The reason I like this channel so much is because whenever i watch a video i 99% of the time learn something new, and i find that so amazing. thanks Linus & the team.
"Don't Write Down Your Password." This is pretty safe depending on the security situation of where you live. Most people don't have to be paranoid about documents in a dresser drawer or under their bed.
The problem is when they do it at work, it's commonly recommended not to write it down for this reason. If you make it a habit at home you'll do it at work to.
+EdwardERS for most people? I thought most people had families, which means a little digging and if someone wanted access to my PC or whatever while I'm not around they could certainly find it... so that could be pretty bad, depending on what that password unlocks. Just use a password manager and come up with one really good password for it, I've managed to memorize a password over 12 characters long... Simply use it daily and you'll remember it within a week, it's not that hard man.. That or get one of those Yubikeys, I've only had a look at em so far but they seem pretty awesome and you can even use it to unlock your PC.
Vroom Vroomer I was refering to I dunno.. your bank, paypal, ebay/amazon accounts, etc... You know anything important? as if a child or teenager wouldn't at the very least be tempted to buy something if they gained access to anything like that... Why the fuck did you think I meant porn?
+Trademark™ It said someone in Argentina tried accessing my email a couple days ago. Than I found out it was my brother trying to retrieve a certain password of mine while I was sleeping to upload a guitar tab to my account. He uses all that proxy/vpn, authenticators and such, so it tripped me out for a moment :b
Thanks for recommending Dashlane. I've been having issues with Lastpass not loading up anymore after starting Chrome, so I switched to this and it's working pretty well so far.
1Password isn't cloud-based, Luke. It, much like KeePass, has available Dropbox integration but doesn't store the actual database on a remote server. The password database (which is strongly encrypted) is stored locally. The primary differences between 1Password and KeePass are that 1Password has a more user-friendly UI but lacks Linux support while KeePass is a bit more utilitarian in the UI field but has a wider compatibility base.
+Probably Jack gratz. but what are you going to do when the next iphone comes out in 6 months. sell the 6S, put the money in the bank and let the nigerian prince take it and give you the next iphone? good luck mate
I made my own HARDWARE password manager 😊 It fits well on my keychain and can either show the password right on a small LCD display after decryption - or be plugged into USB and launch a webbrowser directly on its own storage (runs separately from the PC's browser) with the password automatically filled in/already logged in to the account due to cookies! Everything is backed up in 2 different ways as well, so I don't have to worry about loosing the keychain 😊 ...And nothing is stored on potentially untrustworthy third part cloud-servers! 😉👍
@exios It's NOT like a "walk in the park" 😅 It took me like a year to finish this project... 😆 I had everything thougt out so I also believed it would be an easy task. But there where WAY more "roadblocks" on the way than I had expected! 😪 Especially because I wanted to avoid using ALL kinds of third party code libraries and instead do all of the programming myself! It's backed up to a micro-SD card on the device and I have also written a script on my computer that checks if the first/middle/-and last character, as well as the total lenght of the encrypted data on the password manager matches with a partial cache from the last time I had it plugged into my computer. If it does NOT match with the cache then it means something has changed, so then it automatically replaces the old backupfile on an external harddrive with the new and updated data 😉👍
I use this method . I have an usb stick crypted with Veracrypt and inside the crypted memory of usb I have the password database crypted by KeePass . Every time I have to digit the password or see it I turn off the internet connection of the computer and copy and past the password in the site. The master password of Veracrypt and KeePass are saved in no digital device but they are in real life safe place. Inside home I use a second pc with no internet connection for open the database password. For mobility it's very simple , I use an otg cable for connect the usb to the smartphone and use two apps similar to Vera and KeePass. In total I have 3 copy backupn of this systems .
I don't get why people dislike these videos, are they the ones hacking into peoples accounts? like... there giving you free ideas on how to protect your password
+Toxicz I rarely change my passwords. Only accounts that actually matter are my Battle.net and Steam accounts and they have multiple step authentication. They also have different passwords than all the other accounts.
+Toxicz That'll probably be what I'll spend my short upcoming vacation on, tracking down all the places I have signed up to, trying to remember the passwords and making new ones.
Bernie Sanders 2016 Oh noo, my games. How can I live without them. How can I ever survive now that Bernie Sanders 2016 knows how to bypass multiple step authentication. Rest In Pieces me, a poor soul, a weak red lipped fish, living on the bottom of the ocean.
I finally realised what the *putting right hand down to side for a second every now and then* thing is. Moving the slide on for an auto-cue/script type thing. Can't believe it took me so long to figure it out. I just thought it was a weird habit of Linus'.
