Crypto security: passwords and authentication

This livestream covers essential security practices for cryptocurrency holders, from password management fundamentals to multi-factor authentication. Andreas Antonopoulos walks through the principles of balancing security with usability, explains why password managers are essential, introduces the XKCD passphrase concept, and details the hierarchy of two-factor authentication methods.

This transcript is an accessible copy of the original video transcript (opens in a new tab) published by aantonop. It has been lightly edited for readability.

Security fundamentals and balancing risk (3:05)

(beeping) - Hello everyone and welcome to this Saturday live stream. This bonus live stream with the topic of passwords, password managers, authentication, multifactor authentication, and all things related to the security of your accounts. Now we have a lot of questions already in the queue, but I'm not necessarily going to be driven primarily with questions for this one, because I want to explain certain difficult topics. And it might make more sense for me to talk about a topic a bit longer than usual, or maybe a bit less than usual and form my own path through these topics. They are a bit tricky. Security is a tricky topic. So rather than trying to find just the perfect question, I might not. On the other hand, I do have some great questions to get us started. So first of all, thank you all for joining. It's a pleasure

as always to spend my Saturday mornings working with you on new and interesting topics that relate to bitcoin and open Blockchains. Now, how do passwords and multifactor authentication relate to bitcoin and open Blockchains? Well, you know, in order to maintain the security of your cryptocurrencies, you have to maintain the security of all of your accounts. Something that's very interesting about cryptocurrencies is that for many people, this is the first time that they've had to carefully think about the security of their online identity and online devices. Because now there's money sitting there and that makes it a much more juicy target. In the past people have not been very motivated to protect their own security because when you lose your privacy, when your information gets hacked, you don't really feel it right away. And it has lots of bad consequences, but those consequences are not directly

visible and not immediately felt. If someone comes in and steals a few hundred dollars or a few thousand dollars or worse, tens of thousands from your digital devices, you feel that, and you feel that immediately. And you can tangibly relate it, well intangibly to be specific. You can intangibly, but very, very noticeably relate it to your security. So it's one of those things that unfortunately is a lesson that is only learned really through a painful experience. And so I can spend a lot of time telling newbies how and why to secure their accounts. Until they install a cryptocurrency hot wallet on one of their devices, and then lose the money that's in that hot wallet. It's very difficult to understand, or to be motivated by what I'm talking about. Now, the other thing that's really important to understand in this entire conversation is that security

is a balance. It's all about balance. It's risk management. There is no such thing as 100% security. There's no such thing as perfect security. And you can't protect against all threats. You have to figure out what threats you face. You have to figure out how many of those threats you can actually protect against and how much effort you're going to put into protecting against those threats, depending on what you're actually protecting. You also have to find out when the solution that you're building, the systems that you're using becomes so complex, that it becomes a security risk in itself. And we often see newbies, especially in the space of cryptocurrencies, make solutions that are far too complex. And then we end up on the wrong side of the security resilience balance. Where the mechanism for securing your cryptocurrency is so complex that in fact, you end

up losing it because you're using something that is non-standard, because you forget a password, because nobody knows exactly what you did and you're not available to help them. So security cannot be achieved a hundred percent and it's all about balance. And simplicity is often a key element of security. Simple security solutions that you can can apply within your technical skills, and you can apply consistently. And you can recover from if you have problems, are better than complex security solutions that force you to exceed your level of skill, puts you in uncharted territory and make it more likely that you will make a mistake. This is often something that you hear, a lot of bad advice on. People will advise you to implement what seems to be a very, very complex security scheme. And because it's so complex, it feels secure. It feels like there's a

Keeping security simple (8:40)

lot going on, so it must be very sophisticated and serious. And in many cases, you'll end up exceeding your technical capability and actually losing money, not because of theft, but of a mistake that you make because you're operating outside of your skill level. So let's keep it simple. Let's keep it standards-based. Let's use best practices, common tools and use those consistently. So we can be very secure. We'll go straight to, we'll go straight to the first question. There's 220 people on the stream so far. Thank you for giving me feedback on the video and audio. it's always good to know. Just so you know, we have had a bit of an electricity disruption earlier today at this location, and should we lose electricity, you will know because the stream will stop. And it takes a minimum of five minutes for the internet router and wifi

to reboot. I may be able to get back, even if it's only a second of power loss, I'm gonna have to wait five minutes before I can get back. If I cannot get back, we'll let you know in the chat. So please be patient and I hope we don't get cut off. But you know that's one of the risks we have to manage today. Let's go to our first question for the day. First question comes from anonymous and choosing the word anonymous to ask your question is the first and good mechanism of security. What's the best way to manage many unique, strong passwords if I'm dyslexic and not great at remembering long passwords? This is a great question. It's a great question because it speaks to a broader issue, which is the difficulty of remembering things. And we all think we can remember better than

we actually can. And some of us have difficulty with memory or reading or writing or any other skills that help us with the memorization of passwords. And maybe know that they can't remember very well. So anonymous asks this from the perspective of someone who suffers from dyslexia, but, this applies equally to everybody. Everybody who has human fallible memory. Humans are really bad at remembering for long periods of time, especially things that are not memorable because they're not attached to images, experiences, or emotions. Remembering things that have no connection to our lives is almost impossible because our brain is very good at optimizing away information that is not relevant. If you don't have an emotion, an experience, an image connected to what you're trying to remember, the brain will say, this is no longer relevant to my caching algorithm and will drop it. And a lot

of people forget passwords precisely because of that. So I'm actually going to use a couple of resources here to answer this question more broadly and help people get a grounding in the fundamental principles of passwords. So for that, I'm gonna use some visual aids. I don't usually use visual aids, but I think there'll be useful in this particular case. Let's see how it goes. All right, so the first thing we're gonna talk about, is password management systems. For decades, we have been training users to create long, random alphanumeric passwords with a broad range of characters in them. These are passwords that humans can't remember. These are passwords that actually encourage bad behavior. They encourage behavior where you end up using the same sneaky pattern, Satoshi Nakamoto with the Os replaced by zeros and the first letter of the second word capitalized and the T replaced

by a seven and the hash pound at the end. And now you've gotten numbers, lowercase, uppercase and letters. But if you have to use it in more than one site, you make a small change. Then you maybe have to add a number at the end. And then you end up with this really tricky memory problem, which is that the sites are pushing you to create variation, but variation makes it impossible for you to actually remember, especially with password of this complexity. And so you end up reusing your password on many sites. This is what almost everyone does. And this is very, very bad for security. Now, one of the best resources for understanding how to solve this problem is actually a cartoon. So what I'm going to do is give you two pieces of advice. The first is don't try to create your own passwords,

Password managers (13:50)

use a password manager. A password manager is a piece of software that generates random passwords for you and remembers them for you. These systems solve two problems, human memory is fallible and human randomness is even worse. We're very bad at doing random. We're very bad at remembering and we're double bad at remembering random. So you cannot fix this problem by being more disciplined, more intelligent, more careful. You can't fix it by sticking post-its on your screen and doing, you know, all of the things you see here, right? Which you see in offices all of the time. Writing a password down, isn't a bad idea. If the location in which you're writing it down is actually secure. So the most basic form of password manager. is a little book, a password book. And, you know, as much as I'll say that is not very modern, it's

not very technologically advanced, and it doesn't solve the problem of generating random passwords. It's honestly the solution that my parents use. Because if they write it down, they can have more variety in their passwords. And if they keep that little booklet in a safe location, like for example, a home, a locked drawer or something like that, it's a pretty durable mechanism. Now, most of you are probably more technically sophisticated than my parents. So let's talk about a better solution for you. So a better solution is to download software, to do this for you. There are a whole range of password managers. And the great news is that for the basic functionality, these are free. You can use a product such as last password or last pass, one password, bit warden, and a whole variety of others, key pass, et cetera, et cetera. Now, these will

have a bunch of different features and you'll need to figure out which features you actually need. My advice is to start with figuring out what kind of devices you need to use this on, because one of the big advantages of using a password manager is in fact that you can have all of your passwords synced across all of your devices. So if you use windows and Android and iOS meh, it's probably easy. All of the password managers are going to support all of those platforms and you're gonna be okay. You also want it support it across the browsers that you use. So Chrome, Firefox, edge, opera, brave, whatever else you are using as an extension, so that you can automatically fill in, and submit passwords into web forms. I think you all saw my video camera just go card full. Right into the stream, that

was helpful. Yeah my SD card just got full, so I'm no longer recording on the camera. Oops. Oh, well, nevermind. Let's continue. So one of the ways you need to pick a password manager, is by figuring out which devices you need to support. And if you have some weird devices that becomes a bit more tricky. So for, I use Linux on the desktop. I've been using Linux on the desktop for a very long time. And, you know, I think this year is actually the year of Linux on the desktop. It's gonna happen people. No it isn't. But in any case, I use it, it works for me, but it's not broadly supported. So not all password managers work or work well on Linux desktops. Fortunately, most password managers work in the browser as a browser extension, which makes them mostly cross-platform. So for me, a

