UI 2FA will be REQUIRED in July!
Рет қаралды 38,654
4 ай бұрынStarting in July 2024, Ubiquiti will make two-factor authentication (2FA) mandatory for all accounts. Wondering what this means for you? Learn about the essentials of 2FA, from its necessity to the variety of methods available, including email-based, TOTP, and UI-Verify options. Dive into the practicalities of setting up 2FA, ensuring your Ubiquiti account is secure across all UniFi applications.
----------------------------
Buy me a coffee! ko-fi.com/crosstalk
Crosstalk Discord: / discord
Follow me on:
- Twitter: / crosstalksol
- Facebook: crosstalksolutions
- Instagram: / crosstalksolutions
- TikTok: / crosstalksolutions
- LinkedIn: goo.gl/j2Ucgg
Crosstalk Solutions - RECOMMENDED PRODUCTS: crosstalksolutions.com/recomm...
Amazon Wish List: a.co/7dRXc67
Crosstalk Solutions offers best practice phone systems and network/wireless infrastructure design/deployment. Visit www.CrosstalkSolutions.com for more info!
@chrisumali9841 4 ай бұрын
Thanks for the demo and info, have a great day
@joshhuggins 4 ай бұрын
I am always amazed when people who are obviously tech oriented knowingly don't use 2FA.
@----------------------------- 4 ай бұрын
They're the type who only watch LTT and only like tech because it's flashy.
@jasonchurchward9723 4 ай бұрын
Agreed, sitting ducks just waiting to be owned..
@MrBCRC 4 ай бұрын
I'm amazed when people who think they're tech oriented don't realise that most 2fa solutions actually make an account less secure.
@JollyGiant19 2 ай бұрын
@@MrBCRC No, most 2FA solutions do not make an account less secure. If it's email 2FA they need your email creds to do that and you've now got bigger problems. If it's SMS 2FA they need to do a sim swap and now you've got bigger problems. TOTP and WebAuthn/U2F are purely an upgrade. Your complaint at best applies for SMS only and you're already in a bad place whether or not you're using it for 2FA.
@deansawadzki6797 Ай бұрын
I see some flaws in 2fa. Let me share an example. I had my phone lost/stolen. They then had access to anything that needed two factor athentication. Yes I had a password on my phone. Its easy to crack a phone password though. No I havent had this happen to me. I proved this to a freind though. WIth their permition.
@andrewtfluck 4 ай бұрын
Looking forward to passkey support!
@JasonsLabVideos 4 ай бұрын
If a company provides cloud controller access for your devices, and it DOESN'T have 2FA, Then don't use it! good video Chris, glad to see Unifi Pushing Mandatory 2FA
@DmnkRocks 4 ай бұрын
Least secure? - Nope, that would be SMS - by a longshot. Convenient - not so much, as you often have to deal with delays due to Greylisting. - This also destroys the functionality for me. But better than SMS.... I wished we would move on to SHA256 or SHA512 TOTP instead of SHA1... but for some reason almost all Apps removed that capability, if they ever had it (like MS Authenticator...). Shoutout Aegis (FOS on Android).
@sdhacking 4 ай бұрын
No change to local accounts I hope? I don't want to approve a 2FA request every time I login to check a camera.
@CrosstalkSolutions 4 ай бұрын
No - local accounts are not affected by this change.
@mtnsolutions 4 ай бұрын
love the t-shirt! where can I get one?
@fwzmhmd 4 ай бұрын
Hope they also add PASSKEY support
@LightDoe 4 ай бұрын
Probably already said in the comments, but Apple Passwords also does TOTP, if you're on an Apple device, no need to install anything else.
@KennyMacDermid 4 ай бұрын
They'd probably do better to not bring attention to their 2FA until they at least add FIDO2 support.
@CrosstalkSolutions 4 ай бұрын
So you don't think two-factor authentication is a useful tool unless it's specifically FIDO2?
@KennyMacDermid 4 ай бұрын
@@CrosstalkSolutions I didn't say that. If they plan to have FIDO2 support, and will before summer, I'd just have waited before calling attention to it. As they are positioning themselves as a secure access and identity provider, not supporting a nearly 5 year old web standard doesn't look very good.
@The_Tech_Ninja 4 ай бұрын
If you use ui verify…that also works with an apple watch! I like it!
@BlackBagData 4 ай бұрын
Unfortunately, it never works on my Apple Watch. I get the notification, tap it and nothing happens. I always have to go back to my iPhone.
@davepusey 4 ай бұрын
Immediate problem spings to mind... how exactly is the console going to be able to send and validate the 2FA code when your network or internet is down. The one time where you really don't want to the unable to get into the device.
