3 CRUCIAL Levels of Password Security (from EASY to INSANITY!!!!)
Vložit
- čas přidán 12. 07. 2024
- Where does your password strategy fit in these three different levels of security? See where you rank and learn some simple tricks to make your online accounts even stronger.
Resources Mentioned in this video:
▶ Password Journal (Amazon): geni.us/password-logbook
▶ 1Password: www.allthingssecured.com/try/...
▶ OnlyKey: onlykey.io/allthingssecured
*affiliate links
If you care about your personal security and privacy online, download my free security checklist here:
✅ Security Checklist: www.allthingssecured.com/secu...
🔹🔹🔹What You Should Watch Next🔹🔹🔹
We've got a lot of great privacy- and security-related content here on the All Things Secured CZcams channel (although we admit we're a bit biased). If you're wanting to increase your online cybersecurity, here's what's next:
✅ How to Create a Strong Password You Can Easily Remember (3 Strategies): • How to Create a Strong...
✅ Password Manager HACK that eliminates the risk of a master password! • Password Manager HACK ...
✅ What is a Password Manager? Simple Explainer & Setup Tutorial: • What is a Password Man...
🔹🔹🔹Help Support All Things Secured (Recommended Services)🔹🔹🔹
If you enjoy this kind of practical security and privacy content, one of the best ways you can help support this channel is by using these affiliate links to our favorite products and services. When purchasing through these links, you not only get the best available deal, the companies will also pay us a small commission. Thank you for your support!
✅ Recommended Password Manager: www.allthingssecured.com/yt/1...
✅ Recommended Identity Monitoring: www.allthingssecured.com/try/...
✅ Recommended 2FA Security Key: www.allthingssecured.com/yt/y...
✅ Recommended Secure Email: www.allthingssecured.com/try/...
✅ Recommended VPN: www.allthingssecured.com/try/...
*********************
Video Timestamps
*********************
0:00 - Are Your Passwords Really Secure?
1:17 - Level 1 of Password Security (writing them down)
3:05 - Level 2 of Password Security (password manager)
6:22 - Level 3 of Password Security (physical key passwords)
*********************
In the cybersecurity realm, keeping your online accounts safe is dependent on the security of your passwords. In this video, I'll share with you the three levels of password security, including tips on how to minimize your risk with each one.
#password #passwordsecurity #cybersecurity - Věda a technologie
Where do your passwords fit in these three levels of security? Leave a comment to let me know and if you want to check out the resources mentioned in this video, the affiliate links are here:
▶ Password Journal (Amazon): geni.us/password-logbook
▶ 1Password: www.allthingssecured.com/try/1password
▶ OnlyKey: www.allthingssecured.com/try/onlykey
I personally use BRIWPED simply because instead of remembering my passwords it also encrypts it so that it always secure even on third party systems. I use it on Brave, Chrome as well as Firefox
Thanks for sharing! I'm not familiar with that.
@@AllThingsSecured Well you can find it on Add-on web stores
I used to have a "standard password" for all websites, sort of a backbone to work from. Then I would apply an algorithm to it, a sort of hash that is based on the website domain name. In this way, every website has its own rather unique password that I dont really even know and couldnt recite if I wanted to, but could always generate when I needed to. Its unlikely anyone who comes across my password by hacking a website or keylogging me would know either my seed password or how to encode it for any particular website.
I have moved away from this though.
Let's appreciate this guy's efforts making these videos for us paranoid mofos
😂🤣
Remember... Just because you're paranoid, doesn't mean they're not trying to get you....
At 5:35 "that crazy scenario where my password vault somehow gets hacked" Ya well, it has happened with LastPass and some other password managers, where vaults have been cracked after a leak in 2023, following by a slew of phishing attempts based on the stolen data. Offline password managers tend to be safer while giving up a little convenience, since there's no chance of being leaked online. Of course it all depends on the security employed by the user when storing the vault file offline, including the storage locations and the master password.
The bottom line is that as long as it's stored offline only, there's a lesser chance of getting hacked. For example storing the vault file on an encrypted SDcard in your phone or internal storage if there's no SDCard slot, basically provides double encryption, once by the phone and second the master password in case it gets lost or stolen. Needless to say, backups must be made on several SDcards stored at multiple physical locations and updated regularly.
