Here's why you should stop memorizing your passwords
Вставка
- Опубліковано 15 лют 2017
- Have you ignored advice on using password managers? This video is for you.
Subscribe to our channel! goo.gl/0bsAjO
Every time a big company is hacked, like when Yahoo got hacked in 2016 and exposed the personal info of over 1 billion accounts, experts tell us to stop trying to memorize all of our password and to use a password manager instead. A password manager is basically a virtual safe where you can safely store all of your passwords. Since when you use a password manager you don't have to remember every single password anymore, you can make them really long and complicated. Your passwords are also encrypted so even if your password manager gets hacked, all of the individual passwords stored within are safe from hackers.
Vox.com is a news website that helps you cut through the noise and understand what's really driving the events in the headlines. Check out www.vox.com to get up to speed on everything from Kurdistan to the Kim Kardashian app.
Check out our full video catalog: goo.gl/IZONyE
Follow Vox on Twitter: goo.gl/XFrZ5H
Or on Facebook: goo.gl/U2g06o
If I was a hacker, I would create a Password Manager so that everybody'd send me their passwords.
channalbert but right now you may just get one guy
The trusty password Managers do not ask for internet Connection to work, so there is that.
lol, you never need to ask to steel something now do you?
you would be found out really fast. Not all hackers are black hats. Some are white hats and they will bust you up. plus almost all password systems are double blind. Your master password would hashed. Then there would be a temp key created each time decrypt your data.
Could your iPhone not potentially get a little keylogger that saves your master password as you enter it?
i was waiting for the password manager app sponsor
R4vel I recommend KeePass. it's free and works really well.
oh no im not looking for one, i personally just write down my PWs physically
k
+R4vel Same.
R4vel lol same
I'll put my password manager password inside my password manager
*DONUTS* How are you going to get your password for your password manager if you put your password manager password into your password manager
@@jared8515 r/whoosh
@@apoorvlathey5421 ironic r/woooosh
Then, every time you want to remember your password manager password, you just have to open the password manager app and see your password manager password.
@@felipealvesdourado1584 But if you haven't told your password manager to save your password when logging into password manager, you can't go find your password for password manager in password manager because you need your password from password manager to get into your password manager and to restore your password manager password in password manager.
plot twist the password manager app are the hackers.
Hackers made the password manager and force everyone to either use their plugin or get hacked
That's a twist.
Passwords are encrypted. Even LastPass doesn't have access to it's users' passwords.
User 5748 or so they claim
@@StarlasAiko You have to just trust most password managers if you use them, but Bitwarden has the software as open source, so anyone can look up the code to double check. The source code has also been checked. If you're distrustful, Bitwarden is one of the best choices.
Out there, someone truly terrified has the password macaroni123
macaroni123 is the 9th most commonly used password
[PANICKED SCREECHING.]
no paradise What the flip? Who decided that that was a good idea? Seriously, just:
Person: Hmm. I can't think of a password.
Person2: Use Macoroni123.
Person1: Great idea!
The End.
thomas jefferson
Blood And Guts
No, the passwords he uses are "ilovevirginia777", "adams2k1797", and "alexandersucks".
Ha jokes on you ! I wont be one of the 'millions of americans that get hacked' cause i'm not American !
and why would anyone hack my account? I'm nobody, ha. jokes on them ha ha ha huhuhuhuh
Rushdan Jaliel Congratulations, now go drink some water before it runs out in your country.
Simerpreet Singh Congratulations, now you can go and escape before you FEEL TRUMP'S WRATH!
TruKave Co. congratulations you just become keyboard warrior XD
isamuddin lol
Let's play a game take a shot every time he says "Password"
EricWasHere I give up already😔
EricWasHere ThAt wUz A grATe IdeA! But I don't drink. Orange juice here I come.
I used water instead of alcohol
My door has a huge hole from me shooting at my door.
Eeeeeeeeuuuyy helllllaoi gaiuss i5tsz tieemse fo4re aanothh voddreo
You're telling me to stop memorizing my passwords? I don't! The secret is resetting your password anytime you want to get into your account. It is extremely annoying but I don't think I've gotten hacked YET :)
Plottwist the password manager is the Hacker
lol
THINK Godd Oh no.
ohh no.
OHHH NOOOOOOOOOOOOOOOOOO!!!!!!
there are some that are open source, so you can verify those
THINK Godd the best password is hand written on a paper and places in the real world safe in your very own house
what if someone comes in and steals it
The hacker would pay me to change my password after he cracks it when he sees my credit score...
RIP
(number)TheHacker (number)CyberChase
What about a sticky note???
But it's very unlikely and you'd know immediately if someone broke into your home, so you could probably block your accounts.
I have all my passwords in a notebook. Like "Facebook: t******15&".
