DOCSLIB.ORG

Password Management Made Easy

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Password Management Made Easy Departments/Business matters By Greg Taylor, Director, Baker Tilly Staples Rodway Taranaki Password management made easy Passwords can be one of the banes of life, but they should be taken seriously as password theft is big business. That’s why it is worth considering investing in a password vault or safe service. ARE YOU ALWAYS forgetting your passwords? Do you get frustrated trying to remember which combination of kids’ birthdays, pets, street names and added 123s and !*$%^#, CAPITALS or lower case go with what? Weak passwords are vulnerable to theft It is a common problem and has been a frustration for many of our clients. As busy humans, it can be difficult to remember a host of password variations and lengths for all the different applications you might use. If you have passwords, it’s important that they are strong – weak passwords can lead to your account being taken over or personal informa- tion ending up for sale on the dark web. Weak passwords could lead to your password being stolen. However, before finding a new hiding place for that notebook of user passwords, maybe it is time to look at a more secure way to store sold for as little as $US7 – your bank account now and are proving to be very useful. During some of your most important information. You login could be sold for as little as $US20. the last 12 months, there has been a substan- should have different passwords for different tial increase in New Zealand users. This is sites and a password manager to keep track Use a password vault service mainly driven by the requirement by many of them all. One way to mitigate some of the risk is by using businesses to have passwords kept securely A recent TechRepublic article puts the an online password vault or safe service, some when staff are working from home. average price for a New Zealander’s stolen of which attract a fee while others are free. Another reason is that the new New credentials at $US20. Credit card details are These have been around for around 20 years Zealand data security laws introduced in 92 — June/July 2021 — Build 184 December 2020 have made businesses use. If it is too complicated, you will give cybercriminal, but in both scenarios, it only take password security far more seriously. up and be looking for the notebook. Most takes one person seconds to copy your pass- Thinking about it, your business may only vault services will prepopulate the login words and cause a huge amount of damage. be as strong as your employee’s pet’s name. information automatically. Many features are included with online Other features to look for may include Some options password vault or safe services/managers. password generators, linking passwords Here are five online password managers that The most important is that there is only across devices or storage of digital records will make your life easier and safer: one password to remember, and the service such as passports or drivers licences. Some ¬ LastPass securely manages the login to all the online password managers also have dark web ¬ Bitwarden platforms you require it to. A second factor monitoring. This will automatically alert ¬ KeePass might be an authenticator-generated random you if your credentials are at risk. ¬ Nordpass pin that you have as well as your password. Leaving your passwords on a piece of ¬ Myki Password Manager paper or in a notebook makes it far too ¬ Keeper Security. Choose a service that is easy to use easy for your data to be stolen or misman- Each has its own pros and cons, so do your It is important to have a look at what vault aged. There are numerous cases of internal research to find what suits you best. options are available to you and if it will suit cybercrime picked up by our audit teams Whatever you do, make sure you’re keeping your unique needs. right across the country. your passwords protected. This doesn’t mean At the top of your list should be how The threat to your business could just as putting your small notebook of passwords in easy is it to log in to the apps and sites you easily be an internal one as an unknown the top drawer in the office! Build 184 — June/July 2021 — 93.
Load more

Recommended publications
  • An Architecture for Cryptography with Smart Cards and NFC Rings on Android
    OpenKeychain: An Architecture for Cryptography with Smart Cards and NFC Rings on Android DOMINIK SCHÜRMANN, TU Braunschweig, Germany SERGEJ DECHAND, University of Bonn, Germany LARS WOLF, TU Braunschweig, Germany While many Android apps provide end-to-end encryption, the cryptographic keys are still stored on the device itself and can thus be stolen by exploiting vulnerabilities. External cryptographic hardware solves this issue, but is currently only used for two-factor authentication and not for communication encryption. In this paper, we design, implement, and evaluate an architecture for NFC-based cryptography on Android. Our high-level API provides cryptographic operations without requiring knowledge of public-key cryptography. By developing OpenKeychain, we were able to roll out this architecture for more than 100,000 users. It provides encryption for emails, messaging, and a password manager. We provide a threat model, NFC performance measurements, and discuss their impact on our architecture design. As an alternative form factor to smart cards, we created the prototype of an NFC signet ring. To evaluate the UI components and form factors, a lab study with 40 participants at a large company has been conducted. We measured the time required by the participants to set up the system and reply to encrypted emails. These measurements and a subsequent interview indicate that our NFC-based solutions are more user friendly in comparison to traditional password-protected keys. CCS Concepts: • Security and privacy → Usability in security and privacy; Key management; Hardware-based security protocols; • Human-centered computing → Mobile devices; Additional Key Words and Phrases: NFC, near-field communication, smart card, ring ACM Reference Format: Dominik Schürmann, Sergej Dechand, and Lars Wolf.