Regardless of using online or offline password managers, if a particular website gets hacked and the login data gets decrypted, no amount of effort and due diligence by a user can prevent that.
Taking 2 small sheets of paper, write your passwords down on each. Roll the sheets of paper tightly. Slide each roll into a pocket size tube. (an old lipstick tube would work great as would a straw) Give one to your loved one(s)
Great advice. I used to store passwords on a spreadsheet on an encrypted USB stick that was securely stored. Eventually I found this was inconvenient for logging into accounts on different devices, and I still had to think of new, unique passwords myself. I've now moved over to a much more secure and convenient password manager, it took a couple of sessions to add all accounts and update all passwords, but it is so worth taking the time to do so
Second lvl looks good for a common person its more compatible to alot of users thats what i like to say
I would agree.
That intro was all my problems before i found this channel. When i saw 1 video i instantly subscribed.
Thanks, Dino!
Great advice as always.
Thanks, Gabriel!
New subscriber here. I really appreciate channels like this. I would love for this subject to spread.
Thanks so much. Welcome!
@@AllThingsSecured No, Thank YOU
secure keys are obviously the best possible option out there . at first I though it was a waste of money when I purchased 3 secure keys . 2 of them USB A NFC and one UBC C NFC . in total I spent 90£ but the peace of mind that they offer is priceless
Holy Smokes!!!! That double blind password idea is a Game Changer! I'd have never thought of it...
I really like the idea of storing the first 3/4 of a password in a password manager and then manually adding a few characters at the end. That's a really good idea. Thank you for sharing.
Glad to hear it was helpful!
The trick is that you don't want to over do it. If you did it for all accounts, then soon enough two such passwords could leak and reveal that typed chunk. That's why I suggest you only do this with critical accounts (email, social, banking, domain registrars) together with a hardware key for (at least) those accounts.
Brilliant video, never heard of double blind passwords before, excellent advice, just to be sure, to be sure...
Thank you for the comment!
I am also a Bitwarden user and the one thing about companies like this is that they are a target, so if they aren't trustworthy and secure we would hear about it from the Web. That kind of thing would be hard to cover up and if a company tries to, they may as well shut the doors. I bounced around and I am of the mindset that in this day and age you should not have to pay much for a password manager... I also use Keepass as a backup locally, just export and import every so often. Also I have been enabling Authy for 2FA where possible, but what irks me most is that most financial companies don't have an option for hardware level 2FA, like the Yubikey. In fact most don't even support TOTP. It is coming along from what it was but TBH we need to have better support as consumers to bring internet security into the forefront of everyone's mind.
Yes, it irks me too that banks and other financial institutions have been the slowest to adopt the best security practices.
Thank you for this great video
Glad it was helpful!
Loved the intro - so true 😅
😂 😆
The fact you mentioned the OnlyKey means you get an insta sub from me. I love the onlykey soo much
Ha! I’m glad you like it.
I made my own offline password manager/generator, works the best for me.
You coded it yourself?
Great video 👍 Yubikey or Onlykey then?
I use them both, but my preference is Yubikey.
Password manager is more then enough + if one can add another double blind method that's what is already insane level of security! 😀
👍🏻👍🏻😎
I use the lvl 1 method. Although I don't put all of the actual password in it. Instead of hints, I replace some characters with asterisks or underscore for the majority of the characters and leave some correct ones just enough for me to remember them. I also have a backup for my passwords in another secure single sheet of paper that I have at all times.
Also, my password are kinda random, jumbled mix of alphanumeric characters (with lower/uppercase). If the site that uses my password allows it, I try to have at least 12-20 characters long passwords for it (or add some special characters to it for the added security).
Sounds like a good system!!
*Most password manager apps required PC for setup and import export data and are not mobile friendly.Josh it would be great if you make video password manager apps dedicated to mobile devices*
1Password, Dashlane, LastPass and others are all mobile first apps and they’re really easy to use!
Love your double blind advice
Thanks, Gordo. Glad it’s been helpful.
You can sync keepass with cloud storage. 😉
Very cool. Thanks for sharing.
You're a handsome guy. That reason alone made me to like and subscribe lol
Gee…thanks?
