How to get fortnite 2fa on switch

By | May 13, 2022

This is Jack Dorsey, and he was the CEO of Twitter until August of this year. And on August 30th, around 4 p.m., he began to say some things that CEOs of large social media companies should not be saying. His account had been hacked, and hackers were able to gain access to Jack’s Twitter account and begin using it for malicious purposes. Say a Few Suspicious Things Of course, this is true. dreadful But it does provide two incredible opportunities for us, my fellow Youtube viewers. First and foremost, it allows us to reflect on August of 2019 and all of the events that had yet to occur! But, more importantly, it allows us to revisit the topic of security! Let’s look at some of the things that went wrong to lead to this disaster, how hackers can take over your phone number, and some ideas on how to protect yourself and the people around you. For whom do you code? Let’s start with the basics: People losing their accounts to random trolls is most likely not a good thing. To prevent this, we have passwords, which we’ve discussed a little bit on this channel! However, as we’ve also mentioned, passwords can be a little difficult for most people to remember because long and secure passwords are difficult to remember. As a result, most people resort to the strategy of “using really bad passwords.” , And by bad, I mean using the same password across multiple accounts, having a password that is too short, and/or having a password that is easily guessable. So that we don’t have to rely on “password1” for our entire security infrastructure, there are strategies in place to ensure that the wrong people don’t gain access to your account. Password Requirements Are The First Step, Attempting To Force You To Create Strong Passwords, And Multi-factor Authentication Is Of Course Available. I’m guessing that by 2022, many of you will have already encountered Authentication with multiple factors In other words, instead of having just one piece of information, such as your password, to prove you are who you say you are, you also need something else. It could be anything from a fingerprint scan to a swipe of an ID card, but the most common example is your phone. I’m sure many of you have had this experience. When You Make An Attempt To access an account, you must first type in the username and password. After entering your username and password, a small box appears, asking you to type in a six-digit code that was texted to your phone number. And this is a remarkably straightforward and elegant solution. Sure, your password is bad, but now in order to access your account, you must not only be able to guess the password, but you must also have access to your phone where you receive text messages. Sure, getting one of these things will be difficult, but getting both of them? Let’s just say that’s impossible. Extremely difficult Sure, it’s still possible, but it makes it much more difficult to get in, and it’s enough to deter those who might want to try. The philosophy behind this is simple: we should expand and diversify the methods we use to authenticate individuals, i.e., we need you to prove that you are who you say you are before we let you use our services. This account, and you must be able to demonstrate that you are who you say you are in a variety of ways. We usually divide these methodologies into categories, with “something You Know,” “something You Have,” and “something You Are” being the most popular. Passwords, which we’ve discussed extensively, are considered to be something you know, whereas your fingerprint or a face scan are considered to be something you are, a part of your identity. Something you have could be a form of identification, such as a driver’s license, or, in this case, your phone. The distinctions between these categories have never really piqued my interest, and depending on who you ask, they may add new categories and debate their boundaries. What’s the Point Is that we want a wide range of ways to verify your identity in case one of them is compromised. If your password is stolen, that’s unfortunate, but if we require both a password and a fingerprint scan, they won’t be able to access your accounts. There are several ways to verify that you are, in fact, you. Each of these methodologies is worthy of its own video, but today let’s talk about phones, specifically how we use our phones to prove our identity. Obtain a 6-digit text message to ensure that you not only know your password, but also that you are in possession of the phone you usually use. It’s also a little bit more inconvenient. To enter a password and a six-digit pin, but you can get creative with it, such as requiring the text pin only if you’re logging in. Into a different device, or a different location, or something similar Overall, I don’t think it’s a big deal, but it is a security/convenience trade-off, so feel free to express your thoughts. Okay, that’s it! The video is over! I mean, unironically, this is a pretty good video.

