The YouTube App is an Authenticator…and That’s a Problem
Not long ago, I added a new device to my Google account. As I signed in, it asked me to authenticate myself by sending an approval message to the YouTube app on my other devices. Pretty standard fare.
But it occurred to me that if one of my devices was ever stolen, this was a dangerous attack path. I require FaceID on important apps such as authenticators, password vaults, bank apps, and email. Sure, I have a passcode on my phone and iPad as well, but without biometrics on these applications, the entire security of my digital life relies on a 6-digit number. If someone shoulder-surfed my PIN – or grabbed my unlocked phone after I’d unlocked it – it would be very easy to lock me out of my accounts, change my passwords, drain my accounts, etc.
It’s not a likely scenario, but because the consequences are so catastrophic and the fix is so easy, I use biometrics.
I didn’t require FaceID on my YouTube app because…so what? I don’t require FaceID on the calculator app, either. If someone were to open my YouTube app, what could they really do? Leave some angry comments on LowEndBoxTV videos? Delete my playlists?
But when I recently authenticated with the YouTube app to sign into my email on another device, it made me realize that the YouTube app is actually another authenticator.
So I required FaceID.
And Then the Pain Came
OK, admittedly, “pain” is a bit strong.
Coincidentally, my AirPods became unpaired from my iPhone shortly thereafter. I re-paired them – it happens. Then I noticed that everytime I tapped to unpause, Apple Music launched.
No. Matter. What. I’m listening to a Caleb Hammer episode and pause, and then when I unpause, whatever Apple Music song I last listened to started. I thought it was because of my re-pairing. I tried killing the Apple Music app. No change. Unpausing would actually launch the Apple Music app and start playing the last song. This was super-irritating, because I often work and hike while listening to YouTube. Pausing and unpausing those videos with my AirPods is something I do a dozen times a day.
I dove into Bluetooth settings. Nothing. I asked our AI overlords, and it lead me down a rabbit hole of settings – some of which didn’t exist, in classic AI style – but no change.
Took me a couple days, but then I put two and two together and removed FaceID from YouTube. Instantly things worked as expected again.
Security is the Inverse of Convenience
So we’re at the classic intersection of convenience and security. If you want more of the latter, you have to give up some of the former.
Hmmm.
raindog308 is a longtime community LETizen, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, raindog308 runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, raindog308 has a life-long love of German Shepherd Dogs, high-quality knives, target shooting, theology, tabletop RPGs, playing guitar, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.