Generalità scintillante

Internet e privacy: queste due cose dovrebbero sempre andare insieme.

Internet

How to protect #passwords and secrets – password manager app #lastpass

How to protect #passwords and secrets  – password manager app #lastpass

It's not a new thing. Passwords we have been using for as long as you can remember. But do you know how easy it is to break passwords? I just did that search on Google just now and you know what happened. Look at the number of results we got. This is this is 6 zeros means million. So this is 25 million. Results. Now that's old news. This screenshot I had taken in.

2019, I did that same search today and you see what happened. It's 706 million. We almost reaching 1 billion now. Topic is same, how to break password. That is the problem. It's very very dangerous and all of us are working from home. Security is less. Very often we use insecure kind of connections in the office. In the environment we are quite safe. But when it comes to home we may not be. Do you know how easy it.

Is to crack Wi-Fi? Again? You need a small device called Wi-Fi sniffer for that I did a search and look at what has happened. You can actually get it home delivered, and of course you'll have to learn a little, but there are nice videos to help you. Crack everything. So that's why we are going to learn about password Management Today and it's a very, very important topic. It doesn't matter whether you are junior, senior or.

Whatever in your own context. You have some things to protect, whether it is money, whether it is documents, whether it is passwords related to various sites. That is where we want to talk about. So it's a question of. What obviously how to manage passwords and secrets? Why? Because it's a desperate need. Everyone is potentially a target today, and the entry barrier for hacking has gone down. So who needs it? Obviously everyone and.

Where do you need it? You can't say. I'll only need it here or there. You need it everywhere, all devices and. How do you do it? By manually managing. Many people, even senior people, even technical people who are very good at technology, are very often telling me no, no I don't need a password manager, I have a method of doing that. Whatever their method is, trust me, it is not going to work.

So it's urgent. So now what are the problems? Problems. All of you know, so I'm just going to curse. Browse, browse through them. Creating complex passwords is necessary because you're breaking them is very easy, but creating complex passwords for every site you go to and keeping on changing them every month is really difficult. So that's the problem. Because of that, we either create password which looks similar or you use the same password in multiple places, both of which are a.

Bad idea. On top of it, very often genuinely we need to share login password with other people. That's another problem. And because of all this, remembering password becomes a problem. We write it down somewhere, or we use a predictable pattern. All of that means passwords are easier to break. And it's not only passwords. Remember, we have many, many things we do on a daily basis. So what are those things? You need to understand those things as well.

So what are we talking about? Not just passwords. Look at various examples of things. They may not be really secrets in the sense nobody needs to know about it, but you need quick access to them. Now some of them are in Excel, some of them are in sticky notes. It's a disaster. So important and. Secret related functionality altogether. That is what we want to do. So how does this thing work? You need a password manager. What is a password manager? It's a software.

Which typically works across devices. And how does it protect your passwords? By you creating a single password there. So you go to that software. Log in there, create a master password. That password has to be long and complex, but only one password you have to remember all other things are going to be managed inside, and that's the whole idea of any password management software. Now obviously you will ask me if that password management.

Vendor, whoever that is, their site, is hacked. What do I do? I am stuck again, isn't it? So obviously they must have thought about it, right? So how do we go about doing it? You go there and. When you protect your passwords using the master password, first of all your master password is not stored on any website of that window. That password only you know, it is not even stored on your device. There is a thumb something called hash.

We don't have to go into technicalities, but that's where it is stored then. When you put your secret information, usernames, passwords, software keys, login IDs, banking details, whatever, those things are encrypted locally on your mobile or laptop or whatever device iPad you are using and then the encrypted data is sent to the provider. So they themselves can't see anything which you are encrypting and justice. To make it even more foolproof, generally use.

A multi factor authentication. So bottom line, don't doubt the security of password. Management software. You have to doubt the security of what you are doing without using that software. So the process is fairly simple. You go to a site, create a sign in like we normally do, and this is the important part, it generates the password. So let me actually try to show you one. So I'm going to go to some site and let's try to log in there.

I don't have a log in here, so I say I will create an account. OK, so I will just give some e-mail address. Now. Whatever it is. I'll just choose some random things because this is just a demo. And of course, I'll have to use someone younger. Whatever, now this is the problem.

