Stop Memorizing Passwords! Use a Password Manager
Вставка
- Опубліковано 7 жов 2024
- Password managers are not only a secure way to store passwords, but they are also reliable and faster!
#CyberSecurityAwarenessMonth
Special thanks to Crashplan for sponsoring this episode! Sign up for your own 1 month free trial at: www.anrdoezrs.n...
Important links:
30 day security challenge: snubsie.com/30...
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤
FOLLOW THE SOCIALS THINGS:
Support ➜ / shannonmorse
Buy Me a Coffee ➜ www.buymeacoff...
Twitter ➜ / snubs
Instagram ➜ / snubs
UA-cam ➜ www.youtube.com...
Website ➜ www.shannonrmor...
Amazon Associates ➜ amzn.to/2pHgf8T
My Amazon Influencer Page ➜ www.amazon.com...
Other shows I work on ➜ www.youtube.com... and www.youtube.co...
Mail ➜ please email for mailing address
Email ➜ shannon@shannonrmorse.com
❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤❤
-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
I opt for local management with Keypass. Yes, it's a little more hassle than others, but I like the control over convenience.
I've never really wanted to use a password manager. I thought "It's unlikely I'll be at risk!" and that it is just inconvenient, but I'm strongly considering getting one now. Thank You!
You remind me of a woman I know. An elderly one. Who has her wits. She used to get all upset about mail solicitations. She would be all like, "... I do not do anything online... Etc..." She has a name, dob, social security number.
Plus she has had store cards. She though paying in person or mail made a difference. She is wrong.
Do you understand how data is compromised? You remind me of this ZDnet dude. I will post the link later.
I go one step further with my accounts, every account has a unique email address (I control the domain) as well, so someone can't test an account on another site that uses email address as the login username + when it starts getting spam it can be instantly tracked to the source and/or blocked
Same. I've only had to replace one username in the almost 5 years since I've been doing this (due to spam). But still it brings more peace of mind to go the extra step.
I have a strong preference for `pass`.
It's a little more than a CLI, encrypted with my PGP key, synced with Git to my server over SSH.
Certainly not for everyone, but I really like that it's simple, built using popular open source programs, and just a good example of the Unix Philosophy.
Do you realize most people have no idea what you are talking about. Since I am slowly relearning so I got it. Dude what you want is to complicated and time consuming for most average consumer. Especially the number of Apple users you will encounter.
@@jamesedwards3923 It's the response to the question of which password manager I use. It was asked, and I answered, just like everyone saying Bitwarden and Last Pass.
I don't find it complicated at all. It's just a single program built on top of a few very standard and popular programs.
@@shgysk8zer0 I have considered it myself. I am no judging you. What I am saying is most users do not have the skill, time, or resources to implement it. You are trying to take ownership and responsibility of your data. Makes sense.
My problem has always been training people on how to use the service when they want it to work like their browser. Some people don't use the same passwords everywhere, but they don't want to enter passwords ever so they let Chrome remember them. This is the standard way the internet works for most people. Jumping into LastPass is just another 2 steps for them and they don't use it. They still say "yes" for the browser to remember
Totally agree! Need password manager!
Stupid issue I get from people I set up with password managers is... I forgot my master password so I don't use one now. 🙄
I have been setting up one using KeepassXC over the last day and begining to delete my passwords that were up in my Google account previously
I've never been comfortable with online password management solutions because of fear of a flaw like what LastPass had, because I don't control how my information may be stored, and because I don't have any control of how that data may be handled (e.g. entering a partnership with the US Government that is very similar to the ones major phone and email providers had, and likely still have).
For that reason, I stood up an instance of Passbolt on my local network and then VPN home whenever I need to find credentials I don't already have memorized.
Hence why I always recommend open source products. Especially those that have been audited. KeePass is the one I personally recommend using. Most well known. If the main project fails. They have other programs that have spun off.
Password Safe is lesser known from what I can tell, but I have been playing with it. The man who is most directly responsible for its creation is a strong advocate for encryption and privacy.
I've used Roboform for the past 13 years or so. I pretty much store everything in it from passwords to information in the notes and I totally trust it. I can understand why you might be a lil more cautious on putting certain passwords on your manager being that you are more of a public figure but for me it works out great.
A self contained option like keepass resolves that issue.
