The Password Manager Security Experts Use
Вставка
- Опубліковано 2 чер 2024
- Don’t know how to use a password manager and want to? Watch this FULL tutorial on how to get started!
Using the same password for every account exposes you to big security risks. You end up recycling that same weak password you’ve been using since high school or college!
Companies and websites experience data breaches all the time, meaning that recycled password is probably in some breach list somewhere.You’ve probably heard about people talk about using a password manager at one point in time, but never gave it much thought.
I’m telling you right now you should start now! It’s one of the best ways to secure your digital life. Besides storing passwords, you can also keep other sensitive information like account numbers or security questions in an encrypted database file.
Once you get familiar with a password manager and begin incorporating it in your daily workflow, you’ll never want to go back!
EFF Wordlist: www.eff.org/files/2016/07/18/...
00:00 Introduction
00:51 🔑. KeepassXC
02:00 📀 Installation
03:27 📂 Creating a Database
3:41 🔏. Database Encryption
➡️ AES (Rijndael)
➡️ Twofish
➡️ ChaCha20
➡️ Argon2
05:24 📝. Creating a Strong Master Key
06:55 📤. 2-Factor Tips
07:18 🔧. Configure & Use
10:42 🗝️. Daily Workflow of a Password Manager
11:25 ☁️. Cloud-based Password Managers
SUBSCRIBE for new video updates!
FOLLOW US
✔ Twitter: / cyberspatial_hq
✔ LinkedIn: / cyberspatial
✔ Facebook: / cyberspatial-114464460...
#PasswordManager #KeepassXC #InfoSec
I just discovered this channel. Fantastic work! Thank you.
Ur channel is amazing, I'm a man on a mission since I discovered it! I'm watching everything! Keep it going man, Ur great.
Thank you! Sounds like we need to produce them faster!
Thanks for covering the ergonomics!
Loved the info and editing style.
You have awesome content! Keep up the great work! 😀
Wow! Extremely great video and info you shared! Thanks a lot!
just discovered ur channel, amazing
tears falling thanks!
Same, I just discovered it today. and he’s amazing!
Talson Abdulla thank you so much!
The day before yesterday, I discovered your channel & fall in love your content. Just awesome!
Syed Mostak thanks!
Dude same, 100%
You may just be the best education channel on UA-cam.
Thanks for the overview showing me how to use a keyboard and fingerpad.
This seems very overwhelming but makes so much sense. I personally feel using a service is better for me
this method cant be subpoenaed, does not interact with any cloud that may have a way to decrypt your database, and you can physically back this up in several backups that are onsite or offsite
This is awesome. Thank you so mutch.
The way you explained checksums and all the basics surrounding setting up KeyPass was mesmerizing. The delivery was so smooth. Made me weak in the knees every time you stared in to that camera of yours, haha!
Keep it up!
Thank you!
Thanks for making this video.
Hello, Many Thanks for the nice tutorial. I just have one different question. Which keyboard you are using? I think it's a wireless mechanical keyboard. But best if you can help with the specific brand and model. Many thanks again 🙂
You are awesome. I started to binge watch. Great content ❤️
Awesome! Thank you!
Thx for mentioning the risks of keylogging and related security threats. The best manager can't stop that!
You can have all the security in the World. If a device is compromised, the attacker sees and hears everything before and after it.
@@Bond2025 I have a question, if you have a password manager (I'm using BitWarden) and you copy the password and control-V it into the password box, can a key logger still capture that?
@@mynameisgladiator1933 Personally I think using copy and paste actually are much more insecure than typing, anything can access to the computer clipboard data even without keylogger or virus in your computer. A keylogger that design to monitor to get the password would definitely have some form or ways to access your copied text.
If you're using a linux system, there's only one password manager that matters and it's probably already on your system. It's called pass. It's literally the simplest password manager and it's so much better than all of that other bloated software you're using. It's entirely from the command line and it's been around forever and is usually a core part of any unix-like distrobution.
Great content. Love it, man.
Thanks so much :)
Great content! Thank you so much. One question but it's not related to the content, may i know what kind of mouse did you use there? It's really interesting
Overwhelming But Very useful 👌 Content
Random Creativity thanks! Yeah once you start looking into how to be secure online, you start to realize just how overwhelming it all is. Lots of cyber threats out there. But hopefully as you take it a step at a time it will become more manageable.
Amazing video sir!
Thank you!
Very useful information.
Glad it was helpful!