    [Show full text]
  • Keepass Password Safe Help
    KeePass Password Safe KeePass: Copyright © 2003-2011 Dominik Reichl. The program is OSI Certified Open Source Software. OSI Certified is a certification mark of the Open Source Initiative. For more information see the License page. Introduction Today you need to remember many passwords. You need a password for the Windows network logon, your e-mail account, your website's FTP password, online passwords (like website member account), etc. etc. etc. The list is endless. Also, you should use different passwords for each account. Because if you use only one password everywhere and someone gets this password you have a problem... A serious problem. He would have access to your e-mail account, website, etc. Unimaginable. But who can remember all those passwords? Nobody, but KeePass can. KeePass is a free, open source, light-weight and easy-to-use password manager for Windows. The program stores your passwords in a highly encrypted database. This database consists of only one file, so it can be easily transferred from one computer to another. KeePass supports password groups, you can sort your passwords (for example into Windows, Internet, My Website, etc.). You can drag&drop passwords into other windows. The powerful auto-type feature will type user names and passwords for you into other windows. The program can export the database to various formats. It can also import data from various other formats (more than 20 different formats of other password managers, a generic CSV importer, ...). Of course, you can also print the password list or current view. Using the context menu of the password list you can quickly copy password or user name to the Windows clipboard.
    [Show full text]
  • Lastpass Frequently Asked Questions (FAQ)
    Portal > Knowledgebase > Accounts and Passwords > Security > LastPass Frequently Asked Questions (FAQ) LastPass Frequently Asked Questions (FAQ) Patricia Falcon - 2021-07-02 - 0 Comments - in Security Getting Started with LastPass at Brown Is LastPass mandatory? How do I set up my LastPass Enterprise account? What are the differences between LastPass Enterprise and Premium accounts? How do I keep my personal and work LastPass vaults separate? What if I already have an account with LastPass? What happens to my LastPass account when I leave Brown? Can I use my existing LastPass Family Plan Premium account? Can Brown clinical faculty use LastPass? How about medical residents? LastPass Basics How can I set up a browser extension? How do I import passwords from other sources? How can I set up account recovery options? What is the Security Dashboard? How can I manage my vault? How can I generate secure passwords? How do I securely share a password? What are shared folders, and how can I use them with my group to share passwords? Is there a risk to putting all your passwords in one place? LastPass Help Guide Troubleshooting What if I forget my Master Password? Why am I not able to see my team's shared folders? Can I access LastPass when I'm not online? Why does the password field not auto-populate when using the VPN client (Big-IP/F5)? How can I access Windows Desktop applications with LastPass? It doesn't seem to be working. Getting Started with LastPass at Brown Q. Is LastPass mandatory? A. If you are unable to remember all of your passwords, then we strongly encourage the use of a password manager and our recommendation would be LastPass.
    [Show full text]
  • Bitwarden Install Guide
    Bitwarden Install Guide Bitwarden is a free and open-source password management service that stores sensitive information such as website credentials, payment data and notes in an encrypted vault. Bitwarden has completed a security audit and cryptographic analysis from the German based firm Cure53. The Bitwarden Security Assessment Report, dated November 8th, 2018 is available for download at: https://cdn.bitwarden.net/misc/Bitwarden%20Security%20 Assessment%20Report.pdf Install Guide based on Bitwarden Version 2.12.0. Downloads available at: https://bitwarden.com/#download Author: Edward Wayne Hilton https://orcid.org/0000-0002-0846-3646 Version Number: 1 Version Date: September 2, 2019 The Information provided herein is for instructional purposes only. Contents Setup Bitwarden Account .................................................................. 2 Setup Two Setup Login (2FA) with Bitwarden EMAIL OPTION ... 6 Saving Recovery Codes for Bitwarden ........................................... 10 Domain Rules for Bitwarden ........................................................... 11 Bitwarden iOS Install ........................................................................ 13 Bitwarden iOS Password Autofill ................................................... 17 Bitwarden Install Guide Page 1 of 18 Setup Bitwarden Account 1. It is recommended to create an account first, before installing the software and/or browser extensions. Bitwarden Install Guide Page 2 of 18 2. For additional security an email alias could be used which is only associated with this service. Example for Gmail users can add +alias to their normal email address (ex. [email protected]) -> ([email protected]). NOTE: The Master Password is NOT recoverable is lost/forgotten. Bitwarden Install Guide Page 3 of 18 3. Sign in with new account Bitwarden Install Guide Page 4 of 18 4. Click the Verify Mail -> “Send Mail” option to confirm your account.
