You should be using a password manager

– Let’s talk about your passwords.   So I’ve actually been getting a bunch  of questions lately from people about how  they should go about managing their online security.  And I wanted to start off with the real basics  and build this into kind of a series for different ways  you can secure your online presence more thoroughly.

Спасибо за просмотр!

And the first step is really just  figuring out your whole password situation.  That involves using something called a password manager.  So when you think about the way you log in today,  you use a username and password,  and there’s a couple of big problems if you’re  entering your passwords manually into these websites.  The first is you’re probably using simpler,  shorter passwords so that they’re easier to remember.  Everyone spelling passwords with dollar signs,  I’m looking at you.  And number two is because it’s so hard  to commit all your passwords to memory,  you ultimately end up reusing the same passwords  on multiple websites or services.

This second one, password reuse,  is actually a big problem which has caused all sorts  of headaches for people in the last few years especially.  Because say for example, you use the same password  for Facebook, Gmail, your Outlook account,  and then some other service, a smaller service  that ends up getting hacked.  Now, although, hopefully that service was  using some sort of encryption on those passwords,  or hashing them in some way, so that the hacker  just doesn’t have them in plain text.  The simpler the password that you’re  reusing on these sites, the easier it  is to unhash that and get access to them.

So, if you’re using something like password123,  hackers already have a dictionary  of what that looks like hashed  in multiple hashing algorithms.  And so if that person that hacked that smaller website  where you were reusing this password  is able to get the unhashed version of your password,  they’ve just gotten access to your email,  to your Facebook, everything, all because  you reused the one password for multiple websites.  It’s a big no no. So, the goals here are rather simple.  A, use random, long and secure passwords  instead of short ones you can remember.  And B, as we just discussed, you wanna  use a different password for every website  or service you’re interacting with.

The password manager

This can be hard because how are you  gonna remember these long 16 character  or 32 character strings for all these different websites.  That’s where a password manager comes in.  A password manager is simply an app that you use  and it helps generate these really long passwords  for every different site you use  and then store them in an encrypted, secure way.  Think of it as kind of a secure safe or vault  where all your passwords are stored  and only you have the key to unlock it.  And all these passwords that the app  is generating for you, you don’t know.

So, you actually don’t even know your password to Facebook,  or you don’t know your password to Gmail.  And that’s a good thing, because if you did know it  and you were able to enter it in manually,  it would be less secure.  So, by storing all your passwords in this one vault  behind a secure key, the only password you have to remember  is what’s called the master password.  And you’ll be prompted to enter this whenever you  want to unlock that vault and get one of the passwords  out that you’ve set for a certain website.

One of the best practices for being able  to remember this really long password,  it should usually be at least 20 characters in length,  is to just combine common words in a certain order.  An example of this might be correct, horse, battery, staple.  That’s really easy for you to put into memory.  But for a computer, because it’s so many characters  and the words are in a different order,  it’s hard for a computer to kind  of brute force or crack that.  It’s much easier for computers  to try and guess things like dates,  common surnames, and shorter pass phrases.  And so the security of a password  is always about the length and what’s called the entropy.

How varied that long pass phrase is.  So, once you’re set up with a password manager,  all your passwords are in one place.  You might have a hundred, 200, 300 passwords in there.  And all you have to do is enter that master password  to unlock it and then get access to all of those passwords.  The cool thing is that most password managers  actually come with a browser extension.  So, once you’ve entered that password,  you don’t actually have to manually enter it  into Facebook or Google.  It simply auto fills the form, populates it,  and submits it for you.

So, the only thing you actually have to ever enter  is master password, click okay, and then  it will automatically log you into Facebook  or whatever service you’re trying to get into.  In addition to that, when you’re using a password manager  something you should try and look out for  is the ability to sync your vault across different devices.  So, if I’m using my iPhone or my Android phone  I have access to all the same passwords  that I’ve set up on my desktop computer.  That’s very important so you don’t get stuck  without a password to a service you need to access.