Why is physically writing down the password a bad idea? As long as somebody doesn´t break into my house, they are safe. Family members do not even know that I have something like that and I won´t lose the sheets of paper since they are all stored in one place for years now. Written down password cannot be stolen by some fancy hacking program. Using a password manager isn´t an option for me, I do not need it anyway and it can get decrypted too. If you have all your passwords stored in a program, good luck getting to them if you PC is dead...
+epicDuftbaum Its not the PC that passwords will protect, its the information on it. With the proper security software and firmware computers without passwords are just a bunch of metals.
+Amusix It's okay to reuse a password for almost everything because there's shitloads of stuff out there and you could never remember a 1000 different passwords but I suggest having a unique password for the important stuff like bank password or main email password.
+Amusix I don't know how secure this is, but I used to setup my passwords like this . Like: UA-cam: siglfmdy34Tube Twitter: siglfmdy34Bird Deviantart: siglfmdy34DumbIcon P.S. Those examples have never been any password I have used, It's just as an example.
Never use cloud storage for passwords. Note: LastPass was compromised earlier this year. You also shouldn't be trusting proprietary software for password storage. You don't know what's happening to your passwords
I have a password that has four sections that I switch around whenever I make a new password and then I also have a fifth unique section for every password. It works very well for me
+Teun Willems Run. Run away from them. Unless it's your bank, then you call up their IT security department and yell at them for using terrible security practices.
+TechXSoftware Pretty much. That's when a password manager comes in handy - only one password to remember to rule them all. It can be a pain sometimes in day-to-day usage, but worth it.
+TechXSoftware Just use the same passowrd on things you don't mind being hijacked, (actually think about if you mind before) and you only need a handful of unique passwords.
+TechXSoftware Passwords are (heavily) encoded in the password manager database ;-) Of course, it's a bit of a trade-of since, yes, that means you have all your psw in a file - actually, in several files, since you want to make copies of the database: the biggest threat with a password manager is accidentally lock yourself out of your own online accounts by losing the database :-))
The pass phrase is superior. You can even use concepts to help remember them. You can right down the concept as a reminder since someone would need to both know you very well and have the concept to crack it. An example of a concept is what I call topical favourites. So for example: Location - Car - Food, from this randomly I could have a password of dubaifordburger, sydneylancercheese or newyorknissancake. Both functional and comical making them easier to remember. 2-Factor authentication is based on a principle of both something you know coupled with something you have. So a password combined with a pin from an App, Text Message or RSA token makes this more viable. While someone could steal your phone or RSA token, chances are they won't have your password and vice versa. There is a TED talk on this exact topic if you want to know more. I need to point out this won't work everyone. Some developers for whatever reason limit password character length, eg. Password must be between 6 and 12 characters in length. While this would help prevent SQL injection attacks, it is overzealous as proper input validation would prevent this.
Why not write them down? its hard to hack paper?... and you'd have to have something somebody really wanted online for them to break in to your house / rob you to take your password book just to login to your online accounts?.... but that's just my 2 cents..
The problem with the word combination or sentences is that many sites dont allow for this. Many sites require special characters AND numbers AND lower case AND upper case. a few sites have a minimum of 8 characters and a maximum of 14. Idiotic, but I cant force it to work. And now you have to remember which sites have what weird rules. So back to a lot of hard remembering again.
4:44 AM, had a tad too much Mountain Dew and a Maple-frosted Doughnut (yay New England region), and what am I doing? Watching Linus Tech Tips of course. -I have weird habits.- _Also, RIP sleep schedule; I'll miss you._
Scentpie's friends are the only toys I need while I try to a eat a hot pocket with my skirt down Take a few minutes to figure out why someone might possibly want to change their passwords after watching this video.
I they should make a video about usual PC problem symptoms for each part of a system. Like "Usual symptoms of a failing Ram As fast as possible", " Usual symptoms of failing PSU as fast as possible" so on an so forth.
Oh yeah don't write your passwords down on a file that will remain on my desktop but DEFINITELY send them across the internet resting in the CLOUD. goddamit Also if your password is just words it WILL be broken by a brute force program
+leo sky I would hope that you don't actually send your passwords to them, but rather encrypted versions of them, that can only be decrypted with your master password. Also whether your passwords can be broken if they're only words really depends on the kinds of words you use and especially on how many words you use.
leo sky First, LastPass and other cloud-based password managers use heavy encryption that can't be brute-forced before the heat death of the universe. Second, read that XKCD. It briefly explains how a random combination of 4 common words is actually more secure against both humans and computers than what people usually believe is a good password.