The asterisks, I know by heart. And I only write down the changes I make to my master password. This way, I have long passwords that are relatively safe and people wouldn't be able to use the info in my notebook :)
+Jannyl13 wow. that was cool.
randomations Yt you gonna lose that one day
Jannyl13 very smart I’m gonna do that
Sounds like how you get a code in an RPG.
I feel like a big reason why people don't use password managers is because it feels like yet another vulnerability.
The average person doesn't really know what ways a password can and can't be stolen. Therefore, they might see a password manager as "yet another door" for a hacker to not just steal their accounts, but steal ALL accounts they have. While if they just cycle through a few simple passwords, at worst like 50% of their accounts can be stolen if a single account gets hacked, instead of this 100%. There's a lot of cognitive bias involved in this way of thinking, but that's just how humans are, especially with such a "wizard" subject as hacking.
Also I'm afraid of what to do in case of a broken hard drive or if I break my phone. Goodbye accounts!
Luna Meow nope if you use a password manager like Dashlane and make a account on it if your mobile even gets broken you can download the app on another phone and sign in your account and you will get access to all your password again you just need to memorize 1 password and 1 email
I don't trust Password Managers neither, i'll just be macaroni123 forever
folddpstcrd thx
And why don't you trust password managers? Ignorance of how they work?
lies damnlies have you ever thought how a hacker could hack the password manager, get into your password manager account, and then have access to all your other passwords?
lol that's the password from 1:27
folddpstcrd 😂😂😂u made my night
HAH! I can't become "one of the millions of Americans who get hacked every year" because I'm not American. Checkmate!
Wokis besides this is like for non-ingenious people. I'm not really good at memorizing all my complex passwords either, yet I know all of them because I memorize them using muscle memory.
What do you mean my muscle memory?
No, he means that as soon as you get hacked, you automatically become an American citizen.
Brendan Berney good one
Wokis There are probably autistic Europeans who think you're being serious..
That's why I write mine in a book!
I lost the book.
So all your super hard to guess randomised passwords will be protected by an easy password you made
3717362742632521411424122522424$*&"$-+;dsndhxjrgtz.
Really? I didnt see the video
Finally someone who thinks and doesn't just listen and belive
surfie007 EXACTLY
Well he said even if it was hacked your passwords are hypothetically all safe since it encrypts each password
This video is so true but 99.999% of us will not do anything about it
John Lim yep. Too lazy.
If you don't want to use a pass manager, you can use passwords made out of two parts. One large part (a small phrase for example) with symbols, capitals, numbers, etc. that remains unchanged for all accounts and a smaller part (a few characters that you can remember) that changes for each individual account.
Teodor Stefanescu what i do is think up of a weird ass password with letters, numbers and @&*$#,#€*? that i can manage to remember, then write it down on a sheet of paper and store it somewhere around. after typing in the password a few times i remember it, and can hide the paper somewhere safe, in case i forget the pass someday.
I just switched to using lastpass right now.
I use an algorithm to calculate my password from a plain text which is usually the domain name. The algorithm only exists in my head. This is by far the most secure method I have heard of. LastPass just fixed a remote execution bug in their code. When you put your password any known place, you create a known target.
stop trying to tell me how to live my life >_>
Well, you let them by watching this video? I guess?
Zac they're telling you how to live a "safer" life. They're not demanding it they're just suggesting it.
+CrazyHorse151 I think this is a joke about the right-wingers who always throw a tantrum in the comments on vox vids.
CrazyHorse151 mindception
I'm just so overwhelmed going through the comments
Relax, you just need to evaluate your options. My personal recommendation is to go open source if you can. If not there are paid options.
im not american i cant be hacked?
yep:)
yes
3:00 "And besides, it's better than the alternative: becoming one of the millions of Americans that get hacked every year." Agree, I don't want to be hacked every year and I definitely don't want to become an American.
Hahahahahaha, not nice but funny
Michel van der Lans
lmao
me to
Glad I'll never be one too mate ;)
Andreas S. * me too
Yeah, this comes off as really "America is the most important country in the world." You're releasing a video on an international platform, Vox. Don't lump us all in with the U.S.
"Any two-watt bulbs?"
"For what?"
"That'll do. I'll take two."
"Two what?"
"I thought you didn't have any."
"Any what?"
"Yes please."
Julia Curry cuz "For what" sounds like four-watt lol
Saw it on r/jokes about an hour ago....
ALRIGHT WHO TOOK IT
Who's on first?
saw this on one video, now it's copied over the internet so it isn't funny anymore :(
Dargonhuman what's on second
Pfff my password for every website is "I
Zekey moomoo I need your account name real quick
I need ur email
@afootineachworld lol
Just want to say that I really love all these videos on such varying topics; they're very well made!!