Choosing a password manager across devices (18:22)

password manager needs to work on Android and windows and Linux and Chrome and Firefox and iOS, et cetera, et cetera. So I can have it installed on all my devices and therefore be able to access all of my passwords on all of my devices. All right. So to answer the question posed by anonymous, what's the best way to manage many unique, strong passwords if I'm dyslexic and not great at remembering long passwords? The best ways to use a password manager, that generates unique, strong passwords randomly for you. And, once you've selected a password manager, then you set one password and that one password is your password manager password. I would also suggest that you use a two factor authentication mechanism so that someone can't simply log in and download your password file using that one password. You need a second factor of authentication. We'll talk

about that in the second part of this video today. We also have a follow-up question from the audience, which is how do I trust this software? Well, the simple answer is that you're looking for software that is either broadly used, reviewed and audited by security professionals or open source or all of the above. And I think all of the ones I mentioned previously fulfill those requirements. Now let's get back to the thing I mentioned before, which is, remember when I said that security wasn't a hundred percent and security was a matter of balancing and mitigating risk. So now let's put these two risks on the table. Risk one, can I trust the password manager? And what happens if the password manager I download is compromised or compromisable, or has a bug that isn't noticed by the millions of other users and security professionals who are

reviewing it? Risk two, can I trust my brain? Well, if you put it that way, it becomes clear that the problem here is that any password manager is better than no password manager. This is the same kind of risk management we do when we talk about a hardware wallet versus a software wallet in cryptocurrency. Can I trust the hardware wallets manufacturer? Well, some what, not a hundred percent. There are some risks there. How do those risks compare to not having a hardware wallet? And again, the answer is any hardware wallet is better than no hardware wallet. So what are the risks you can actually manage? It's important when you source this password manager that you make sure you have the correct piece of software. That you don't just download it from some random website, with a Groupon coupon, for something that was free anyway, and

then get a Trojan on your system. But going back to the point, any password manager is better than no password manager. And so you should not be trying to generate unique passwords. If a website asks you for an eight or more character alphanumeric password, you do what I do. You click the little button that says generate secure password. You set the length to 31 characters, 75 characters, 213 characters. I like playing with websites to see how long I can make it before they start screaming that's too long. After all these years of password managers and systems screaming at me, that's not long enough. That's not complex enough. I wanna see the websites to start screaming that's too long. That's too complex. Come on, man, what are you doing? My database can't fit that. So generate a strong random password. Now, can I remember this password?

Of course not. I have 800 passwords in my password managers, all of them are more than 20 character, completely random alphanumeric with symbols, uppercase, lowercase, and numbers. It is impossible for me to remember one of those, let alone all 800, but I do remember my master password. Alright, let's see what other questions we have. And go to our next question, which will give me an opportunity to talk about the next topic I wanna talk about. Anonymous asks, is there a minimum viable security standards for passwords or passphrases when I'm using a strong password generator it doesn't work for many things. Yes. Websites have ridiculous expectations for passwords, and often they're bad expectations. They encourage for example, conflicting information. Let me give you an example. It has to be more than eight characters, alphanumeric with symbols and numbers, but we've disabled pasting into the form. What

Bad password policies (24:02)

are you doing? What are you doing? Why are you asking me to pick a complex password that obviously I'm going to use the generator and then not letting me paste it. Or not letting me paste it into the confirm part of the form? Are you nuts? What are you doing? Stop doing that. Or the other passwords that say eight to 12 characters. Really? You want me to make it complex, but not too complex. So I can do 13 characters that doesn't make any sense. Or the weird combos of symbols. Oh yeah, we can do symbols, but only pound, exclamation and asterisks. Single quote and at sign we don't take because that will confuse our ragexe. All of these are really, really bad password policies. Or change your password policies every month, but don't reuse any that you use from the previous month and keep them

weirdly complex like that. These are all weird password policies and you will come across many of these. The bottom line is you can't expect different websites by different companies that have varying security teams and security policies and varying levels of security awareness to figure out a good policy that works for most of their users. Keep in mind, they're trying to work with users who span all the way from I'm trying to put in a 37 character generated random password from my password manager and one, two, three, four, five, six, seven, eight. Which is apparently the most common password on the internet or password one, two, three, four, which is I think the second most common password on the internet. So finding a policy that works for all of these people, it's very, very difficult to deal with sites to do that. So what I do

is I just keep trying. I'll throw a randomly generated password of the kind I like, you know, 37 characters and all symbols. And then the website is going to complain and say, I don't really like asterisks why are you doing this to me? So I'll turn off some symbols or it will say that's too long, so I'll make it shorter. Or it will say, actually I also need at least two capitals, but it can't start with a number. And I'm like, Ugh, come on. I'll just keep playing around until I get something that works. But no matter what I get, it we'll have two guarantees. It will be long and complex and it will be completely randomly generated and not relying on the human brain to generate this for me or remember it. And I'm using the most complexity I can. All right, so anonymous

asks the next question for us, which allows me to continue this narrative. Maybe a dumb question, but isn't the password manager located in the cloud and could therefore be a target for hackers easily? Great question anonymous. Here's how these devices work. A backup of your password database is stored on the cloud. However, that backup is encrypted and it's encrypted end to end. Meaning that it's encrypted on your local machine. It's sent encrypted to the cloud, and it's the decrypted again, only on your local machine. The way it's encrypted and decrypted is using your master password. And that master password itself is passed through what's known as a stretcher. And what a stretcher does is it takes a password stretching algorithm if you like, actually it's a hashing algorithm. What it does is it takes the words or characters that you type in as your master

password, and then it passes it through thousands of rounds of hashing. Now this takes time and what it results in is a password that cannot be brute force. Because let's say I typed a password and encrypted it or hashed it once and then sent it to the server. Great well, that's subject to difficult, fairly easy attack, which is called a rainbow table. What would happen next is that the attacker would take all of the most common passwords you can imagine, hash them and produce a database of the hashed passwords that can be used against that attack. Now, if on the other hand, or I can just keep trying different passwords again and again and again, until I find the right one. A typical brute force attack. But if every password is hashed 25,000 times or 50,000 times, or a hundred thousand times, every time I

How password databases are encrypted (29:19)

type it in my computer takes two to three seconds. Which isn't a big deal for me. Two to three seconds the first time I log into my browser or my computer in order to start my password managers, two to three seconds. But if you have to add two to three seconds every time you type in a password, well, that completely messes up the approach of brute forcing it. It also makes it impossible to generate this database of pre-computed password hashes, because it would take so long to try even just a few thousand combinations. And if your master password is complex enough, it takes a lot more than just a few thousand password combinations to produce. So the password database is encrypted usually with a fairly straightforward standards based encryption algorithm. AES256 is probably the most common that is used for this, but it's something like

that. It's a symmetric encryption algorithm that uses a single key, a private key to encrypt the data and decrypt the data. The same key is used for encryption and decryption, that's why it's called a symmetric encryption algorithm. And that key is produced by repeatedly hashing your master passphrase. So as long as you only talk to your master pass phrase on the local device, and that device is trusted, then you get a high degree of safety. Yes, the password database is in the cloud, but it's encrypted and no one can open it unless they have your master passphrase, which you never type on anything other than one of your own devices. There are some problems there, of course. Because if you have a password keyword logger on your local device, then it can catch you typing in the master passphrase. But interestingly enough, that's not going