Anything is preferable to having a single password between the rest of the world and your account. However, there is a flaw here. Flaws That Can Be Extremely Hazardous Flaws That Could Weaken Your Authentication, As Well As Flaws That Could Be The deciding factor in whether or not some Rando Can Tweet From Your CEO’s Phone So, we’ve established why having multiple ways to prove your identity might be a good idea. Although you might be able to steal a password, It’s much more difficult to steal someone’s phone, much less break into it, as we’ve discussed. However, there is a minor inaccuracy here that will cause us a lot of problems: you don’t actually have to steal a phone to get access to their text messages. Imagine a world where you’ve misplaced your phone. I’m sure it happens to someone somewhere all the time. Your phone number hasn’t vanished from the face of the earth in this case, no! You can call Verizon, AT&T, Sprint, or whoever to switch that phone number to a new phone. Okay, that’s great. Here’s the issue: Someone could impersonate you and convince them to change your phone number. To Their Mobile Phone As more people rely on their phones for everything, including logging into other accounts, this process, which we’ll call Sim Swapping, is becoming more common and dangerous. And, in the past, mobile providers haven’t always had the best track record when it comes to dealing with such issues. Employees of mobile carriers have been bribed or tricked into switching numbers, which is, of course, illegal.

Is Bad, But As We’ve Discussed, People Have A Habit Of Using The Same Passwords, Pins, and Obviously Social Security Numbers and Security Questions On Different Sites. So, if any of this information is compromised on a website, bad actors could try to impersonate you and steal your phone number. So let’s go for a walk. As a result of a data breach at a company, hackers gain access, steal information, and sell it to their friends. Assume that the company that owns your apartment complex is The Company. So now all of your personal information has been exposed, including your name, email address, phone number, and possibly even a pin or password that you use for your account, or even worse, your social security number. Right, this is a pretty bad scenario, but sadly, things like this happen far too frequently for you to simply hope it never happens to you. So, let’s get started. “hey, My Name Is [insert Your Name Here], And I Lost My Phone, Calling In From My Wife’s Phone, And I Need To Get My Phone Number Transferred Onto This New Phone Here That I Just Bought,” the hacker says. The human on the other end of the line then says, “OK, fine, but we need to know your At&t pin” or “I don’t know, your Social Security number.” At&t, or whoever your mobile carrier is, needs to verify that you are who you say you are, and these methods aren’t always sophisticated. Also, if you used the same pin on multiple accounts, you’re breaking the rules. At this point, you’re kind of stuck with using the same Social Security number, right? So, if the hacker passes all of their tests, AT&T switches this number that belongs to you. They take your phone and put it on Twitter, Gmail, or your bank account, and click on it! The “forgot My Password Button” And It Sends A Little Reset Link To Your Phone! Right, And In The Case Of These Two Factor Authentications Where They Send A Little Text Message To Your Phone, Well, Now All Those Text Messages Are Being Sent To Hacker Instead Of You, And They Didn’t Have To Physically Steal Your Phone! Phone! As If The Whole Point Of Using Two Factor Authentication With Your Phone Was That Someone Would Have To Take It From Your Hand, However, there are clear instances where they are not required to. They can remotely find your password and take your phone number without ever having to visit you. Whenever I’m Near You And that’s only if you have two-factor authentication; if you can simply use Forgot My Password to get your password sent to your phone, that’s the end of the game; every account that used your phone number as a backup has now vanished. To state the obvious, this is extremely bad, and it occurs far more frequently than it should. So much so that the Federal Communications Commission proposed a few rules on how companies should handle requests like these to swap SIMs and phone numbers late last year in the fall of 2021, in an attempt to mitigate the problem, because it is clearly a dangerous issue. And it’s exactly what happened to Jack Dorsey, the former CEO of Twitter. They essentially got his phone number, and, I didn’t realize it at the time, but Twitter had a way to tweet by text? And they simply used that. They essentially owned his phone. They had a large number at the time, so they could do whatever they wanted with it. Since then, Twitter has disabled a lot of this feature, as well as beefing up any two-factor authentication that uses text messages. However, this is what happened to Twitter’s CEO as a result of a weak link in their authentication: SMS Texting. Not to mention, Here’s some salt in the wound, but this isn’t the only way your texts can be hacked. It’s a little beyond the scope of this video, but the protocol that your SMS messages are sent on was designed quite some time ago and wasn’t built with security in mind. So, if someone was able to intercept or redirect these text messages, you’d be in big trouble, and no one would even know. To Contact AT&T To summarize, texting, specifically texting via sms, is not the best thing to rely on for security. Also, whenever a human being is involved, such as with AT&T employees who can switch phone numbers and can be tricked and/or bribed, there is a vulnerability. And your phone is extremely important. It’s