OMFG, yeah, the content creation is really good
Thanks!
Amazing video, Quality and Informative content
Thank you!
U teaching method is amazing
We need more, a full course
Would love to do courses, but it's a huge time investment. Topics are changing so fast as well.
I was finding something like this, you did it thanks. By the way I'm an old sub realy love your content.
Hope this helps! Thanks for sticking around!
I have thought of using Virtual Machines to store the databases, but im a bit reluctant to the fact that the program you are using for VM stops working in future versions of OS and that I'm not familiar where the VM stores all the data
Hey do virtual machines work as a fool proof for testing purposes?? I mean I've heard of malwares escaping the VM and creeping into the host itself, I wouldn't be surprised if a 0day vuln was prepared to work it's way around VMs and other stuff? I know this isn't the latest video but I do hope you reply to this!
Good video.
Me: Put a password that I don't know. Then click reset password all the time 😂😂
Like so many others I really enjoy your channel.Im a Kaspersky Total Sescurity user so I use their PW mgr.Your thoughts on their manager? Appreciate reply Thx
Something I noticed in installing KeepassXC is that they really do not want people to be able to read the End-User License Agreement since the text is soo small in the installer.
I use lastpass cause its simple to setup and stuff, im just starting to learn cyber security and I'm looking into making myself secure as you said in your video
Make sure you turn on 2-factor, preferably with a hardware security key.
@@Cyberspatial what are hardware security keys?
@@forbiddena7915 Yubikey is an example of a hardware security key. Yubico offers a variety of great products for cyber security.
www.yubico.com
@@Cyberspatial just Found Your Channel And You are awesome Buddy ❤️❤️
Well What's Different in Keepass And KeepassXC??
Edit: dude If you were a creator from an overpopulated country like mine You would have gained a couple of Million of subs....
I m gonna share this channel among my friends🙂
@@misterwinner8459 KeepassXC is a fork of Keepass that is under more active development with some more features, more support for Mac and Linux.
Thanks for sharing! Appreciate the kind words!
As someone who isn't very tech savvy, is 1Password an ok option if I use it in conjunction with a Yubico key?
Was using Lastpass premium for almost 2 years now but now I have migrated all my credentials to KeyPassXC. It is quite a hassle to cleanup the database because while importing the database file from LastPass, almost everything is scrambled. Like for example Username went to the "title" field and the password went to the "Username" field so I have to manually fix everything. Its a matter of time.
Hey what's your keyboard and mouse pad looks awesome are you using a windows computer?
This isn't even the video I was trying to watch. But darn if that wasn't an efficient and clear walkthrough. I'm a keePass user and I'm trying to dip my toes into Linux and I've been wondering which flavor to user because running KP in mono looks hideous. I think you just sold me on KeePassXC
Hi, thank you for the video. If exported password database is cross-platform and I can open it in different OS? And why I might prefer KeePassXC over KeePassX?
This seemed like a perfect solution for me. But a recent release has broken browser integration on the mac for Chrome.
Really enjoying your channel, Will you go over Certs eventually? also what touchpad are you using its really nice
Apple Magic Touchpad 2
Yes would like to do a comprehensive overview of the different certifications out there one day!
I personally use Bitwarden. I tried to setup KeePass/Keeweb but I didn't manage to make it work with the browser. And I guess it's better for the syncing ?
Keep us secure ❤️❤️
Will meet you halfway!
this content must be taught in colleges
We think so too! Students must be taught how to secure themselves online.
After viewing your video I am definitely going to go with an offline manager up until now I have been using a cloud based manager but I take your point what happens if it goes down I will be stuck. Awesome content.
Back up your password manager if they go offline upload the file into another password manager simple you'll never lose access!!!
Pgp and sha!? Thank you! Your the first I've found specifying that! Still it would be great if you could do a video on EXACTLY how to do those verifications , especially on ANDROID FOR ANDROID... nobody has done this and many people don't have computers..
The powershell thing isn't working with me. Can I skip the verifying part?
💕 KEEPASS 💕
Love from Bangladesh..
Thank you :)
Noticed you used a tutanota email address as an example. Is it better than protonmail? Which email provider do you recommend?
protonmail can be subpeonad
Is it safe to save the KeepassXC database on Google Drive, so I can sync from many devices? Obviously with 2FA and a complex password on Google Account.