to be enough for an attacker if you have two factor authentication and the reason it's not going to be enough for an attacker is because they may capture your master passphrase, but they cannot download the encrypted database from the cloud without the second factor authentication, which hopefully is tied to your machine, or to something else. And they don't have that second factor more about two factor authentication in a second. We're building layers. I don't know if you see what we're doing here, but yes, we're looking at each one of the problems that can occur and we're adding layers of security. Security isn't a, and here's one thing that stops everything. Security is putting barriers in the way of an attacker. And yes, you could break this barrier, but right behind it is another barrier. And then if you break that barrier right behind it, there's

another barrier. And if I make the barriers sufficiently strong, but also plentiful layers and layers and layers of security, and I ensure also the skills you need to break one layer are different from the skills you need to break another layer. And I make sure that the tools and budgets you need to break one layer are different than the other. Then the chance of you getting through all of these layers, without me noticing, without me putting a stop to it and getting through successfully, or even doing that at scale against many, many victims is very, very, very reduced. And that's the whole point. All right, I'm gonna take a quick drink of coffee here and talk with you a bit on the chats while I go fishing for other questions that, yeah, other questions that you might want to ask. Let me put up a

little page way, I think all of the patrons who make impossible for me to do this kind of educational material while I drink coffee from my new mug that says rules without rulers. One of my more popular talks recently. It comes with a little orange bitcoin. Oh my God stop advertising to us, we're gonna buy your swag. Just go on with the good content. In a second. And we're back. Okay I can put this to the side there. I'll turn it so it looks nice. There we go. All right. So I was going through the question trying to find one that would allow me to continue this little narrative and in as concise a way as possible. So now let's talk about passphrases and for that, I'm going to get some help from Bruce who asks, thoughts on using strong passwords as wallet pass phrases.

Wallet passphrases and BIP-39 (35:02)

And what Bruce is talking about here is the optional passphrase that is available for those who use a bit 39 mnemonic phrase. It's also known as the 25th word because the mnemonic phrases are 24 words. And theoretically, if you add a 25th word, but I'm not going to add a 25th word instead, we're gonna call it what it actually is, which is an optional passphrase, and can be more one word. So that's a wallet passphrase. It's an additional optional passphrase that you add to your mnemonic phrase to make the mnemonic phrase, have a second factor. So that if someone steals the 24 words that are written down on a piece of paper in your office for example, then they can't immediately take your money because there is a wallet passphrase. Now, remember when we were talking about the one password, the master password that is

used in a password manager. And we said that that one is repeatedly hashed and that prevents brute forcing. Well exactly the same is done with the optional passphrase and mnemonic phrase in the bit 39 standard. A password stretching algorithm called PBK DF2, is used to stretch it with Shaw 512 by applying 2000 rounds of Shaw 512. Now this is a bit of a compromise, it's a compromise in the bit 39 standard because the bit 39 standard, the mnemonic phrase standard for wallets has to be able to run on hardware wallet devices, which are little USB devices about this big and which do not have a lot of processing power. So actually running 2000 rounds rounds of Shaw 512, takes a couple of seconds. Two, three seconds. Now what that means is that, unfortunately it's not very good protection, it's adequate, but it can be brute

forced if you have a much more powerful computer. So if you use a GPU, for example, or even better, an ASIC designed for Shaw 12 or an FPGA device for a Shaw 512, then you can actually do 2000 rounds in a fraction of a second. And therefore you can try hundreds, perhaps thousands of passwords or passphrases per second, on the same seed. Which will allow you to attack a bit 39 mnemonic with an optional passphrase, with the right amounts of hardware on budget. But again, it's not trivial. So we're talking about layers. So let's talk about passphrases. We use the term passphrase instead of password to denote that it's not a single word. It's actually a phrase. Just like a mnemonic phrase is a phrase. It's a series of words, separated by spaces. And that makes it a lot easier to remember, as well as

to write down and read, even if it's slightly degraded and be able to read it. Turns out humans are really, really good at pattern recognition. So if you write down in your own handwriting, a series of words in lower case, you can read it, even if two thirds of the word is smudged, or you can make a pretty good guess. And if the words have some meaning to you, or you can create a mental image with those words, you can actually remember a phrase a lot better than you can remember a randomly generated password that consists of upper and lower case letters and numbers. But in order to explain this a bit better, I'm going to get some help from Randall Monroe. Now you may have heard me talk about Randall Monroe in the past. Randal Monroe is a graphic artist who does cartoon called

XKCD. And XKCD is a graphic cartoon that shows different technical concepts in, and also hilarious social criticism and all kinds of fantastic ideas. There really really smart ideas presented really, really well. And you know, it's one of those situations where there is an XKCD, there's an XKCD drawing for almost any concept you want to explain well. So I'm going to use one that many of you have probably heard before, and it's known as the correct horse battery staple. And if that sounds like gibberish stick around for a sec. All right so let's take a look at that one, on our screen here. So this is one is called, this one is called passwords. Through 20 Years of effort, we've successfully trained everyone to use passwords that are hard for humans to remember, but easy for computers to guess. And if you look up here at

The XKCD passphrase concept (40:47)

the top left corner, this is a typical password that you're asked for in a website. So this is, capital lowercase numbers and symbols in some kind of order. What you see here is the typical thing that users do in order to generate and remember these is they try to mess up a word. So this is the word Troubadour. A traveling musician who sings about the exploits of heroes. I think that's what Troubadour means. A Troubadour and three. So in this case you see something that is kind of random looking, but isn't really random. Now this particular thing can be analyzed from a computer basis. From a mathematical perspective, from an information theory perspective, to see how random this thing is. Or how much randomness this kind of thing contains. So in this particular case, we've got 28 bits approximately of entropy. That means that this

amount of complexity could be expressed by a binary number of 28 binary digits, two to the 28. Which if you were able to guess at a thousand guesses, a second would take you three days to brute force. So this is basically a web service or something like that's where you're trying multiple guesses per second. If you have a database that you've stolen from a website, of course you can apply a lot more than a thousand guesses per second on the average computer. But in any case, this is actually easy for computers to guess. And it's easy for computers to guess because 28 bits of entropy is not enough, but even though it's easy for computers to guess and brute force simply by trying all possible combinations of upper and lowercase letters in this sequence, it is actually really hard for humans to remember. And right

below Randal Monroe shows us a different approach, which is to use plain English words, separated by spaces. This is a mnemonic passphrase, not a password. And in this case, just picking four words at random, just four. Four words at random actually produces, if you assume it's from a big dictionary, maybe an English language dictionary, that it includes a hundred thousand words. Then you get about 44 bits of entropy. 44 bits of entropy gives you 550 years at a thousand guesses per second. And 55 Years at 10,000 guesses a second. Five years at 100,000 guesses a second. This is actually difficult to brute force and it's only four words. But most importantly, it's easy for humans to remember. This is why we use mnemonic phrases in bit 39. So if you think about correct horse battery staple, you can create this, even though these are random

words, you can create this weird mental image that gives you a basis for association. And association is how memory in humans works. So you have this little drawing that that's being done here. That's a battery staple, correct. So that's a horse saying that's a battery staple and someone saying correct, that is a battery staple, a correct horse battery staple. And if you just say these four words to a geek, they will immediately know what you're talking about because this phrase is so easy to remember that millions of people across the internet have successfully memorized it from this single cartoon and example. So with enormous things, Xkcd.org, is where you can go and see this series of cartoons. The fantastic work. XKCD. But I think that helps you understand the point. So this is a passphrase, and this is a much better way of producing a