+Telogor _ a lot of brute force programs will also use a dictionary/wordlist and try combining those, so writing a long password sentence with only lower case words from a dictionary could drastically lower the time it takes to brute force a passphrase like that, probably not even a day of computing. the xkcd is correct, assuming that the brute force attack will try random symbol combinations. most, however, do not work randomly; there's a certain predictability to common password phrases/combinations. personally, I'd advise to use long and moderately complex pass phrases. you can even write them down onto some paper to keep near your PC, which should be fairly safe as long as they're not easily visible by anyone just walking in.
Here's a great password: kumarreksituteskenteleentuvaisehkollaismaisekkuudellisenneskenteluttelemattomammuuksissansakaankopahan it's just one word tho.. ;)
I have a pretty airtight method I think, I have 5 different passwords that I'll alternate between for every account I own. I have all of these memorised and if I require a hint for a password, the hint will normally be something like "password 1" which acts like a trigger, immediately telling me which of the 5 to use.
I personally would say that KeePassX is a pretty good open alternative to some of the desktop solutions for password management out there. Mainly because it's available for all of the major operating systems.
I used to use plmnkoijb as my pass. It's easy to remember HOW to type, but not easy to remember. Making mental patterns on how to type a pass can make it way easier to generate new ones and remember old ones.
1Password is NOT cloud based, it is local. It does however, allow syncing by copying the vault file between computers (typically using Dropbox) or direct device to device WiFi syncing which has no cloud involved at all.
If the site you are creating a password for supports spaces. It is also great to make your password into a word or sentence and your normal password. Like for LinusTechTips forum it could be 'linustech ' and for Facebook it could be 'bookoffaces '. This way, you get a long password and also as password that you can remember!
Hey, I'd use passwords like "correct horse battery staple" except that many sites require varying case and numbers and non-alphanumeric characters for their passwords. Many sites also still limit the length of passwords to 10 characters, so using those non-alphanumeric characters are as good as we can get in many situations.
I don't use password managers. I just don't like them simply because of the fact I'm either storing passwords on a server owned by someone else. This just gives me chills as I don't know who is actually administrating the server or what security they have. I generally keep all my passwords different, and use a combination of two random easy to remeber passwords blended together in a pattern different on all passwords. If I could ever give any advice to anyone its simply that: 1. Don't use any less than 16 characters. 2. Use numbers and letters at least. Also put some 'RANDOMLY PLACED' symbols if any. 3. Never store passwords on the internet such as cloud service or even lastpass. 4. Use 2 step authentication on a 'SECURE' device, meaning encrypted or password protected or if possible fingerprint protected. Remember, your device (your phone) is a key. Keep it safe or never use it as a key.
I use KeePass for personal and work. Don't need to remember passwords or even see them. Auto generated based on several options, or manual entry. Auto paste and clipboard timeout.
1Password is not necessarily "cloud-based" like LastPass. You can happily turn off dropbox/icloud sync and sync Locally via WiFi. (Although I think at this time this is only supported with a Mac-iPhone combo) What I mean is that (although tedious) 1Password does not _require_ you to sync.
3:34 Wait, is that a... Doctor Who reference??? On LinusTechTips??? Well, the old kitchen did have a TARDIS in the background... Still, I am now both surprised and full of admiration...
You should also talk about websites that set using special characters, numbers andcapital letters as a mandatory thing. Tips for memorizing, and all that. I'd say, make the first letter capital, just like you'd do to a name, add a number to that object (the tube), and switching an "s" for "$" should pretty much do it IMO.
I already implemented the password suggestion you mentioned, wanted to find out if you were correct and have a video reference. Btw, this doesn't work 100% (password type) since some websites/games seem to get into the habit of requiring short passwords and numbers/symbols in the password. They need to take a look at this video and remove those requirements, lowers my possible security due to this.
nice video - hope you do more security stuff, but some reviews of security options that are out there would be pretty cool as well! Also, where can we recommend tech to be reviewed? couldn't find it on the forums.
the best one is a combination of numbers, upper case letters, lower case letters and symbols but if supported also alt+### combinations IF SUPPORTED some and probably most sites don't support them for a password nor a username
You have three parts to security, confidentiality, integrity, and availability. As you increase one of these you decrease the other two. Just something to think about
I got a bunch of great password design info off an antvenom vid. It's easier for a computer to crack a 15 digit long password with random letters, numbers and symbols than it is for it to hack a 20 letter long one with only words. Next time you make a password, make sure it's long and easier to remember, like Luke said.