Yes only you know how to decrypt your db
you have a such a great techniques but we as a beginner are not able to get that command if we also watch multiple times. please try to make these videos in slow pace and in detail so we can completely benefit from that.
Noted, thanks for the feedback!
Is it true, using a chromebiok is just as safe as the "next best", recommended using Linux in a virtual machine on a windows computer? For "normies" that don't have a chromebook but do have windows?
Hello could someone give me a hand? Im stuck on the download part because I'm unable to verify the code being authentic. When following the provided instructions on the website it asks me to download something else called gpg 4win to verify the code. But how am I supposed to verify the code of that program then and I'm uncomfortable downloading all these random programs that I don't understand
I use keepasxc & insync to sync it on my desktop devices.
Quick question: Does KeePassium work as well?
Never used it, but it's probably fine. On a phone, you might want to use just a subset of the passwords (separate database file).
Great
Just found this channel and I already LOVE IT !!! I would love to start learning cyber security, coding... But at 17, and without any knowledge in this domain (not even the basics)... Do you think I am too late ? Or is it still possible for me to reach the tops in cyber security and coding ?
(i.e: What computer do you advice me to start training and learning from? Is there anyone here who could help me learning... ? Or at least, learning how to learn ? Thank you so much !!!)
Sm Samy Hey man, you are absolutely NOT too late to get into cyber security. It takes 10 years to get really good at any skill, so 17 is the perfect time to start. At 27 you'll be just beginning your career, and if you start now you'll have a huge leg up compared to others just starting to learn in their mid-20s.
You really should start with a laptop that has enough CPU and RAM to support running virtual machines. At 4 cores minimum and 4-8GB RAM minimum. This way you can use a hypervisor like VMware or Virtualbox to run Linux virtual machines to start learning different tools.
If you're really brave, start by installing some kind of Linux distribution like Ubuntu to on it as your main driver.
A lot of the process is troubleshooting, figuring out technology stacks, and tinkering around."
Take a look at this article to start:
hackernoon.com/how-to-become-a-hacker-e0530a355cad
@@Cyberspatial Hi Sir ! Thank you so much for answering (and that fast !) ! I have to admit : everytime I see my classmates that know how to code, or people that are younger than me but with so much knowledge... I start to believe that I'll never be able to keep up and reach the required level ! Even thought I feel attracted to this whole world (that I briefly understand) of cyber security, data... So thank you for your comment ! It helps me build confidence and enter this new world !
I will try to find a good laptop and watch as many videos/read as many articles that I can (starting with the one you shared with me thank you !), and then practise ! I hope that I will someday become "good" at this... or at least understand lol ! Thank you so much ! :)
Sm Samy that’s awesome to hear! Keep up the hard work!
Please can you make a video on how to password protect files in both windows 10 and linux.
That's a pretty good idea, something like encryption options and considerations and different tools...
What if you store your file on both cloud and offline? The reason I put it on the cloud like google drive is to make it easier for me to update my databases for any new entries and back them up on my local devices.
Cryptomator is a good option for creating an encrypted vault locally that's sync-able via Google Drive.
@@Cyberspatial is cryptomator the same as veracrypt?
@@Steve-vb8wy no it's not
nice
I don`t understand if use keeepass browser extension is secure or not. I don`t use keepass browser in my Linux. Is it secure use keepass browser or not?
I don't like browser extensions. Best setup I've used is to keep Keepass+database in a separate VM and do a secure copy+paste (QubesOS)
@@Cyberspatial Thanks for your answer.
Awesome video, I just find out that I do not have to pay LastPass $3 a month.
KeePassXC is a fork of KeePassX, not KeePass. KeePass and KeePass2 are still in very active development. KeePassXC's main advantage is that it's natively crossplatform whereas KeePass is built on .Net.
What laptop stand was that in the intro 😍😍😍😍😍
keepass + Syncthing and you don't need to store your kdbx in _any_ cloud, be it commercially available like dropbox or self hosted like owncloud.
Also: this video makes it seem as if the 'original' KeePass client is not in active development, when it very much is. It also offers a huge amount of Plugins...
What about the libre "Only key" and "solo key"? Anyone vet their code and packet traffic?
How does this compare to bitwarden?
Bitwarden is good for cloud-based.
I use Passbolt.
❤❤❤❤
I do love this. However. As a gamer. I download a lot of things. How do I keep my entire computer safe? Even though this password manager is local, what stops someone from hacking my entire computer and having it anyways?