Using passphrases for wallets and encryption (45:27)

master password for your password manager, as well as a optional passphrase for your wallet. So you can actually create an optional passphrase for your wallets with this. That is really difficult to brute force, even with a GPU or FPG. Even if you can do 2000 rounds of Shaw 512, You're still looking at months if not years, before someone can brute force something with as few as four or five words. If you go to six words, you really have a very strong mechanism. Now you would not just use this. So let's say you have a bit 39 mnemonic phrase, and you want to add an optional passphrase and you say, okay, I'm gonna pick four words at random, from a dictionary. And then that's going to be my optional passphrase, and I can memorize those four words and remember them. And also I will back them

up to a secondary location because while I can remember them, what if something happens to me. Do I want my inheritance to disappear into nowhere because no one can find the optional passphrase I used. No, obviously I don't. So I'm gonna have to back up the passphrase too, I'm gonna back up the mnemonic phrase the seed. And I'm also gonna back up the optional passphrase and keep them in two different locations. I'm also going to make it so that if someone gets a peek at my seed, I know they got to pick up my seed so that I know to move my money before they can run through all possible combinations of a passphrase by using a powerful computer. The way I do that is we're very, very low tech. It's a plastic bag, a tamper evident, plastic bag. You can buy them in a

pack of a hundred from online retailers everywhere. They're used for cash donations for bingo games and churches and things like that. They're used to prevent employees from stealing. And they're opaque, and once you seal them, the only way you can unseal them without it being obvious is by tearing them or cutting them, you will leave a mark. You can't freeze or heat or unseal and reseal without leaving a mark. And so if you put your mnemonic phrase and your optional passphrase in a tamper evident bag like that, and someone takes a peek, you know they've taken a peak. So if you audit your storage locations every couple of months, you've got a good basis for security. All right, I'm gonna wrap things up. We are going to go for another 45 minutes, approximately because I still have a lot to talk about, about two factor

authentication. But I wanted you to understand how we do this passphrase concept. So, in the next segment, I'm going to talk about how to generate a passphrase securely. Let's go to an emoji storm and please I call on all the community members of YouTube to demonstrate to everyone the incredible creative and expressive power of custom emojis from my channel by executing an emoji storm go. All right, and I'm back. So you want to create a passphrase. And you know that this passphrase is probably best if it's in the form of what we know as an XKCD passphrase, correct horse battery staple. A series of English words that are randomly picked, that you can create a mental association, an image that goes with them. You're going to use this passphrase, maybe for your master password, for your password manager, which you're going to have to type

Generating passphrases securely (50:25)

in many times per day on different devices. I use similar passphrases for other purposes, and I don't repeat the same passphrase. But I've found that I can remember three or four of these before it gets complicated. So I will need a passphrase like that for my optional passphrase for a bit 39 wallet. I will also need a passphrase like that for my hard drive encryption on my laptop. I prefer to use an encrypted hard drive. And before you boot my laptop or any of my devices, really, you need to enter a passphrase. And that passphrase is also of that form. It's a mnemonic passphrase. It uses a series of English words, separated by spaces. For consistency purposes, I always type my mnemonic, passphrases all in lowercase with simple spaces in between. So lowercase word, space, lowercase word, space, lower case word enter. And they can

be anywhere from four to eight words in length. You have to decide what level of security you need, and that depends on where you're using it. How many rounds of hashing are used in the generation of the encryption key that derives from that passphrase and what the level of threat you're facing for these things is. But four should probably be the minimum amount of words you use and eight would probably be the maximum amount before you start forgetting things and getting confused. Especially for a passphrase you don't use very often. The more often you use a passphrase, the more often you type it, the longer you can make it. Because then you will be forced to remember it by practice. So I can use a slightly longer passphrase on my password manager because I type every single day. I will use a slightly shorter passphrase,

for example, as an optional passphrase on a wallet, and a slightly shorter yet passphrase as an optional passphrase on my devices, boot encrypted boot for my hard drive, because that I only type say once a month and it may be easier for me to forget. So how do we pick these words? There are a number of ways to do that, but you want them to be random. You don't want them to be a song. The lyrics to, I don't know. I was about to say a song, but I think that would create too much controversy. So I'll skip that altogether. You don't want it to be the rallying cry of your football team. You don't want it to be the slogan of your state. You don't want it to be a phrase from star Trek. Why? Because all of those phrases exist in dictionaries that

hackers have collected. Anything that you might get a hit if you typed in Google as a phrase, which of course, you're not gonna type into Google because that breaks the security you should never use. You should never use a phrase that has ever been said, or is likely to ever be said by someone. So instead you want to pick random words and then try to create a mental image or association that is meaningful to you. And it can be very weird and bizarre as long as it's meaningful to you and you can repeat that image in your head and do a bit of practice. That's a good way to do it. So how do you pick random words? Well, there's a number of ways you can do that. You could open a dictionary at different pages and put your finger down without looking not very

good. You're likely to spend most of your time picking the center third of the pages and the dictionary and the center, third of the page with your finger. But it's actually good enough because the dictionary has a lot of words in it. A nice, big, thick dictionary. So you're going to get sufficient randomness. So that's an easy way that you can do right at home without any extra effort. If you wanna go a bit further, you can use a technique called diceware. D-I-C-E-W-A-R-E. And diceware is a mechanism where you have a list of words that you can download. You can download the diceware index list, the website you'll find is... You can find this on Google quite easily. The first one that comes up, which is diceware.D-M-U-T-H dmuth.org is the correct one. And if you use that website, you can download the list. Now what's

The diceware method (55:27)

interesting about that list is that it's indexed by numbers that have digits between one and six, which allows you to then use dice, plain dice, regular dice. You throw dice five times and you create a five digit number where all of the digits between one and six, and then you look up the word, that corresponds to that index in the diceware list, and you write it down and you've got randomness. You've got randomness that is designed to be used with plain dice, which is convenient. If you have some dice laying around, you can easily do this. It's non-digital you download the list to your own computer, and you simply choose words from that list at random. Again, that's a great way to generate one of these random passphrases. And of course, you can also use a program on your computer. The problem of course is

that if they're already is a Trojan malware or keyboard logger on your computer, that can cause some difficulty. I use a program that's called XKCD pass, which actually produces XKCD compatible passphrases. I generate a whole bunch of them. And then I pick one at random from that very, very long list. And I don't make any indication on my computer as to which one I pick. I just scroll and scroll and scroll for a very long list. It makes it much harder to capture that way. Again, this is about layers. It's not perfect. There's lots of difficulties and holes in this entire process. All right. So we've now talked about password security, and we've combined a number of topics together. We've talked about complexity of passwords. We've talked about layering security. We've talked about the weaknesses of human memory and human randomness. We've talked about why

using software is better than not using software, even though you can't trust the software a hundred percent. We talked about how to generate your master passphrase and what type of master passphrase you should use, which you can then use to generate from your password manager, your session passwords, or site passwords that are complex alphanumeric and random that are impossible to remember and have your password manager remember them. So the next topic is two factor authentication. Now, what is two factor authentication? Two factor authentication is when you use two different ways to authenticate yourself. So authentication basically means proving you are who you say you are. And two factor authentication means using two distinct mechanisms to prove you are who you say you are. And in computer security, we describe multi-factor authentications and factors of authentication as one of three things. The three possible factors you

can have are something you know, a password as an example of something, you know. You memorize it therefore, you know it. Knowledge based authentication is also a form of this something, you know, factor like where were you born? What's the brand of your first cake mixer? Who's the first person you kissed in school? whatever it may be. Now, obviously something you know, is a factor, and it's a good factor. Only if one, you can remember it and no one else can easily guess it. And so this is where all of the complexity we talked about with passwords comes in. A second form of authentication. A factor of authentication is something you are. And something you are usually refers to a biometric an immutable measurement about your physical being that cannot be faked. So a fingerprint, an Iris scan, the sound of your voice when you

repeat the phrase that you are supposed to repeat. Your gait, your heights, your face for facial recognition, all of these things are biometric factors. So something you are. Biometric factors have advantages and disadvantages. They can be used in addition to another factor. Of course, the big disadvantage with a biometric is that if it is copied or if it is lost, it cannot be replaced. So if, for example, my fingerprints leak, and everybody has access to my fingerprints and can recreate them with latex as you have seen on all those spy movies, then I can't change my fingerprints. And therefore this biometric is no longer useful to me. And we've seen the biometrics are pretty difficult to apply, but the very useful as a second factor, never as a primary. I would never use a biometric as the only way to authenticate myself, say to my