This what do you do? You notice because I have a password manager installed, what is happening? It's giving me an opportunity here to generate a password here. And if you look at the options, all the common requirements are already met. I can actually increase the password. Most people say 8 character 12 characters. No. In today's world, 2526 characters is a bare minimum. But now you don't have to worry about it. Whatever you create, whatever number you want, this guy is generating.

You don't like this one? OK. Another one. Another one goes on and on. If you really want to remember them, there are variations also easy to say or easy to read. Easy to read means what? Confusing characters like L I-1 they are always confused. Or zero and oh, those are avoided. Easy to say means, although it doesn't make any sense. Lumati. Umm. In safe it's at least pronounceable, but most places will expect you to have numbers and symbols so easy.

To easy to read. Is not really practically possible. Just keep all these four on, keep it at least 22 characters if not longer and then just say fill password. So notice what it did, it actually filled the password again and it is offering. Should I save it for you? Just click on add and the password manager has done its job. Now assuming I created this account second time I go. What happens? Let's see that this was just.

A demo of how to create an account and automatically create a long complex password without ever having to remember it. Now let's say I have done that. Now I will show you the next step. Suppose I want to go and log in to a site which I have already created. So what I showed you just now was how to create a fresh new login. That's one way of adding passwords to your password manager. Now second time I go there, what do I do?.

So this one, I already have a login and now I want to log in there. I don't remember my login ID nor my password. The best part is I don't need to. Because the password manager is managing it for me. So all that I need to do there is notice now it is telling me username password. What do I do now? Notice there is a small little icon which came there which is saying in this.

Site I have two logins. Which one do you want to choose? So I choose one of them, let's say this one. And the password is already added. I don't have to do anything, I don't have to remember now very often browsers will also ask you. So once you have a password manager software you don't need to go and do it in browser. What is the problem with browser? First of all we use many browsers. 2nd we have browsers with multiple profiles. So everywhere you.

Now scratching your head was that this browser or that browser this is not going to automatically go to your mobile. Across devices is a problem. So although having. Passwords being saved in a browser is a good thing to have. Once you have a particular password manager, you don't need it, which is an even better option because all password managers synchronize everything across all your devices generally. So that's how life becomes simpler. Generation of password I have already told you, but now things have become so.

Complex that you actually also need a username generator. Do you know why? Because people can guess your username. Like we reuse. Passwords. We also reuse usernames, so there is also a username generator which is really nice. So LastPass. By the way, most of these application providers give you a free ready to use password generator. Not a problem, but here we are also talking about a user name generator. Now of course username generation is looking similar to passwords, but.

They are shorter typically and generally the default. It's easy to say. Of course you can change this, but don't make it too long because you have to type it at some point. Bottom line, life has become so insecure now that it is necessary even to generate usernames. Fine. So how do you add accounts? Multiple ways. Either you add manually if you already have things, then you go to the password manager and then say I want to add my account.

So this is the password manager I use. It's called LastPass. So I go to LastPass and then I say I want to add a new item, new password, and then I have to give the URL password. That's one. They're doing it for backlog. The other way of doing I already showed you. You create it and it will dynamically generate and 3rd. If you have them somewhere in Excel or another tool you can import from there as well. So there are lots of import facilities available. It's.

Also possible to automatically change the password, so for example some very well made sites like Amazon, Microsoft and Google automatically allow third party providers of password management tools to change your password. So already password manager is managing your password. You just go there and say automatically change password so it will talk to the site, it knows your password, then it will generate a new one, save it in itself and job is done. So you don't even know what is.

The password and you don't even need to know. That's the whole idea. Fine now. Another very useful thing is quite often you may need to share your passwords with your family or friends, or maybe in case of troubleshooting, with some technical provider. That is a tricky situation. So how do we do that with password managers? It allows you to share passwords without revealing the password, so.

They can log in using your credentials but the other party cannot see it, which is very good and a secure way of managing best of both worlds. It also analyzes all your passwords and gives you a score which says what is your level of safety and it also shows you at risk passwords. How does it know at risk passwords? Because one is you may have used duplicates. Second, very important, most of these applications have A and auto monitoring of breaches means every day.

We are listening and seeing and reading news which says millions of username, passwords, credit card numbers gone. All those databases are available for purchase in dark web and these security providers obviously have to purchase those and that is checked and if your user names are found there, it will actually prompt you and warn you. So that's another background thing. Of course professional directory tools like Active Directory also have that, but Active Directory are not using. For your regular net banking passwords, for example. So it's.