One thing I'd like to point out that I do, is when recording your password, don't enter the correct password, enter it inverted, or with a missing or added letter or something like that. Just so long as its easy enough to remember.
Sometimes for fun when I'm at an ATM I like to shout out 4 random numbers when I enter my pin.
Wtf??!
AHAHAHAH :_D
+Steve Ozone Wouldn't that increase your chance of getting mugged, since someone believes that they have your pin?
im dead
+Steve Ozone when i have to type my pin, i like to look like im pressing other numbers, but not actually press them. but shouting them is nice too
The reason I like this channel so much is because whenever i watch a video i 99% of the time learn something new, and i find that so amazing. thanks Linus & the team.
Guys, what should I use instead of 69allday? ;(
69allweek
69allmonth
69allyear
69alldecade
69allcentery
I keep mine simple to remember it. I never forget Password123
*logs into your UA-cam account*
Oh great, all my Steam account and emails have been hacked now. I bet it was someone from here. Last time I trust the Internet.
+steve m LOL, when was that EVER a best practice?
Things keep getting worse for me. Now my PlayStation account has been hacked and my Amazon account suspended for attempted hacking.
steve m I really can't tell if you're being serious or just trolling at this point.
dat cheeky wink though.
+Andrew Galbraith It certainly made me chuckle
+will1565 Same here :)
Notice me Danpai.
+Andrew Galbraith
dat
Password length limiters forcing to have only 10-12 characters at max with upper case, numbers, and symbols are the cancer of the internet
how did society get here. that's the dumbest thing EVER yet so many people do it. has to be some kind of conspiracy.
"Don't Write Down Your Password."
This is pretty safe depending on the security situation of where you live. Most people don't have to be paranoid about documents in a dresser drawer or under their bed.
The problem is when they do it at work, it's commonly recommended not to write it down for this reason. If you make it a habit at home you'll do it at work to.
Völundr Frey
Depends on your job then too.
EdwardERS Sure, not everyone have computers at work. But if you do you probably have some information which shouldn't be available to the public.
+EdwardERS for most people? I thought most people had families, which means a little digging and if someone wanted access to my PC or whatever while I'm not around they could certainly find it... so that could be pretty bad, depending on what that password unlocks.
Just use a password manager and come up with one really good password for it, I've managed to memorize a password over 12 characters long... Simply use it daily and you'll remember it within a week, it's not that hard man.. That or get one of those Yubikeys, I've only had a look at em so far but they seem pretty awesome and you can even use it to unlock your PC.
Vroom Vroomer I was refering to I dunno.. your bank, paypal, ebay/amazon accounts, etc... You know anything important? as if a child or teenager wouldn't at the very least be tempted to buy something if they gained access to anything like that...
Why the fuck did you think I meant porn?
Better late than never that this finally arrived on UA-cam, but I still say that this should have been posted here in the first place.
Would love to see more cybersecurity related videos like this. Very informative video!
I literally loved the intro dialog beginning with the "If you want to see...", well played Luke!
talks about password protection then says:
"a trick i use to come up with password is..."
:D strill bro love luke
A good video, and one I liked. Luke's at his best when he isn't imitating Linus and doing his own thing instead. Thumbs up! 👍
Fun thing is that yahoo just noticed me that someone in north korea just entered my account.
maybe the glorious leader wants to know you better
same but it was from china, they probably have 100s of workers there just trying to get into emails on 2000 pcs
+GBrah its all just scripts that run and try till it gets in. not really workers.
+Trademark™
Yahoo didn't just notice you. Words have meaning, please try harder.
+Trademark™ It said someone in Argentina tried accessing my email a couple days ago.
Than I found out it was my brother trying to retrieve a certain password of mine while I was sleeping to upload a guitar tab to my account. He uses all that proxy/vpn, authenticators and such, so it tripped me out for a moment :b
grrrrrrr, why couldnt this video come out like 4 hours before, i had a whole ICT lesson about this today and it ansered EVERY question
This is why I don't use the internet, or any technology for that matter. I am currently writing this comment on my iStone tablet.
I wrote this comment in cave drawing before send it through iCave, which takes 3 years to translate into text on youtube.
Thanks for recommending Dashlane. I've been having issues with Lastpass not loading up anymore after starting Chrome, so I switched to this and it's working pretty well so far.