Biometric authentication (1:00:44)

phone. Because as you've seen as every eight year old knows, if you hold mommy's iPhone up to her finger, while she's sleeping on the couch, you can go and buy things on Amazon. You can be your very own personal Santa. Just as long as you get access to mommy's thumb or daddy's face holding up the facial recognition device in front of daddy's face. As daddy is snoring in a way after all that work at the barbecue party. Biometric alone isn't sufficient, but it makes for a very good second factor. The final factor is something you have something you have, and something you own. And this biometric factor is usually encompassed in an additional device. It is a device that is a security factor that you hold. A key is a something you own factor of authentication. A digital key, a private key, even a physical

key for opening your door. And increasingly nowadays we have second factors that are based on something you own that are made into USB devices. In fact, I have one permanently plugged in to my laptop. A lot of you probably have heard me talk about these before. This is a YubiKey, and this YubiKey is a device is so tiny that when I put it into the USB port of my laptop, the only thing that's sticking out is that a little metallic tab, which is touch sensitive. When I try to use this, it requires me to touch. And when I touch, I activate it and it sends a code from my computer. Now you can't log into my computer and many other services that I use without tapping to authenticate on the side of my computer. Now, if you steal my database or my master passphrase, or

you guess my password, you still can't decrypt or open these devices or access my various accounts because you don't have this thing. I have this thing. And of course that's an additional factor of security. On its own, it's not enough because if someone was able to steal my laptop, now they have this thing, but fortunately they don't have my password, which is the other factor. So in general, when we're talking about multi-factor authentication, what we're doing is we're recognizing that no single factor of authentication is sufficient on its own. All authentication factors have failure modes. But if you use multifactor authentication and your authentication factors are varied, then the mode of failure, the failure mode of one authentication factor leaves the other one as your protection. So you have layers. You know in every spy movie, when they basically chop off the finger of the

bad guy and they take it up to the fingerprint reader and they use it to open the door, well no door works like that. All of them also require a pin code precisely so that if you steal the pin code, you don't have the finger. And if you steal the finger and chop it off, you don't know the pin code. It takes both. No manufacturer of such a device would make it so that you can open it only with one. And in fact, when people set up their phones to only open with a biometric, that's incredibly dangerous, and you need to make sure you have an additional mechanism. Great follow-up question in the chat, what if I lose my YubiKey, my security key? Well, I actually have several. I have three. And I have one stored in an offsite location as my ultimate ultimate backup.

I have a second that I don't keep plugged into my laptop that I take with me. It's often something you will see security people wear on a LAN yard around their neck, or connected as a key chain. These devices are pretty robust than they're often designed to be attached to a key chain. So you can take them with your keys, which makes sense. Similar security model they're near indestructible. You can run over them with a truck and they still work. So I have all three of these security keys registered, so that any one will work and I'd have to lose all three of them before I lose access. But all three of them are in locations that are difficult to get. And the main risk, the main threat that I'm trying to address here is remote compromise. Yes if you break into my house, office

Security keys and YubiKeys (1:05:51)

or undisclosed location number five, and you are the evil maid who breaks into my hotel room or whatever, you can find these devices, but then you probably don't have my password. If you hack into my systems and you get my password, you don't have the device. If you try to use the password to log into one of my devices, I won't tap on the side of the computer to give you access. And quite honestly, you know when I leave my computer unattended, I take out the YubiKey and take it with me. So again, this is about layers. So two factor authentication means using at least two factors to authenticate yourself to any service or device. And these are something you know, something you have and something you are. Any one of these three can be used as a second factor. And of course you can

use three factor authentication, if you want although that's kind of unusual, it becomes cumbersome and complex at that point. Difficult to recover, easy to get locked out. So two is usually the magic number, and that's why we call it to FA two factor authentication. Other people call it MFA for multiple factor authentication or multi-factor authentication. It's the same exact thing. There's another standard, which is a standard for a universal format for security keys like the little YubiKey I showed you, which is used in the industry. Now it's one created by a standards body called the Fido Alliance, and it's called U2F, universal two factor. If you notice on the slide of my code is a learn U2F universal two factor. U the number two, the letter F, U2F. That's simply a standard for a hardware based multifactor device that can be plugged in connected or

transmit over Bluetooth or NFC to a device you're trying to authenticate to. All right, so let's go to a question. Not that one. Where is it? May be now? Okay, one second. It appears the question is not being highlighted. Not sure why. Give me a second, please. I will fix this. I need to refresh my browser. Let's hope it doesn't ask me for a complex password. Okay there seems to be some kind of oh wait, hang on a second. Something's gone wrong with my Slido, so I can't actually see highlighted questions. I don't know why that's happening. Never seen that before. Oh, there's a poll. Apparently there's an active poll that is now getting in the way of me seeing the questions. I don't know why. Pardon me. Oh, there it is. It fixed itself. Sorry for the technical difficulties folks. Why is a text

message weak two factor authentication, is it better than nothing? So a lot of banks use SMS as somebody else's pointed out, they use SMS text messages as two factor authentication. So why is a text message weak, two factor authentication? All right. So what type of factor is a text message? Let's see if we can figure this out. Is it something you know? No, you don't know at the time. It appears there's some kind of poll that is being run that is interrupting. Sorry. The Slido started with a poll for some reason. That's weird. All right. Is text message a good two factor. What type of factor is it? Is it something, you know? No, because you don't know it, when it's sent to you as a text message, you don't know it, you find out about it. So it's not something you know. Is it

Why SMS is weak two-factor authentication (1:11:00)

something you are? No, it's not something you are. Is it something you own? Kinda. You might think, okay, it's something I own, I own the phone that is receiving the text message. But the text message isn't being sent to a phone, it's being sent to a phone number. Do you own the phone number? And the answer is really the phone number is the SIM, or rather the account that the SIM card in your phone is connected to and who owns that account? And the answer is Vodafone or Verizon or AT&T or T-Mobile or whoever. So the problem with a text message two factor authentication is that you don't own the phone number. The phone company does. And the phone company has shit security. That's it, it's really as simple as that. So all you have to do is call customer service, add the phone company,

play the sound of a crying baby in the background, pretend you're speaking to a frustrated babysitter while the baby is screaming. And your husband is shouting at you or your wife is shouting at you in the background. And you're having a meltdown and a really bad day. And the very helpful and very empathetic people at customer service will bypass all of the security checks because you don't know what password your spouse has set on the account, and this is really an emergency and you really need to get in touch. And they will happily port the number to your new phone that needs to be activated right now, because it's an emergency. Now, if this sounds like a theoretical attack, there's actually a fantastic demonstration that happens at Def Con and Black Hats and other hacker conferences, where they do these called social engineering attacks. And

one of the best of these is a video where a very very skilled social engineering hacker demonstrated to a journalist how quickly they could take over their phone number by calling in to a phone company, playing a recording of a screaming baby in the background pleading for their help in this case of an emergency. And literally less than 10 minutes later, they had taken over the phone number, then use that to reset their email account, and then use that to reset all of their other accounts and basically compromise their entire digital identity within less than 15 minutes. So that's why text messages are a weak form of two factor authentication. And it's really important that you do not use that if you can avoid it. But to anonymous question, is it better than nothing? It is better than nothing. It is better than nothing if

you can avoid using it on accounts where you can pick better choices. So any accounts where you can use something other than text messages use that. The other thing is to think very carefully about who your phone provider is. So a lot of security professionals use phone providers that do not have human customer service that can be socially engineered and where the accounts themselves are protected by strong two factor authentication. For example, Google's project Fi, F-I, which is a virtual network operator, does not have humans you can talk to. And you connect and access and configure that phone account through a Google account that you can secure with strong two factor authentication such as a universal two factor token. That means that your number cannot it's be ported, which means then you can more safely use that number in order to secure text message based

two factor authentication is like your bank that suck at security. So in terms of most sucky companies at security, banks, phone companies, and then actual service providers that have decent security teams. So it's all about layers. If you have no option, but to use text message as your second factor authentication, then I will tell you that there are some services I use where I have no option but to use a text message. Then make sure that that text message goes to an account that is well secured. Even with your phone carrier, you can put a pin on your account. You can turn off the ability to port the number. You can go and do all kinds of things to strengthen that account. But if you can even better move your number to a virtual network operator or service provider that doesn't have humans who can

