Which Password Manager Should I Use in 2021?

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi i'm dj ware on this episode of the cyber gizmo i'm going to be looking at password managers for linux and a few other operating systems as well so let's do that right after this [Music] i want to look at a couple well three of them at least but i have a fourth one that i want to kind of take a sneak peek at it's still in beta so the logos here you probably recognize this bit warden keepassxc may not recognize the third one that's buttercup and then the one down here in the middle that is spectra and that is not the intel malware problem so no we're not talking about that today all right so let's talk about let's start with some quotes so first ben franklin said that three people could keep a secret if two of them are dead and then about a hundred years later mark twain modified that to two people can keep him secret if one of them is dead so basically the only person you can rely on to make sure that your identity remains a secret is you and that's still the case today so given that how should we manage our passwords and so that's what i'm going to be looking at today and talking about in depth so password managers what are they used for what do we do with them they're used to collect passwords on the sites then the services and servers that we access and we store those passwords with other metadata like the url we might put a category in with it like whether it's this is a financial related site maybe this is a search engine maybe this is youtube that sort of thing so but it allows you to retrieve those passwords based on the metadata or the url that you're attempting to get to those passwords hopefully are encrypted using a strong encryption algorithm and if they're not then you should walk away from that password manager immediately walk and probably run don't walk but this creates a problem because the stronger that those passwords are the more difficult they are to remember because they usually get longer and longer so how many characters can you remember so at t found this answer it was actually bell labs that did their research back and i think it was in the late 50s and they were looking at at the time they were switching over their network from the old call of the operator and give her a code it was an alphanumeric code on the phone you wanted to dial and then they would plug you into that that particular circuit and make the connection so what they found out was when they started to go to the pulse dialers at that time when they went to that how many numbers should they be using to create the phone numbers and they did did research and they found out that people can only remember up to seven digits uh digits or numbers or letters or or special characters i mean that's all they could remember is seven so that's why our phone numbers are seven digits long today but if you were to make a password out of seven characters that's going to be a problem because those are pretty darn easy to crack even if you use the combination of upper lower case special characters and numbers which would be the most secure that you could come up with you would have a password that would take about six minutes to crack and that's according to a study that was conducted by hive systems back in 2020 so it may be a little bit shorter today but you know the performance of the systems haven't really improved all that much uh yeah maybe a little bit so password manager solve all your problems right no [Laughter] what you really need them to do though is that if in today's world you have to have some way of syncing your office your home uh your mobile applications so that you have the most current passwords available on all your devices for those websites or all those servers or whatever it is you're trying to access but you you because you keep those passwords you also need to store a backup because things go horribly wrong and you'll need some way to recover and it isn't a question of if it's a question of when something goes horribly wrong so the other question the other thing is is that you end up having to try you hand over your trust to a company that now has all the keys to the doors of everything that you access and use so yeah if you really feel comfortable with that i don't but if you really feel comfortable that great um but we're now dependent on the second thing is we're all dependent on a device in order to have access to our websites you lose the device or you lose you know the the key to get into that particular vault or password database you're in trouble and a password is not enough i mean consider you're one hack away from them getting it all if uh if they if they wanted to target the best place to hit you it would be at the password manager on the cloud because they only have to crack one password and they've got everything so yeah so i sat down and i uh everybody always talks about use cases today but use cases aren't really all that important use cases in my mind i'm traditionalist and go back a way so use cases were always used to generate requirements because use cases are the practical things that users do and then you link that to the type of capabilities your system needs and then you create requirements for those capabilities whether you call them requirements or goals or whether you just create storyboards out of them it's the same thing in general it's the same thing you're really creating some measurement that you know that you've achieved whatever you needed the system to do