@Kwijibob 4 ай бұрын
or if you don't have phone service when the wifi is down because you live in bfe where there is no cell signal...
@sitte24 4 ай бұрын
You can add users without an UI account
@dh-net 4 ай бұрын
TOTP doesn’t need signal or the phone to talk to the console, it’s all time based and synced on setup
@JollyGiant19 2 ай бұрын
@@dh-net Exactly. And if the time on the console is off, simply adjust the time on your TOTP generation device to match it and it'll work.
@Starwarsgames66 4 ай бұрын
Why aren’t they going to Passkeys? Traditional 2FA is so 2014.
@d_must4309 4 ай бұрын
I started migrating out of unifi a couple of years ago, when they no longer provided the option for a local install and forced you to log in to their cloud platform. 2FA is not a bad thing, but I'm strongly against providers forcing what they think are the best security defaults for my networks
@cwichura 4 ай бұрын
So no FIDO2/U2F? They don't have phishing -resistant MFA then...
@CrosstalkSolutions 4 ай бұрын
Not yet, but coming soon hopefully.
@Legendary_UA 4 ай бұрын
And there was rejoicing throughout the land!!
@garysamons9332 4 ай бұрын
Does this include the protect app?
@paulstubbs7678 4 ай бұрын
2FA via a mobile phone sucks, because if your phone is down, your stuck. (locked out) Whilst email may be regarded as less secure, at least there are multiple ways to retrieve that message.
@CrosstalkSolutions 4 ай бұрын
You can set up all 3 types of 2FA simultaneously if you want. Then, when you go to log in, you have a default - but can choose one of the other methods if you want. For example, if TOTP is your main method, and your phone is down, then tell the login prompt to use email 2FA instead.
@paulstubbs7678 4 ай бұрын
@@CrosstalkSolutions That is actually good, I've bumped into a few that offer one solution and that is that
@yourpalfranc 4 ай бұрын
I've been using 2FA since the data breach...possibly at your recommendation?? I also disconnected my Ubiquiti account from my local service. So, I'm just curious...what is the current level of trust for Ubiquiti? It seems like there may be some features I don't have access to by not having my account joined?? Thanks, as always, for the great information.
@CrosstalkSolutions 4 ай бұрын
In my opinion (just going off of feel here), I think they've been pretty solid. There was a recent bug that allowed a small section of Protect users to view other Protect user cameras - affected something like 1200 people and was a pretty serious issue. UI not only fixed the bug within 24 hours, but they were very transparent about the issue and the fix - it was nice to see. So, I feel that they've learned a thing or two from past incidents.
@yourpalfranc 4 ай бұрын
Thanks! Maybe I'll reconsider my options.@@CrosstalkSolutions
@r000tbeer 4 ай бұрын
I use 5FA. What are the other factors? You don't wanna know.
@IsaRoseNet 4 ай бұрын
how does 2fa work when 6 people share the same computer, passwords, accounts...? Does the company need to buy a cheap android phone just for 2fa, to keep on the desk just in case?
@CrosstalkSolutions 4 ай бұрын
6 people should not be sharing the same login.
@wrnrt 4 ай бұрын
Why do I need a cloud account to manage my local router?
@CrosstalkSolutions 4 ай бұрын
Easy enough to self manage if you are only managing your own home router. But what if you do this for a living and have to manage many dozens or hundreds of customer systems?
@JowieC 4 ай бұрын
I'm going to guess if you're using a local account on a UI device, 2FA won't be needed?
@ticerqueira 4 ай бұрын
Do they support MFA keys? Like Yubikey, not using an app for a OTP, just using the key to login
@CrosstalkSolutions 4 ай бұрын
Not yet, but coming soon hopefully.
@tompicarella 2 күн бұрын
So what happens if your phone gets lost and you need it to get the code? How do you recover from that?
@rotaryconvert 4 ай бұрын
It's about time that this happened.
@Felix-ve9hs 4 ай бұрын
I already did this 5 years ago...
@jakegwilliam 4 ай бұрын
Does this mean I'd have to use my phone everytime I sign into my UDM locally? 😑
@marcel151 4 ай бұрын
If you have a local account set on your UDM, no. This is just UniFi account. I have 2FA enabled on UniFi account and can login normally via a manually set local account ("Restrict to local access only"). Local access on UniFi account is also disabled since I don't want the standard "admin" user for local access. Everyone should have 2FA enabled, the devices are reachable via internet with UniFi account (when Remote Access is enabled). You are dumb if you don't use it while your router is reachable via internet.
@Wahinies 4 ай бұрын
@@olfl4160hopefully that is true and can be used with microsoft authenticator app because we do not have the silly unifi verify app on corporate devices...
