Cómo proteger #contraseñas y secretos - aplicación de gestión de contraseñas #lastpass

Cómo proteger #contraseñas y secretos - aplicación de gestión de contraseñas #lastpass

It's not a new thing. Passwords we have been using for as long as you can remember. But do you know how easy it is to break passwords? I just did that search on Google just now and you know what happened. Look at the number of results we got. This is this is 6 zeros means million. So this is 25 million. Results. Now that's old news. This screenshot I had taken in.

2019, I did that same search today and you see what happened. It's 706 million. We almost reaching 1 billion now. Topic is same, how to break password. That is the problem. It's very very dangerous and all of us are working from home. Security is less. Very often we use insecure kind of connections in the office. In the environment we are quite safe. But when it comes to home we may not be. Do you know how easy it.

Is to crack Wi-Fi? Again? You need a small device called Wi-Fi sniffer for that I did a search and look at what has happened. You can actually get it home delivered, and of course you'll have to learn a little, but there are nice videos to help you. Crack everything. So that's why we are going to learn about password Management Today and it's a very, very important topic. It doesn't matter whether you are junior, senior or.

Whatever in your own context. You have some things to protect, whether it is money, whether it is documents, whether it is passwords related to various sites. That is where we want to talk about. So it's a question of. What obviously how to manage passwords and secrets? Why? Because it's a desperate need. Everyone is potentially a target today, and the entry barrier for hacking has gone down. So who needs it? Obviously everyone and.

Where do you need it? You can't say. I'll only need it here or there. You need it everywhere, all devices and. How do you do it? By manually managing. Many people, even senior people, even technical people who are very good at technology, are very often telling me no, no I don't need a password manager, I have a method of doing that. Whatever their method is, trust me, it is not going to work.

So it's urgent. So now what are the problems? Problems. All of you know, so I'm just going to curse. Browse, browse through them. Creating complex passwords is necessary because you're breaking them is very easy, but creating complex passwords for every site you go to and keeping on changing them every month is really difficult. So that's the problem. Because of that, we either create password which looks similar or you use the same password in multiple places, both of which are a.

Bad idea. On top of it, very often genuinely we need to share login password with other people. That's another problem. And because of all this, remembering password becomes a problem. We write it down somewhere, or we use a predictable pattern. All of that means passwords are easier to break. And it's not only passwords. Remember, we have many, many things we do on a daily basis. So what are those things? You need to understand those things as well.

So what are we talking about? Not just passwords. Look at various examples of things. They may not be really secrets in the sense nobody needs to know about it, but you need quick access to them. Now some of them are in Excel, some of them are in sticky notes. It's a disaster. So important and. Secret related functionality altogether. That is what we want to do. So how does this thing work? You need a password manager. What is a password manager? It's a software.

Which typically works across devices. And how does it protect your passwords? By you creating a single password there. So you go to that software. Log in there, create a master password. That password has to be long and complex, but only one password you have to remember all other things are going to be managed inside, and that's the whole idea of any password management software. Now obviously you will ask me if that password management.

Vendor, whoever that is, their site, is hacked. What do I do? I am stuck again, isn't it? So obviously they must have thought about it, right? So how do we go about doing it? You go there and. When you protect your passwords using the master password, first of all your master password is not stored on any website of that window. That password only you know, it is not even stored on your device. There is a thumb something called hash.

We don't have to go into technicalities, but that's where it is stored then. When you put your secret information, usernames, passwords, software keys, login IDs, banking details, whatever, those things are encrypted locally on your mobile or laptop or whatever device iPad you are using and then the encrypted data is sent to the provider. So they themselves can't see anything which you are encrypting and justice. To make it even more foolproof, generally use.

  PS5 DualSense EDGE vs Xbox Elite Controller

A multi factor authentication. So bottom line, don't doubt the security of password. Management software. You have to doubt the security of what you are doing without using that software. So the process is fairly simple. You go to a site, create a sign in like we normally do, and this is the important part, it generates the password. So let me actually try to show you one. So I'm going to go to some site and let's try to log in there.

I don't have a log in here, so I say I will create an account. OK, so I will just give some e-mail address. Now. Whatever it is. I'll just choose some random things because this is just a demo. And of course, I'll have to use someone younger. Whatever, now this is the problem.

This what do you do? You notice because I have a password manager installed, what is happening? It's giving me an opportunity here to generate a password here. And if you look at the options, all the common requirements are already met. I can actually increase the password. Most people say 8 character 12 characters. No. In today's world, 2526 characters is a bare minimum. But now you don't have to worry about it. Whatever you create, whatever number you want, this guy is generating.

You don't like this one? OK. Another one. Another one goes on and on. If you really want to remember them, there are variations also easy to say or easy to read. Easy to read means what? Confusing characters like L I-1 they are always confused. Or zero and oh, those are avoided. Easy to say means, although it doesn't make any sense. Lumati. Umm. In safe it's at least pronounceable, but most places will expect you to have numbers and symbols so easy.