 The main password  manager options

So, let’s go through a few of the main password  manager options out there today.  Just to give you an idea of what’s on the market,  what I personally use, and let you make a decision.  So, the first one I want to cover is called LastPass,  and it’s probably the most well known  because it’s gotten a lot of media coverage  and a lot of people have recommended it  in tutorials over the years.  And I think the reason it’s garnered so much praise  and adoption is because it’s probably the simplest to use.  It’s primarily web based, so you log in  and you use their web interface.  And that partners up with a browser extension  that you use to do all of your password management.  Creating passwords, storing them and viewing them.

Now, I’m in no way saying that I think  web based password mangers are insecure,  but I like to personally have my passwords stored offline,  on my desktop somewhere, so that I  have some ownership over that vault  and it’s not just in the cloud.  The other thing that people really  like about it is that it’s free for the basic usage.  They do have a 12 dollar a year plan  that gives you some premium features.  But it’s definitely one of the cheaper  commercial password management options out there.  One other criticism of LastPass  is that over the recent years they  have had a couple of vulnerabilities disclosed.  Or they’ve had some user information leaked or hacked.  Thankfully that wasn’t anybody’s vault  of passwords that was stolen, but there  was some user information because these people  are subscribing to a service.  People’s users details were leaked when this happened.

LastPass do have a mobile offering so that’s pretty cool.  I just think that, as I said, I think I’m a bigger fan  of desktop stand alone offerings where I’m able  to have all of my passwords offline  and choose where I store them.  Not just in the LastPass cloud.  I’ll discuss this more as I go into the other options.  But one of my problems with having to use  a certain provider’s cloud storage  is that you have to put some trust in them.  Your vault could be vulnerable if  their storage layer is ever hacked.  And this is unlikely, but again, I’m just kind of paranoid  and I like to have my data with me  and be able to store it wherever I want.

That being said, I do think LastPass  is still a really good option for people  that are maybe less technical or computer savvy  and are really just looking for a simple solution  they can fire up and actually use for free when you begin.  If I was setting up friends or family  who weren’t very computer savvy  and they just wanted a solution, I definitely think  that LastPass is a good option for that  because there’s not a lot of maintenance  and worrying about syncing and all of that.  It just works.

Next up is one called Dashlane.  And Dashlane is probably lesser known to most people.  I think that’s kind of because it has a businessy enterprise  kind of angle and that was what they  were focusing on more previously.  But it is a really solid offering and they  have a stand alone desktop app that looks really nice  and is super simple to use.  The desktop offering itself with basic features  is free to use as well so you could download it  and start using it today without paying anything.  But like most password managers in this space,  they do offer a premium plan.  It’s $3.33 a month.  Kind of a weird number, and that  gets you the syncing service.  So if you’re using your password manager  on multiple devices, or you’re using it on your iPhone  or Android phone, everything just syncs up nicely  and you can access your passwords from anywhere.

Again, this is using Dashlane’s cloud storage though,  so you have to trust them and just be confident  that they’re not gonna get hacked in the future  resulting in your vault of passwords being leaked.  They seem like a highly reputable company.  I know a lot of people that use Dashlane  and I think a combination of security, the desktop client,  and ease of use is really a winner,  so I recommend you check it out.  Next up is 1Password, and you  might have heard of this before.  It’s my personal favorite and what  I’ve been using day to day for many, many years now.  I actually forget, I’ve just be using it forever.  Been making 1Password for quite a long time.  And it’s got a beautiful design,  really solid desktop and mobile applications.  And it’s just a pleasure to use.

Just like Dashlane, their stand alone desktop offering  does let you do everything on your desktop  so you own your data as well.  And something I like about 1Password  is you can actually use any kind of cloud service  you want to store the vault file.  So, I personally sync my vault file across my devices  using my encrypted Dropbox account.  And I just love that ability to be able  to choose where my data is.  I trust Dropbox and the setup I have there.  And I’m not tied into a single cloud service  that the password manager company wants me to use.  1Password has a free trial, but it’s important  to know that it’s not a free app.