Snuuuuuuuuuuuuuuuubs
Congrats! Hope ya like it
Was hoping a password manager be useful for social media/email/banking for someone I know who is targeted by hacking from their phone. Oh well, still learned something helpful here.
It shows how badly brainwashed people are when they say not to use something because of a vulnerability. So, a weak password is better? My head hurts when I head those kinds of things. I use keepass. Decent product..
I have had this conversation with so many people. I have pretty much given up. You give them logic, data, facts, evidence. In nice bite sized chunks. Then they say, "it is easier for me to just use the same password." Or I will use the browsers' password manager. If they want to use same shitty password on every damn account. Then on top of that do not use authentication applications or 2FA tokens; when they are applicable.What the heck else am I supposed to do?
Bad enough some institutions do not implement proper security. Users being lazy does not help anybody.
Bitwarden for the win
I have not found any independant audits of Bitwarden. Do you know of any?
Great tips for keeping peoples digital life worry free.
Love LastPass... 2FA, for work and can link personal account. Also love the security challenge they have to make sure you don’t reuse passwords and reset them periodically. What I hate are websites and applications that have weird password length restrictions. 64 characters is not too long!!! Why 20 character max?
I tattoo my passwords on my body.. nobody is going to steal my skin was my thought... then I realized they can just take my picture... I use a combination of lastpass and keepass for most use cases.
Been using Last pass for awhile now.
Hope more security related vids are coming up
I use Last Pass with 2 factor authentication. But I've been using wrong. I do not change passwords every 6 months to a year. And I have by bank and social media accounts linked to my Last Pass account. So in truth, I do need to give myself a security audit at least with my bank account and figure a better way of accessing it than with just Last Pass.
Please tell me you do not use SMS?
FIDO, 2FA, or Email Authentication are the only options on the table.
- Emergency recover codes are if these all fail.
@@jamesedwards3923 Google Authenticator. And some serves I have no choice but SMS. But I disable SMS on every service I can that has alternates.
@@jamesedwards3923 Had not heard of FIDO before tonight. What's your strategy? Online or offline?
@@davidpick1076 I am going to post a more detailed answer; ratifing my response. I was barely awake when I read your post.
... I will post it tonight.
@@davidpick1076 I posted pages of stuff. I think it was deleted. I will have to post a cleaner response I suppose.
Lastpass. All the best from Brazil!
I wach all of your videos nice job by the way 🙂
KeepassXC + 3,2,1 backup method.
I use the original KeePass 2.x. More encryption options.
I played with it. Not bad, not my preferred option.
Any good recommendation for a free password manager
Bitwarden
Bitwarden
Also check out bitwarden
Bitwarden ...open source and cloud.
Keepass, though with it you're responsible for keeping the password database safe. Which I do prefer.
I use Lastpass, strongly advised my kids to as well (basically teased them till they did) Now I and they are so happy with the flexibility of multiple platforms to use it as well as the no $$ :-)
You don't store your email, bank or social media passwords in a password manager. This probably accounts for 95% of the passwords I use. Then how will a password manager benefit me? And how do I remember the passwords, write them down?
Not storing those passwords makes sense. However if :
1) Your password manager was built properly.
2) Your master password to the file is good.
You have no real fear of aforementioned passwords being compromised.
In my opinion, your password will more than likely be compromised by services leaks. Where the hashed password is stolen. Even then, it could take decades to break. By then, since the password should have been random. It would not matter for you would already be dead. Or have changed it at least 100 times.
It's a shame that your channel doesn't have more followers
Sounds good thanks for some good news
Hello Shannon, I would like to talk with you about LastPass. First of all, I should tells how that I have 3 devices. A Samsung A20 Android smartphone, an LG tablet which is also Android and an HP Envy laptop which is currently running Windows 10.1. I have installed LastPass on all 3 devices, but at different times and I am sorry to say, using different Master Passwords. It seems to me that on the 2nd installation a prompt told me that my email address was already in use, so I had to set up another one. The bottom line is that I have forgotten the Master Passwords for at least 2 devices. On a personal note, I am 70 years old and have somewhat of a bad memory......all the more reason to use LastPass.....I know!!!
Is there a way to fix this issue??? I want to keep LastPass!!! Is there a way to maybe "add a new device" ??? Please help me solve my dilemma!!! I need all of the help I can get.