which is the whole reason why you need your requirements in the first place so these are some of my thoughts on some of the things that i'm looking for yours probably will be different i'm looking for something that'll support linux mac os and android devices i'm looking for something that is secure of course and i want the best security i can get but i want to keep the passwords local i don't trust i don't trust the cloud probably never will i want two-factor authentication and i want to make sure and i want two-factor authentication not only for the database but i also want to be able to use it on the websites that i'm accessing so inactive development i want it has to be an active development because things change too quickly and the software needs to keep up with that sometimes there are vulnerabilities that are found in the libraries that they're using sometimes there there are different needs that have come up like the in maybe the password link needs to increase which it has um since i started anyway um the also it'd be nice if it was audited by independent researchers but is that a deal breaker for me if it isn't no because it is expensive to do independent audits and a person and a small project that is open source and free they don't have the revenue stream in order to support hiring these expensive firms to come in and do a full security audit so it's not really a deal breaker it would seem like an oxymoron to ask for it to be free and then expect them to have to pay millions of dollars to some firm to do a security on it um i would like to also have it do re and generate the random random password for me so that i don't have to write it down figure it out and come up with an algorithm that i want to use i would prefer that it was multi platform browser extension or whatever support but i run arm and i'm running arm here today so i need both intel r and arm in order to do that and at least in my case so i would like to have that password expiration monitor would be nice i have this listed as a requirement but to me it's a nice to have what that what that means is that when you change your password and it stores it uh and replaces the one that was there it updates the date and then you can at some point the system will tell you that hey you're this particular password is reaching your age your overage limit so that could be whatever you said it to be it could be four weeks 90 days it could be six months i don't think i would recommend going quite that far um but yeah whatever that is that would then tell you hey this site on this this password needs to be updated so i would also probably want some kind of way to do full back codes for access recovery not only for the database but also i would not also would like to have that for the sites however you don't want to store that in your password manager you don't want to put your backup codes into your password manager that would be a really dumb idea so you would need to have that stored somewhere else multi-factor authentication is a nice to have i would really like to see that and again password expiration yeah again nice to have password strength monitor is it weak is it a good password is it strong uh and of course that rating is going to change over time as well so there has to be that's why you need to have active updates going on uh also the password manager should lock the vault when it's idle so if i'm not actively using or going to a new site i will i want it to lock after so long a time or whether you know i don't want to wait for the screen to go idle i want it to actually after so long a time it locks the ball because leaving it open is a security risk so like i said those are the three i'm looking at bit warden keepassxc and buttercup so why didn't i choose some of these why didn't i choose lastpass well lastpass is closed source and there there have been trackers discovered in their code now and granted these are ad trackers but ad trackers track your location or where you're going that's none of their damn business uh i don't know why i won't know why that belongs in there other than they somebody thought hey this would be a good idea to generate some revenue i think it's a terrible idea and and so i wouldn't use lastpass um one password also closed source it's a good one uh in the past it was a good one i'm i don't think it has a reputation it once did so yeah i'm pretty sure it doesn't have the reputation it once did so that again closed source was enough to eliminate it for me uh dashlane i don't know a lot about dashlane but i do know it's closed source and again that eliminated that off my list master password i've seen a lot of people recommend that one so i went out and i found them on github and then i noticed that they had been actively updated in a couple of years and then read further on down in the readme file and it said hey we're not actively maintaining this anymore we've moved over and we're starting to work on spectre go over there and check that out so i did and spectra is currently in beta so i'll look at that when they reach release candidate status i don't know when that'll be i didn't see a i haven't seen a road map yet on their site that says hey this is our plans for rollout i don't know when that is i'm sure they have a target but i don't know when that will be what about xyz app well either i didn't know about them which is possible or i didn't trust them and so i didn't include them in the list also you might find some people say well i just simply use an encrypted file and i put my