Security for YouTuber

Hi everyone,

I’m a YouTuber with a growing channel and want to take security seriously.
I have a unique strong password on my google account along with passkey, authenticator and google promt setup.

I’ve read horror stories of creators accounts getting hacked via 2 factor sms and through sponsorship phishing.

My question is, should I remove the 2 factor sms on my account? would only using a password along with passkey/authenticator be stronger/less vulnerable?

Also, any other suggestions are more than welcome. I do use my real name on my channel, I’m okay with that and can’t change it without starting over my channel. But I am working on removing any data on my location and other private data out there.



My only real advice would be to use a virtual machine when doing emails that is not logged in to any where else. Where most people get hacked is by opening a sponsor email while being logged in to their Youtube or other accounts.

I would personally use Kicksecure as you can use it with VirtualBox, it comes a bit harden security wise and you can use their Live function so nothing is saved.

What that means is if you open most malware then close it that the next time you open Kicksecure Live it won’t be there as it won’t be saved. This is not 100% proof as there are rare malware that can break out of a virtual machine, the majority can’t.

Suppose I have a second bit of advice, always log out of your main Youtube account when you are not directly working on it. Uploading, answering comments, checking information. Once that is done immediately logout.

It is not as quick or simple but for security? Can make a large difference.

Any other advice? Well check websites for their actual email and email the companies directly after getting an offer to double check. Example G-Fuel. Go to their real website and use their contact information there to verify.

If you do use Kicksecure you can install ClamTK which is a free lightweight and competent enough antivirus as Linux can get infected despite what most would think. You can scan any PDF with that once downloaded.

Good luck on your Youtube career.


@Throwitaway Thanks so much the Advice. That makes sense to use a virtual machine. I do use MacOS and iOS for everything I do, but I know that still comes with potential risks.

I really like the idea of checking the companies website/email to verify it is real. Having some trying to get me like that is my biggest fear right now haha
Thanks again


Yes! Sign up for the advanced protection program here: Advanced Protection Program and use yubikeys for authentication.


@ph00lt0 Thanks! I understand that having a yubikey would have the added security of having a physical key that only I have. Would that be more secure than requiring a passkey of TouchID and/or FaceID?

You should be reminded of the usual OpSec of not taking pictures of the front of your house, or even neighborhood, cars, etc.

You should be aware of people doing GeoGessr with just a picture of the neighborhood with no hard identifiers. People’s location do get identified by the infrastructure around them by the combination of curbs, signages, lamp post, power post unique to their location. If your house is visible via Google Earth, you can bet someone can geolocate you by the picture of your neighborhood.

1 Like

Yes more secure for sure as it keeps the password requirements so it is a better form of authentication.

I do however think that using non cloud synced passkeys is perfectly fine in most situations. Google will also still allow you to use that within the advanced protection program.

1 Like

makes sense, thanks so much

As someone who has played GeoGessr many times I’m fortunately I’m very away of those ricks haha. I’m in a large walkable urban area and will post sometimes when I’m out and about. But that’s a great reminder to be carful or just not do that. Thanks for the reminder

1 Like

This step is okay but doesn’t add much security to your account that much as nowadays account hacks happen through stealing session cookies which would render such advanced security useless. ( People have actually lost their accounts even after securing it with a yubikey)
With increase in interest of crypto markets , these hacks have also been on rise recently.
I would suggest to log out of your youtube account desktop session frequently when not in use.
Possibly also keep a different email for your official contact than the gmail you use for your youtube account.
A mobile device would usually be safer for being logged into your account.


@pika Thanks for the info, I remember hearing about that happening to some big accounts. By habit, I typically check my email via mobile, I’ll make sure to keep that habit haha. Would disabling session cookies for and Google be a potential solution?

I actually disagree with your assessment.
Session cookies are a problem, but enrolling in advanced protection will actually help with that too.

Google takes your account much more in control and is more likely to request reauthentication when something suspicious happens like connection from unknown location.

Besides all that still the majority of people get hacked because of phishing and dataleaks.

@ph00lt0 I do like the overall projections of Googles advanced protection. I use Apple’s Private Relay feature on both my phone and computer, would that potentially cause google to request reauthentication with me everytime?

I am unfamiliar with that. Basically everyone I advice is on grapheneOS or uses iPhone but no huge dependency on Google’ services.

Are you experiencing this now or are you asking if this will happen? Perhaps other users here will know.

If you are in the US, maybe Apple is inclined to be more well behaved so I guess Apple Relay is ok enough. The issue I have is that I Apple will relay the user’s connection through the VPN but the underlying OS does not go through the VPN maybe because it thinks itself special.

The general advice is to use a router with a VPN. I am currently using a Protectli router with pfSense and Wireguard client addon for using with ProtonVPN. This way, even the iOS/Apple snowflakes within my network gets to enjoy VPN with no exceptions.

I recommend use qubes os have a good powerfull system from system76 or starlab or tuxedo maybe and install qubes os.
Using vpn or tor does not make sense as you are public facing but using qubes you will be protected from email scam what mostly happens that you received a email which is like do this video and get. 1 € and it contains the exploit and it infects your system.most common type of attack on windows less on linux and mac but for this type of attack you will be safe from this.
As your are using vm which is completely isolated from host.

** You need a good system to run this a i5 or ryzen5 cpu and any amd gpu nvidia works also and minimum 32 gb ram.

Purism is a joke, terrible recommendation. But yeah Qubes would protect against some kinds of attacks, just use it on anything but scamism libscam computers

Qubes just seems overkill for this use case IMO. As long as they don’t run untrusted code or modify their computer using sketchy instructions, they should be fine with a normals secure Linux distro (or even Windows should they choose to make that [objectively bad] choice)


No still windows is not a secure option at any point of time mac os is better if you want proprietary os if not linux is the only real option left.

Im not saying that windows is super secure, just for this usecase, using Windows in a cautious manner is probably OK. They are just worried about phishing and stuff, and there are fairly simple ways to ensure you do not fall victim to those types of scams…

1 Like