So if I use the same password on every account I can become an American?
who wants to be American !
not me
Ave Ver the 2nd. wtf is wrong with you? Stop making the world a worse place because of your involvement in it.
Ave Ver the 2nd Do you know the meaning of these words, anyways you spelled "faggit" wrong ; you 9 year old.
I ate Ave Ver's brain so he/she really stupid XD
Jk I ain't a cannibal.
Thats why I have my passwords written down physically in a notepad instead of on a computer.
Vox Andrews one day I'll be 80 years old too
Vox Andrews 'Looses notepad'
Jp.Girl
Luckily, I'm not that big of a numpty as to lose my notepad. You got more of a chance of that program bugging out then losing a physical notepad
Vox Andrews nope actually. If you use a good password manager and sync the database file, your chance of losing them is nil
I'm not saying that the program will fail, I'm just saying I would see a higher chance of it failing (Which it wouldn't at all) then me losing a physical notebook. I know the program ain't going to fail, I'm just saying that personally I think I would have better luck with keeping a physical copy
To everyone going "What if the manager is hacked?" The video covers this, watch before you comment: 2:27
Alficiro but the developer still can access them right?
@@OOnhar 3 years late but no
If hackers can't see the passwords due to encryption, why are non-hackers able to see them unencrypted? How does the app know if it is the right person logging in?
That's my question too. It certainly sounds contradicted...
I've been wondering
they can see it when they log in with your master password.
they can't see it when they attack the password manager database
so in the end they just need to know one password to enter all your accounts
conclusion: useless.
so if your passwords are being accessed from a different computer, its going to be encrypted. Unless the person physically takes your computer, he will see them encrypted
TictacGAMES so if i buy a new computer or phone, the system will not recognize me and think im a hacker???
registers for password manager
next day
*password manager hacked!*
They're actually very secure if your password is good. Yes, that is a risk, but it's much less of a risk than any of the many websites you visit getting hacked.
Password manager dont store your many password only your master password. Unless your pasword manager is really crap and stores ALL YOUR PASSWORD. You only need to change your master password.
Easier and Safer than a website leaked and having to change all password.
Emerito Caperlac If they don't store all of your passwords how do they fetch them for you?
Password managers store the encrpted file that contains all your passwords. If you hack the password manager's server and get a hold of this file you need the password to decrypt that file.
When you fetch your password list, this is file that you would get too. Decryption happens locally.
If you used a 25+ character master password, it would be next to impossible for a hacker brute force decrypt the file that contains your passwords.
Some password managers use the cloud as part of its design, others don't. I don't trust the cloud. I use Keepass which is an offline password manager and it can be carried on a USB stick.
* *sees macaroni123 as example password* *
I think I should change my password 0_0'
Hilarious and Original
oh thanks I guess
They are being sarcastic genius.
oh wow you are too kind for informing me
Wyatt Yates hope fully it isn't your password because you just told everyone your password...
Thank you Vox! Though, I knew some of this information like 10 years ago, since then I just use a regular paper-note-pad and pen. Since I only have 5 social medias.... with UA-cam being my favorite of all sites. When I write my books, mail, or passwords... I still use paper :D
another effective way to save your passwords would be this:
Take a hand-held writing device,find a plataform like a sheet of white writeable substance,use the wriring device to carve your password in the substance.protip:use symbols and numbers for more efectivity.
a.k.a. sticknotes and a pencil T_T
or just use Notepad
Bendyfanboi XD or notebook. Cuz anyone can come in your room or office or cubicle and see your sticky note and they can hack your accounts anytime
Hydra Jamm ... As pranks maybe? If you don't mind them making prank posts using your account as long as they don't change your password then, ok, no biggie. But if you don't like that to happen, then being careful at keeping passwords ain't such a bad thing.
10/10 system works every time for me.
That's effective how? If someone got that piece of paper....they would have all your logins. Were you not paying attention? Password vaults are 256bit encrypted. So even if someone got to the data it would be encrypted. And they use 2FA so even if they got your master password they would have to steal your phone too. And if they got in..you can remote lock the account. So unless you are using some James Bond paper that explodes after reading it....this is dumb.
Will my Nuke launch codes be safe in it?
trump is that you?
Well the guy that used to hold it got exposed and fired just a this week.
Set them all to zeroes just to be sure. Worked for Strategic Air Command for decades.
boss180888 nope his lil brother in "north area"
00000000?
damn! macaroni123 is my bank account password
Usman Sohail
what the actual duck? Why?!
Why does everyone's name start with a U? I'm scared
Well, which bank account?
username: meatballs123
Help Me Get 1,000 subs Without any Videos illuminati confirmed
So vox is saying that because passwords are easily hackable, we should make all the passwords depend on a centralized, easily hackable, online, potentially expensive service. Seems legit.