An equally important adjunct to have for password management, so it has a lot of templates also. For example, this is a template for a typical bank account. Which has standard fields. There is another template for let's say applications. So the application Command line, user name, password, field sequence. If you want multiple screens and you have to press username, then press tab, then there's a template language there. This is for a typical software license. There is license.

Key version and so on. South nice useful templates also available. Now this is a very, very critical one. I am calling it death management sober way of saying that is actually what we normally call as digital will. What does that mean? Now that your net banking, your stock market, your prescriptions, everything is in this world, it is important that if you are no longer there. What happens? Who gets that? So you may you cannot write all the username passwords.

In a physical will. This is your digital world. So you can delegate access to your digital wall to your loved ones or near ones, or your lawyer, whoever it is. But then while you are alive they should not be able to see it. So there is something called emergency access. What does that mean? You nominate people and when the request emergency access you will get a mail. If you get a mail, you can block it. If you are dead, you are not.

Going to get a mail. So you put a cooling period, whatever number of days. So once you are no more there, after that cooling period, your nominees will Get full access to your vault and they will not be confused with where are your accounts and what are your secrets and they can use them. That's a very, very powerful feature that is called emergency access. And you can decide the cooling period, you can give it to multiple people and our different cooling period as.

Well. And finally to make this even more secure, you use. Two factor authentication. What does that mean? Whenever you put the master password, that password itself is so important to you now. So you need a otpp or a second factor authentication. So the best way to do that is Microsoft Authenticator. In my opinion, because we have other Microsoft accounts also mapped to it, but that's not specific to Microsoft really.

All kinds of things can go there, and LastPass or most of the password management applications will give you integration with any authenticator software. But having a two factor authentication using some authenticator is again an absolute must because that master password is extremely critical for your life now and then. What happens? Once all this is done. We have another problem sometimes when you have multi factor authentication.

Suppose your authenticator app didn't work, then what happens is not only two factor. Suppose you don't have mobile phone, you have lost it, someone stole it and then the authenticator or OTP is going to come on mobile. And now how do you manage? So typically multi factor means something you know, something you have and something you are. At least two of these are required. So what have we talked about? Password is 1. The OTP or the Authenticator app may be second, but suppose you know the.

Password and this one is. Not there. What do you do? Typically we have security questions there or an alternate e-mail address. So security questions itself is insecure concept. Why? Because these are typical security questions I'm sure if nowhere else, at least for net banking, you are forced to use this if not in other sites. So at least some Security question answers you must have given and that's a disaster. Why? Because what is the best practice for security questions? The answers.

To security questions. Anyone can you think? The best practice is when someone asks you which city were you born in, or what was the first car, or what is your sister's name, or whatever. Something like that. The concept is you should never give the correct answer. Because you want security, you don't want accuracy of your social life there because hundreds of people will know your.

First car or your mother's name. Now the question is, if I continue giving the wrong answers all over the place, how am I going to remember all of them? So the best practice sounds good, but how will I remember? That's the another reason you need a password manager. So. Finally, all password managers typically come in two varieties. Free or paid? You have to choose that. You can go and look at it. So free or paid, your.

Choice. You can compare the typically free means only one device and paid means across devices. There will be other nuances also, but I would say this is so critical to life. Don't bother about the payment part, do a good job of managing passwords and secrets. So I hope all these things are now clear. Only remaining thing is call to action, which is what immediately. If you are not done it, it's laps solutely long long overdue. So go and look at what you are.

Doing with your passwords. Evaluate the apps. Actually Chashma or Zeus or my colleagues are also on the live call. They will post the URLs of review articles of various password managers. You can choose what you like, but choose something. Start using it immediately, at least for the new websites where you are logging in. And when you continue logging in, it will accumulate the database if you have some ward somewhere manually created. Many people have the bad habit of.

Putting a password lot of passwords in Word or excel and giving a password to it. That's a disaster. Put them here and then delete that file. So like that. And then do as soon as you have enough passwords. To the security dashboard. It will tell you your current score. It will highlight the abnormally bad passwords and go and change them immediately. So that's the whole idea. Immediately act on the compromised passwords. So.

That's all. Let's see if we have any questions.

Condividi questo post

L'autore

1 comment

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *

it_ITItalian