Please look at Yubkeys and their passwords functions. Cheers for your work !
I have!
If a keylogger was to be secretly installed on your computer, what are its capabilities? Obviously, if you type your passwords it will capture the keystrokes. What about copy and paste, or automatic insertion from your password manager and finally can it intercept the long button press from a Yubikey? Love your videos, thanks so much!
Multi-level keychain isn't such a bad idea, encrypt your password with password with another password.
One overly paranoid method is one you can just hide in plain sight that nobody would even be able to suspect, and that is encrypting your logins within another file, or at least the private keys that you want to keep secure, maybe a password vault that can be updated into a file each time something is added or removed from the list. I'm talking the use of Steganography, one that can hide something encrypted in a file that nobody will ever suspect, be it an image or word document, a your favourite PDF of sorts that you like to read. But anytime you need access to your hidden vault it decrypts it for the duration you need it to be unlocked, before removing itself and keeping it secured.
Interesting idea. Thanks for sharing.
I use bitwarden. I was skeptical at first but your double blind password strategy video really convinced me. What are your opinions about bitwarden? They say the online database is encrypted. Can i trust them?
@Shun Goku Satsu Your comment is making me paranoid again lol.
How many times have you heard news about a password manager getting hacked? I mean, I know that's not the best way to judge their security, but it's worth thinking about.
Sometimes paranoia is just adding more locks to a door that's already locked shut. You have to consider where you draw the line. Personally, I've decided to trust password managers (and that goes for Bitwarden as well) and just make sure I add extra security for my most important accounts (i.e. the double blind password or 2FA).
Best solution is Keepass with the database on Dropbox. Offline but online at the same time and accessible at all times with automatic backup. I access it on my computer and phone with ease.
Option 3 looks easy for me ...need more assurance when it comes to internet security..
Whatever works for you, Kevin!
I have a little bit of redundancy going on! :)
1.All my PW's are saved in aWallet offline PW manager (set to delete and override all data after 3 incorrect login attempts. I offload those .csv files to a physical-pin code protected thumb drive; as well as store them in my Samsung SSD encrypted portable drive (kept somewhere else).
2. I also use NordPass for more important online accounts (except for banking & investments), which makes it convenient across devices and most website/ app logins.
3. Finally, I use iKeychain (when on iOS device) for those lesser important online logins; mainly online food ordering- LOL.
Haha! Sounds like a good method.
What’s your opinion on iCloud Keychain?
It’s has a good track record. I just haven’t used it much so I don’t have much of an opinion yet.
What is your opinion on Apple new privacy features for mail and private relay?
Still doing my research. I’ll be publishing a video with my thoughts later, so I’ll let you know then 👍🏻
I have different PWs for different type of sites or accounts, ranging from simple words for free games to pass phrases.
That’s good. You definitely don’t need to treat each online account equally.
I use the password generator that comes with my ExpressVPN subscription and I save those passwords in my samsung notes folder that's inside my "Secure folder" which is protected by a screen pattern lock
Sounds like a good strategy for you, Ryan. Thanks for sharing!
@@AllThingsSecured Until his computer craps out! Backup, backup, backup!
Hey can you do a video about safe browsers ?
It’s on the content calendar 👍🏻
Apricorn ASK3Z, Ledger Nano X and Lastpass
That’s specifically for your crypto? Or all your passwords?
@@AllThingsSecured Well Ledger is only for crypto, the other 2 for all passwords and backups, then also offline in safe and secure location
Offline password manager + manual cloud sync is my choice
Glad you’ve found a method you like!
Question. Level 3. Iam thinking about this type of PS, looking at yubikey, not sure I can even buy something different where I live, so - Is it possible to buy already compromised physical key? This thing is really bothering me for some reason, what If I buy this key from some reseller, it would be in a pretty box, looks just like new one, but its already "hacked" somehow, lets say it will send everything as soon as I plug it in... speaking about paranoia :)
Ha! Definitely paranoia. I think it would be very hard to hack the device itself without great effort and expense…unless you’re being targeted for something, I don’t think they would do it for random people.
Hope my system will make you chuckle .
I use up to a 4 stage verification. A) fingerprint, B) Iris, then C)Password or D) for financial matters and system generated code is texted and entered.