    [Show full text]
  • How to Integrate Your Password Management Software Into Remote Desktop Manager
    How to Integrate Your Password Management Software into Remote Desktop Manager In this webinar, we showcased how easy it was to implement that integration. For most password managers, INTEGRATION integration is fast and simple. Here are the steps: 1. Create IS FAST AND SIMPLE a new credential entry. 2. Select your password manager from the list. 3. Connect your password management account to Remote Desktop Manager. 4. Use that entry from other sessions, or even better for a whole folder. (Spoiler alert! Next week blog will explain everything about Recently we hosted a Password Managers Webinar on inherited credentials.) integrating the most popular Password Managers with Remote Desktop Manager, you can find the recorded video And that’s it! You’re all done, and can sit back, relax, and enjoy on our Youtube channel. some hilarious Sysadminotaur comics. However, for the most popular tool in our community, namely Keepass, integration involves a few more steps. Here are the steps to follow: 1. Create a new credential entry. 2. Select KeePass. 3. You’ll notice that a plug-in is required; you can either click Install Plug-in, or you can click: Tools – Extensions Manager – Others – KeePass Plugin. (Note: a KeePass Professional Edition (AKA 2.x) is required to proceed with the integration.) 4. You’ll see that there are multiple options in the Credential Selection tab; if you choose the Default Method, you can select a specific KeePass credential from your list, which will create a hard link to the credential stored in your KeePass database. Another option is to select Always prompt with list.
    [Show full text]
  • April, 2021 Spring
    VVoolulummee 116731 SeptemAbperril,, 22002201 Goodbye LastPass, Hello BitWarden Analog Video Archive Project Short Topix: New Linux Malware Making The Rounds Inkscape Tutorial: Chrome Text FTP With Double Commander: How To Game Zone: Streets Of Rage 4: Finaly On PCLinuxOS! PCLinuxOS Recipe Corner: Chicken Parmesan Skillet Casserole Beware! A New Tracker You Might Not Be Aware Of And More Inside... In This Issue... 3 From The Chief Editor's Desk... 4 Screenshot Showcase The PCLinuxOS name, logo and colors are the trademark of 5 Goodbye LastPass, Hello BitWarden! Texstar. 11 PCLinuxOS Recipe Corner: The PCLinuxOS Magazine is a monthly online publication containing PCLinuxOS-related materials. It is published primarily for members of the PCLinuxOS community. The Chicken Parmesean Skillet Casserole magazine staff is comprised of volunteers from the 12 Inkscape Tutorial: Chrome Text PCLinuxOS community. 13 Screenshot Showcase Visit us online at http://www.pclosmag.com 14 Analog Video Archive Project This release was made possible by the following volunteers: Chief Editor: Paul Arnote (parnote) 16 Screenshot Showcase Assistant Editor: Meemaw Artwork: ms_meme, Meemaw Magazine Layout: Paul Arnote, Meemaw, ms_meme 17 FTP With Double Commander: How-To HTML Layout: YouCanToo 20 Screenshot Showcase Staff: ms_meme Cg_Boy 21 Short Topix: New Linux Malware Making The Rounds Meemaw YouCanToo Pete Kelly Daniel Meiß-Wilhelm 24 Screenshot Showcase Alessandro Ebersol 25 Repo Review: MiniTube Contributors: 26 Good Words, Good Deeds, Good News David Pardue 28 Game Zone: Streets Of Rage 4: Finally On PCLinuxOS! 31 Screenshot Showcase 32 Beware! A New Tracker You Might Not Be Aware Of The PCLinuxOS Magazine is released under the Creative Commons Attribution-NonCommercial-Share-Alike 3.0 36 PCLinuxOS Recipe Corner Bonus: Unported license.
