Comments by "James Edwards" (@jamesedwards3923) on "Ask Leo!" channel.

  1. Saving a single copy of all your important data. To a boot drive. For long term storage. A horrible idea. Your OS drive. Should never be a permanent long term storage unit.
    6
  2. Sir, Since you like cloud based password managers. I would say go with bitwarden.
    6
  3. Sir, keep up the good work. Too many people ignore commons sense and basic cyber security. I use your videos to get the point across.
    4
  4. First off, there are plenty of drive adaptors. There are plenty of programs that can read some pretty old data formats. No disrespect, but a lot of those programs are as old as you. Also, you are ignoring the fact that source code can be read, interpreted, and recompiled. Guess which format you can store source code and programming languages in? It is called plain text.
    4
  5. Can still find it. More work. However that is the point. I would recommend MAC address restrictions and long passwords. It is in essence multifactoring. Except, one of the factors is easy to find if you know what you are doing. So the attacker would have to hack your long and complicated password and spoof your MAC address. I still buy OPAL hardware encrypted drives. Even though I know OPAL is garbage. Why, layering. I enable hardware and software encryption; when applicable. A common thief does not have the time or skills to break OPAL and a 'software' encrypted drive. All security can be broken or bypassed. The question is how long and by what means? Get the point? Multifactor, even if weak. Is often better than none. "James what if I have guest over?" Use a router dedicated to guess connections only. Or have a router configuration file. For allowing guest connections. Not hard.
    3
  6. Mr. Leo, I partially disagree with you. FYI: I do love your channel. I am not an expert, but have a passive interest. That might one day turn into some form of professional interest. Now what do I disagree with? You distain with 'secret question answers.' They are actually an excellent option: 1) The answers can be completely random. Which means you treat them like passwords. 2) The answers can be changed. Which means every so often you can indeed change these answers. Since they are in fact passwords. 3) Just to do an apples to apples comparison. Google and Facebook have those backup codes. In case you lose all your other assigned multifactor options. Leo, those codes can be changed. The difference with secret question answers is. They are typically 'anything'. You can type up or use a password manager for. 4) You can store those secret question answers in any format. Anywhere offline or online. Which means if somebody is trying to steal your FIDO key. If somebody is trying to access your OTP application. Those are obvious avenues of attack. So you are telling me something you can randomize. Is a bad idea to use? I fail to see your logic. With one exception, depending on the user to apply common sense. I had a conversation with someone I know recent. We were discussing her cyber security. She told me she uses SMS for a number of accounts. I said to her. "You must remove SMS as an option if at all possible for all your accounts." Her reply, "but it is a secondary factor." I then for about five minutes straight told her what me and you both know. Yet like so many others I have had these conversations with. Both online and offline. She is probably not going to bother with it. Why, not because they are ignorant of the issue. To the contrary, many people either already know about I explain to them. Or failing that instantly grasp the concepts. They simply are too lazy. Or just do not care.
    2
  7. M-Disk is designed to last for centuries in the right conditions.
    2
  8. SMS is the worst option.
    2
  9. Software Encrypted drives. Never use hardware encryption by itself. Mr. Leo, please do a video on the pitfalls of hardware only encryption.
    2
  10. Why would 'anybody' upload the recovery keyfile to a cloud storage device. In an unencrypted state?
    2
  11. I love your videos sir. I use them to refresh my knowledge and teach laymen. However, this is common sense in this instance. Just backup the vault. Seriously, backup the vault. All password managers allow you to print to .pdf . There are numerous ways encrypt the file directly or indirectly. Storage is cheap. There are so many storage media options. Also, just have more than one password manager. i.e. open source. KeePass and Password Safe. This is so easy.
    2
  12. Invest in buying hard drive every ten years. When you do the calculations in terms of prices and capacity. It is worth it, MicroSD and SD card readers are cheap. So are the cards, depending on your capacity.
    1
  13. All drives eventually fail. Normally you get warning.
    1
  14. ​ @mojocat7675  You need to start keeping a list of your drives. After five years. I buy a new drive on principle. I have salvaged drives that have lasted longer than five years. I have had retail drives that failed in less than two years. I have a that has failed after about twelve years of use. Fortunately I have many drives with the same data. Also, the data will decay on the drive. If you do not plug in the drive. The fact that you were able to read it. Consider it good fortune and nothing more.
    1
  15. My personal opinion. Operating systems change. Standards change. I have files that are old. I can still read them. The files take priority over the operating system. Most common files are open standards. Virtually all hash and encryption are open standards. For example, if you have a LastPass database. You can export it to something else. Even if you have to manually enter all the data in some new standard. You can still read the data. Cloning OS drives is a matter of workflow and necessity. Data is absolute. You must always have the data.