I use complex password then forget it so I kept changing my password
This is literally just an ad
more like a PSA
Uhh not really, they are recommending you use a service, not specifying or even recommending who to get the service from. Its a PSA
If you want an ad channel go to UnboxTheraby cuz that's all his channel is.
Propagandistic Service Announcement ^:)
So if anyone recommends something useful to you, without getting paid to do so (like a friend) you consider it an ad?
I trust a piece of paper more than password manager.
The problem is that it takes a lot more effort to write passwords down and type them all the time. You'll end up using easier-to-type passwords, which are less secure. I doubt you're typing something like "iJSHq7VTgYrYcOeImiID" every time you log into UA-cam.
With a password manager, you literally go Ctrl+C, Ctrl+V and you're done. It also generates the passwords for you, so you don't need to spend time thinking of new ones.
or use a txt file with an inconspicous name, in a folder with loads of other files with inconspicous names, and if youre feeling like it can get snatched off from your computer, dont put that folder smoewhere it can be accesed via networking, and maybe even encrypt it
I use a similar version of the Password Manager, that I made myself, using C# .NET and Xamarin :P Find a password manager that's open source so you know what it's doing.
You're welcome
How about your family?
1:31 whose bank account passwords is macroni123?
oh, he might be me.
OHH I GET IT, wait I dont, how does the password manager know that is the owner of the password and not a hacker...
It doesn't. You have the decryption key
Yeet
that what i thought XD
I don't get it..
Myron Heng Don't worry, you are just a little slower.
+Salmon Fish I still don't get it
Daniel Mongan {insert roll safe pic here}
Why would anyone want to hack me.
I'm nothing 😢
aww
They hack your social accounts, find our who your Grandma is, call her and explain you've been arrested and need to post bail. They explain how she can send Western Union for $500 to set you free. Sounds cheap and convincing because the hacker knows everything about you because they have access to your accounts. happens more often than you think.
You're another computer they can use to DDOS or continue compiling info from. I've had 2 factor authentication stop multiple login attempts from Russia/Eastern Europe and I'm a no one as well.
you may be nothing, but your credit card sure is something
China but I'm broke as F
what if i lose my password for the manager
Geometry Nacho way too low
Thanks for this. I was told to use Lastpass since I write mine down and lost the paper once. I was worried about someone hacking Lastpass, but now I will look into it.
writing them down on paper and hiding that paper is the best.
but you ll need 27 different ones, and what if you have to log in somewhere new, i guess you won t carry this paper in your wallet right ? Which makes you even more vulnerable.
+SoFlyIndustry
- Write them on the same piece of paper.
- Use the paper to help you remember the password instead of constantly referring to it.
- Not everyone loses their wallet.
+SoFlyIndustry
- Write them on the same piece of paper.
- Use the paper to help you remember the password instead of constantly referring to it.
- Not everyone loses their wallet.
+SoFlyIndustry
- Write them on the same piece of paper.
- Use the paper to help you remember the password instead of constantly referring to it.
- Not everyone loses their wallet.
Sure, but still means it is vulnerable and not flexible, so will you compose your passwords from words or random characters? because a piece of paper won t help you remember random *£&^4F type of passwords, knowing that you will need +20 variables of them. And if you use words for your pswrd that is very easy to hack and breach (at least one of your account)
What if hackers get your password manager password
watch the video!
surfie007 what if you actually watched the whole video before asking such a silly question?
Harry Hamilton it did when Lastpass got hacked.
people who thumb you up are actually using password: password.
Decrypting takes significantly more computing power than encrypting. It's not a reversible process - as stated in the video, it can take hundreds of millions of years to decrypt. These aren't simple substitution ciphers you may be familiar with, they're complex polynomial curves where the information is hidden inside the curve's properties.
tl:dr mathematicians made it hard to decrypt, and super simple to encrypt.
Thx. I've been wary of password managers but I'm reconsidering them now.
its really not hard to remember random characters and numbers. most of my passwords were made from a password generator I programed myself and it keep em encrypted and stuff just in case I forget but I can easily remember them.
Every time I hear about major password database hacks I check how far down the list "correct horse battery staple" is. Still disappointingly low.
Sponsored video?
Why? It merely recommends that you use a password manager. This is the security advice of nearly any security expert you ask.
Just because he keeps mentioning "one password" i.e. the most popular password manager rn "1Password". I mean I already pay for 1Password for my family but I digress. Even though it's good to encourage people to stop using one password for everything, seems like clever indirect marketing using scare tactics.
This video was made for the DNC.
Its not sponsored he never said it was and dosnt say it is in the desc
Wooooow...
Very informative, awesome animation!
I have like 10 variations on the same pssword and i make new ones every week and i change the pass on all my accounts with a different variation. Easy to remember just to go through all the variations.