    [Show full text]
  • Win Big with [Insert Open Source App Here] Win Big with Open Source
    Win Big with [Insert Open Source App Here] Win Big With Open Source Introductions Dave Nevala – Lukins & Annis Jerry Askew – Askew Network Solutions Win Big With Open Source No Licensing Headaches High Quality – peer reviewed Paid Support Available If you want a feature, add it! OSS can’t be discontinued or sold Win Big With Open Source KeePass – Password Manager Zotero – Web Research Manager 7-Zip – Fast Archiver Truecrypt – Disk Encryption PDF Creator Ntop – Network Analyzer Prey – Loss Prevention Win Big With KeePass What is KeePass? Password Management Database Strong Password Generator Hot-key login Obfuscation techniques Multi-platform Download for free http://keepass.info/ Win Big With KeePass Password Database Strong Encryption Can be opened with single password Win Big With KeePass Why KeePass? No need for PostIt notes, slips of paper, etc. Easy to have unique strong passwords Turn off auto form fill Win Big With KeePass Ports KeePassPPC & KeePassSD – PassDrop - iPhone/iPad PocketPC KeePassDroid – Android 7Pass - Windows Phone KeePassMobile - J2ME MiniKeePass - iPhone/iPad KeePassJ2ME - J2ME SyncPass - iPhone/iPad KeePassBB – BlackBerry iKeePass - iPhone/iPad KeePassBB2 – BlackBerry MyKeePass - iPhone/iPad Export to Keyring - Palm OS KyPass - iPhone/iPad KeePassX - Linux / Mac OS X Win Big With KeePass Share with multiple devices Portable version (run from folder) Keep database on flash drive or dropbox Win Big With KeePass Alternatives Last pass (requires to be online) KeePassX (requires to be online) 1Password (Mac and Linux)
    [Show full text]
  • Online Security and Privacy
    Security & Privacy Guide Security and Privacy Guide When thinking about security and privacy settings you should consider: What do you want to protect? Who do you want to protect it from? Do you need to protect it? How bad are the consequences if you fail to protect it? How much trouble are you prepared to go to? These questions should be asked whilst considering what information you are accessing (which websites), how you are accessing the information, (what device you are using) and where you are accessing the information (at home, work, public place). Security & Privacy When looking at your Digital Security you are protecting your information against malicious attacks and malware. (Malware is software intentionally designed to cause damage to a computer). Digital Privacy is different as you are deciding what information you are prepared to share with a website or App (or its third party partners) that you are already using. Permission to share this information can be implicit once you start using a website or App. Some websites or Apps will allow you to control how they use your information. Security Physical access: How secure is the device you are using? Is it kept in a locked building, at home, or do you use it when you are out and about? Does anyone else have access to the device? Do you require a passcode or password to unlock your device? Virtual access: Have you updated your IOS software (on an iPad) or installed the latest anti-virus software on your device? Most devices will prompt you when an update is available.
    [Show full text]
  • Password Managers an Overview
    Peter Albin Lexington Computer and Technology Group March 13, 2019 Agenda One Solution 10 Worst Passwords of 2018 Time to Crack Password How Hackers Crack Passwords How Easy It Is To Crack Your Password How Do Password Managers Work What is a Password Manager Why use a Password Manager? Cloud Based Password Managers Paid Password Managers Free Password Managers How to Use LastPass How to Use Dashlane How to Use Keepass Final Reminder References March 13, 2019 2 One Solution March 13, 2019 3 10 Worst Passwords of 2018 1. 123456 2. password 3. 123456789 4. 12345678 5. 12345 6. 111111 7. 1234567 8. sunshine 9. qwerty 10. iloveyou March 13, 2019 4 Time to Crack Password March 13, 2019 5 Time to Crack Password March 13, 2019 6 Time to Crack Password March 13, 2019 7 Time to Crack Password Time to crack password "security1" 1600 1400 1200 1000 Days 800 Days 600 400 200 0 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 2016 Year March 13, 2019 8 How Hackers Crack Passwords https://youtu.be/YiRPt4vrSSw March 13, 2019 9 How Easy It Is To Crack Your Password https://youtu.be/YiRPt4vrSSw March 13, 2019 10 How Do Password Managers Work https://youtu.be/DI72oBhMgWs March 13, 2019 11 What is a Password Manager A password manager will generate, retrieve, and keep track of super-long, crazy-random passwords across countless accounts for you, while also protecting all your vital online info—not only passwords but PINs, credit-card numbers and their three-digit CVV codes, answers to security questions, and more … And to get all that security, you’ll only need to remember a single password March 13, 2019 12 Why use a Password Manager? We are terrible at passwords We suck at creating them the top two most popular remain “123456” and “password” We share them way too freely We forget them all the time We forget them all the time A password manager relieves the burden of thinking up and memorizing unique, complex logins—the hallmark of a secure password.