1Password isn't cloud-based, Luke. It, much like KeePass, has available Dropbox integration but doesn't store the actual database on a remote server. The password database (which is strongly encrypted) is stored locally. The primary differences between 1Password and KeePass are that 1Password has a more user-friendly UI but lacks Linux support while KeePass is a bit more utilitarian in the UI field but has a wider compatibility base.
Password manager guide series would be amazing!
Apart from the fact that password managers get broken into
Taran van Droogkloot and Taran van Eikel :D
the best dutch names:p
+Gerrit-Jan Bergwerf Dem Dutch translations :D
Taran Lulhond
Taran Klootviool :D
Yeah dutch words
+dirk-jan raven Yay nederlandse woorden!
THAT INTRO OMG! THAT WAS HILARIOUS!
Guys I just won a new iPhone 6S and all I had to do was send a Nigerian prince my bank account details!
+Martin K wheres your SSN? (insert name here) The nigerian prince needs hat too
+Probably Jack Congratulation!
+Probably Jack gratz. but what are you going to do when the next iphone comes out in 6 months. sell the 6S, put the money in the bank and let the nigerian prince take it and give you the next iphone? good luck mate
I made my own HARDWARE password manager 😊 It fits well on my keychain and can either show the password right on a small LCD display after decryption - or be plugged into USB and launch a webbrowser directly on its own storage (runs separately from the PC's browser) with the password automatically filled in/already logged in to the account due to cookies!
Everything is backed up in 2 different ways as well, so I don't have to worry about loosing the keychain 😊 ...And nothing is stored on potentially untrustworthy third part cloud-servers! 😉👍
@exios It's NOT like a "walk in the park" 😅 It took me like a year to finish this project... 😆 I had everything thougt out so I also believed it would be an easy task. But there where WAY more "roadblocks" on the way than I had expected! 😪 Especially because I wanted to avoid using ALL kinds of third party code libraries and instead do all of the programming myself!
It's backed up to a micro-SD card on the device and I have also written a script on my computer that checks if the first/middle/-and last character, as well as the total lenght of the encrypted data on the password manager matches with a partial cache from the last time I had it plugged into my computer. If it does NOT match with the cache then it means something has changed, so then it automatically replaces the old backupfile on an external harddrive with the new and updated data 😉👍
@exios Well, If you've got a really good memory - then you already have the most secure passwordmanager in existance! 😉
Great video.
I use this method . I have an usb stick crypted with Veracrypt and inside the crypted memory of usb I have the password database crypted by KeePass . Every time I have to digit the password or see it I turn off the internet connection of the computer and copy and past the password in the site. The master password of Veracrypt and KeePass are saved in no digital device but they are in real life safe place. Inside home I use a second pc with no internet connection for open the database password. For mobility it's very simple , I use an otg cable for connect the usb to the smartphone and use two apps similar to Vera and KeePass. In total I have 3 copy backupn of this systems .
Techquickie: password security explained
I see your comments often. We must share some of the same interests.
+Jordan Johnson (Mighty Burger) my subscriptions are public if you want...
Most of your subscriptions, I have. Omfg
I don't get why people dislike these videos, are they the ones hacking into peoples accounts? like... there giving you free ideas on how to protect your password
I litteraly changed most of my passwords after seeing this video
I think most people did
+Toxicz I rarely change my passwords. Only accounts that actually matter are my Battle.net and Steam accounts and they have multiple step authentication. They also have different passwords than all the other accounts.
+Toxicz That'll probably be what I'll spend my short upcoming vacation on, tracking down all the places I have signed up to, trying to remember the passwords and making new ones.
***** A long one...
+Vroom Vroomer I've done some hacking and the only way to save yourself is by not checking remember password. you can bypass steam guard with files.
Bernie Sanders 2016 Oh noo, my games. How can I live without them. How can I ever survive now that Bernie Sanders 2016 knows how to bypass multiple step authentication. Rest In Pieces me, a poor soul, a weak red lipped fish, living on the bottom of the ocean.
1password can also be used for local storage (and local Wi-Fi sync, which is very useful)
"I changed all my passwords to 'incorrect'. So whenever I forget it, it will tell me: Your password is incorrect".
My password is secret
Sorry to be a downer, but that's in the top ten passwords. Yeah. Not smart
@@tasmanmillen woosh
I finally realised what the *putting right hand down to side for a second every now and then* thing is. Moving the slide on for an auto-cue/script type thing. Can't believe it took me so long to figure it out. I just thought it was a weird habit of Linus'.
What are you talking about? 69allday is a great password
.... that's totally not my password now, lmaojk
+EvilCatNip So what is it now? 69allnight?