the backup method for a lot of your accounts in many cases, and it’s extremely dangerous in the wrong hands. So, can we come up with a solution? To Do This Without Using Text Messages? Today We’ll Discuss A Technology That Allows Us To Authenticate Without Using Sms Text Messages You may have used something similar before, but these are authenticator apps. Things like duo, Google Authenticator, and Microsoft Authenticator If you’re not familiar with these authenticators, they work in a similar way to this. When you first set up your two-factor authentication, you’ll be asked to either enter a long string of random digits into your app, or scan a QR code of the numbers in picture form. When that occurs, With a thirty-second countdown and a series of six random digits, you’ll see your account’s name. Once the Countdown reaches zero, every thirty seconds, The Six Numbers Alternately Become Something Else Entering That Code Into Your Twitter Account As Your Second Factor Is Supposedly Sufficient Proof That You Have Your Phone You’re aware They’ll let you log in because you know your password and have your phone. It appears to be straightforward. But what’s interesting is that the technology these apps are based on predates the rise in popularity of smartphones. Smartphones And Apps This technology was created to be a secure way to authenticate yourself without the use of the internet, SMS, or any other type of connection for that matter. In fact, you can try this out right now if you have one of these apps. If you put your phone on airplane mode, you’ll notice that these six-digit codes still work. You’d be able to authenticate yourself as long as your device has a clock and a little computing power. Of course, since everything nowadays is done over the internet, you may not find this particularly intriguing, but you could imagine using this technology to authenticate yourself in person, perhaps with a pin pad to a top-secret location. The Entrance To A Top-Secret Bunker ====== So, What’s Going On Here? How Does This Technology Work? To Find Out, We’ll Return To A Familiar Friend: Hashing!, Yes, That Thing We Talked About In The Context Of Password Storage? Well, It Makes A, Return In A Different Use Case! So, Here’s The Problem We’re Trying To Solve: Before anything else can begin, we’ll have to share a secret key that was generated at random. This is the long key that you can either copy and paste into the box or scan with a QR code reader. , This Super Secret Key Is Shared Between You And, Well, Whoever The Entity Is, Let’s Say It’s Twitter, And Is Unique And Super Secret, So No One Else Should Know. I need to show Twitter that I am in possession of the key. Simply send them the key! This is actually a reasonable solution. It’s a Little It’s like a second password, except it’s longer and more secure because it resembles gibberish in appearance. Was it generated at random? Apart from the obvious issue of having to type in this colossal super long password every time you want to log in, two passwords are generally better than one. However, we want to go a step further. The Problem Is That Passcodes That Remain The Same And Never Change Can Be Dangerous. This is true for secret keys, passwords, security questions, and social security numbers, to name a few. If nothing changes, it means that any attacker only needs to make one attack. They will have access to that information for the rest of their lives if they obtain it once. This is why it’s recommended that you change your passwords frequently, and why security questions like “what middle school did you attend?” are a bad idea. concept Things that don’t change, or can’t be changed in some cases, only have to be stolen once. Typing Things Into Anywhere Could Be A Vulnerability To Attack Assume you’re using a work computer and someone has installed malicious software that records every keystroke you make. Make an effort Who knows, maybe it’s your boss, or maybe it’s something less technical like someone looking over your shoulder as you type, or there’s a security camera watching you type, or something at school. Knowing that these things are possible, how do we make it so that the code I share with Twitter changes on a regular basis? For example, if a security camera was watching you type in a passcode, it would be great if that code was completely invalidated in 30 seconds. So, let’s look for a How to Use Our Super Secret Key and the Current Time Here’s a crazy idea: What if we just put the current time at the end of the passcode, like this? It does exactly what we want, right?

This passcode changes every minute. It looks like this at 12:30 p.m., and it looks like this at 1:45 p.m. 12:33 It Looks Like This, So All We Have To Do Now Is Send This New Combined Passcode To Twitter, And If They Match, They’ll Let You In. Okay, this isn’t going to work, and you might be able to figure out why. If a Hacker Is Observing You If they look over your shoulder and see the key “random gibberish with 11:15 at the end” and the clock says 11:15, I’m pretty sure if they have a medium sized brain they’ll notice the pattern and realize that at 11:17 your super secret passcode will be the same gibberish with 11:17. Added At The End Currently, we have a function that takes a Super Secret Key and a Timestamp and returns a new Super Secret Key, but it’s not perfect. It’s blatantly obvious what the inputs were just by looking at the output. Everyone can kind of guess what the timestamp was just by looking at it. You Should Not Be Able To Figure Out What the Original Super Secret Key Is By Looking At A Clock, Or Else, They Could Pretend To Be You By Using The Secret and Simply Placing The Current Time At The End. We require a function that cannot be duplicated.

