TekThing 72 – The Password Manager Special: Passwords, Two Factor Authentication, and Securing Your Life Online!

——-
Support us: http://www.patreon.com/tekthing
Amazon Associates: http://amzn.to/1OTcDZn
Subscribe: https://www.youtube.com/c/tekthing
Website: http://www.tekthing.com
RSS: http://feeds.feedburner.com/tekthing

THANKS!
Hak5!: http://hak5.org/
HakShop: https://hakshop.myshopify.com/

SOCIAL IT UP!
Twitter: https://twitter.com/tekthing
Facebook: https://www.facebook.com/TekThing
Google+: https://plus.google.com/+Tekthing/
Reddit: https://www.reddit.com/r/tekthingers

EMAIL US!
[email protected]
——-
Passwords!
Theme episode! The theme is passwords. And password managers. And Two Factor Authentication… we’re gonna talk about ’em all, some great rules for using ’em, sharing ’em, and more, ’cause all of these things work together to protect you, your data, your fiances, your Snapchat, Facebook, and Twitter accounts.
https://en.wikipedia.org/wiki/Password
https://en.wikipedia.org/wiki/Password_manager
https://en.wikipedia.org/wiki/Two-factor_authentication

What makes a good password?
The ever so awesome KrebsOnSecurity blog has as good a set of rules as any… we talk you through ’em, why they mean most folks should use a password manager and more in the show!
http://krebsonsecurity.com/password-dos-and-donts/

Write Down Your Passwords?!?
Security pros like Bruce Schneier have been saying for over decade that you should write down your passwords and keep ’em hidden, say, in your wallet, if you can’t remember complex enough passwords… is this crazy? We talk it out in the video.
https://www.schneier.com/blog/archives/2005/06/write_down_your.html

Password Managers
LastPass, KeePass, Dashlane, 1Password, Roboform… what do these all have in common? They’re all password managers! So they all help you make strong password managers, store ’em securely, and auto enter ’em when you load websites. Which should you use? We talk local password storage vs. storing ’em ‘in the cloud’ and more in the video!
https://1password.com/
http://keepass.info/
https://www.roboform.com/
https://www.dashlane.com/

Moving Between Password Managers
Wondering how to move between password managers? It’s all about exporting and importing… we show you how it works with LastPass in the video.

2FA, aka Two Factor Authentication
Whether you call it multi factor authentication, 2FA, two factor authentication, it’s all about making your accounts online more secure. We explain what it is, how it works online, 2FA you probably already use (PIN numbers and ATM cards from the bank!) and hardware options like Yubikey in the video!
https://www.yubico.com/products/yubikey-hardware/
https://www.rsa.com/en-us/products-services/identity-access-management/securid/hardware-tokens :
http://2fa.com/tokens/

Do Something Analog!
Remember … once in awhile… put down the phone, step away from the screen, close the laptop… and do something analog, like go fishing!!!

4 Comments

  • Jeff Root
    Reply

    My bank does NOT provide TFA. Or, to be precise, it only provides TFA for the _mobile_ app. Since I can’t think of a worse thing to do than trust the security of my phone, I don’t use the mobile for any banking. Thus, my most important account, my bank, has the lowest level of security.

    Amazon, on the other hand, loves to accept my FreeOTP authenticator, which provides both HOTP and TOTP authentication.

    It’s probably a good thing to explain to listeners/viewers that OATH, which hides behind those “log in with your FB account” buttons is not at all secure. They tried, but they missed.

  • Tim LePes
    Reply

    Just recently it seems, YubiKey had decided to switch from using Open-Source PGP to using a closed-source implementation. What are your thoughts on this? Do you know of any similar products which are open-source?

    I am of the belief that “more eyes” makes for better security. I also think it is important for people to understand the implications of using on-line services as opposed to local applications. So I am happy to see you bring up the point with LastPass. I will say that you give the impression that KeyPass is “scary” complicated. Maybe it has lots of options available. That can be a good, or even great thing. I guess the real question is how hard is it to get started with KeyPass? Is there is a sane beginners’ guide? I guess I may find out on my own as I am interested in giving it a try. Below is a link to a TechCrunch article about YubiKey’s change away from open “sauce”, which in turn cites a thread on Git Hub with some comments from someone within YubiKey relating to the closed-source move.
    https://www.techdirt.com/articles/20160515/02094934446/bad-news-two-factor-authentication-pioneer-yubikey-drops-open-source-pgp-proprietary-version.shtml

    All in all, great show! Thanks!
    Tim L.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>