+Ken Catus No its 69allweek XD
+EvilCatNip 69_4lyfe?
+Nathaniel Mina nah. its nonstop69alldayerrday
*lol* enjoyed the Dutch last names (droogkloot, eikel, etc.) in the first few minutes of the video :-)
Greetings from the Netherlands
Why is physically writing down the password a bad idea?
As long as somebody doesn´t break into my house, they are safe. Family members do not even know that I have something like that and I won´t lose the sheets of paper since they are all stored in one place for years now.
Written down password cannot be stolen by some fancy hacking program. Using a password manager isn´t an option for me, I do not need it anyway and it can get decrypted too.
If you have all your passwords stored in a program, good luck getting to them if you PC is dead...
+epicDuftbaum and what if somebody breaks into your house?
***** Then he might as well steal my whole PC...
+epicDuftbaum Its not the PC that passwords will protect, its the information on it. With the proper security software and firmware computers without passwords are just a bunch of metals.
+iDerekMC what if he has hid it? like in a sofa. no1 will search there
I wrote down my passwords on a page of a Math notebook. if someone breaks in my house I don't think they broke in to do some studying.
Thank you for this, i have just changed my passwords and am now using two level authentication. Thanks again for another great video.
Every time someone smart talks about password security, I always wait for the xkcd references.
Remember kids: correct horse battery staple.
thanks, linus tech tips, for great and interesting content
Is it bad that I use the same password for everything?
+Amusix Probably.. But I do the same thing and have never been compromised. Just be ready to quickly change all your passwords if something happens
+Amusix It's okay to reuse a password for almost everything because there's shitloads of stuff out there and you could never remember a 1000 different passwords but I suggest having a unique password for the important stuff like bank password or main email password.
+Amusix I use the same password for everything. always have.
+Amusix I don't know how secure this is, but I used to setup my passwords like this .
Like:
UA-cam: siglfmdy34Tube
Twitter: siglfmdy34Bird
Deviantart: siglfmdy34DumbIcon
P.S. Those examples have never been any password I have used, It's just as an example.
+Yemto With the use of number and capital letters too, I'd say that's a very secure and unpredictable way to pswd protect your accounts.
"Or with friends... I don't judge." I love you guys!
Never use cloud storage for passwords. Note: LastPass was compromised earlier this year. You also shouldn't be trusting proprietary software for password storage. You don't know what's happening to your passwords
I have a password that has four sections that I switch around whenever I make a new password and then I also have a fifth unique section for every password. It works very well for me
My password is over 30 characters long with capitals, letters, and jumbled words xD Takes a while to log in
+swat67ify No need to make it that difficult
+swat67ify How do you deal with websites where passwords can't be longer than X characters (Yes they exist)
how when there's a limit of 16 characters on Google/UA-cam?
+Teun Willems Run. Run away from them. Unless it's your bank, then you call up their IT security department and yell at them for using terrible security practices.
Teun Willems Moeyz69 I use only for email. Google doesn't have a limit?
These intros are getting really real...
So imagine you have 50 accounts, that means 50 passwords, you then need to remember 50 passwords?
+TechXSoftware If you want to be perfectly secure, yes
+TechXSoftware Pretty much. That's when a password manager comes in handy - only one password to remember to rule them all. It can be a pain sometimes in day-to-day usage, but worth it.
Mathieu Bouvier But that then goes against his 2 rules, 1) storing the password, 2) writing it down.
+TechXSoftware Just use the same passowrd on things you don't mind being hijacked, (actually think about if you mind before) and you only need a handful of unique passwords.
+TechXSoftware Passwords are (heavily) encoded in the password manager database ;-) Of course, it's a bit of a trade-of since, yes, that means you have all your psw in a file - actually, in several files, since you want to make copies of the database: the biggest threat with a password manager is accidentally lock yourself out of your own online accounts by losing the database :-))
This!
Should really gain more views!!!
5 minutes ago?.. dam i here!
Dayum that wink came out perfect!
The problem is these websites with all these criteria for passwords.
The pass phrase is superior. You can even use concepts to help remember them. You can right down the concept as a reminder since someone would need to both know you very well and have the concept to crack it. An example of a concept is what I call topical favourites. So for example: Location - Car - Food, from this randomly I could have a password of dubaifordburger, sydneylancercheese or newyorknissancake. Both functional and comical making them easier to remember. 2-Factor authentication is based on a principle of both something you know coupled with something you have. So a password combined with a pin from an App, Text Message or RSA token makes this more viable. While someone could steal your phone or RSA token, chances are they won't have your password and vice versa. There is a TED talk on this exact topic if you want to know more.