1. Compartmentalize. Do sensitive things on a separate computer. If you can only use one computer, do everything in a VM and keep the host clean.
2. Masked emails too. Scrub your online information/personas. Consider deleting social media.
3. Don't install pirated software. In fact, install as little software as possible on your computer except for the bare necessities.
@@Cyberspatial so if I did sensitive things on a separate computer, do you recommend not having any of the emails I use on the gaming computer?
I already got rid of social media ;)
@@LibertyFixxxer Recommend you not log into accounts on the less trusted computer. Ideally you might also want them on separate networks, or connected one at a time, depending on your threat model.
What do you think of nordpass
Excaliber No thoughts. 1Password and LastPass have more brand recognition and history, I believe.
If you need extra security, keeping your password database offline using KeepassXC never hurts.
@@Cyberspatial OK thanks
Good afternoon
Vocals= Jungkook
Content= 🗻❤️
Just single word cyber security= cyberspatial! 🔥❤️
Thanks!
good video, but no word on putty integration?
I find a good VPN in this channel
♥️♥️♥️♥️
Thanks for the love!
Thankyouuu... ♥️ love from srilanka🇱🇰 keep doing your amazing vedios 👏👏👏
Gaya De thanks for the support!
My government is not chasing me. This is so advanced.
Keepass of cause! The database goes into my owncloud.
I couldn't say no as soon as I saw the bearded tattooed lumberjack cyberwarfare expert
Offline password since it would be more secure than the cloud based one.
Convenience and cross-platform syncing are other considerations for cloud-based. It's a trade off!
I use Bitwarden with 2FA enabled.
"The only other alternative is each egg in many baskets" ?? how does this even make sense? What about each egg in its own basket? I can't even imagine what each egg in many baskets means. Please helps.
but what if the keypassxc itself sell the passwords of their users🙄🙄😶❓
At least you'd know who was selling it:
github.com/droidmonkey
You can always inspect the source and build yourself:
github.com/keepassxreboot/keepassxc
after pasting the code it show False what to do?
If it's the checksum part, you either have a typo or the downloaded installer is malicious/tampered.
If you're getting it from their official site and aren't being man-in-the-middle attacked, it's also possible you downloaded the checksum for a different version installer.
Obviously, offline Password Managers would be the priority...
Online ones do have some advantages, though like multi-device sync and key recovery. Really depends on the needs of you and your family.
@@Cyberspatial But that risks more exposure to data breach and the whole concept of a password manager is at risk, right?
@@draco24able You have to manage risk. For most people Bitwarden and others are reasonable choice because you can access it from anywhere plus they are expected to follow security practices. But with KeepassXC you have to store the database in the cloud to sync passwords and if you don't make any backups. You just lost all of your passwords if someone deletes the file. Nothing is 100% perfect and will always have trade offs.
what if gpg4win is infected ... gpg4win is ugly windows sister of gpg for linux ... any online resource where we can do signature verification? ... don't windows bundle something similar with their os?
Honestly, putting all your passwords behind 1 bottle neck sounds like trouble waiting to happen. I do need to find a better way for myself to do it though, it is getting ridiculous.
Using a cloud-based password manager is pointless when you can just whack your "offline" KDBX file in your dropbox folder
The syncing isnt seamless through Google drive. Or am i doing something wrong? 🙂
@@koenpauwels98 I would use something like syncthing for syncing
@@ColtonDuckering Yes even then you get loss of records sometimes. Just host A vaultwarden somewhere :-)
I'm sure this is a good method that less than 1 in 100,000 will use.
I use 1Password.
Another great option!
I need a password for Ali express App
And for all your other accounts too!
10:21 hacker can do same thing? and receiver give public key for sender(this time hacker) ofc files he send is signed with correct using receiver public key lol. whats secure of that lol only way is talk phone with person and make password protected file and gve password on phone lol. thats onlyway in that moment not day later. hacker grab file crack password change files put back own apps using same password and vola lol. same goes every "secure way"
Experts write thair own password manager with helix in rust using only thair own libs
Now all of our passwords belong to this guy
Way above my understanding level unfortunately... maybe somebody could write an app to help non computer people use these services LOL
11:37 more NO dont give password yet again another lol
what the... How do you lose all your eggs if you put them in seperate baskets?
Offline
That's ideal!
10:09 there it is you give that site your password. they know your password LOL is it funny. thats only reason have every site own unique password so bad admin has no use of it(there is more admins on world than hackers?). you trust apple?