    [Show full text]
  • Technical Guides
    Technical Guides KeePass Password Manager Tutorial Wireguard Ubuntu Deployment SQM for 1 Gbps Lines With OpenWrt KeePass Password Manager Tutorial Introduction I don't trust online password managers because they are closed source and companies have been hacked in the past. If you look up "lastpass breached" in Google you can see my point. Keepass is open source and offline. Why put your trust in a company when you can create and access the database yourself? An honorable mention is bitwarden. They are also open-source and you have the option of hosting your own bitwarden server at home as an option. If you want to pay and are willing to trust a company and have your passwords encrypted on their cloud they would be your best bet. Downloading Keepass https://keepass.info/download.html Get the Installer for Windows (2.45) aka KeePass-2.45-Setup.exe. After you get it install Keepass. Recommended plugins (.plgx) to download: Keepass has a variety of useful plugins listed here: https://keepass.info/plugins.html I recommend the following below for now. Plugins always have a .plgx file extension. WebAutoType-v6.3.0.zip: https://sourceforge.net/projects/webautotype/files/ YetAnotherFaviconDownloader.plgx: https://github.com/navossoc/KeePass-Yet-Another- Favicon-Downloader/releases After you downloaded the necessary .plgx plugins. Copy or move them into the Plugins folder at C:\Program Files (x86)\KeePass Password Safe 2\Plugins. 1.1.1 Master Password To start off you will be creating a master password which is the masterkey to access all your other passwords.
    [Show full text]
  • USM Anywhere Alienapps List
    USM Anywhere AlienApps List The AT&T Alien Labs™ Security Research Team regularly updates the data source library to increase the extensibility of USM Anywhere. These AlienApps enable your USM Anywhere Sensor to process and analyze logs produced by your existing devices and applications. Note: This table shows the AlienApps that ship with USM Anywhere as of June 17, 2021. If you cannot find the app that you are looking for, submit a request here so we can build one for you. List of AlienApps Available in USM Anywhere Auto- Data Source AlienApp Log Format discovered AdTran Switch AdTran Switch RegEx No Aerohive WAP Aerohive Networks Aerohive WAP RegEx No AIX Audit IBM AIX Audit RegEx No Akamai ETP Akamai ETP JSON No Alibaba Cloud Alibaba Cloud Key-Value Yes AlienVault Agent None. Data received through JSON No AlienVault Agent AlienVault Agent - Windows None. Data received through JSON No EventLog AlienVault Agent AlienVault Cluster Management AlienVault Cluster Management RegEx No Application Application AlienVault Internal API AT&T Cybersecurity Forensics and JSON No Response AlienVault NIDS None. Data received through a JSON Yes deployed sensor Amazon Aurora AWS Aurora CSV No Amazon AWS CloudTrail AWS CloudTrail JSON No Amazon CloudFront Real Time AWS CloudFront Real Time Logs W3C No Logs W3C W3C Amazon EKS API Server AWS EKS API Server RegEx No Amazon EKS API Server Audit AWS EKS API Server Audit JSON No USM Anywhere™ AlienApps List 1 List of AlienApps Available in USM Anywhere (Continued) Auto- Data Source AlienApp Log Format discovered
    [Show full text]
  • Password Managers
    Studying the Impact of Managers on Password Strength and Reuse Sanam Ghorbani Lyastani∗, Michael Schilling†, Sascha Fahl‡, Sven Bugiel∗, Michael Backes§ ∗CISPA, Saarland University, †Saarland University, ‡Leibniz University Hannover, §CISPA Helmholtz Center i.G. Abstract—Despite their well-known security problems, pass- applications. Password managers are being recommended as a words are still the incumbent authentication method for virtually solution because they fulfill important usability and security all online services. To remedy the situation, end-users are very aspects at the same time: They store all the users’ passwords often referred to password managers as a solution to the pass- word reuse and password weakness problems. However, to date so the users do not have to memorize them; they can also help the actual impact of password managers on password security users entering their passwords by automatically filling them into and reuse has not been studied systematically. log-in forms; and they can also offer help in creating unique, In this paper, we provide the first large-scale study of the random passwords. By today, there are several examples for password managers’ influence on users’ real-life passwords. From third party password managers that fit this description, such 476 participants of an online survey on users’ password creation and management strategies, we recruit 170 participants that as Lastpass [5], 1Password [1], and even seemingly unrelated allowed us to monitor their passwords in-situ through a browser security software, such as anti-virus [4] solutions. plugin. In contrast to prior work, we collect the passwords’ entry Unfortunately, it has not been sufficiently studied in the past methods (e.g., human or password manager) in addition to the whether password managers fulfill their promise and indeed passwords and their metrics.
    [Show full text]