What if hackers just create fake password managers? We're back at square 1.
Not really. There are already few established brands and it is highly unlikely that the new ones will set off in already saturated market. Especially since some of the best (KeePass, for example) are open source and free-of-charge. There is little to gain by creating fake password managers
KeePass is the best solution, imo
TheBlobik Open source password manager, _what could go wrong?_
( O_〉O)? ikr
William Herron Ah yes, closed source is so much better because we have to trust the company not to accidentally leak the passwords
I have a password formula, that way my passwords are easy to remember and secure.
Dylan Boardman heres an example
hobby
three numbers
color
symbol
this would turn into: knitting871redpercent
Jedwig lamb so I could use "jerkingit247white!"? haha
If you want to be super secure with a backup keep them in a physical form in a safe or write it in notepad, take a screenshot, change the stuff in the filename of the screenshot to .txt, put it in a .rar file and keep that rar somewhere safe. online or on a USB stick or your dropbox or something else. There will be a random .rar (seal the rar with macaroni123 if you want) on a random usb stick in your house containing random .txt files that do not make sense to anyone else but you. You can go as paranoid mode as you want with this stuff.
By having a formula to generate your passwords that isn't based on randomness, your passwords, by definition, are not secure. They are vulnerable to anyone (or machine) that can deduce your formula.
The odds that anyone is going to try to reverse engineer his formula from encrypted data is basically zero. Unless he is sinking British supply ships, no one will ever bother with that level of effort.
When I saw the vox logo in the video I was like 🤔 ik that company... But from where? 😂
I feel like this is just an ad😂
Email's password is *the most important* password.
Aakash Kalaria no, you can use a backup email and then change the password with a couple of verifyers and boom, changed password in mimutes. very little someone can do in 3 minutes, every big email changer needs a verification through a backup email or phone. If someone takes your phone, backup email, and email, we'll then only option is call your email company and tell them your explanation and story and verify your date of birth, adress, and security questions and some recent activity and other stuff maybe, then boom, you got your main email password changed and you can log in and change things, and the hacker will only have your phone and backup email.
+I primo on an ollie
That's assuming that you're able to detect the hack immediately.
+I primo on an ollie
Sorry, no, lots and lots of services use your e-mail as a password reset mechanism so by getting into your e-mail lots of damage can be done. Not many people use two factor authentication so for them it's quite dangerous.
I also don't see where you got that 3 min figure from, I can almost certainly guarantee an attacker would have much longer than that, imagine if they get in while you're asleep or far from a computer. They can also lock you out of the account, good luck reverting that in 3 minutes.
Regardless, a well prepared attacker might have a bunch of scripts ready and will do all he wants in less than 30sec, forget 3min.
I get it 😂
Am I the only one that understands the joke?
Downvoted because of "belieber"
I suppose he means "thumbed down" and for good reason ... "belieber2017" ... really ... the writers at Vox _actually_ admit to being fans?
Mr. Meseeks The autism strong with this one
jimpozcaner I enjoy his music.
I have the kind of memory where I can *sometimes remember random stuff with very little effort. I have used random chunks from 30 digit randomly generated passwords and that's been working fine for me. Can I still do that? I still feel that's faster than setting all this stuff up. Time is just so limited. Then I don't have to write it down where it could potentially get stolen (with the exception of keyloggers and exploits.)
So what password manager do you recommend?
This looks and sounds like an Ad for an app! A password manager app! Just saying..
ravi teja Sangeetha but it isn't, because they don't mention any specific apps and there are many password managers out there.
They try to not make it look like a ad, by not mentioning the exact password manager app.. But if you search for "password manager" in app store or google play, you can be pretty positive on that the top result probably had an impact on making this video..
Funny, because it feels like they aggressively abstained from writing "LastPass".
TheMainnj I don't know what manager shows up when you search for that, but I don't really care. There's no way of knowing that the person who made the video even uses that one.
You're missing one huge problem. Your password for the password manager can get compromised. Then all your passwords will be exposed. It doesn't matter that the password manager encrypts the passwords, because your master password is the key to unlocking this encryption, otherwise obviously even you wouldn't be able to read them. It is a single point of failure.
G. Mikkelsen an attacker still has to get access to both the master password AND password manager data. Your encrypted passwords are not usually lying around on the web!
Except you can transfer passwords between devices over the net. So yes your passwords are just lying around on the web.
1) Change the password if it's compromised. You should do this routinely regardless. I personally change mine every 6 months. You could probably do it annually and be just fine. Just make it a New Year's tradition.
2) Use 2-Factor Authentication (2FA) if it's available. That way if your password is compromised, they still need physical access to your 2-factor device, likely your (unlocked) phone, in order to obtain the randomized code needed in order to break into your vault. (This is also why it is SO important to enable 2FA for your other online accounts, such as your Google account; even in the unlikely event that your password manager is compromised, you will have 2FA protection further protecting your online identity).