Securing your phone number (1:16:25)

be socially engineered to port you're a number. And that has strong authentication on the factors that control your phone number. And if you can avoid it. Especially avoid it if it is the second factor for connecting to your exchange, where you store millions of dollars worth of cryptocurrency. And of course, I am kind of hinting here at one, rather infamous cryptocurrency pundit, who did in fact store millions of dollars of cryptocurrency on an exchange wallet on a hot wallet whose custodial, not your coins with an SMS two factor authentication that was hosted by AT&T and is currently suing AT&T for the loss of some, I don't know, 50 million, a hundred million dollars, some ridiculous number like that. Honestly, that's the kind of legal case where as an expert witness, I would get up on the stand and laugh for 30 minutes in the face

of the plaintiff. When they said it was somebody else's fault that they put millions of dollars on an exchange backed by a text message, two factor authentication to AT&T. I would not have much sympathy for that. All right. So let's talk about two factor authentication that actually does work. I've talked about the security key, which is a piece of hardware, but there's also another mechanism that is very common, that you've all used before, which is where you have a six digit number. Neeraj helpfully asked me a question specifically on that topic. Hi Andreas, how does Google or Microsoft authenticator work? Is there a decentralized system which can replace them? Neeraj, these are decentralized systems. Although the app is created by a centralized entity, the app is actually fairly dumb. And as a result, it is actually decentralized. The secrets that are stored on these authenticators

are only stored on your local device. There are some variations, of course. Some of these applications, like for example, Offi do allow you to backup and port the secrets that are the basis of your two factor authentication to another device. Which makes them convenient, but dangerous. If you have support from multiple devices turned on in Offi or other systems of support backups, you must keep that turned off and only turn it on, when you're porting to another phone or a device such as for example, when you get an upgrade for your smartphone and you need to move all of those accounts over to a new device. Google authenticator actually introduced backup and porting in their latest version. I don't know how it works, but if it does work in that way, make sure you haven't turned off by default. So that only that local device

can use those security codes. Otherwise it's not really two factor, right? It's not something you own. It's a backup password. It's something, you know, and that can be easily stolen, or it's tied to your phone number. In which case we're back to the text message security we're talking before. Someone ports your SIM, they take over your number. They install the authenticator software on the smartphone. They then download the backup and port it to that device. And they have all of your two factor authentications that weren't actually two factor authentication. So this is the failure mode, but let's talk about how this thing works first of all. So how does Google or Microsoft authenticator work? First, let's name this thing. This is a mechanism called a one time password or OTP. One-time passwords are decades old and they've been used, well, let me correct myself. Digital

one-time passwords on portable devices, are decades old. One time passwords in themselves are actually thousands of years old. The general concept being here that if you generate a sequence of random numbers and the two parties to a communication, half a copy, that sequence, or can generate that sequence and nobody else can. Then there's nothing to steal or guess. One-time pads are an unbreakable method of encryption as long as you can generate these secrets and not have them stolen. And one time passwords that are numeric, six digit codes are very, very difficult to steal. As long as you can keep the root secrets, which generates them secret. Now Google and Microsoft authenticator are a particular subclass of one-time passwords called time based one time password words. And if you want to find an application that supports the time based one-time password standard, you use the acronym

Time-based one-time passwords (1:21:56)

T-O-T-P. So OTP one-time password T-OTP time-based one-time password. And time-based simply means that the code is tied to the current time and changes every 30 seconds. So these things use a secret and a clock, which has to be more or less synchronized with the current time correctly, to generate the specific code for the specific time that you want to use it. And because it's a 30 second time window, you can be off by a bit and you have some time to see it on your screen and enter it into the website. Now because the website that you're connecting toward the device that you're connecting to has the same secret and the clock is more or less synchronized. It can figure out what code you're supposed to enter. It usually looks at the one before one after so that it knows if you're a bit off,

like just over 30 seconds. It will accept those. And then you see on your screen, the current code, and you'll see a little countdown. And after 30 seconds, it changes and you have a new six digit number. So the way this works is using a private key. And from that private key, it uses a derivation function, which can be a variety of different things. I don't know what the standard use is for T-OTP. I'm assuming it's some kind of hash mechanism with the time. And with that derivation function, it produces new numeric codes, every 30 seconds. And you can calculate from the sequence, sorry, from the secrets and the current time, the correct code for the current time. The secret itself is in the QR code that the service you're trying to use displays the first time. So when you go to use one of

these devices, and they're all compatible, so whether you use Google authenticator or Microsoft authenticator or Offi or duo or any of the other ones, and most password managers also have one of these T-OTP services built in. All you have to do is scan a QR code from the website or service that you're trying to add second factor authentication. And that QR code contains a secret. That secret is an alphanumeric randomly generated string that is attached to your accounts. And the website generates randomly for you. It presents as a QR codes. You scan it with your Google authenticator device, your Google authenticator device records it as the secret, and then starts generating codes for the current time. You then enter one of these codes into the website. It can confirm that you got it correctly by tracking and saying, yeah, that's the code I was expecting

in this 30 second window. And now you have established two factor authentication. The difficulty with these of course is backup. And there are a number of ways you can do backup. One way you can do backup, is an actually probably the most secure way you can do backup honestly, is a physical printout. So when you have that QR code on your screen hit print. I say physical printouts, because you might be inclined to do something else, which is take a photo of it. And of course, in order to take a photo of it, you're going to use your smartphone. The problem is that photo is going to get stored in the cloud. At which point it's no longer only on the device in the Google authenticator, in the T-OTP authenticator. And at that point, it's no longer a secure second factor. Making backups in the

cloud of your two factor authentication secrets is a bad idea. It's actually better to use the backup facility that the two factor software might have, which at least is encrypted with a password of your choice. Where do you put that password in your password manager? We're going in circles here if you can see, and sometimes it can get confusing. So print out the QR code if you wanna make a backup or don't with most services, if you lose your two factor authentication token or app, you can ask them to reset it. And they'll make you jump through hoops, holding up IDs and doing selfies and confirming through multiple other mechanisms like emails and phone calls and things like that. Many of these services will also give you a series of backup codes, which are pre-computed numeric codes that you can enter instead of the dynamically

The hierarchy of two-factor authentication (1:26:44)

generated one that are static. And these are in case you lose your authentication device. And where do you store these? In your password manager is where you store them. So two factor authentication with a time-based one-time password application is a strong, effective, simple to use mechanism that you can add to all of your accounts today. Now let's look at the hierarchy of security. Universal two factor security key, very, very strong encryption based. If you register several of them and keep them in secure locations, very difficult to compromise. Very easy to backup, it's a physical thing. You back it up by keeping another physical thing around. It's impossible to copy and it's impossible to steal without you noticing. Second tier time-based one-time passwords that you use by scanning a QR code and an application like the one discussed by Neeraj. They gives you a six digit

code every 30 seconds. Again, that makes your phone, the something you own second factor, and these are a bit difficult to back up. And if your phone is stolen, they might be easy to compromise. I like to put a fingerprint on the two factor authentication app itself so that you can't see the numeric codes without using the fingerprints. Now, this is essentially a third factor on top of the second factor, which protects me in case someone steals my phone and it's open at the time and they could get into my two factor app only they can't. And finally, the lowest tier is text message two factor authentication, which of course is not secure unless you have no other option in which case it's better than not having anything. So those are the tiers of two factor authentication. Let's see what other questions we have while

I take a brief break here. And I'm gonna play a video from my patrons, that tells you why you should support my work online. So what we're doing today, and what I'm always trying to do is give you high quality educational material about bitcoin and open Blockchains in a way that is neutral without sponsors, without endorsements, without selling out to advertisers or being beholden to corporate interests. No one's paying for this other than you. And so if you like this education, if you've benefited from this education, or even if you simply want to give back and help others, get this education and help me and my team continue to do this and do it better and do it more broadly, then please consider supporting me with a YouTube membership or even better a monthly patron subscription. And in the words of my patrons, here's why.