passwords in there and that works great for me well i'm glad it does but i bet it's not too easy to maintain it and again that doesn't look it isn't what i'm looking for i want some level of automation that will synchronize across my devices and that certainly won't do that so yeah and in some devices you would have to come up with a mechanism to read that encrypted file and still maintain it as being encrypted but how long a password should you have that's always a good question right now all the current thinking uh that i have and what i've read is that a minimum is 18 characters minimum 18 characters yeah you can go longer and are probably some places that require longer than that depending upon the level of security but i'll explain why that is in in the amount of time it takes to crack and so if i were to fill in that 18 character password with all numbers it would take about nine months this would be a single server with a graphics card get a graphics processor to guess that password just to brute force it but if i added lowercase letters to that note those numbers that would take about 23 million years if i added upper and lower cases about 6 trillion years 100 trillion for numbers lowercase and uppercase letters and then 7 quadrillion years if i include special characters so don't you think that's a little excessive well no because that's looking at it from a single server but what a lot of these places one of these people do is they put twenty thousand forty thousand servers on it and uh yeah that reduces you the amount of time significantly that it would take to crack the password so yeah um but what if uh what if it's a quantum computer so i the definitive answer is i don't know but based on i mean only rsa 32 i think has been cracked which was cracked a long time ago anyway but quite they they have gotten that far with it so yeah there's been 20 years ago they cracked rsa32 so that's been a while um so that's not a really good standard to look at and say oh well it's going to take me this much time the general feeling is and i'll expect this is the speculation is that a quantum computer would take that 18 character long password and it would be equivalent to a 9 character password so the amount of time is significantly reduced in cracking the password and so it would reduce it in theory to three weeks for a fully qualified number special characters upper and lower case password so i mean that's a guess okay so you might come up with a different guest than mine and that's fine so hive systems came up with this and now when i'm when i'll finish this when i get this video done i'll blow this up for you so you can actually see it if you're using pin codes which are four or six digit long it's not a good idea to be using pin codes at all and you can see from the chart those can be cracked almost instantly so pin codes i wouldn't know i don't recommend using pin codes at all for passwords you can see that you you know you stretch out to about 16 17 you know you go from weeks to 93 million years but then when you go to the 18th digit it really expands it way out so yeah and um so that's that's why i picked 18 is based on their information so if you want the best now and remember and the longer the password is the longer it takes to decrypt it or to create the hash that you need in order to do it so uh bitwarden uh is the first one we're gonna look at and of course it is open source it's initial release it's been around a while august 10th 2016 or so uh they do still offer a free version so you do not have to pay for it and that will give you a free cloud account as well which you need in order to be able to synchronize your data so you store the passwords up in the cloud not on your local file system for the free account premium account adds a cost of about 10 a year and i'll go over what all you get for that family plans are thirty three dollars and thirty three cents a month and then teams on corporate sides you can get those for three dollars per month per person enterprises five dollars per month per person according to their website and then they have negotiable plans that are available for larger organizations so i assume there's some kind of quantity discount that's involved there so you'd have to talk to them about that as far as the free account you get open source it is what they call zero knowledge encryption i would just say it's it's strongly encrypted however however they do use sha-256 and at the end i'll explain i yeah i think that's a problem so uh there it is unlimited devices plus syncing uh that you get it's unlimited device types the browser is supported and there's mobile apps and there's desktop apps i think you can i think it is an app image um yeah i think it's an app image for them for linux and also there's no limit on how many items you have in your vault the vault database same thing so some of them call it databases some of them call it bulbs but in that database or vault you can store notes and credit cards and identity information and identity credentials the bit word and send which is the synchronization part of this is only able to send text so it will not allow you to attach a file to the particular record that's in your database account so it is a basic what they call a basic two-step login so there's no yubikey utf or duo yeah i assume it's otp probably they do provide free cloud hosting and there's an encrypted export that's available and there's next users of one you can only have one premium account adds all those same features but it includes