3) Even if 2FA isn't available, your password manager probably already uses an alternative authentication mechanism. Namely, a special randomly-generated key which is required in *addition to* your password. Without that key, all they get is your encrypted data, which is essentially useless gibberish. Again, getting around this problem requires physical access to the device which stores this key. 1Password is a great example of this method, and they describe it here: blog.agilebits.com/2011/09/23/two-factor-or-not-two-factor/
tldr, knowing your password isn't enough on its own. Security goes *so* far beyond passwords, especially for password managers.
If you sync your passwords via "the cloud" (i.e., Dropbox, OneDrive, iCloud, etc.) using an offline password manager like KeePass, you cannot reasonably claim that it's more secure than a cloud-based service. After all, you will be, in effect, using the exact same mechanisms as the cloud-based service: storing an encrypted blob of data on a remote third-party server. Except that now you have to trust the password manager AND the cloud storage provider simultaneously. In addition, password management services are far more inclined to be transparent about their security practices considering that trust is a fundamental component of their very business model.
I get the feeling you haven't used a password manager. I've been using LastPass for over a year and it's really good at this. Once the master password has been inputted, you have to verify through email or an authenticator that you are who you say you are AND if you are logging in at a location that you haven't logged in from before, you have to email verify you are who you say you are.
which app do you recommend as a password manager?
i love how this is just an ad for the app
Passwords dont have to be random and complex tho. Computerphile did a video that explains how a password like "dogbananahou_se" is many times more secure than something like "27$/ptyah1.-"
Blake Zonca correct horse battery staple
But passwords have to be sufficently unpredictable. "dogbananahou_se" is basically a concatenation of three relatively common English words with one letter replaced by a symbol. A computer going through a trillion passwords a second by using a dictionary can easily break it.
XKCD and Computerphile are partially correct in their logic, but they're woefully out of date on how passwords are hacked now. Longer passwords become exponentially more difficult to break as long as you're NOT using real words. Brute force hacking now uses massive word databases to speed up their guesses. Once they see something like "sta" they don't continue making random guesses like "stakbfqw". They start seeding known words like stay or stasis...or staple. This completely negates whatever benefits you might have seen from the extra character length provided by these words. Hackers can eliminate obvious nonsense and guess entire strings of characters in one shot. That is, unless you ARE using nonsense instead of real words. Then they're just wasting their time in a different way, which is precisely what you want.
TL;DR - Dictionary attack means neither length nor random alone makes an effective password. Longer + random is the only safe bet nowadays.
Ok, so, I use a master password that's four words from four different languages and some symbols thrown in. Is that safe enough or should I really just get a full on random password?
Herb Derbler Brute force hacking has a very limited use, though. Nowadays, it can't be effectively used for big websites (facebook, google, twitter and such) and especially not for important sites (paypal, banks). Measures against brute-force hacks are far too easy to implement, so easy in fact that most new websites are started with those measures already in place.
The bigger use these days is phishing - which I have personally done a few times (some people who fell for it had complex passwords, others had ridiculously simple ones). Phishing has this major advantage over brute forxe - the complexity and length of a password is utterly irrelevant if you are willfully handing it over, it could be 30 characters long and include all sorts of things, and it wouldn't make it any harder.
Its like the plot of Fast 5, where they put all of the money into 1 safe
which we know how it ended up :/
Some password managers sync the data locally so even if someone gets a hold of your password they would also have to have access to your computer which may have a different password. A lot of password managers use 2FA which requires a registered device like your phone to prompt you and have you confirm whether or not your a trying to sign in from a new device before that new device can be signed into.
When I was a kid. I remembered having some relatively long complicated password consisting lower and capital alphabet, dot and "@" and numbers. It usually came from a combination of password I get from playing video game on NES like Bomberman or Fifa that I write down on a paper and stare at it all night.
But the reall problem with this is if you are at a friend you cant login.
exactly I tried using one of these but it simply didnt work practically speaking
lucien1995 yeah you can, just log in to the password manager first. I still have passwords I can remember for the main things like Facebook and email but for anything else I'm just going to sign in to Lastpass and then copy the password.
You can put it on a usb stick.
Look it up from your phone.
Keepass has some pretty good features for having some level of security even if the computer is infected with malware. You enter your master password on a separate desktop (screen similar to when you choose 'yes' or 'no' when you run something as administrator.), and there is a setting that has obfuscates it's auto-entering of the password, using a combination of keypresses and the clipboard, writing the password out of order, etc. Most malware, unless specifically written to target Keepass, likely wouldn't be able to get anything out of it. And even if they get your password database file from your flash drive, they can't do anything without the master password.
3 ppl use macaroni123
No 4 does.