You will have to start paying for it.  In the past it was just a stand alone license,  and you buy it and you use it on your desktop forever.  But more recently they’ve switched to a subscription model.  I guess they’ve gotta make money like everybody else right?  And that means the only way to purchase it today  is if you’re willing to pay 2.99, so it’s cheaper  than Dashlane a month for the service.  It’s the same kind of deal as Dashlane  in that the subscription gets you the desktop apps,  the mobile apps.  And it also adds a sync layer on top.  So, one password have their own cloud service  where they’ll sync the passwords between different devices.

And it’s the same thing I’ve been saying.  As long as you trust the company and don’t  think that their cloud storage is ever gonna get hacked,  then go ahead and use it.  But the cool thing is that because 1Password  does allow you to use different storage mechanism,  like I use Dropbox.  Then you have that flexibility and that’s one  of the things I really like about it.  Now, I did want to throw in there a completely open source  and free offering because I think it’s always important  to highlight open source solutions to problems.

KeePass

And the most popular open source  password management system out there is called KeePass. This started off as one program, but then expanded  into multiple ports across all sorts  of different platforms and implementations.  The chief one is called KeePassX, and it’s cross platform.  So, Windows, Macs, Lunix, and there’s  also a bunch of Android and iPhone apps that can  tap into the database format that it uses.  Now, these work pretty much exactly the same  as Dashlane on 1Password.  You do everything everything on the desktop,  there’s browser extensions, mobile apps, all of that.  The only problem is that when it comes  to syncing across devices, it’s a little bit trickier  and you’ve kinda gotta figure that out for yourself.

Obviously, because it’s open source software,  there’s no cloud hosting service where you  can sync all your passwords, so you  gotta figure that out for yourself.  It’s free though and if you’re a bit of a tinkerer  and you like using open source software,  then I recommend you go and check it out.  It does give you full control over your security  and you own all your data.  So, that’s my breakdown of password managers.  I hope you found it helpful.  My top pick, as I indicated, is 1Password,  and that’s mostly because I’ve been using it  for so long and I trust the team.  But Dashlane comes in a close second.

I really highly recommend that if you’re  looking for a different solution.  My take is that when you’re making a decision  around which password manager to use, it’s  really a balance of the security that it  affords you and control of your security  versus the UI and the ease of use.  You don’t want to make using a password manager  this laborious kind of thing that just gets in your way.  It should just become part of your workflow.  And so apps that have a really nice UI,  have a really good Chrome extension  and really good mobile apps, just make the whole thing  a lot more pleasant and it doesn’t  feel like a chore, protecting your security.

Now one thing I haven’t mentioned  in this video is two factor authentication.  You’ve probably heard of it and many of you probably  get SMS codes when you log into certain apps,  or you might be using a six digit code  that you enter in from your mobile device.  That topic kind of warrants it’s own video.  I’ll be producing one soon that walks through the options  and actually explains SMS codes are not secure.  You shouldn’t be using them.  And really gives you some insight into how two factor  works and how you can beef up your security using it.  Most of the password managers that I  mentioned today actually support two factor authentication  for an extra layer on top of your master password.

They support it to varying degrees of simplicity  and so I would recommend you check that out  as you’re considering which password manager to go with.  So, I hope you found this video useful.  I hope it’s kind of inspired you to go out there  and make sure you’re doing everything securely online.  And just protecting yourself.  As always, if you did find it helpful,  please like the video and subscribe  for more videos like this in the future.  I’ve got a bunch more videos about protecting  your security in the future coming up.  So, until then, I’ll see you next time.  (energetic music)

Press «Like» and get the best posts on Facebook ↓

Leave a Reply

;-) :| :x :twisted: :smile: :shock: :sad: :roll: :razz: :oops: :o :mrgreen: :lol: :idea: :grin: :evil: :cry: :cool: :arrow: :???: :?: :!:

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)
Loading...
You should be using a password manager