I need to point out this won't work everyone. Some developers for whatever reason limit password character length, eg. Password must be between 6 and 12 characters in length. While this would help prevent SQL injection attacks, it is overzealous as proper input validation would prevent this.
UA-cam actually blocks out your password if you post it, like this: My password is *******
+J Nichols deeznuts123
+J Nichols ********* Ha! Cool, didn't know that!
+J Nichols *******************************************************
wow it works
+J Nichols ********
amazin!
Hunter2
please make a video on negative and positive off does difrance password managers.. i would love a video like that. and bett others would to.
Why not write them down? its hard to hack paper?... and you'd have to have something somebody really wanted online for them to break in to your house / rob you to take your password book just to login to your online accounts?....
but that's just my 2 cents..
The quality of the video production has improved quite noticeably. Well done to all concerned. :-)
first on a video but last to get laid
i fucking love the new style of comedy on this channel lol
The problem with the word combination or sentences is that many sites dont allow for this. Many sites require special characters AND numbers AND lower case AND upper case.
a few sites have a minimum of 8 characters and a maximum of 14. Idiotic, but I cant force it to work.
And now you have to remember which sites have what weird rules. So back to a lot of hard remembering again.
very important video, nice - good job!
hunter2
Love the shirt, man! Bastion is awesome!
Who the fuck is Aiden?
+Jay Anderson the guy from WatchDogs
+Jay Anderson NO ME, obvs...
+Jay Anderson at first i thought it was raiden and i was like u wot m8
4:44 AM, had a tad too much Mountain Dew and a Maple-frosted Doughnut (yay New England region), and what am I doing? Watching Linus Tech Tips of course.
-I have weird habits.-
_Also, RIP sleep schedule; I'll miss you._
Me and my friend use to write down our passwords with a custom book in skyrim and put it in our house.
+Zac Pompa (Red Actual) and then u lose ur skyrim file.
MoDRun yeah it was just a fun way man
Yubico just made a sale, thanks to you!
Wonder how many people tabbed out of this video to go and change their passwords. I know I did.
Wtf why?
Scentpie's friends are the only toys I need while I try to a eat a hot pocket with my skirt down Take a few minutes to figure out why someone might possibly want to change their passwords after watching this video.
I they should make a video about usual PC problem symptoms for each part of a system. Like "Usual symptoms of a failing Ram As fast as possible", " Usual symptoms of failing PSU as fast as possible" so on an so forth.
Oh yeah don't write your passwords down on a file that will remain on my desktop but DEFINITELY send them across the internet resting in the CLOUD. goddamit
Also if your password is just words it WILL be broken by a brute force program
+leo sky I would hope that you don't actually send your passwords to them, but rather encrypted versions of them, that can only be decrypted with your master password. Also whether your passwords can be broken if they're only words really depends on the kinds of words you use and especially on how many words you use.
leo sky First, LastPass and other cloud-based password managers use heavy encryption that can't be brute-forced before the heat death of the universe. Second, read that XKCD. It briefly explains how a random combination of 4 common words is actually more secure against both humans and computers than what people usually believe is a good password.
+Telogor _ a lot of brute force programs will also use a dictionary/wordlist and try combining those, so writing a long password sentence with only lower case words from a dictionary could drastically lower the time it takes to brute force a passphrase like that, probably not even a day of computing. the xkcd is correct, assuming that the brute force attack will try random symbol combinations. most, however, do not work randomly; there's a certain predictability to common password phrases/combinations. personally, I'd advise to use long and moderately complex pass phrases. you can even write them down onto some paper to keep near your PC, which should be fairly safe as long as they're not easily visible by anyone just walking in.
Here's a great password: kumarreksituteskenteleentuvaisehkollaismaisekkuudellisenneskenteluttelemattomammuuksissansakaankopahan
it's just one word tho.. ;)
+Vroom Vroomer
that could take at least 10 fellas using backtrack 10 months to find.
Nice lighting and color
Dayum 1 AM upload.
Another good way Ive found is to use a passage from a book you like. Easy way to remind yourself of what the password is.
I have a pretty airtight method I think, I have 5 different passwords that I'll alternate between for every account I own. I have all of these memorised and if I require a hint for a password, the hint will normally be something like "password 1" which acts like a trigger, immediately telling me which of the 5 to use.
I personally would say that KeePassX is a pretty good open alternative to some of the desktop solutions for password management out there. Mainly because it's available for all of the major operating systems.