No, I'm not THAT'S NOT MY PASSWORD DONTRY IT IS NOT MY PASSWORD
I use chilliconcarne, it's a delicious password
Make that 670
Make that 726
1:24 «Memorizing your passwords is bad because you often have only one of it and if someone knows it, all your accounts are accessible»
2:03 «A password manager is great because all your accounts are protected by one password»
So um... Any opinions on the 2-step verification process of the most known sites? Honestly I find this more secure over using a password manager, but then again, I could be wrong.
then password manager gets hacked, everyone cries
password managers are encrypted, so they still need your 'master' password to see the passwords.
This is same with every website. When a hacker hacks a website they get a bunch of emails along with an encrypted passwords. They run algorithms to brute force various passwords to get the resulting encrypted password on the website.
The reason to use a password manager is that you can use a longer, higher entropy password that cannot be easily brute forced.
For example, 4 random words along with some capitalization + alpha numerals is almost impossible to guess. Its simply not worth the hacker's compute power. There's tons of people with easy to guess passwords that the hackers could go for.
Lol Truecrypt is also encrypted, but was hacked by the the US government.
These things seem so obvious to people like you and I that I find it hard to believe other people don't get it.
I wouldn't use a password manager with a cloud storage element to it for that reason. I use an offline password manager, Keepass.
coweatsman - didn't i just see u up there?
And you seriously believe that I'll trust that "safe" password manager?? hahahahaha try again.
Billderbeerg S a password manager is a software not a product there are many password manager out there
Hmmm I don't know if I should believe a DBZ Ghandi, after all, their planet was destroyed...
I developed a password manager and wrote a research paper questioning whether they're "safe". The "one password" you need to remember is never actually recorded. It's most likely used as a symmetric encryption key that decrypts and encrypts all your data.
So how does it know the "one password" was correct? There's likely a phrase that decrypts correctly with your correct "one password", which then tells the program your password was correct if it matches.
So if a hacker were to get your data without that "one password", they would have complete gibberish. Encryption algorithms are INSANELY difficult to crack. No hacker with your encrypted data will gain access to your plaintext passwords. Encryption algorithms are so difficult to crack, there are cash rewards for anyone that can crack them. If you can crack RSA-2048, you'll receive $200,000.
Also, 1Password uses AES-256, which Wikipedia says "At present, there is no known practical attack that would allow someone without knowledge of the key to read data encrypted by AES when correctly implemented." So as a software engineer, I can claim password managers are extremely safe.
Bleu what is the most safe one?
"The "one password" you need to remember is never actually recorded"
That's also true for basically every website on the internet. The reasons you give why a password manager is safe are the exact reasons why "website are safe". And it also has the same flaws. What really bothers me is that since most of these password managers are also websites, all that is needed is a breach in one site - the password manager - to get access to your whole online identity, instead of many.
And the "don't use the same password for every website" claim seems to no longer hold since passwords are hashed and salted. This makes recognizing the same passwords impossible if you looked at them in a database since the salts are different.
"So as a software engineer, I can claim password managers are extremely safe" - just as Amazon and Yahoo and Microsoft and Google claim that their databases are extremely safe. Until they get hacked. There is no difference.
I don't see a single advantage that a password manager provides, it only centralizes the problem.
Well Vox, can you suggest an authentic and best password manager?
Can you suggest the best password manager for android device?
yeah, rather than rembering your passwords, place them in a black box that magically takes care of them and rather than trust yahoo, trust some random app.
Since most of the people who manage IT systems trust those random apps, if they were fishy or insecure it would not matter if you give the app your passwords or not. The hackers would already have access from the inside :)
Yes, definitely don't trust Yahoo. They've got hacked about no times with like no lost info... right?
Oh. Wait.
You watching this on on your Macintosh II? Cause I don't think you even know anything about computers.
Don't memorize your passwords instead memorize a password
make sure that password is macaroni123
that's amazing! I've got the same combination on my luggage!
are the built-in password managers on your browser encrypted? or is it like a offline unhackable thing?
Something that almost anyone does is to remember a rule where you encrypt the name of the website you are accessing. You just need to remember the rule and every service will have a unique password.
I love when people do that because they think that simple substitution is so genius and I now have all of their passwords.
The only reason I never used password managers is because I thought it would be too risky if that got hacked. Thanks for this amazing video btw
So passwords.txt isn't a good idea? ;o
HatedAlways no, an unknown app owned by an unknown company across the globe that says "we will keep your passwords safe" by a master password that anyone could guess it, is way better than your way
All jokes aside, I use KeePass, saving my .kdbx file on my personal cloud storage. Hopefully that's good enough, for now
Holy crap, someone who was joking about storing their passwords in a file on their computer, instead of encrypting them.
I don't know what to do with myself. I mean just...wow.