in addition that you can encrypt shared files over the send so the bit word and send now encrypts text and files so you can attach files to your database and send those as well two-step also includes yubikey duo and utf uh encrypted attachments up to one gig and totp authentication is also supported there's uh also uh vault health reports now that would be things like your password strength and the amount of time has passed since you last changed your password so it would tell you that there's also emergency access if you lose your password you can get access to the account probably through jumping through some hoops to do that there is a self-host option available to the premium account so you can put it your own server and then use that to store your password data probably more geared towards enterprise probably overkill for the home user but again if you're paranoid like me you can go through that effort and do that priority support and we've already talked about the cost key pass key passes has a long and sword history it's been around a long time i originally came out as keepass for windows and then the first linux versions came out with keepassx which is a fork of keepass keepass by the way is still actively maintained in its original form so these are probably people they got were dissatisfied with the development in some way and wanted to do something different and so they worked it the latest fork is keepassxc so it's that's a different development team than keepass or keepassx i don't know if keepassx is actively so i didn't check that so i don't know if you do know put a note put in a comment below and let me know um but it does allow you to have now they call it a database and it is encrypted although but they do provide cross-platform linux windows and mac os support they do allow you to create no open databases through their client and you can store sensitive information by groups so i can group my uh my logins by financial or shopping or whatever category i want to create for those then you can search for those entries either on any of that metadata to find something there is a password generator and there is the capability to autofill passwords through the browser extension uh there is an entry icon download so you can have an icon that's carried with the entry that probably would represent the logo for the site or something that might help remind you of what it is you can import databases from csv one password and other keypass one databases there is a database health reporting which again looks at the age of the password and the strength there's a database export and there's tlp storage generation now like just like bit warden um keepass also gives you the ability to store your credentials with and and uh into the keepass data store i i'm not too crazy about that idea personally um but yeah it's there if you want to use it it also supports file attachments and there is a command line support if you're doing that and and i'll explain one of the reasons one of the things you can do with the command line version of it but a a mobile app is not on their uh in their github repository so that's not provided at least i didn't see it and i don't think they provide the the the apps for android and ios they do refer to it they recommend these two keepass dx for ios and keypass to android or the android and uh phones so yeah more devices what about tufa so um it's kind of 2fa but it's not it's not what i would call 2fa it's what they call 2fa but even they admit it's not it's not the what you would expect 2fa to do in other words it's not maintaining 2fa to the website you're trying to access ub key can be used to secure the database but it only supports one key so if you've got multiple users trying to use that same database that won't work also utf and totp won't work because keepassxc is written for an offline environment and that's their philosophy and so that support isn't there because it's an offline database and you have to be online for those to work uh there are browser extensions for firefox and chrome and chromium and vivaldi firefox esr is partially supported but there are limitations in the web extension apis in firefox esr that makes it impossible to implement the full suite of that you would find in the extensions in the other browsers if you have the client version you can use the ssh agent that comes with it to store ssh keys and credentials so when the database is locked those keys disappear they're gone and when it's unlocked it puts them back out so unlike if you're restoring them in your dot ssh file those keys are always there so yep buttercup always slow open source and it is free to use it does do an encrypted vault it uses 256 aes encryption and it is cross-platform it does support linux windows and mac os um there are mobile apps for android and ios it they do have a browser extension for chrome and firefox they are an app image on linux however i also notice they have app images for not only 32-bit and 64 but they also support arm 64 and arm 7. so your older raspberry pi's and your newer raspberry pi's can be supported in this environment as well which is nice that's pretty nice synchronization they use dropbox or google drive and web dev and that's encrypted of course you can create an open vault so you can import from lastpass and other sources as well it does provide support for autofill passwords meaning that when you reach the site it'll autofill the user id and the password it also has the ability to recognize that a password needs to be updated