The "To Keep Up" Wiki

A collection of information we find useful

User Tools

Site Tools


security_presentation

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
Next revision
Previous revision
security_presentation [2022.10.09 15:10] Steve Isenbergsecurity_presentation [2022.10.11 15:31] (current) – [How to create hard-to-guess passwords] Steve Isenberg
Line 88: Line 88:
  
 ====How to create hard-to-guess passwords==== ====How to create hard-to-guess passwords====
-If a human is going to guess the password then make it unhuman.  Consider: a password "safe" Here are some free alternatives.  From [[https://www.techradar.com/news/software/applications/the-best-password-manager-1325845|Tech RadarThe best free password manager 2019]] with updates I took from the application sites 20211129\\  +If a human is going to guess the password then make it unhuman.  Consider: a password "safe" Here are some alternatives, many are free or have free options.\\   
-Also see [[https://www.pcmag.com/roundup/331555/the-best-free-password-managers|PC Magazine's picks]]\\  +You can also do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" and look for those with recent information.
-Do a DuckDuckGo (or Google if you're still using Google) search for "Best Password Managers" and look for those with recent information.+
  
 //All of these offer login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.// //All of these offer login and text note storage in a secure vault protected by your master password, and can generate (and store) strong passwords.//
Line 103: Line 102:
 |[[https://1password.com/]]|no free version, only paid, 2wk free trial|unlimited pw & devices, 1GB storage, 2FA.|Individual: $36/yr, Families (5 family members): $60/yr|Mac, Win, Linux, iOS, Android, Browsers| |[[https://1password.com/]]|no free version, only paid, 2wk free trial|unlimited pw & devices, 1GB storage, 2FA.|Individual: $36/yr, Families (5 family members): $60/yr|Mac, Win, Linux, iOS, Android, Browsers|
 |[[https://nordpass.com/]]|unlimited pw, notes also, credit cards|emergency access |Premium $24/yr, Family (6 accts) $60/yr|Win, Mac, Linux, Android, iOS, Browsers| |[[https://nordpass.com/]]|unlimited pw, notes also, credit cards|emergency access |Premium $24/yr, Family (6 accts) $60/yr|Win, Mac, Linux, Android, iOS, Browsers|
- +|[[https://keepass.info/]]\\ [[https://keepassxc.org/download/|KeePassXC]]|* Can run from USB\\ * Many customizable options\\ * A little intimidating? You judge.|FOSS((FOSS=Free, Open-Source Software)) - there is no paid version -- all features in free version\\ Many ports, with different features and UI|Note, no cost. Does not provide place to store the Password Safe, that's up to you|Windows, Android, iPhone/iPad, Mac, Chromebook, Blackberry, Linux, and more|
-|[[https://keepass.info/|keepass.info]]|* Can run from USB\\ * Many customizable options\\ * A little intimidating? You judge.|FOSS((FOSS=Free, Open-Source Software)) - there is no paid version -- all features in free version\\ Many ports, with different features and UI|Note, no cost. Does not provide place to store the Password Safe, that's up to you|Windows, Android, iPhone/iPad, Mac, Chromebook, Blackberry, Linux, and more|+
 KeePassXC is a KeePass port, see Tech Radar's review: [[https://www.techradar.com/reviews/keepassxc]]. It's free but accepts donations. KeePassXC is a KeePass port, see Tech Radar's review: [[https://www.techradar.com/reviews/keepassxc]]. It's free but accepts donations.
  
 Refs:  Refs: 
 +  * [[https://www.techradar.com/news/software/applications/the-best-password-manager-1325845|Tech Radar, The best free password manager 2019]]
 +  * [[https://www.pcmag.com/roundup/331555/the-best-free-password-managers|PC Magazine's picks]]
   * [[https://www.pcmag.com/picks/the-best-password-managers]]   * [[https://www.pcmag.com/picks/the-best-password-managers]]
   * [[https://www.cnet.com/tech/services-and-software/best-password-manager/]]   * [[https://www.cnet.com/tech/services-and-software/best-password-manager/]]
   * [[https://www.techradar.com/best/password-manager]] a good site for reviews of offerings   * [[https://www.techradar.com/best/password-manager]] a good site for reviews of offerings
 +  * [[https://www.techradar.com/reviews/keepassxc]] TechRadar's review of KeePassXC
  
 ====Caveat==== ====Caveat====
Line 141: Line 142:
   * One password to remember   * One password to remember
   * I can use long and complex passwords   * I can use long and complex passwords
 +  * Can keep a history of past passwords
  
 Using a password manager: Using a password manager:
-    * you can create quite long and complex passwords+    * easy to create long and complex passwords 
 +    * you can use long and complex passwords
     * you can create secure passwords and not have to remember all of them     * you can create secure passwords and not have to remember all of them
     * you only have to remember One password     * you only have to remember One password
 +    * you can store your password file encrypted in multiple places including USB drives so it's unlikely to be lost
     * you have all of your important access information in one spot, the encrypted file     * you have all of your important access information in one spot, the encrypted file
-      * (your next of kin would likely find this useful)+      * //your next of kin would likely find this useful//
 ====More About KeePass==== ====More About KeePass====
 //Note that many of these features can be handled/provided by other password manager software, free and at cost// //Note that many of these features can be handled/provided by other password manager software, free and at cost//
Line 187: Line 191:
    
   * I use a DB entry to log changes   * I use a DB entry to log changes
-    * "Last changed 20211201.2007(Dec 22021, 8:07pm) +    * "Last changed 20221009.1817meaning October 92022 at 6:17pm 
-    * Enter change(s) made, eg: "1201: updated CCS entry, new password Kohls"+    * Enter change(s) made, eg: "0921: updated CCS entry, new password Kohls"
     * This I do manually     * This I do manually
     * Helps me synchronize databases     * Helps me synchronize databases
Line 194: Line 198:
   * I use KeePass application to create new entries and login passwords   * I use KeePass application to create new entries and login passwords
     * Passwords typically 14+ characters (upper/lower case and numbers)     * Passwords typically 14+ characters (upper/lower case and numbers)
-    * KeePass tells me if a password is/isn't secure+    * KeePass tells me how secure given password is
  
 Here is a possible password I might use: ''cqLbq2NHcuNmgU'' -- 14 characters, upper and lower case letters, and at least one number.  This one has entropy 82.06 which is deemed "good".   Here is a possible password I might use: ''cqLbq2NHcuNmgU'' -- 14 characters, upper and lower case letters, and at least one number.  This one has entropy 82.06 which is deemed "good".  
Line 209: Line 213:
  
 ====Next: Live demo of KeePass==== ====Next: Live demo of KeePass====
 +on smi macbook
 +
 +  * open, select PasswordExample.kbdx pw=1234
 +  * Save as CSV and look
 +  * Save as HTML and look
 +  * Database>Reports
 ====Questions and Answers==== ====Questions and Answers====
  
security_presentation.1665353403.txt.gz · Last modified: 2022.10.09 15:10 by Steve Isenberg