• I'm a patron of Andreas because I came across his videos online and that's how I learned about bitcoin. So that's how I got introduced to bitcoin. - I'm out tonight at a social event organized by Andreas, as part of his paid patrons support. Just had a few drinks at downtown London, so it's been a really fun evening. Got to meet a lot of like minded people. - We should support the work Andreas is doing. He's doing so much in getting new people into bitcoin and into bitcoin education. - He's a great teacher. He can explain very complex topics in an easy to understand way. He's very honest and very precise. They can be prepared and intellectually honest. I think it's his best characteristic. - He brings such clarity to a really complex subject which is bitcoin and the industry around it. - It has

been a very, very good inspiration for me and every bitcoin I'm giving to him, it will be very well used in helping us understand bitcoin. And I think it will improve the world at some point. - Being a patron I get to meet Andreas and that's why I love being a patron and I'm gonna continue being a patron. - I think it's just a good thing. If you're interested in learning new things and also want to support the bitcoin community, then you got to be a patron. - Being a patron makes you feel special. You can attend to his live Q&A sessions. You can meet him at happy hours. It's really great, totally worth it. I'm very, very enthusiastic on being a patron. - I'd like him to be able to produce his great and valuable content in a future free from advertising and just

Q&A: porting phone numbers and app security (1:31:37)

with the help of his patrons. And that's why I'm supporting him on patron. (gentle music) - All right, before we go to the next question, got a couple of great follow ups in the chat. That my producer has helpfully posted for me. So we have first of all, a follow up from Lucia, can any phone number be ported to a non-person customer service? It depends on the country in which you are registered. Different countries have different laws about portability between telecom providers. But honestly, most of European countries and certainly North America, I know this is the case in the United States and Canada mandate that carriers honor porting requests. And that means that with the correct process, you can move your number and not lose it and go to a new carrier. And then you could go to a carrier that is a, no customer

service, no people carrier. Google fi is the one I've heard the most about there. There may be many of them, others that are similarly secure against number porting attacks. I'm partial to that, although it does have some privacy risks for obvious reasons. The second question comes from Ben and Ben says how to know that your app isn't leaking the secret key. Ben, you can't know that your app isn't leaking the secret key. You can only go with apps that are used by lots of people used in security environment, audited reviewed perhaps source that have their code audited, that have been built by companies that are reliable. That take security seriously, that have a long track record of not breaking things. This requires trust in a counterparty. However, almost everything I've talked about requires trust in a counterparty. So then the question is how much trust

are you putting in the counterparty and who is this counterparty? And what is the alternative? And if the alternative is not using an app and trying to rely on memory, then actually the alternative is worse. And this is the careful balance that you have to strike in security. Increasingly we are seeing more and more companies attempt to implement various mechanisms for decentralized authentication, decentralized identity, decentralized validation, that are more secure. Multisig on bitcoin or Ethereum for example is often the basis of such services. But for now these services are relatively immature, not broadly deployed and not yet suitable for these types of solutions. So very hopeful for the future in that space. In the meantime, the question you should ask, what is better using a centralized service that has a good track record or not using a service at all, and trying to rely on

memory? And I can answer that definitively with it is better to use a password manager from a trusted or one, a company that has a good track record, than to not use a password manager and try to rely on fallible memory, fallible randomness and DIY solutions that may exceed your technical competence. Let's go to the next question. It comes from Trixie Andreas love the glasses. Me too. Thank you Trixie. With these, I can actually read what's on my laptop. There are two types of livestream I do. Some are a bit more ad hoc, more based on questions. I don't need to read much what's happening on my laptop. I've got a nice studio monitor over there, which is far enough away that I can read it with my failing eyesight. And some like today's are a bit more complex. I need to do a lot

Q&A: converting bank SMS to stronger authentication (1:36:01)

of reading. I've got my laptop on the table. And so I need these things. But thank you, we digress. Back to the real meat of this question. I'll restart for our editor. Trixie asks, is there a way I can convert those stupid bank text messages to offi or something similar? A time-based one-time password system. Offi is one of those time-based T-OTP, time-based one-time passwords. Trixie no, there isn't. Unless your bank has a mechanism that supports something other than text message, you cannot use a time-based one-time password. The correct answer in this case is use text messaging, but change your phone provider to one that requires a strong authentication mechanism, such as time-based one-time password, or even better universal two factor with a security key or where you can configure those options. So that your number can't be ported because that requires a strong authentication. And

if your number can be ported, then your bank text message is much, much more secure. So that was a great question from Trixie. Let's see what other questions we have here. I'm not seeing too many other questions, so, Oh, and there you go. Oh the moderators are now frantically, frantically pulling up questions and queuing them for me, so that we can find some more questions. I hope you're enjoying today's session. So let me do a quick recap of what we've learned so far. Security isn't ever a hundred percent, security is about managing realistic risks within your technical competence with the simplest and most consistently applied solution that you can find, which is layered with other solutions to provide a series of barriers against a determined attacker. If you do security right, then you become comfortable with these measures. You can apply them consistently, and you

have enough layers that carefully match both your skills and your threat environment to make it so that an attacker, neither has the time, the resources, the budget, or the interest, the reward, really to attack you. And instead they attack someone who is a softer target, and that's basically security. You can't be perfect about it. In fact, you're human. So you will, by definition, be imperfect. You have to be able to execute it consistently and within your skill level, which means it has to be simple enough. It can't be solved with a single tool technique, practice or action, so you have to use multiple tools, multiple techniques, multiple actions, layered together, preferably diverse mechanisms of security that require different skills from the attackers that protect the different threats so that you can layer them and create a comprehensive system. And that will still not get you

to a hundred percent security, but, you know, if you do it consistently, and if you do it deliberately, and if you tailor it well, both to your threat needs and to your level of skills, you can join the elite group of people who can honestly say, I haven't been hacked for years. That's the best you can do, but that's usually pretty good. And it takes you way above a lot of other people. Anonymous asks, could you share any concerns or suggestions about password managers for someone who hasn't yet got around to comparing learn closely or trying any. I've used many different password managers over the years, there are some that are very, very commonly used that are not my favorite. That I reluctantly use from time to time or all the time, depending on the device I'm on. There are some that have fallen in

or out of favor. And there are some new ones that are gaining prominence. I can't really tell you what's gonna be right for you. I can tell you that probably the two most popular are a system called last pass and a system called one password, one the number one, followed by the word password, all one word. One password and last pass are probably the most well-known. Beyond that there's a number of other systems out there with varying capabilities and differentiators. One of the slightly newer ones that I'm looking at with interest is bit warden, because this is an open source system that is multi-platform and pretty well architected. But at the end of the day, as I've given the same advice for hardware wallets manufacturers, for example, I'll give you the same advice for our password managers. The differences between the say top three, four,

Q&A: comparing password managers (1:41:43)

five companies in the space where products in this space are small, small differences. They're all pretty good. They're all pretty secure. They're all pretty consistent. The difference between one of the top four or five password managers and not having a password manager at all, or trying to rely on your memory or trying to build your own solution is vast. So the question isn't, which of these should I be using? It's whether I should be using one, the answer is yes, and don't waste too much time. One way to think about it is what are other people in your family using? So you can easily share passwords with them. Most of these things are closed ecosystems. So if everybody in your family has bit warden, then it's better if you use, bit warden. If your company or your employer is using one, then you are probably

better off using the same one for your personal functions as long as you can keep two separate accounts, just so you don't have to have too many applications running and too much complexity. Again, keep it simple. The only question you should be asking is how quickly can I get one of these things up and running and then secure it properly, and then go out and change all of the passwords on all of the websites, starting with the most important ones first. Anonymous asks is Google authenticators initial setup, and implementation of a symmetric key, unlike bitcoin, which uses asymmetric encryption. Yes, it is. And I don't know what the T-OTP standard is because I've never looked at it. It might not even be symmetric encryption. It might be a password stretching algorithm. In fact, it's likely that it is some kind of sequence that's based on

derivation using hashes. But I don't know, I haven't looked into it. It's not asymmetric, I can tell you that. So it's not a private public key system. What is symmetric encryption? What is asymmetric encryption? That's another question that came up on the chat. Asymmetric encryption is when there are two keys in a pair and we call those a privates and a public key and whatever is encrypted by one can be only decrypted by the other and vice versa. So if you encrypt something with your private key, it can only be decrypted with your private, with your public key. And if you encrypt something with a public key, only the person with the private key can decrypt it. And the combination of these techniques is used for digital signatures. And it's used for encryption and decryption of data between two recipients. What it means, however, is

that if you want to decrypt something to me, you need my public key. If you encrypt it to my public key, which is public and easy to share, then only I can decrypt it. If you wanna encrypt it to lots of people, you need all of their public keys and you need to encrypt it separately to all of their public keys. Symmetric encryption is where you have one key that is both encryption and decryption. And in fact, until the 1970s symmetric encryption was the encryption mechanism. Asymmetric encryption was not invented I believe if I'm not mistaken until the 1970s. So that's the difference between symmetric and asymmetric. Let me see I think I have another one here. Another follow-up from Carlos. When will we use bitcoin signatures for authentication? You could use a bitcoin signatures for authentication today. The problem is you have to be

careful how to structure it and understand what exactly you are proving. A bitcoin signature and generally the use of digital signatures for authentication proves a very specific and very narrow set of things. So let's see you tell me to sign a message with my bitcoin private key and produce a signature, and then share that with the world. Well, here's a couple of things that I prove. I prove that at the time that the signature is created, I had possession of the private key. Of course, that does not mean that I didn't produce that signature years in the past. You don't know when the signature is produced. The other thing is that in order use that in a viable scheme, the person who is asking for the signature needs to do what's called a challenge response. I can't just say sign something, because if I get