and it'll put a button that you can click to automatically call up the site's web page that allows you to change the password where it's available and then it'll it'll automatically generate the password fill that out for you and you're done and then update itself with the new password it also supports file attachments um tfa using otp codes from google authenticator and microsoft authenticator and there's a few others they have listed as well next cloud and own cloud sync is still there but they are deprecating it i don't know what the reasons are behind that but whatever the reasons are i'm sure they they have their their reasons for it they also have a synchronization service of their own called my buttercup that you can use as well and the password vault is stored locally i thought it was kind of interesting one other thing that i discovered with you're using the so the password vault is normally created by the desktop and then there is a switch in the desktop app that you can turn on to allow it to communicate to a browser extension and when you turn that on the browser extension will ask you for both bolt it'll ask you for a new vault and then it'll attach to the vault that is in the desktop and then once it makes that connection you can close the desktop vault and the and the one it's using will be the one that it creates for the web pages i don't know if it filters out from that only the ones it needs i haven't dug into it i haven't opened the vault that was created i need to do that and do a little bit of digging and see why they do it that way i'm sure they have the reasons for it but yubikey is not supported utf is not supported dot support is through the sync only at the moment there is a cli and we already mentioned that it's an app image so um like i said though they are always actively they are actively working on i mean they do updates nightly so um they have a request so if there's something a browser you want supported or something that you need maybe if they get enough requests for it they'll add it in i don't know i can't guarantee that and i'm sure they don't guarantee it either so in general how do they stack up so buttercup i think has the least number of features but buttercup's history was it was written basically as a personal tool by the author for his use and and and over time it's kind of grown into one that is starting to become competitive with the big guys like key pass xd and bill warden so yeah i mean i suspect it'll probably gain additional features over time but currently i think it's lacking in these areas where like we don't have fallback codes we don't have multi-factor we don't really have two-factor support um yeah and i i think some of those things are needed today to maintain a password manager but uh yeah keepass a little bit better has a little bit more capability but again i think keepass was really written for an age gone by uh and so today however i think the needs are for additional strength and a different additional capabilities i'm sure that group is very good i'm sure that they will add those over time but that you know their their core focus is an offline utility and it's not likely that they're going to add you know totp or utf anytime soon i don't know about yubikey you would possibly they could use yubikey but even that talks to their service somewhat too so bit warden uh yeah secure local vault only with the premium account so i marked it no for the free password expiration monitor i didn't find one although there is a health check that is in there um one of the things i discovered was about their encryption being shot 256 and so i have some concerns about that multi-factor no so none of these guys are really perfect right um yeah but buttercup written in javascript no thank you i might consider javascript to be a real secure programming language and just because it's written in javascript that creates a security concern of a major variety all by itself so yeah not too keen on that plus with electron it's a little sluggish at times and so yeah not my choice sorry not my choice good idea if you change the language um but yeah javascript poor choice for a security app guys uh keepassxc is a popular linux password manager it works in offline mode but i think its design is going to come up short in today's needs for a mobile app and the ability to sync and so forth and be able to manage 2fa across websites although i you know i think it's going to be multi-factors really if they're going to concentrate it they think they need to go to mfa uh bit warden is by far the better choice with a free account and local hosting you can get that for ten dollars a year so i but i really believe that the 50 year old model for passwords is at an end i think that's rapidly coming to a close and new ideas like microsoft's password environment password less environment and spectres uh password-less environment are probably the ways that things are going to move if it can be proven to be secure i mean that's a big if we you know none of these things exist today and we don't have proof that they're any more secure than what we've got so yeah um but i do think passwords are dead i started out and most of the systems i worked on didn't even have passwords they didn't need them and it wasn't until my junior year that they started adding passwords to the systems because well you know kids being what we are we would screw around with other people's accounts and do funny things to them like change the program that would launch when they'd sign in and embarrass