Do you kiss the tip first, or do you shove the whole thing in?
I just shove the whole thing in...
Wait, are we talking about encryption keys? ... We're not talking about encryption keys, are we? ...
What do you guys think of Chrome Lock? It's where basically your computer (chrome) stores your passwords for you by saying "save this password". I'm not sure whether to use it or not. Is it safe?
Why not use an algorithm that is based on the name of the domain that you can do in your head? You only have to remember one password and you can't hack your brain assuming you have one.
That's vvhat I do ;:3
The problem is that you are going to form patterns. Remembering dozens of passwords is needless. Besides, your cell phone and an app can do a much better job creating passwords than any human brain.
There is no logic to it. Plus it reduces what you must know from twenty seven things to two or three. Which is much better for your brain as a human.
@@jamesedwards3923 that's why I made an app for myself ;:3 to use
@@thearmyofiron I am not a programmer. If your app is well constructed and gets the job done. More power to you.
I have a question, how are you storing your passwords? In the application or in file after creation.
@@jamesedwards3923 in the file after creation
Two-Factor Authentication is the only way to really solve this problem. A password manager is just a big storage for all your passwords and can be unlocked by a single key. Rogue password manager apps can also be setup to capture passwords. The smart solution is to step two-factor authentication that requires a password as well as a security code or password that is sent differently to a authorized device, mobile # or email of the end-user.
And with that I hope that people are wise enough to implement security measures on their mobile device such as fingerprint or PIN lock enabled. The purpose of Two-Factor authentication is to add an additional layer of protection, and your mobile device already has its own layer of protection. Also Androids and IOS are now capable of remote wipe, so if you lose your phone or if its stolen it can be remotely locked, disabled, or wiped. More security! =)
this is why you must set up a local password manager, not a cloud based one.
@@taggerung_ how?
@@DanielEboli writing all of your password on a real notebook
Most password managers have 2fa available and it is the best way to secure your account. You should absolutely use it for your important accounts but whilst it's there for the important accounts to keep safe, it's not available for the majority of other accounts I use on a daily basis. Passwords are terrible but they're not going anywhere anytime soon
"Oh no I lost my phone, Now I can't use anything :D"
What if this one in this vid is one of mine
how long will that take. has anyone thought of what happens when that gets hacked
Why did you reveal my password at 1:28.
King Kylos omg that's my password too
King Kylos
now that u said that... u may get hacked..
Ill make my password into "Hitlerdidnothingwrong" so no one would dare to type it out >:)
It's actually really easy to guess.
No one would type it though :)
You'll never guess my email muahahahah
At least I'm halfway through. ;)
maybe your 9 year old friends wouldn't but most people would
Is a password manager the same as Google's autofill/store password feature? I watched the video but still don't quite understand the difference, if there is one.
What about if I do like a reference to like a movie. WILL THEY GET IT STILL??
So if you're in your friends house you won't be able to use anything until you download passwords manager to your friends computer cuz you yourself don't know any of your passwords?
And how is it safer to store your passwords on some 3rd party app?
Sorry pal, I'll stick to good old method of having 3 super duper passwords and memorize them, I'd recommend people to start memorizing their passwords as well just make sure your password is not too simple.
You can use passwords made out of two parts to be more secure and they're easy to remember. One large part (a small phrase for example) with symbols, capitals, numbers, etc. that remains unchanged for all accounts and a smaller part (a few characters that you can remember) that changes for each individual account.
I have memorizable (but still complex) passwords for things that I log into on others' computers, like email and Netflix. I use the LastPass generated passwords for everything else. Of course, LastPass still saves all of them so I don't have to type them on my own computer.
Also, you don't have to install an app on someone else's computer to get to your vault. (Not for LastPass, anyway--I'm not as familiar with the others.) You can log into LastPass and copy and paste your passwords. It's still an extra step, though, which is why I choose to make some of mine memorizable.
exactly my issue with all this...
Yeah seems kinda dumb to me
If you use a Macintosh PC, Safari has a built-in random password generator and keeper that's only accessible with a password you decide on. Because it's Apple, it's guaranteed that it would be secure.
PSA: There is no such thing as "Password Manager". It's simply a type of software, not the name of a product. They aren't advertising a product named "Password Manager", just a type of software.
Well, at the same time one can pay Google to put one`s "Password Manager" in top of search results
The app could be a hacker! 😕
websites like google make them, so it's safe.
So... What password manager should i use?
scrub normies guide on passwords.
I'll always use the same password, the most important thing I need a password for is my old Webkinz account...
how about when the browser updates and the old plugin isn't compatible... Or if the server of the password manager is down... It's a good idea, but until some kinks are worked out, it's just a slightly more vulnerable and slightly more convenient version of a notebook.
My password blurts out mines ########