Be Reversed, so that we can’t figure out the inputs from the output alone, including this super secret key that only you and Twitter should know about. acoustic It’s Hashing! Kinda, but mostly Yeah! It’s What We’ve Been Describing A Good Hashing Function To Do! Takes Inputs, Outputs Gibberish In A Way That Cannot Be Reversed Or Forged! Remember: One of the properties of a good hash function is that you can’t tell what the input was based on the output because it appears to be very random; however, if two people both know the hash function’s input, they will always get the same output. This leads to a discussion of Message Authentication Codes. We’ll essentially be communicating with Twitter using hash functions to communicate the time of day in a way that could only have come from us. We accomplish this by having this. I and Twitter have a super-closely guarded secret that only the two of us are aware of. Remember, in case someone is looking over my shoulder as I type this, I never actually send back the original secret. Instead, I use the original shared secret and the time of day as inputs to our hash function, which generates a new output. So, allow me to demonstrate how this works. The concept is known as Hmac, or Hash-based Message. Codes of Authentication Because We Need To Know, We Need To Authenticate, That This Message Came From You, And Not Some Other Rando, We’re Using Hash Functions And Message Authentication Codes. The Specifics Of How An Hmac Is Typically Implemented Are Determined By The Hash, Function You Wish To Use. See, we’ve mostly talked about hash functions in theory on this channel, as these magical functions that always produce perfectly random values based on the inputs. , In these cases, having the key, taking the timestamp, putting it at the end, and hashing the whole thing is sufficient. Clapping is simple. However, in the real world, many common hash functions are vulnerable to what are known as length-extension attacks. We’re not going to get into the specifics of what that is. However, for many hash functions, you’ll need to do something a little more advanced. It’s usually just going through an extra round of hashing, nothing too complicated. Instead of just doing this, you can also do this, and then go a step further. Again, not the point of this video; perhaps at a later date. In any case, we’ll call this the Hmac function. For the time being, you can think of this as a hash that takes two inputs. As a theoretical simplification, please do so. This function, as I previously stated, takes two inputs: the original Super Secret Key that Twitter shared and the current Super Secret Key. With You, And With The Passage Of Time In general, the best way to represent time is to talk about how many seconds have passed since a predetermined point. It could have happened when you first set up your account. Or maybe it was on January 1st, 1970, or maybe it was a thousand years ago. You should be fine as long as you agree on what time it is. The Other Thing Is That You Probably Want A Little More Time Than 1 Second? I Mean, It Takes Time To Read The Output, And Then It Takes Time To Type It Into Your Computer, And Then It Has To Go Through The Internet And Be Processed By Twitter’s Servers, And Anyways It’s Incredibly Difficult To Make Sure All Computers Everywhere Are Always In Sync In The First Place. So, rather than counting how many seconds have passed, you usually count how many 30 second chunks have passed. Instead, it was passed. That way, you get a little more leeway while still having to change your output code frequently. And as for the final step, who wants to type in an acronym? A Passcode With A Bajillion Characters As An Output So just add up the last six digits. And now you’ve got an authenticator on your hands. A Passcode That Changes Every 30 Seconds, Is Simple To Type, And Will Be Extremely Difficult To Forge Unless A Hacker Physically Steals Your Phone, Breaks In, And Recovers The Original Shared Super Secret and We Did It Without Using Sms Text Messages! Take your time, hash them all together, get the last few digits, and send it over. Then Twitter does the same thing: they take their copy of the original shared secret (the same as yours), the time (also the same as yours), and the last few digits, and if they match, they let you in; if they don’t, they don’t. That’s all there is to it. And, if you’d like, you can use this exact technology on Twitter right now. If there’s one thing you take away from this video, it’s that text messages can be rough, as Jack can attest, and that two-factor authentication can be useful. Thank you to everyone who is watching, especially Amy H, Koloml, and Aaron S, who are new Founder Mvp Patreon supporters. , and a very special thanks to Skrewpz, our new Alpha I founder. They’re the ones who make this channel possible. I hope you will think about it as well. Oh, and remember: It’s bad enough when Twitter’s CEO is duped, but it’ll be even worse if it’s you, so be careful!