The "To Keep Up" Wiki

A collection of information we find useful

User Tools

Site Tools

Trace:
security_topics

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision		Previous revision
Next revisionBoth sides next revision
security_topics [2021.02.02 06:08] Steve Isenbergsecurity_topics [2021.02.02 06:30] Steve Isenberg
Line 2: Line 2:
 This page last modified ~~LASTMOD~~ This page last modified ~~LASTMOD~~
  
 +====Summary, or How I Secure and Use Secure Passwords====
 +For what it's worth, I use KeePass and on multiple devices.  I will summarize below.  Note, there are no costs (to purchase or recurring) for any of the following (further down on the page some items may have a cost and it is noted).  //These are my practices and I'm only putting them here for readers to consider when setting up their database security system. You should do what you feel is best for you.//\\ 
 +The major benefit for using a password manager are: (1) You only have ONE password to remember, and (2) You can use Long and Hard to guess passwords Easily
 +  - KeePass refers to both (a) an encrypted database holding information and (b) the name of one application that can access the database.
 +  - A KeePass //database// can hold
 +    - Logins and password
 +    - Other information you feel useful, such as: Social Security numbers, Secret passwords (answer to "what was your first dog's name"), telephone numbers
 +    - Past passwords.  Date you started to use a given password.  
 +  - There are many applications that can access a KeePass database.  You choose one that is available and that you find works for you.
 +    - On my iPhone, I use or have used: KeePass Touch, KeePassium, MiniKeePass
 +    - On Windows (a while ago) I was using KeePass2
 +    - On Mac OS X I'm using KeePassXC
 +  - When I first started using KeePass, I would keep the database on a USB stick and copy it to/from any computer I was using to access/modify the database.  The risk of course is that the database might differ on different machines or that I might misplace the USB stick.
 +  - Then I started using Dropbox to hold the database.  This way I could access the KeePass database from any machine or phone that could access Dropbox.
 +  - Then Dropbox started restricting free use to 3 devices.  Then I switched to storing it on iCloud, and periodically copy it from iCloud to: Dropbox, pCloud, and into Documents directory on the machine I'm using.
 +  - I have an entry in KeePass with a name I modify that indicates the last important change I've made to the database.
 +    - For example: "Last Changed 2021 0202.1003" so I know the last change was Feb 2, 2021 at 3 minutes after 10.
 +    - This way I can see how current a database is on the other devices and determine whether I need to update it on that device.
 +  - I use the KeePass application to create new entries and especially passwords for logins.  My passwords are typically 14 characters or longer and the KeePass application considers them secure.  
 +    - Here is a possible password I might use (and it's one I am not using): ''cqLbq2NHcuNmgU'' -- 14 characters, upper and lower case letters, and at least one number.  This one has entropy 82.06 which is "good".  
 +    - This one: ''M6dehfJRn7dz7lM82K'' has entropy 101.60 and is considered "excellent".
 +    - Using a password manager you can create quite long passwords
 +    - Using a password manager you can create secure passwords and not have to remember all of them
 +//There are other capabilities of a KeePass password manager like autofill (it'll copy and enter passwords for you) and URL entry (it'll enter your site's URL into your browser), and more; but I do not have experience with these.//
 ====Care and Maintenance of Secure Passwords==== ====Care and Maintenance of Secure Passwords====
 The idea for this started when I heard that someone had someone access their Facebook page.  It's possible this happened because Facebook passwords were stolen but it's also that the password was guessed.  Let's explore ways that passwords are compromised and how to protect your passwords without causing unnecessary effort on your part. The idea for this started when I heard that someone had someone access their Facebook page.  It's possible this happened because Facebook passwords were stolen but it's also that the password was guessed.  Let's explore ways that passwords are compromised and how to protect your passwords without causing unnecessary effort on your part.
Line 40: Line 64:
 ===How to create hard-to-guess passwords=== ===How to create hard-to-guess passwords===
 If a human is going to guess the password then make it unhuman.  Consider: a password "safe" Here are some free alternatives.  From [[https://www.techradar.com/news/software/applications/the-best-password-manager-1325845|Tech Radar, The best free password manager 2019]]\\  If a human is going to guess the password then make it unhuman.  Consider: a password "safe" Here are some free alternatives.  From [[https://www.techradar.com/news/software/applications/the-best-password-manager-1325845|Tech Radar, The best free password manager 2019]]\\ 
-Also see [[https://www.pcmag.com/roundup/331555/the-best-free-password-managers|PC Magazine's picks]]+Also see [[https://www.pcmag.com/roundup/331555/the-best-free-password-managers|PC Magazine's picks]]\\  
 +Do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" and look for those with 2020 or 2021 information.
  
 All offer unlimited login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords. All offer unlimited login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.
security_topics.txt · Last modified: 2021.12.22 10:51 by 127.0.0.1