Read on Twitter
A big creator channel may get fast ticketed support, but us smaller channels would be screwed if this happened, so here's a thread I'll provide on security techniques. Should I make a video on the topic too?
Tldr: Sim swapping to take over YouTube accounts and run bitcoin scams. https://twitter.com/jon_prosser/status/1291162451833225216
Tldr: Sim swapping to take over YouTube accounts and run bitcoin scams. https://twitter.com/jon_prosser/status/1291162451833225216
This isn't the first channel to be hit. It won't be the last. But hopefully some of these prevention techniques will save a few channels. Plz retweet as you see fit. I'm here to help in the replies as well. I CANNOT help with hacked accts. Only youtube can do that.
I explain what Sim swapping is here and how to prevent yourself from being low hanging fruit.
Watch this video:
Watch this video:
Online security and privacy go hand in hand, and having good security hygiene from the get go can save a lot of stress in the future. More here: https://snubsie.com/30-day-security-challenge
For youtubers specifically :
You. Are. A. Target.
Don't click things. If it draws on FOMO or emotions, especially fear, don't click.
Use different passwords EVERYWHERE. A password manager is a must. If a website has no limit on pw size, make those mfers like 100 characters long.
You. Are. A. Target.
Don't click things. If it draws on FOMO or emotions, especially fear, don't click.
Use different passwords EVERYWHERE. A password manager is a must. If a website has no limit on pw size, make those mfers like 100 characters long.
W#sJ0Xr38TJ#RgE2WqX4&OoGk96hPVX%k^^Ny^J5nBA&L6M3!uLm0O@F*8OlPa$eKaVmNHWM4n&qLIcbye12uUydDFghlJF*NlgzJaG#B&mLpRJ8l
That's a pw that LastPass made. If your password isn't human readable, it's also harder for an attacker. Even better, stick some spaces in there. Phrases. Go nuts.
That's a pw that LastPass made. If your password isn't human readable, it's also harder for an attacker. Even better, stick some spaces in there. Phrases. Go nuts.
Your YouTube account is a target, therefore, your log in for YouTube is a target. If you are using your email address publicly, or using it on multiple sites as a credential, it could be used against you. Use a secret email account just for YouTube logins. Don't share it.
Limit third party integrations tied to your YouTube account. The less doors that allow access, the more control you have over your security. It doesn't matter if each door has a lock on it if one of those locks sucks.
Please for the love of all that is good add multifactor authentication to your account.
SMS 2fa codes are the simplist, they're better than nothing. If you use SMS, set up a secret phone number that you only use for your YouTube account. Your email should have 2fa on it too.
SMS 2fa codes are the simplist, they're better than nothing. If you use SMS, set up a secret phone number that you only use for your YouTube account. Your email should have 2fa on it too.
Security through obscurity is not recommended on its own (because that's dumb) but I believe you can add the idea of a secret credential to an already heightened security mindset.
2fa app-based (this is where you download an app and have to scan a qr code to add a website to your app, then it generates random codes on a time based smartphone app).
These are harder to hack than sms 2fa because they require the attacker to physically have your phone.
These are harder to hack than sms 2fa because they require the attacker to physically have your phone.
(some apps do allow for cloud backups but don't do that. It's more convenient but make it easier to steal those time based codes).
Apps: Authy. Google authenticator. LastPass authenticator. There's a bunch.
Apps: Authy. Google authenticator. LastPass authenticator. There's a bunch.
Best: hardware! Google has a device called the Titan that can be used as a 2fa key. It's a physical dongle that looks like a weird flash drive and you have to plug it in to authenticate your account when you log in.
Another brand: Yubico
These cost $ up front.
Another brand: Yubico
These cost $ up front.
Tip: Google allows you to set up multiple 2fa options (like 1st option is using a Titan key, but if you don't have it on you, you could also log in with your SMS or app.) you may want to disable this.
Don't lose your 2fa codes.
Don't lose your 2fa codes.
Youtubers, journalists, political figures, brands, etc should seriously consider this: https://landing.google.com/advancedprotection/
It won't work for everyone. It has limitations. But it's basically like a bank safe inside a bank vault inside an fbi building.
It won't work for everyone. It has limitations. But it's basically like a bank safe inside a bank vault inside an fbi building.
I realize that not all websites offer good 2fa, but if they offer sms... Sign up for it. Using sms 2fa doesn't guarantee you'll get Sim swapped, especially if you don't share your phone number with the world and if you do stuff like I recommend in the video I linked.
It's dinner / puppy Zoomies time so apologies if i have delayed responses. This thread scratches the surface but I hope it helps. Several requested a video so I will work on one in the morning!
Please watch the video linked above and check the 30 day security challenge link.
Please watch the video linked above and check the 30 day security challenge link.
I've bookmarked TONS of resources through that page.