them in front of a bunch of people that were sitting with them so anyway yeah we would do crazy things but and so they i decided to go to passwords to circumvent some of the practical jokes that we used to play i don't think that was the only reason i think there was also some concern on being able to you know keep things private particularly when they were grading um the spectre design team has a philosophy that says saving passwords in an app or uploading them to the cloud that's a recipe for a personal disaster yeah absolutely by golly i uh yeah i believe that and you know i think you have to put this in perspective too you have to look at it this way um to you if you lose your you all these passwords and your and your user ids and anything else in the metadata that's your life i mean that's that's everything all about you and that's that's devastating to you particularly if it's used to steal your identity so and that can be very expensive to try to fix the other thing on the other side on the person that's providing you that service to them you're not that important you're just a security risk assessment so yeah i mean they just they just you're just a part of an equation they don't really you don't probably even move the decimal point too far so i mean that's the one thing i it all really the the only password that can't be lost is or stolen or seized or ransomware left on the bus is the one that doesn't exist and that that is so true i mean if it isn't there you can't lose it so yeah and then the other problem the other thing is the person that's most likely to care about your security and your privacy and your identity is you nobody else so spectre what is it it's free and open source it is not a password manager it is a password cipher what the heck does that mean so it doesn't send passwords across the network it calculates the passwords that you need and only when you need them i know that sounds kind of funny but that's what it does once it does that initial setup for the calculation it throws your password away uh yeah once it's put it on to the other side onto twitter or facebook god forbid you're using facebook but or somebody else then yeah it's yeah it's it's all them so uh but it takes the password gone there's nothing there so there's nothing to lose so it's kind of a ros uh um philosophy or remember one secret and then math does the rest so you can think of it that way ros so why well as you just saw and even marcus today just had a 4.2 million user data spill and so yeah the passwords are being scooped up all the time on websites there's just like a vacuum cleaner out there that just as soon as they find a hole they just suck all of the data out um and totp is vulnerable today there there are bots that are able to guess the the next password and sequence and they're able to gain access to your account even with a 2fa that's using totp 2fa sms has been broken for some time i mean that's easy to hijack so yeah as a cartoon says i don't know which robot is real quick say something at all my husband would know so yeah i mean it's hard to guess who's real um is it a robot that's attacking is coming to the site as you or is it you and that's that's really the big problem here there's no way to really identify you as you so your identity is safe only when the sole gatekeeper is you you don't want to be you don't want it held in a cloud account and you don't want to store your identity on sites that might have unreliable actors i see too many times where somebody is throwing passwords onto a an s2 store on amazon and they didn't even bother doing it to uh to lock it down with a password or encrypt it um corporations and state entities uh corporations as you can you've seen with neiman marcus this are not alone we've had major status bills in all parts of the industry and then we have state entities that have lost data as well either through hacks to get in the site and dumps the data or i remember years ago where people were traveling around with laptops with unencrypted data that had the users passwords for all the people in their organization plus all the people that were affiliated with that state agency your driver's license your everything so and they were left their laptop on a bus and then somebody found him hey look at here i got all this stuff this stuff all this data so yeah not good so spectra's kind of focus is sustainable security should have no loopholes or caveats it shouldn't come with a term as a service that limits their liability it shouldn't be that oh i agree to give you access to all my data and yes you can you can track me all over the internet and that's fine and if you happen to spill all my data out to the world well i will hold you accountable you're fine you're good so yeah that's not acceptable um or uh it's gonna require backups to make sure that if something happens to the data i have a way to recover it but if i don't have passwords to begin with who who cares um i don't expect blind trust meaning that because i sign up for a service i am now blindly trusting that organization with absolutely no input no view into their operations at all so you're just totally blindly trusting them to do the right thing the the password doesn't exist it's mathematically given and it creates a stateless identity that's immune to loss and immune to leaks so yeah it can be generated easily so so that uh brings us to how it actually does and i'll blow this up for you this is how it generates it it takes your full name and then the key that you gave it it's a