@tdanbrown 3 ай бұрын
Bummer you can't have the U Verify authenticator on two devices though... two phones, or ipad & phone... doesn't work, only one device.
@retireecaf 4 ай бұрын
Can I use multiple 2FA methods ie, Google & UI Verify an Ubico?
@CrosstalkSolutions 4 ай бұрын
Absolutely! I showed how to do that in a previous video - something about Yubikey backups or similar.
@Neubs-xv8tw 4 ай бұрын
What if you have two people, say that run a company and manage accounts, on one account. Every time one logs in the other will have to text them to get the code?
@CrosstalkSolutions 4 ай бұрын
You should never do that. If you need multiple admins, each one should have their own UI account. Then, in UniFi, you assign both admins to every site and console they need access to. This not only makes it more secure, but also a much easier transition when there's employee turnover. Not to mention that UI now has much better logging so that you can see which admin did what on any given site.
@wmcomprev 4 ай бұрын
For those of us with multiple logins, such as a personal account and a work account, will the Unifi Verify work?
@PygmySurfer 4 ай бұрын
Verify supports multiple accounts, you should be good.
@Neubs-xv8tw 4 ай бұрын
@@PygmySurfer what about 2 people that log into one work account that manages a group of clients. Does only one get the code and the other has to get the code from the other person every time they log in?
@PygmySurfer 4 ай бұрын
@@Neubs-xv8tw create a second account. Shared accounts are bad.
@wmcomprev 4 ай бұрын
@@PygmySurfer I had email set up. I've changed it to this. You're right. It's a standard authentication app. I was thinking it was one of the other Unifi apps and was wondering how that would work if I was signed into that other app with a different account. I didn't realize they had the authentication app. Thanks.
@davepusey 4 ай бұрын
Or, for that matter, on isolated consoles that don't even have access to an internet connection.
@andrewenglish3810 4 ай бұрын
I am surprised they haven't already done this...waiting till July is too late as far as I am concerned.
@CrosstalkSolutions 4 ай бұрын
True, but better late than never. And a company with as large a customer base as Ubiquiti can't just make that type of sweeping change overnight without significant heads-up to customers - hence the wait.
@andrewenglish3810 4 ай бұрын
@@CrosstalkSolutions Well they have offered the 2FA option for a few years now, not long after I started out with my CKG1. So I don't buy the wait and see approach especial with a company who wants to push security products.
@merkury28 4 ай бұрын
Yubikey not there.....
@EthosAtheos 4 ай бұрын
At this point 2FA is more important than strong passwords. I'd much rather someone use Password123 or a 4 digit pin and 2FA; Than some complex 32 character password without 2FA.
@rudde7251 4 ай бұрын
No I self-host and I will 100% leave the second I cannot.
@shaneofastrotek 4 ай бұрын
I use a yubikey. 2fa is best anyways
@tld8102 4 ай бұрын
I really don't like unifi verify app. so inconvenient.
@michaelrotter8561 4 ай бұрын
At first glance I thought Ubiquiti gear is a must have. So I spent a few thousand euros for their machines. After I found out how tricky they are to set up and that you basically need an account in order to do so, I was much less enthousiastic. I hate that someone forces me to have an account with them in order to use the stuff I paid for and much more I hate that I am forced to setup a 2FA. Its time for me to kick Ubiquiti products out of our companies and private house holds! My money, my products, my decision....
@LogicalLighting 4 ай бұрын
meraki or Cisco is the same way
@waynespringer501 4 ай бұрын
Another example of why to avoid UNIFI, just a month ago a GOVERNMENT account was hacked with having 2 factor authentication
@hillppari 4 ай бұрын
well thats fucking dumb. why would i want 2fa for one AP i have. this is why local is better than cloud
@lazerusmfh 4 ай бұрын
I really like.. Not using ubiquiti
@OldMadScientist 4 ай бұрын
2FA is a good idea ..... until your phone is lost/stolen, or the usb key becomes damaged or corrupt. I would rather this action by Ubiquiti be voluntary.
@CrosstalkSolutions 4 ай бұрын
Phones being lost stolen, hardware keys getting lost or broken - these are not issues that should prevent you from using 2FA wherever possible. Redundancy is key. For authenticator apps - most are now able to be synchronized across multiple devices. For hardware keys - have multiple keys (I use 3). Finally - anytime you enable 2FA, you get backup codes to restore access to your account in a worst case scenario. Save those in a safe location. Don't ever use complacency or fear prevent you from properly securing your accounts.
Tips Workshop
Рет қаралды 15 МЛН
Lawrence Systems
Рет қаралды 29 М.
Immersed
Рет қаралды 7 МЛН
spline
Рет қаралды 606 М.