U3A Highvale Passwords

Passwords are very important and a necessary evil these days as just about every transaction online requires one. Writing them down is a security risk unless you keep them in a safe, and then they are not easily accessed. Difficult to remember passwords are too often written down and thus become insecure.

A password should be at least 8 characters but the more the better, except when that makes it hard to remember, so think more of a “pass sentence”. Passwords should comprise Capital and lowercase letters, numbers and where allowed, punctuation.

Simple passwords, such as name and birthdate, family names or favourite items can be easily guessed and should NEVER be used. Passwords are usually gotten by the unscrupulous by looking over your shoulder or conning you into giving it to them. Cracking a password is not so easy, especially when it is 10 or more characters, but short simple ones such as a dictionary word can be easily cracked. Cracking is done by encrypting a heap of words (the whole dictionary plus common modifications) and comparing your encrypted password with these encrypted words.

Identity is the combination of userID and Password, so never reuse the same combination, and NEVER use your email password for anything else.

Dashlane: https://www.dashlane.com

Is free for keeping up to 50 passwords on one device and the Premium version costing about $4 per month for unlimited passwords on unlimited devices. mSecure: https://www.msecure.com

Available for Windows, MacOS, iOS and Android. The free version can be used on a single device and gives you unlimited records, 20 templates, group and filter records and a password generator. The PRO version adds the ability to synch across devices, do backups, customize templates and have photo attachments. It costs about $45 as a one-off payment.

1Password: https://1password.com

A free version of 1Password may still be available but with limited features, still it may be suitable for what you want especially if you only want to use a single device. Although considered ‘top of the line’, 1Password is expensive at about $4:00 per month. It is available for Windows, MacOS, iOS and Android and there are also browser extensions for Safari, Firefox, Chrome and Opera to enable the easy use of passwords when browsing the Web.

LastPass: https://www.lastpass.com

Similar to all of the above, free personal version for a single device but upgradable to a premium version at a cost. Unfortunately, you cannot define custom fields.

BitWarden: https://bitwarden.com/

Is ‘open source’, that is anyone can look at the source code and check for flaws, unlike software that is written by a private company that keeps its code hidden. This makes it very secure.

The Free version offers almost all that you would want with features similar to those above. It comes as a free-standing program installed on your computing device or as an extension to your web browser.

Here is a link to a great (short? - 34 minutes) guide to the Bitwarden Password Manager which is quite extensive.

YouTube BitWarden Video

If you click the More button below the video you will find links to other videos of interest.

KeePass: https://keepass.info

Open Source and free. Available for Windows and mobile devices (iOS, Android, Blackberry, WindowsPhone). KeePassX is version for MacOS and Linux but has been unsupported for some time. KeyPassXC is also available and although it does not have as many “extras” as plain Keepass, it is seen as more modern and available for all operating systems.

Apple KeyChain: For those with an Apple device, you can use your Apple Keychain with Safari. The advantage of this is that the encrypted passwords can be saved in iCloud and therefore available for automatic use on your other Apple products.

A good video comparing Password Managers is available at https://www.youtube.com/watch?v=WkiSr476QM0

Google Chrome web browser has an extension called “Password Checkup”. Wherever you sign-in, if you enter a username and password that is no longer safe due to appearing in a data breach known to Google, you’ll receive an alert.

It is available here. Google Password-checkup

Has your email account ever been registered on a website that was used to gather passwords? Check it out at .. https://haveibeenpwned.com

BTW: 2FA stands for two Factor Authority. One Factor Authority is where you use a single ‘thing’ for security, such as something you know (a password or passcode) or something you have like a physical key to access a room. 2FA will comprise 2 ‘things’ such as something you know (a password) with something you have, such as a mobile phone or a secret key generator from your bank.

Because your Master Password grants you access to your Password Vault, you may want to have more security than just knowing the Master Password. This can be done using a physical device such as an App on your mobile phone or a USB device such as a YubiKey.