Most Secure Password Management Explained | Go Incognito 3.4

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

passwords are the key to everything in our lives they give you access to bank accounts emails devices everything so here we go [Music] almost all of you have at some point shopped on Amazon I hope well if you have a super easy and free way you can help out the course and the channel is to simply click the tech lor Amazon link before making your purchases no matter what they are if you go through the tech lor link on the website or the description your purchase will help support the channel and don't hesitate to bookmark it for future purchases thank you on advance and enjoy the lesson let's start off with the basics when you register for a website your password is put through a one-way algorithm called a hash function that way no one knows what your password is except you the issue is when these services or websites get pwned or hacked it's common to find your username with your passwords hash publicly available once a hacker or anyone else obtains these hashes they can use tools like John the Ripper ocl hash cats and other tools to crack the hashes and retrieve the actual password I'll talk more about those tools shortly in 2014 there were several iCloud hacks that leaked the nudes of famous celebrities this event was called the fappening it turned out the hacker or hackers use a tool called alchemist oft phone password breaker or EPP be a tool used by law enforcement and government agencies to access iCloud accounts which by the way is sold publicly for as little as $80 epp B requires an iCloud's users username and password it just so happened that there was another tool posted on github called I brute a password hacking tool specifically created for getting iCloud credentials from just about anyone using I brutes and epp B together someone could impersonate the victim and download a backup of that person's iPhone onto another device which is very likely how this hack was accomplished this isn't just an issue for individuals passwords are how we protect medical data any other sensitive data and even company data as a matter of fact according to a Jake Gotham at enigma 2019 a security engineer for Visa almost 80% of all data breaches resulted from weak or stolen passwords how do we avoid this the first golden rule of passwords is to use good secure passwords for every website you visit making it harder to brute-force well what makes a good password glad you asked even highly targeted individuals don't always know the previous CEO of Sony Michael Lynton used Sony ml3 as his domain account password no wonder his emails were hacked and spread across the Internet there are also the passwords that were exposed in the Ashley Madison hack the most common a good password does not use dictionary terms since brute-forcing attacks can guess word based passwords extremely easily if you are using the word read try to replace the e with a three this is a very simple tip that can go a long way with longer passwords not so much shorter ones you should be using both lower and uppercase letters including symbols numbers within the password and making it as random as you possibly can no longer the password the better I'd recommend having at the very least 12 digits and working your way up to the dozens if you can we'll cover how to do this easily and realistically very soon the other golden rule is to never use the same password twice let's say Adobe got hacked and your email and password are posted online if your email account uses the same password that you use for Adobe a person now has your email address as well as the password to your email account giving them access to your email where they could possibly get access to other accounts we will be discussing more ways to prevent this in the very next lesson okay so far Henry this is your pretty straightforward I've got this use good passwords and use different passwords but how can you create several different passwords that are good without losing track of them great question the first option is to write them down on a piece of paper if you're going this route never write the password as is use things to help you remember something cryptic instead of writing gaming 1-2-3 which is your password right time killer plus one two three this way anyone who finds your list of password we'll have to do a lot of deciphering to figure them out the second option which is what I'd recommend is using a password manager lots of people are aware of cloud-based password managers that sync your generated passwords instantly across your devices like LastPass one password dashlane and all of these other services the way these work is you have an account that can be accessed using a master password giving you access to all of your passwords inside if you haven't already picked up how important that master password is I'm gonna be Gandalf and tell you the common term so one password so pick a strong password inside of this vault all of the passwords for every service you use can be randomly generated by the service so you can use extremely strong passwords uniquely however these cloud-based password managers typically have three problems one they are cloud-based and stored on the company's servers so you don't own and control your database file this is an enormous amount of trust to put in a company especially when they are susceptible to attacks which has successfully happened in the past two they cost money it's very rare to find a good option which is both unlimited and free three most of these services use proprietary software meaning they are closed source so nobody except the company can view the code and check it for bugs or backdoors we want Foss as previously discussed in section one of the course but there are password managers that don't suffer these problems the first one I would suggest is key pass an open-source password manager where you physically own an encrypted file with all of your passwords the only way to access the passwords is by loading a file into a key pass client since the file itself is encrypted you can actually sync it using a cloud service like Google Drive Dropbox next cloud or whatever you want to use I made a guide on how to do this even if someone got access to your cloud storage they still wouldn't be able to load your passwords because it's an encrypted file this is technically less secure than storing it entirely locally but I would argue this is safer than using a cloud-based password manner there is a step up from keepass and it's called master password master password doesn't do any syncing backups and doesn't require internet to function similar to key pass the difference is master password uses algorithmically generated passwords from the username you pick along with a password and title you gave the entry this means you can access the information anywhere assuming you remember exactly the correct information I do personally feel more comfortable with something like key password I control a physical file but master password is undoubtedly more secure on paper and quite honestly