 Welcome back everyone today. I'm going to talk about some relatively new security features in Facebook and how to set them up and what they can do. So I've already created a Facebook account here and basically you go into the settings menu and then in the settings menu underneath the security tab. First you should go through all of these. They have quite a few ways to potentially make you more secure or find out if somebody's actually accessing your account. So if you want to try to keep people out of your account you do need to set up some of these and today I'm going to be talking about login approvals and a public key, adding a public key which is a new feature that I believe was just added. So these login approvals if you click login approval then it will drop down and before basically the only login approval that you could add was to add a phone. So if you click add phone then it will ask for your phone number and then how you actually want to be contacted and basically the only option here is sending me a text. So here add your phone add a phone number. Maybe for example I don't particularly like adding my phone. I don't want I don't see any reason for Facebook to need my my phone number and sometimes I don't even install the apps on my phone. So why before whenever that was the only option I didn't really like it because I wanted the ability to have other ways without attaching my my account to a phone number to be able to get my or to be able to protect my account. So this was the default method before and Facebook does constantly ask you for your phone number if you don't put it in. So most people have probably already enabled this. The ones I'm going to talk about today are these first off the security key and code generator and recovery codes. So first let's talk about what two factor authentication is and two factor authentication basically means that you have two different ways to authenticate yourself and it could be for example you know a password. So that's something you know and all of these are essentially something that you have right. So we're looking for two different ways to verify that you are who you say you are a password by itself can be easily guessed. There's lots of different ways you know around using passwords that can be easily stolen if somebody's sniffing your traffic. If somebody if you only have password protection and somebody really wants to get into your account they can or they could eventually most likely. Okay so having another factor makes it much much more difficult because not only do you have to take for example something someone knows but you also need to get something that someone has and taking over something someone has is very difficult. So for example phones another reason I don't particularly like phones as an authentication method is if my phone is compromised and basically if my phone is compromised and someone somehow gets my password then they could probably also get the SMS or the text message from my phone. You know that's for me that's not a very secure way to do things right. I don't want to I don't necessarily want a way that's potentially compromised to be an authentication method. So what I particularly use are these security keys. So I have a UB key or they're using this universal second factor security key to login through USB or NFC. NFC a lot of keys well at least my key and some newer keys support NFC and that's basically near field communication. You can use this on newer smartphones if you're trying to authenticate on your smartphone or like in my case I'm using it over USB and then I remove it whenever I don't need to use it. So here we have security keys if you do add a key and this picture is it looks to me like a UB key. I don't know if there's other keys that look like this but there's a product called UB key and I will UB I spelled it wrong. Okay UB Co. So this UB key from UB Co. They have a UB key and it's basically I'll show a picture of mine. They have just this stick that fits in USB and then whenever it asks you for your password you tap this button and it generates a one-time password using using their their own protocol. So if you add key for example right now I have my UB key inserted into my my computer and it's blinking so if I just tap the UB key okay so now it's confirmed or it's all my UB key and it's asking for my password to be able to add it that's all it is and once once that key is registered now it's going to ask you for that key along with your password and all you have to do if you have the key with you is tap the key to to verify that it actually is you and that key is very very difficult to to spoof or to pretend like or for somebody to steal let's say the information about the about the key or pretend to have the key essentially you can't it's very difficult to try to make it look like you have the key when you actually don't okay so these keys are extremely handy I've really treated mine very very poorly and it doesn't break it's water resistant and all these things the one I have is from UB Co. I have a UB key Neo which is relatively old now and they are very interesting little devices basically okay so security keys I strongly recommend using security keys because that is one of the safest ways you can use for second two factor authentication for example if your phone is compromised well you you might be able to get SMS messages security keys they have to actually know your password and steal your physical security key and they in this case you also have to tap the button to be able to like execute the security key so these are extremely extremely secure the problem is you have to carry it with you all the time if you want to authenticate to these websites the next is a code generator and there's lots of different apps for example Facebook mobile app has a code generator that you can set up or you can also set up third party apps for example you might you might have I don't know Google Authenticator some some other third party app you can set that up and use it with this again that would potentially most likely be on your mobile phone so if your mobile phone is compromised and they can open up the the code generator then they might be able to generate apps so think about how how people can potentially get access to this if they have my password and they are not on my computer do they have access to my phone in some way either remotely or locally it's very unlikely somebody is going to have local access to my phone unless they steal it but it's it's potentially likely that somebody takes over my phone and has remote access to it right so text messages and code generator while they will stop most attacks that are not targeting you if you think you're being targeted or something like that then you know the remote exploitation potential is relatively high security keys again there's no you know there's no written remote connection and if somebody gets access to your computer they can't execute the key there has to be somebody there that actually presses the button on the key to make the the the second factor kind of generate so security keys are relatively secure but you know there you have to carry them around if you if you want to carry them around or they would be in a specific location which you know somebody could come in and steal the security key and potentially login like that the the benefit of the security key is that you would potentially know if it's missing and if it is missing then you could potentially remove the security key from being another factor in authentication before something actually happens so again I really like security keys they are a little bit inconvenient especially if you're not used to it but in my opinion these are the best ways so far to to protect ourselves code generator I also use this as a backup and then we also have recovery codes which you can print out and put in a safe for some other secure location okay so I strongly recommend looking into you know at least at least text messaging and code generator and recovery codes make sure whenever you enable two-factor authentication that you're using you know at least two of these you need always to have some sort of fall back because you know what happens if you lose your phone if you were only using text messages and code generator and they were both on your phone and you don't have any recovery code saved if your phone is lost or stolen then you no longer have the second factor right so I strongly recommend using at least two of these try to think about where your authenticator is and what's the risk if you lose a device or lose that key so for example if you lose the security key but you also have code generator or recovery codes maybe recovery codes are in a vault in your home code generators on your phone and security key is I don't know at your office or you carry it around or something like that well you still have code generator and recovery codes as backup if you lose your phone and the security key or they're stolen or taken somehow you can still get in because of the recovery codes so make sure you're always if you enable two-factor authentication make sure you're thinking of how to secure that information and how to back it up okay so I really wanted to stress these these authentication methods actually exist on a lot of websites now Facebook to my knowledge just added them and I thought it was really important for people to start to use them to secure their accounts because on Facebook we have a lot of personal data and it needs to be protected in my opinion much much better so go through and look at these security methods and next I'll talk about some other new features that they've added inside security thank you very much if you like this video please subscribe for more