    1
  16. I do not know pretty much all my passwords. Frankly, in my discussions online and offline. Most users are just lazy. Pure and simple. The next thing you must ask yourself is simple. 'Do you really need to know your passwords?' The answer is, no you do not. I do not need to know my bank passwords. Nor most of my emails. My Netflix. Nor my Uber or Lyft. My router passwords; including my Admin. I have no idea what they are. So that makes me harder to hack. Not impossible. Just harder. Let me be blunt. The bad guys target the ignorant, lazy, weak, and careless. They also target people worth the effort. For example. If you do a search on Google right now. A lot of these 'Tourist Visa' organized crime rings. Are not targeting an 'Urban' environment. Why, common sense and demographics. When poorer people tend to have better physical security, more inclined to fight, and have less expensive stuff. Why would they rob them? On the other hand 'other' metrics dictate. That if someone lives in a house made of glass. Have attractive mates. And wear watches. Worth high five to six figures - Whom do you risk a hefty prison sentence for? The harder it is for a bad guy to brute force your hashes. The more 2F you have. The harder you are a target. Combined with the lower you are on social-economic and 'metric' dynamic. The less likely they are to target you. With any real effort.
    1
  17. Applications that do it as well.
    1
  18. Mr. Leo is correct. You best bet is simply change the password and keep multifactor authentication data backed up for the account. Although, Mr. Leo does not suggest it. I recommend changing the passwords on accounts you use. Now here is where I partially agree. Accounts you use the least, should be changed in less frequency. However, they should be changed. Also, they should be completely randomized. If the account has computer generated recovery code list. Every so often, you should also change those codes. Especially, if it is a high risk account. For example, Google. Or Facebook. They give you a recovery code list. Which means if you lose your secondary factor, but have these. You get ten opportunities to get into your account. If you are using accounts that have secret question answers and stuff like that. You treat them as you would any other password. I know people who have excellent security. Yet in this area screw up completely. Why, because they give real answers to the questions. Again, treat them like you would any other password. Put them in a password manager and make them randomized. Which means whichever way you make them random. Let the computer handle the tasks. I have accounts that are very old that I can not delete. Yet I still make the effort to periodically change the passwords to all of them. If they have multifactor authentication options. I enable them. Even though I will never use the account again.
    1
  19. I disagree strongly. Biometrics as a single factor are not safe. The Truth About Biometric Security Mental Outlaw https://www.youtube.com/watch?v=n83oHnd3L8Y Biometric "Security" Is NOT Secure The Hated One https://www.youtube.com/watch?v=tJw2Kf1khlA Although he does not want to get into the legal ramifications. I have to be frank here. The entire point of securing your device. Is that unless someone puts a pinch on you. Very hard and you crack. You want nobody to have access. Of course anybody with the bare minimal resources could do it. Most people respond to me with, "I have nothing to hide." Not the point. I could go down this rabbit hole more, but I some would get offended. Also the art of creating 3D images off of 2D images has come a long way since computer graphics. Forensics and facial reconstruction was done before computers. Passwords you can change. Your body you can not. At least only to a minimal extent.
    1
  20. With all these garbage drives in recent news. Some of them I have considered buying. I have seriously re-evaluated my upgrade choices. I will will stick to Samsung T variants. 2TB max for the moment, might go 4TB. I have to do some research. And Wester Digital Platter Drives. 4TB.