Great review! More people need to know this stuff!
I will set a goal to change one password a day until I feel I am good with all the sites. Thanks guys.
I used to use plmnkoijb as my pass. It's easy to remember HOW to type, but not easy to remember. Making mental patterns on how to type a pass can make it way easier to generate new ones and remember old ones.
Cool vid!
Can you please make a comparison vid of different local and online password managers?
very informative. great video.
1Password is NOT cloud based, it is local. It does however, allow syncing by copying the vault file between computers (typically using Dropbox) or direct device to device WiFi syncing which has no cloud involved at all.
If the site you are creating a password for supports spaces. It is also great to make your password into a word or sentence and your normal password. Like for LinusTechTips forum it could be 'linustech ' and for Facebook it could be 'bookoffaces '. This way, you get a long password and also as password that you can remember!
Hey, I'd use passwords like "correct horse battery staple" except that many sites require varying case and numbers and non-alphanumeric characters for their passwords. Many sites also still limit the length of passwords to 10 characters, so using those non-alphanumeric characters are as good as we can get in many situations.
I first heard it with Linus, now I'm hearing Luke say it. Agayhnst.
love the usernames in this video xD
I don't use password managers. I just don't like them simply because of the fact I'm either storing passwords on a server owned by someone else. This just gives me chills as I don't know who is actually administrating the server or what security they have.
I generally keep all my passwords different, and use a combination of two random easy to remeber passwords blended together in a pattern different on all passwords.
If I could ever give any advice to anyone its simply that:
1. Don't use any less than 16 characters.
2. Use numbers and letters at least. Also put some 'RANDOMLY PLACED' symbols if any.
3. Never store passwords on the internet such as cloud service or even lastpass.
4. Use 2 step authentication on a 'SECURE' device, meaning encrypted or password protected or if possible fingerprint protected. Remember, your device (your phone) is a key. Keep it safe or never use it as a key.
I use KeePass for personal and work. Don't need to remember passwords or even see them. Auto generated based on several options, or manual entry. Auto paste and clipboard timeout.
1Password is not necessarily "cloud-based" like LastPass. You can happily turn off dropbox/icloud sync and sync Locally via WiFi. (Although I think at this time this is only supported with a Mac-iPhone combo)
What I mean is that (although tedious) 1Password does not _require_ you to sync.
A video comparing the different 3rd party password systems would be great.
GOD DAMN THAT BASTION SHIRT!
3:34 Wait, is that a... Doctor Who reference??? On LinusTechTips??? Well, the old kitchen did have a TARDIS in the background... Still, I am now both surprised and full of admiration...
You should also talk about websites that set using special characters, numbers andcapital letters as a mandatory thing. Tips for memorizing, and all that. I'd say, make the first letter capital, just like you'd do to a name, add a number to that object (the tube), and switching an "s" for "$" should pretty much do it IMO.
I already implemented the password suggestion you mentioned, wanted to find out if you were correct and have a video reference. Btw, this doesn't work 100% (password type) since some websites/games seem to get into the habit of requiring short passwords and numbers/symbols in the password. They need to take a look at this video and remove those requirements, lowers my possible security due to this.
Pls stop telling me to like the video to see X video, you're doing the video already. I like the damn video regardless.
nice video - hope you do more security stuff, but some reviews of security options that are out there would be pretty cool as well!
Also, where can we recommend tech to be reviewed? couldn't find it on the forums.
the best one is a combination of numbers, upper case letters, lower case letters and symbols but if supported also alt+### combinations IF SUPPORTED some and probably most sites don't support them for a password nor a username
Thanks for the tips.
that video about hiding videos and pictures we don t want anyone to see would be useful! :D
You have three parts to security, confidentiality, integrity, and availability. As you increase one of these you decrease the other two. Just something to think about
I usually use the lyrics to a random song and replace one letter with a number. That way if I forget my password I can always listen to the song ;)
I got a bunch of great password design info off an antvenom vid. It's easier for a computer to crack a 15 digit long password with random letters, numbers and symbols than it is for it to hack a 20 letter long one with only words. Next time you make a password, make sure it's long and easier to remember, like Luke said.
Luke please do a video on the password managers. also the thing you mentioned at the start ;)
You should mention that using lower-case, upper-case, and numbers all within your "long password" will give you the most security.
One thing I'd like to point out that I do, is when recording your password, don't enter the correct password, enter it inverted, or with a missing or added letter or something like that. Just so long as its easy enough to remember.
i love the background