to it
1:52
to run that time value through a cryptographic hash.
1:56
Turning it into a totally different number.
1:59
Which number the hash function spits out will depend on your unique key, and since that key is tied to your device,
2:07
the only practical way to get the service to validate a login attempt is to have it physically.
2:15
Now typically, this hash function will give you a new code every 30 seconds,
2:20
invalidating the old one shortly afterward. This makes life very difficult for would-be attackers.
2:25
Unless a hacker could steal a code with a keylogger or something and enter it, along with a valid password, in a matter of seconds,
2:34
any code that they steal would be about as worthless as front-row tickets to last night's big game.
2:40
This half a minute window also gives your phone a bit of buffer in case its clock isn't exactly synced up with the server,
2:47
because it's much more likely that your phone's time is within 30 seconds of a server than within a hundredth of a second.
2:55
And since all your phone needs to know is the current time and the secret key,
3:00
your phone can be missing a SIM card, have a broken Wi-Fi transponder, or even a cracked screen,
3:06
but it can still give you valid codes.
3:09
Cool.
3:10
And because this implementation is quite simple, free apps like Google Authenticator and Authy can support loads of different websites,
3:18
meaning that you don't need a dedicated app littering your home screen for every service that you use.
3:25
Of course, this convenience doesn't mean that it's perfect.
3:28
Your phone could suffer a battery problem that could mess up its clock,
3:31
the encryption could be broken by brute force,
3:34
or an attacker could just get really lucky and guess your six-digit code,
3:40
which, winning the Powerball is far less likely, and that worked for Judy F. from Clifton.
3:45
I gotta go buy some lottery tickets!
3:47
Bye!
3:49
This video is brought to you by Cheddar.
3:52
Over on Cheddar's YouTube channel,
3:53
they've got a variety of different segments,
3:55
covering a wide variety of topics.
3:57
One segment is called Cheddar Explains,
4:00
where they take a particular topic and, well, they explain it.
4:03
So you can check out Cheddar's video on robotic, exotic dancers,
4:09
not kidding,
4:10
through the link below,
4:11
where they take a look at how jobs for actual humans,
4:15
including pole dancing,
4:17
may be impacted in the future by robots that are designed for companionship.
4:22
So thanks for watching, guys!
4:24
Like, dislike,
4:25
check out our other channels,
4:25
and don't forget to subscribe!
4:25
If you like our channels, leave a comment with video suggestions and subscribe!
4:28
Subscribe!