an ingenious idea although more complex now there is one major downside to password managers and it's probably what all of you are thinking you're putting all of your eggs in one basket if someone gets into your database they have access to everything however here are a couple things you can do to protect yourself and make your password manager an even stronger solution one make multiple databases with different passwords for different uses you can separate schooling from entertainment from your personal life one compromised won't necessarily jeopardize everything else the second thing you can do is to memorize a second password that you can append at the end of your passwords within your vault let me explain that let's say you remember the password lemurs you can randomly generate your secure passwords in the password manager but when you use it online you add lemurs to the end of the random passwords this way even if someone breaks into your password manager they still can't get into the accounts because they don't know to add lemurs to the end of each password I also want to point out the importance of frequently changing your passwords since even your secure passwords can be pown without your knowledge I would recommend you reserve a day every given time period to sit down and update your passwords this ties in to doing consistent audits on yourself a topic we're going to discuss in section 4 of the course alright now you know how to create strong passwords and manage them properly sadly only 12% of Americans in 2016 used a password manager so please spread how and why your friends and family should use them now what happens when you don't need a traditional password maybe a device uses fingerprints or other biometrics what should you do biometrics at least today are almost always less secure than a password since biometric technology isn't advanced enough to fully verify if somebody is who they say they are apples touch ID has been cracked face ID has been cracked most biometric methods on Android have been cracked and most other forms of identification like voice authentication just aren't advanced enough additionally police in Florida recently tried to get access to a person's dead body to unlock the person's cell phone with a fingerprint police in Michigan 3d printed a murder victim's fingerprint to gain access to a device and someone you know could easily unlock your phone while you're asleep face ID means someone just holds a device to your face I mean seriously let's not forget that biometrics can be very invasive privacy wise on top of all of this there are legal differences between biometric passwords and physical passwords in the US courts have ruled that a passcode is classified as knowledge because of the fifth amendment there are constitutional protections against being forced to surrender your passcode to law enforcement but biometrics are not classified as knowledge therefore you aren't protected and you could be forced to legally unlock your devices this is the u.s. though and different countries have different laws for example in Canada if you are a citizen you must hand over your passwords as part of the law for more information on these laws in other countries the privacy tools iö website has a great list no matter what I'd recommend disabling all biometric passwords when going to airports crossing the border attending protests or any other situation with lots of law enforcement since these are major areas where people are unfairly searched if you use biometrics on a mobile device you can leave it enabled and simply reboot your device before going to a high risk or high guarded area since the reboot will require a password alternatively Apple recently introduced a feature in iOS 11 where if you click your power button five times it will automatically lock you out of your phone and require a password to unlock it another form of verification is a LP or Android lock patterns in short avoid these at the passwords con conference in 2015 the researchers reported that people often use the first letter of their first name and that people tended to use the dots in the middle and not in the four corners on top of this security researchers at the US Naval Academy and the University of Maryland Baltimore County publishes studies showing an observer can visually pick up and in reproduce an LP with relative ease about two of every three observers successfully recreated a pattern from five or six feet away after a single viewing okay that was all a ton of information flying everywhere and I hope you kept up but there are a few more things that you should know before we finish this lesson first use a password this seems like a no-brainer yet Consumer Reports found that over one-third of Americans don't have protection on their mobile devices second don't remember passwords inside your browser or allow your browser to manage them if anyone gets into your system your browser won't ask for any additional verification to use those passwords which is a big security concern third never leave your system unlocked for any reason even for a split second when you walk away from your computer sign out on windows and most Linux distros just click Windows key + L it's that simple the very last topic is security questions these are those questions you get when signing up for our website to verify who you are we have been taught since we were small children to always be honest the problem in being honest with security questions is lots of them are ridiculously easy to guess even for a random stranger luckily there's a simple solution to this we're going to lie by not just putting fake information random information you know that password manager I told you to start using earlier in the lesson hopefully you do you should create a password for every security question so that no one can guess them and there's no personal information being given save it in your password manager and that's where you go if you ever need to access the answer to your security questions that is going to wrap up what you need to know passwords it is a very simple topic but can really expand when you start getting to the nitty-gritty in the next lesson we will talk about two-factor authentication which I would argue is just as important as having a strong password so make sure to watch that as well I'll see you there thank you for watching is very long and hopefully productive and educational lesson

Info

Channel: Techlore

Views: 75,022

Rating: undefined out of 5

Keywords: password managers, password manager, best password manager, password security, two factor authentication, software, vulnerability, 3.4, remove, security, privacy, go incognito, techlore, incognito, course, guide, udemy, dark web, tails os, deep web, crash course, section 3, setup, complete, free, tutorial, safe, encryption, anonymous, anonymity, tor, VPN, Linux, Windows, full guide, overview, telegram, youtube, best vpn, free vpn, password, open source, open source software, best, how to mine bitcoin, data

Id: jZr4u5nEZP4

Channel Id: undefined

Length: 13min 48sec (828 seconds)

Published: Tue May 07 2019