in this case it's a four a four word randomized sequence of basic uh stuff and then it combines those and creates a user key a 64-bit uh byte 64-byte user key which is then merged in with a site key that comes from the website that you're coming and then it generates the takes the domain name and it generates the password that comes back so yeah and that's the password that gets stored ultimately on the site now what so as you can see as far as your domain of it and the in the graph there's nothing there for you there's nothing there to identify the password with you so how does it work well you sign an inspector you give it the the forward or three word in that last case three word random sequence as your secret and then you go to the website and you put the name of the website into spectra and then you change your old password inspector's password on the if it's on twitter you go to twitter's password change and do it there and then from then on you log into spectra and access the website through there done that's it that's how it works in theory actually under the covers would probably take a little bit of work to come down through the code and see what it actually does so um i don't think i have oh yeah i do have a couple of things so websites are supposed to use one-way hashes to store your password now that'd be like linux right so if you look at your etsy shadow file which and then in there you'll see your name and then the hash for your your password that hash i cannot decrypt there's nobody root nobody can decrypt that past that that hash and determine what the password is there's no way to do it the way that linux works is that when you log in you give it a password that goes in and creates a one-way hash out of the characters that you typed in and then the two are compared if they're the same then you're allowed entry if they're not the same you're dropped and you get to enter it again so that's how it works that's a one way hash they're supposed to use one-way hashes and that makes it harder for the attacker to guess what the actual password is and it forces them down a path where they have to go compare the fingerprint which is what the hash would be to a group of passwords that are similar and see which ones match it takes a lot longer to do that so yeah a little bit harder a little bit a little bit more difficult the other thing websites are supposed to do is use strong cryptographic algorithms and some sites and some password managers are using shot 256 not a good idea a few years ago when sha 128 went over the line when it was dead it's been dead for a while but um when that went over i said i don't think shot 256 is going to be long because it's only double the amount of the amount of characters so i didn't think it was going to be really a long time before it was obsolete and yeah here we are 2021 it's obsolete and some sites are still using it bad idea uh it is pretty quick to crack that so yeah but the real concern is with websites that do things like reduce the password entropy intentionally to make things i guess easy for them and what i'm talking about there is password entropy means that higher entropy means that you use a larger set of characters like i use uh maybe additional upper and lowercase characters and special can i add the additions of special characters and numbers in order to come up with a sequence that's longer and more difficult to hack the shorter ones will take less time and a lot of these sites some of them will say oh you can only have 14 character long passwords they have to be alphanumeric and one upper lower one uppercase character the rest can be lower case but numbers fine but no special characters why why are they doing that that's stupid they shouldn't be putting any kind of limit on the password or limitations where it reduces the entropy because that puts you at risk because it's easier for someone to hack that site and get your password than it would be if it was if there was a higher entropy password so i think that's a bad practice and it's one that we as people out in the community should be scolding them and saying no stop doing that so that's that's my babble for today i hope you enjoyed this look i plan to come back and look at spectre when it goes to rc like i said i don't like i mean i'll do beta software once in a while on exception but i don't like as a rule to to just take a look at it and then find a bunch of bugs in it so um if i'm testing it that's one thing but uh yeah so i have i've done some work i've done i played around with bit warden i played around with uh with keepass i've used on and off because i do use cubes and keepass is centered to that i have spent about a week working with a buttercup even though you know the only it's it's the capabilities of it could be better it could be really good just the language really concerns me that's the only problem i have with that but anyway i hope you enjoyed this today please let me know in the comments below if there's a favorite password manager of yours let me know what it is i'd love to hear what your guys are using and i hope to see you all again real soon uh please like and subscribe the video as always and bye for now [Music] [Music] you

Info

Channel: DJ Ware

Views: 3,513

Rating: undefined out of 5

Keywords: DJ Ware, CyberGizmo, Linux, MacOS, Windows, Firefox, Chrome, Password Managers in 2021, Password Managers, Bit Warden, KeePassXC, ButterCup, Spectre

Id: ExX2IsxlFQo

Channel Id: undefined

Length: 43min 47sec (2627 seconds)

Published: Tue Oct 05 2021