To easy to read. Is not really practically possible. Just keep all these four on, keep it at least 22 characters if not longer and then just say fill password. So notice what it did, it actually filled the password again and it is offering. Should I save it for you? Just click on add and the password manager has done its job. Now assuming I created this account second time I go. What happens? Let's see that this was just.

A demo of how to create an account and automatically create a long complex password without ever having to remember it. Now let's say I have done that. Now I will show you the next step. Suppose I want to go and log in to a site which I have already created. So what I showed you just now was how to create a fresh new login. That's one way of adding passwords to your password manager. Now second time I go there, what do I do?.

So this one, I already have a login and now I want to log in there. I don't remember my login ID nor my password. The best part is I don't need to. Because the password manager is managing it for me. So all that I need to do there is notice now it is telling me username password. What do I do now? Notice there is a small little icon which came there which is saying in this.

Site I have two logins. Which one do you want to choose? So I choose one of them, let's say this one. And the password is already added. I don't have to do anything, I don't have to remember now very often browsers will also ask you. So once you have a password manager software you don't need to go and do it in browser. What is the problem with browser? First of all we use many browsers. 2nd we have browsers with multiple profiles. So everywhere you.

Now scratching your head was that this browser or that browser this is not going to automatically go to your mobile. Across devices is a problem. So although having. Passwords being saved in a browser is a good thing to have. Once you have a particular password manager, you don't need it, which is an even better option because all password managers synchronize everything across all your devices generally. So that's how life becomes simpler. Generation of password I have already told you, but now things have become so.

Complejo que en realidad también necesita un generador de nombres de usuario. ¿Sabes por qué? Porque la gente puede adivinar tu nombre de usuario. Como reutilizamos Contraseñas. También reutilizamos nombres de usuario, por lo que también hay un generador de nombre de usuario que es realmente agradable. Así LastPass. Por cierto, la mayoría de estos proveedores de aplicaciones te dan un generador de contraseñas gratuito listo para usar. No es un problema, pero aquí también estamos hablando de un generador de nombres de usuario. Ahora, por supuesto, la generación de nombres de usuario es similar a las contraseñas, pero.

  Microsoft me obliga a comprar MacBooks - Windows Modern Standby

They are shorter typically and generally the default. It's easy to say. Of course you can change this, but don't make it too long because you have to type it at some point. Bottom line, life has become so insecure now that it is necessary even to generate usernames. Fine. So how do you add accounts? Multiple ways. Either you add manually if you already have things, then you go to the password manager and then say I want to add my account.

So this is the password manager I use. It's called LastPass. So I go to LastPass and then I say I want to add a new item, new password, and then I have to give the URL password. That's one. They're doing it for backlog. The other way of doing I already showed you. You create it and it will dynamically generate and 3rd. If you have them somewhere in Excel or another tool you can import from there as well. So there are lots of import facilities available. It's.

Also possible to automatically change the password, so for example some very well made sites like Amazon, Microsoft and Google automatically allow third party providers of password management tools to change your password. So already password manager is managing your password. You just go there and say automatically change password so it will talk to the site, it knows your password, then it will generate a new one, save it in itself and job is done. So you don't even know what is.

The password and you don't even need to know. That's the whole idea. Fine now. Another very useful thing is quite often you may need to share your passwords with your family or friends, or maybe in case of troubleshooting, with some technical provider. That is a tricky situation. So how do we do that with password managers? It allows you to share passwords without revealing the password, so.

Pueden entrar usando tus credenciales pero la otra parte no puede verlo, lo que es muy bueno y una forma segura de gestionar lo mejor de ambos mundos. También analiza todas tus contraseñas y te da una puntuación que dice cuál es tu nivel de seguridad y también te muestra las contraseñas de riesgo. ¿Cómo sabe las contraseñas de riesgo? Porque, en primer lugar, es posible que hayas utilizado contraseñas duplicadas. En segundo lugar, muy importante, la mayoría de estas aplicaciones tienen A y monitoreo automático de brechas significa todos los días.

We are listening and seeing and reading news which says millions of username, passwords, credit card numbers gone. All those databases are available for purchase in dark web and these security providers obviously have to purchase those and that is checked and if your user names are found there, it will actually prompt you and warn you. So that's another background thing. Of course professional directory tools like Active Directory also have that, but Active Directory are not using. For your regular net banking passwords, for example. So it's.

An equally important adjunct to have for password management, so it has a lot of templates also. For example, this is a template for a typical bank account. Which has standard fields. There is another template for let's say applications. So the application Command line, user name, password, field sequence. If you want multiple screens and you have to press username, then press tab, then there's a template language there. This is for a typical software license. There is license.