    1
  21. Answer: No.
    1
  22. I prefer total software encryption of drives. However like you have stated Mr. Leo. You do not want to encrypt yourself into a corner. I tell people all the time. If you do not encrypt your drives. At least encrypt your sensitive files. Also, although I am well aware of the follies of hardware encryption. For low level to moderate threats. There is a middle ground. My steps are for external portable drives only and not for internal drives. Also, these Steps are not in order. Wester Digital and Samsung make popular hardware encrypted drives. For low to moderate threat levels: Step 1: Read up on the flaws, risks, and limitations of the hardware encryption you are choosing to use. A few example baseline articles. Flaws in self-encrypting SSDs let attackers bypass disk encryption Master passwords and faulty standards implementations allow attackers access to encrypted data without needing to know the user-chosen password. catalin-cimpanu.jpg Written by Catalin Cimpanu, Contributor on Nov. 5, 2018 https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/ Western Digital encrypted external hard drives have flaws that can expose data Researchers found serious flaws in the encryption implementation on Western Digital external drives By Lucian Constantin PCWorld OCT 21, 2015 4:42 AM PDT https://www.pcworld.com/article/424079/western-digital-self-encrypting-external-hard-disk-drives-have-flaws-that-can-expose-data.html#:~:text=Western%20Digital%20encrypted%20external%20hard%20drives%20have%20flaws%20that%20can%20expose%20data,-Researchers%20found%20serious&text=The%20hardware%2Dbased%20encryption%20built,without%20knowing%20the%20user%20password. Flaws in Popular SSD Drives Bypass Hardware Disk Encryption By Lawrence Abrams November 5, 2018 https://www.bleepingcomputer.com/news/security/flaws-in-popular-ssd-drives-bypass-hardware-disk-encryption/ Samsung, Crucial’s Flawed Storage Drive Encryption Leaves Data Exposed Author: Tara Seals November 6, 2018 12:08 pm https://threatpost.com/samsung-crucials-flawed-storage-drive-encryption-leaves-data-exposed/138838/ https://www.ieee-security.org/TC/SP2019/papers/310.pdf Step 2: Purchase external portable drives. Step 3: Enable proprietary hardware encryption. Remember we are not using internal encrypted drives. Step 4: Figure out which encrypt software you are going to use. Do the files have their own encryption? How good is the encryption? What is your threat level tolerance? Step 5: Encrypt files before putting them on hardware encrypted drives. Step 6: Understand the differences and security risks between SSDs and Platter Drives. If you are worried about deleting and erasing data. Platter drives are your better option. As SSDs wear out. Many default into read only modes. Also remember that SSDs come in different technologies new and old. My personal opinion. Only if you are concerned about dropping the drive or environmental hazards. Should use store external backup data on SSDs. I used to wear up a lot of MicroSD cards reading and writing data frequently. So eventually I read up on my failure rate. If you are using an SSD for backup or even general use. My personal belief is that you should buy the largest capacity you can afford. That way the life is longer. https://en.wikipedia.org/wiki/Solid-state_drive https://en.wikipedia.org/wiki/Hard_disk_drive Step 7: Budgets and Projection of Use: Anybody will tell you that all drives and media die eventually. Your goal is to make sure that if the data is important. That it last as long as possible. Take your current age. Then project to your death. Who wants the data after you die? Whom will have access to it? Step 8: Criminals and Thieves: As of 2023, it is no secret that bad guys are getting smarter in STEM and computer data crimes. The easy of use is lowering. Accessing brute forcing tools both services and hardware is sinking fast. Not to mention Quantum computers. My philosophy is simple. Encrypt damn near everything with the highest tech at my disposal. Even when implementing this method. It should take decades at the bare minimal for bad guys to break your file encryption. That means knowing most of your passwords is a horrible idea. Password Managers. They are important.
    1
  23. ​ @portman8909  My Default is fail secure. As opposed to fail safe. Like you I prefer to 'software' encrypt everything. For offsite backups. I prefer the using both software and hardware encryption. For if the hardware encryption is breached; again threat actor skillsets are lacking. But hardware encryption is way easier to breach. Common thieves are not going to even try break my hardware encryption. Most will just reformat the drive. Write over the encrypted partition. So the data is 'fail secured.' Now in a more direct response to your statement. There significant differences between platter drives and SSD technology. Go to Wikipedia, tomshardware, etc. I will keep this simple since you will be reading this yourself: SSDs work off of cells. That have a finite read-write cycle. So depending the remanence. Your past hash can be extracted. Veracrypt acknowledges this fact as well. https://www.veracrypt.fr/en/Security%20Requirements%20for%20Hidden%20Volumes.html Hence in general. I do not use SSDs for long-term backup. Nor for offsite storage.
    1
  24. Yes. Absolutely. Doing this will basically turn your motherboard into a brick. Especially if there is no easy way to flash it. Which is case for most newer UEFI.
    1
  25. Plain text. mpeg zip 7zip pdf
    1
  26. Unless the data itself is corrupted. I have never read of the encryption data being unrecoverable. For example I accidently corrupted a old TrueCrypt file. Held on to it just in case, but I will ever get the data back. I do no use Bitlocker, because I have read about how it can be cracked. Granted all encryption and hashing can be undone given resources and time. I use it very sparingly.
    1
  27.  @bme7491  There is one. It is just a pain to install and remove. I know, because I've done both.
    1
  28.  @bme7491  Some do, most don't.
    1
  29. Mr. Leo, this is a rare occassion I am going to disagree with you. You 'never' enter your password anyplace it should not be. If it is not on your secured device, file, or the service you are subscribed to. Period. You just do not do it.
    1
  30. andOTP, I have no complaints.