Q&A: Bitcoin signatures for authentication (1:47:01)

to pick the message, I can basically pick a message that somebody else signed a long time in the past, present the signature they applied and tell you that I just did that. And you have no way of knowing whether that's true or not. So instead in that scenario, you need the challenge response. So what I would say is please, CarlosM, sign a message that says, I CarlosM on December whatever is the fifth today? I don't even know on, on December, whatever it is, fifth, 2020, I am in possession of my private key. And I am signing this message at the request of Andreas. So do you get what I'm saying here? What that does is it anchors it in time. You wouldn't know what the message is until I asked you a specific message to sign. You relate it to a specific activity. I've asked

you to put information about the time that you signed it and the identity of the signer in there. That makes it a lot harder, but still, I don't know if Carlos signed this. We had a similar conversation when we talked about signing with wallets in order to prove that you own an address for the new travel rules that are being proposed in the US and have already been implemented in the EU. And of course, if Carlos wanted to prove that they owned an address and I gave them a message like that, all they had to do was give that message to Jimmy, have Jimmy sign it saying, this is Carlos, give it back to Carlos, Carlos gives it to me, and I think that proves that Carlos has the private key when in fact Jimmy does and they're working together. So this is complex. It's

not as simple as it appears at first glance All right, let's see. I'm gonna answer like maybe one more question. Oh, this is a good one. I really liked this one. This is a question from Jeff. Jeff Tezos asks, what about passwords you need to manually inputs with your remote on the TV or similar Amazon, Netflix. How long and hard should it be? Jeff, I've struggled with this. And I have my answer to this, which I will give you in just a second. Now, imagine the scenario that Jeff is talking about, you've used your password manager to generate a unique alphanumeric 32 character with symbols key for your Netflix account. Now you have to enter it on the keyboard of a smart Roku TV, where each letter has to be entered by moving your little cursor to the correct letter on the keyboard, hitting enter,

and then moving back and going down to the caps lock and turning on caps lock and moving up and going to the capital letter and then turning off cap lock and then moving to the symbol and switching to the numeric keyboard. Oh my God, it's gonna take hours, hours. And so yes, in those cases, same thing I would say in cases where your security isn't that critical, you need to do something where you often have to share this key with other people. A good example would be your wifi password, right? So in those cases, what I would do is I would use a simple numeric or alphabetic password. All one class of characters and make it a bit longer. So I don't care if someone hacks into my Netflix and notices that I'm watching the Queen's Gambit. Of course, I'm watching the Queen's Gambit. Everybody's

watching the Queen's Gambit. It's Queen's Gambit week. It doesn't really matter to me, although there are some security considerations, like being able to figure out where I am when I'm watching that. So I still need a password. But it doesn't have to be that long because it's unlikely someone's gonna try to crack it. The real issue is did I remember to reset the Roku TV when I left the Airbnb. Aha. That's a good question. So what do I do? I usually pick a numeric password or an alphabetic or lowercase password and I group it in groups. So a classic one I would do is 12 numbers separated by minus or a hyphen signs. So that means I will do three groups of four or four groups of three digits. So my password will be something like nine three seven dash three one two dash three

Q&A: passwords for TV remotes and low-security devices (1:52:10)

three one dash four one five. I'm just randomly picking numbers at this point. Not very good random, by the way. I would use a random number generator in my password manager. I would tell it to give me only digits and make it length 12. And then I would write it in with dashes in between grouped in nice groups of four, because it's easier for me to read that from a screen and typing into a keyboard. And usually the numbers and dash are on the same keyword and they're within a very short distance, so I can do them quickly or even better, many remote controls allow you to use the numeric part of the keyboard, which was for... In the old days, we used to have channels on our television and those channels were selected by the numeric channel number. I know it's mind blowing technology.

So many remotes have a number of key pad on them. So this again makes it much easier to type in a passphrase. Thank you, Jeff. That was a great question. And a very practical question about balancing security. Do you really, really want to go through all of that trouble to protect an account that isn't that secure and where the bigger risk is that you forget to erase or reset that password when you leave the Airbnb and leave it for other people to find at which point, that may be a bit tricky. A similar question from Jeff. Oops. Oh no, it's not Jeff. Sorry, one second. There we go. Did that work? A bit of lag on my apps today. How secure is using just the four digit pin, such as what is used on all bank cards for example, asks Mike. Mike that depends, it

depends on where you can type that pin in. So the reason a four digit pin is secure on bank cards, is because you only get to type this in to a security device, such as a pin pad or an ATM machine. These devices are designed to prevent you from trying more than a certain number of times. And if they are supervised devices, meaning you're at the gas station, you're at the checkout counter of a supermarket, whatever there's a person standing there and you would type in more than a few times. They can see you doing that and they will call security, if you try to type in 4,000 different combinations. And when it's an unsupervised device where you could just sit there and try for hours and hours all possible combinations, it will actually lock and eat your card as you know, with ATM's. So

if I type it four times wrong, or six times wrong, or three times wrong, depending on the bank policy, it will go gulp and swollen my card and not give me another chance to try. So it's not just the pin, it's the context of how that pin is used. Where it is entered, how many times you can try and what happens if you fail these layered security mechanisms. So yes, a four digit pin is secure enough in the context of controlled access devices like ATM's and pin pads, where there are additional layers of security such as eating your card if you type it wrong, or not letting you try too many times. I think that's good. We've covered a lot of topics. Thank you so much for all of these great questions. Thank you for leaving really good comments. Tell me what you liked about

this particular session. It was a bit different than the other ones we've done. Tell me what else you would like to learn about to help you in this journey of bitcoin and open Blockchains. And don't forget, we have a number of these sessions coming up. Let me show you our next events that are coming up are, Awkward Holiday Conversations, Awkward Holiday Conversations. That's the next one that's coming up. I'm going to arm you with the right answers and also hilarious stories from other people who are sharing currently in comments on patron and other platforms, their family awkward holiday conversations. Mostly about bitcoin and open Blockchains, sometimes about topics that make it far more awkward than we won't be covering in the live stream. Then we have our December open topic Q&A, where you can ask any question and I may choose to answer it. And

Closing (1:57:25)

then finally we have our 2021 Extravaganza Event. So in order to find out about when these events are occurring to learn about them, please subscribe to my channel. Turn on notifications by hitting the bell icon, and that way you will be the first to find out about these new events. Thank you for joining me today we had more than 300 people on the channel on the live stream today who joined us for this almost two hour presentation, but we had a lot to cover. Now, as I was doing this, you probably noticed I have a stack of fantastically colored books in different colors. And well, you would need the print version of these to enjoy the colors, you can actually read the contents as an ebook. And you can get that ebook on my shop antonov.com/shop. You can also get mugs like this one. And

by the way, these are really fantastic mugs. They are big, they are heavy. They retain heat. They're very difficult to break. I know I've tried. I've dropped them several times and they hold lots of coffee, which we will all need to get through those awkward holiday conversations. So, until Monday, for the next two days, we have our holiday sale, which gives you a 20% discount across the board. One of the things you can also buy is the choose your cryptocurrency workshop. And the 20% discount applies to that. The sale holiday 2020 is available on the shop, go to the front page of the shop to find the coupon antonov.com/shop. Don't forget to leave comments below for this video. Thank you so much for watching. Have a wonderful weekend. Bye bye everyone.