Versión clave y así sucesivamente. Sur agradables plantillas útiles también disponibles. Ahora esto es muy, muy crítico. Lo llamo gestión de la muerte manera sobria de decir que es en realidad lo que normalmente llamamos como voluntad digital. ¿Qué significa esto? Ahora que su banca en línea, su mercado de valores, sus recetas, todo está en este mundo, es importante que si usted ya no está allí. ¿Qué ocurre? ¿Quién se queda con eso? Así que usted no puede escribir todas las contraseñas de usuario.

En un testamento físico. Este es tu mundo digital. Así que puedes delegar el acceso a tu muro digital a tus seres queridos o cercanos, o a tu abogado, a quien sea. Pero mientras estés vivo no deberían poder verlo. Así que hay algo que se llama acceso de emergencia. ¿Qué significa eso? Nombras a unas personas y cuando soliciten acceso de emergencia recibirás un correo. Si recibes un correo, puedes bloquearlo. Si estás muerto, no.

Going to get a mail. So you put a cooling period, whatever number of days. So once you are no more there, after that cooling period, your nominees will Get full access to your vault and they will not be confused with where are your accounts and what are your secrets and they can use them. That's a very, very powerful feature that is called emergency access. And you can decide the cooling period, you can give it to multiple people and our different cooling period as.

  KeePass tutorial & review | ¿Mejor gestor de contraseñas GRATUITO en 2022?

Well. And finally to make this even more secure, you use. Two factor authentication. What does that mean? Whenever you put the master password, that password itself is so important to you now. So you need a otpp or a second factor authentication. So the best way to do that is Microsoft Authenticator. In my opinion, because we have other Microsoft accounts also mapped to it, but that's not specific to Microsoft really.

Todo tipo de cosas pueden ir allí, y LastPass o la mayoría de las aplicaciones de gestión de contraseñas le dará la integración con cualquier software autenticador. Pero tener una autenticación de dos factores usando algún autenticador es de nuevo una necesidad absoluta porque esa contraseña maestra es extremadamente crítica para tu vida de vez en cuando. ¿Qué es lo que ocurre? Una vez que todo esto está hecho. Tenemos otro problema a veces cuando se tiene la autenticación de múltiples factores.

Suppose your authenticator app didn't work, then what happens is not only two factor. Suppose you don't have mobile phone, you have lost it, someone stole it and then the authenticator or OTP is going to come on mobile. And now how do you manage? So typically multi factor means something you know, something you have and something you are. At least two of these are required. So what have we talked about? Password is 1. The OTP or the Authenticator app may be second, but suppose you know the.

Password and this one is. Not there. What do you do? Typically we have security questions there or an alternate e-mail address. So security questions itself is insecure concept. Why? Because these are typical security questions I'm sure if nowhere else, at least for net banking, you are forced to use this if not in other sites. So at least some Security question answers you must have given and that's a disaster. Why? Because what is the best practice for security questions? The answers.

To security questions. Anyone can you think? The best practice is when someone asks you which city were you born in, or what was the first car, or what is your sister's name, or whatever. Something like that. The concept is you should never give the correct answer. Because you want security, you don't want accuracy of your social life there because hundreds of people will know your.

First car or your mother's name. Now the question is, if I continue giving the wrong answers all over the place, how am I going to remember all of them? So the best practice sounds good, but how will I remember? That's the another reason you need a password manager. So. Finally, all password managers typically come in two varieties. Free or paid? You have to choose that. You can go and look at it. So free or paid, your.

Choice. You can compare the typically free means only one device and paid means across devices. There will be other nuances also, but I would say this is so critical to life. Don't bother about the payment part, do a good job of managing passwords and secrets. So I hope all these things are now clear. Only remaining thing is call to action, which is what immediately. If you are not done it, it's laps solutely long long overdue. So go and look at what you are.

Hacer con tus contraseñas. Evaluar las aplicaciones. En realidad Chashma o Zeus o mis colegas también están en la llamada en vivo. Publicarán las URL de artículos de revisión de varios gestores de contraseñas. Puedes elegir lo que quieras, pero elige algo. Empieza a usarlo inmediatamente, al menos para los nuevos sitios web en los que inicies sesión. Y cuando sigas iniciando sesión, acumulará la base de datos si tienes algún guardián en algún lugar creado manualmente. Mucha gente tiene la mala costumbre de.

Putting a password lot of passwords in Word or excel and giving a password to it. That's a disaster. Put them here and then delete that file. So like that. And then do as soon as you have enough passwords. To the security dashboard. It will tell you your current score. It will highlight the abnormally bad passwords and go and change them immediately. So that's the whole idea. Immediately act on the compromised passwords. So.

That's all. Let's see if we have any questions.

Compartir esta entrada

Sobre el autor

1 comentario

Deja una respuesta

Tu dirección de correo electrónico no será publicada. Los campos obligatorios están marcados con *