    1
  31. Correct. In some countries. It is an avenue for news. Both local and international.
    1
  32. Admin password should be as long as allowed. Password manager.
    1
  33. Correct. Leo is correct as well.
    1
  34. LOL, people 'still' do that. It depends on the threat model.
    1
  35. Be explicit what do you want to encrypt? The files? The MicroSD card?
    1
  36. @@00Kode00 LOL, 😂😂🤣😅🤣😂😔😳😦😱🤔🤔🤔O wait. You are serious. So you expect me to store sensitive data on the cloud. Yet not encrypt it independently? If any moron can access your data. Without knowing the encryption schemes. It is not secure. Let me remind you. That all encryption can be broken. All hashes can be deciphered. All it takes are the bare minimal in equipment, money, and time. https://en.wikipedia.org/wiki/Hashcat https://en.wikipedia.org/wiki/John_the_Ripper These two popular programs are open source. Any hash can be extracted from all known and unknown hash algorithms. https://en.wikipedia.org/wiki/Cryptographic_hash_function Remember although Apple recently made a decision on cloud storage, finally! Guess what most of the cloud storage servers have the keys and or your hashes to your cloud. So if you are storing sensitive data. Not independently encrypted. Good luck dude. https://techcrunch.com/2022/12/07/apple-launches-end-to-end-encryption-for-icloud-data/ https://support.apple.com/en-us/HT202303 https://www.nytimes.com/wirecutter/reviews/how-to-set-up-apples-new-icloud-encryption-security-feature/ https://www.apple.com/privacy/features/#:~:text=End%2Dto%2Dend%20encryption,-End%2Dto%2Dend&text=iMessage%20and%20FaceTime%20are%20designed,them%20on%20your%20device%20indefinitely. https://www.nytimes.com/wirecutter/reviews/how-to-set-up-apples-new-icloud-encryption-security-feature/ https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
    1
  37. @@00Kode00 Go look up how most cloud services. Most of them even if the service 'encrypts' the storage. They have the keys to the data. Which means, it is fucking worthless. Warrant or not. Totalitarian government or not. Legal or not. If someone has the keys to the door. Then your door is much less secure. If you want to store your recovery keyfile in a file. Where anybody else can access it. Good luck.
    1
  38. No, that would make sense. 😅🤣😂
    1
  39. Air Gapping.
    1
  40. Apple does not allow 3rd party options like OTP and FIDO keys. SMS, is notorious inferior to other methods than 2FA. At least with another email address you have to log into an account hence. Why I am still for using it as an option. Google is another ecosystem, but it gives you more options. Also using your Apple or Google account to store your passwords is a very bad idea. At least with third party or standalone applications. Like KeePass or Password Safe. You can implement a load of security procedures. Customize them. You never store your password in the browser's password manager unless you have no other option. Most people have options.
    1
  41. I disabled gmail on my portable devices. Couple that with a app blocker. Difficult to enable it.
    1
  42. 👍
    1
  43. Inpsite of the supply chain issue over the past three years. The price of physical storage has come down dramatically. Mostly because newer technology is coming down the pipe. You should plan to replace at least half your storage media every ten years. If you calculate from the age of 18 until your death. Which for simplicity of the math. We shall say you die your 101 year. That gives you 82 years to actually budget and plan for hardware and cloud data backup. I have had drives that died less than two years from the date I purchased them. Retail new drives that just died. Also consider environment and treatment of the devices. So if we obey the 3 2 1 Rule. You should always have data on a storage drive, two different formats, and one off site. This one I speak from reading and direct life experience. In this You need to calculate your projected data storage needs and current capacity. Then pay the preimum to of 2 to 2.5 times that required data. I have 1TB drives that I know within the next decade will become useless. Not because they are not functional, but because I need more storage. However I am limited by budget and logistics. So some of my drives might be only two times that. In my near term. I am going to buy some SSDs and Platter drives. Obviously, the primary goal of the platter drives is capacity rather than speed. However, I do need faster drives. As well as offsite right? Cloud storage is a big issue. The yearly cost in time and implementation exceeds expenditures. Now if you have the money. I recommend that you use the cloud as a branch of offsite. Not as an absolute. For what happens if you can not access the cloud? What happens if your cloud account is compromised? I know one person offline in particular this has happened to. Sadly, I get "I use only the cloud for backups" comments all the time. Yet most I know and talk to. Do a piss poor job of securing their accounts. Even if you go all hardware. What happens if your house burns down? What happens if you are robbed? The said part is most people I have this conversation with completely understand what they need to do. If only on a basic level. Sad part is most of them just do not care to do it.
    1
  44. That is exactly the wrong thought process. If you keep information. Important to anything thief. It needs to be protected.
    1
  45. The answer to this question is: No.
    1
  46. Wouldn't it make sense to export as plain text or .pdf?
    1