I will be looking forward to any help you can be!!! Thank you in advance....
Paul
LastPass thanks to you ❤️
Password Mangers are a really good way to manage the madness. One method I've been using recently is appending something I know to the end of the password field. For example, you store your password for social media in the manager but you omit the characters you append. Also, you always should enable two factor and set geographical access restrictions.
That "Restrict Access to a Specific Country" setting.
Not a bad tactic at all. It is more time consuming. Also considering that if you do this with all your passwords. Which means the lengths will vary. I would logically assume that you use lowercase numbers and letters. Since all password fields will accept that. I would not say special characters. Since even in late 2019, there are sites that limit which characters you can use.
For example, I myself had to dust off a merchant site I have not used in years. So I went into my password file. That password was super weak. Must have been when I was younger and did not realize that I should have strong passwords on 'everything.' Guess what, the length limit is less than twenty characters. Also the restrict which special characters. Annoying, so if their password hashes are stolen. You just gave away the scheme to break everybodys' passwords.
hold up, where is that article she talked about in the beginning? I can't find it and wasn't aware of this issue.
It is from about month ago in September
But why should I trust the password manager and the company making it?
because your data is encrypted with your master password which the company don't know. All the encryption and decryption is done locally on your computer, the company merely acts as a holder of gibberish.
@@evpowered6574 How do you know that for sure when you just download a binary and run it?
Bitwarden is open source. Also several solutions offer BYOK (bring your own key) and use independently verified FIPS-140 compliant cryptographic modules. So if you have the key, no one but you can unlock it.
Bitwarden also allows you to maintain control of your own vault on your own system(s).
@@theshuz everything you said applies to keepass as well, and they don't try to sell you cloud storage
Zoho Vault!
Bitwarden bitwarden bitwarden bitwarden bitwarden bitwarden bitwarden bitwarden bitwarden and if you feel like trying something else Bit-ward-en. After a year i bought the premium...not because i needed but because i wanted to give back.
Thank you dude,
A lot of people make no effort to contribute to online open source software they use. It is insulting.
If you use open source software. Everybody should donate at least once. I get angry when people use open source for software. Earn $150,000 a year gross and have not kicked back at least $5.
Do the basic math. 1,500,000 users. Then multiply that by say $10. Even after taxes. The small team or person who has 'directly' contributed to your well being is setup for life.
Same thing when it comes to free to play games, except you should kick up something yearly. I use $10 as a basic template. Most people who can afford basic internet access. Should be able to afford $10 a year. So say a popular game. So that could be hundred of thousands or even millions. All those users and all that money.
Yes, we all have issues with money, but kick up what you can reasonably afford.
@@jamesedwards3923 after i am Sure in witch 2 Distros i am gonna settle i am gonna contribute there too !! I also bought Proton premium for gigles...The open source projects give SO much for a laughble prices in compare to propriety solotution.Never going back..thanks a lot Devs
currently doing all out of my head. i am looking in to a full offline one where i need to use a thumb drive to transfer them and a 2fa to unlock the transfer file. any suggestions?
If you want truly offline with a database stuck on a thumbdriver and MFA... Keepass, Password Safe, etc is probably the only options you will have. You're really limiting your selection with those requirements, so just make sure that is really what you need/want
Something encrypted and the key stored on a yubikey device would probably be way more secure and you'll have a lot more options. What happens if you lose that thumbdrive or that FAT32 partition gets corrupted. Bonk there goes all your stuff.
KeepassXC. More active fork of Keepass.
@@theshuz i just wanted to use a thumbdrive to transfer the database between devices. no online cloud stuff. and then a yubikey or 2fa to unlock the database on the new device. this so i have some syng between my devices.
@@theshuz Drives fail all the time. Hence why you backup your data.
Password Safe uses yubi keys for a second factor of authentication. I wish it had the option of keyfiles as well.
Keepass uses keyfiles as a second factor of authentication. However if memory serves you can use download addons that support FIDO keys. Do not quote me on that.
If you decide to you use password safe. My only logical recommendation would be to create files paired with different keys. I do not know if Password Safe allows for multiple keys. That would be a great feature.
Hence why keepass would be the better option if you want to use a key.
🔥
Of course you use a password manager... you just dont use one that's networked *cough cough* Last Pass. KeepassXC, for the win.