Password is changed monthly comprised of 21 digits and must include numbers, caps, lower case and special characters. As ex-airforce I use airports, there are 43,982 airports around the world ( and since key military and civilian airports are in my head) and no I won't explain the system for determining the airport to start with ) + series of up to 7 numbers + up to a 5 character word +and 3 special characters. We tried to brute force crack the passwords in our company IT lab and we couldn't break it after 4 days. Can someone eventually break it, probably but you've only got 30 days. Downside is if I ever get dementia I'm screwed.
Wow…you’re nuts!
@@AllThingsSecured ha, ha, ha - maybe so. But I worked for a Fortune 200, in a highly regulated arena, as its negotiator and sat on its security committee until 4 years ago when I retired. 6 years ago I personally experienced an identity theft ( total breach - banking, taxes, etc) which took over 3 months to resolve. Since this protocol was implemented, touch wood, not one successful breach. So as crazy as it is I'll stay that way because it works .
Hmm, double blind PWs, might give that a try, thx
Let me know how it goes!
There is a question I have been asking my self about I hope you could answer it
Password manager encrypt all passwords in my vault with my master password right ?
Ok what if I changed my master password then all of the password which were encrypted in my vault how would I decrypt them and I have a different key now what if i was storing a large file on the server also
Changing the master password wouldn’t lock you out of your current passwords. In order to change to a new password, you would still need to have the old one.
When you took out the physical key, I immediately thought what if someone kidnaps you? I guess with the deadman's code, in that situation, your accounts will be safe. I don't know if you'll be safe though
Ha! If someone is willing to go to that length, these security measures may only be as good as your willingness to endure torture.
I bet *Family* is the strongest.
Family?
I'm all for the best level of security. Problem is I am not tech savvy enough. I become unsure of myself when trying to follow the necessary steps.
Yea, and you’re not alone. Find where you’re comfortable and then make that as secure as possible.
I thinkWhats best and expected more to know about are waysor apps or software‘soo ways to make it difficult for scammers to target you and ways to block and keep scammers away from you and specially these phishing attack and how to prevent it and stop it Wish you could give B more info and on these kinda things that people are daily are victims if ita don’t scam calls it doesn’t end you know
Thanks for the suggestions!
*All the password manager apps you suggested all required pc for setup only dashlane is mobile friendly out there to transfer and sync data.Kindly make one video dedicated to password manager app that is easy to setup and export import data on mobile only*
I installed 1password,zoho vault and lastpass all of them have no option to import data in mobile it really sucks
You don’t need a computer to setup 1Password.
First off, if I were desperate or foolish enough to write down my passwords. I could easily buy composition book from almost any store in m y immediate area. Depending on the quality and or quantity of pages. $2.00 to $5.00.
An encrypted database. Better choice.
my wireless carrier wants me to move to an password app called ZENKEY - i guess it can manage all my passwords on my phone - any thoughts?
I’ve never heard of a wireless carrier promoting a password manager…perhaps they have an agreement? Either way, I do t know if they’re any good because I’ve never used them.
Please,make video on best and secure keyboard for Android.😇
Keyboard? What kind of security concerns do you have?
@@AllThingsSecured
I use Google keyboard, so I want to change my keyboard and want to move to more secure keyboard than Gboard.
I see. Thanks!
@@suvarnagadekar Openboard and Florisboard
This is perfect for elders with dementia
👍
You could call the double blind method 2FA
I guess in a way it is.
Im going to go ahead and guess at time 0:55 that I am rated at the insane level.
7:53 I was wrong. Im past the insane level and left you behind. Elevate yourself to a level 4, my man. Then we can talk.
Ha! Please, do tell what level 4 would be. I’m genuinely curious to learn.
@@AllThingsSecured Hey, I try to respond but youtube keeps censoring half my posts...
... I dont know what the deal with youtube is. I can post one liners but anything more gets auto censored.
I just use the google password manager lol
If that works for you, great!
2:41 Wait...how did you know my password?💀
😂 😆
you don't need a password manager to create good passwords, there are lots of random password generating sites
Very true! And you don’t even need a random password generator to create good passwords. It’s all about what is most convenient for you.
Guy with 45 automatic pointed to your head: "Log in or your brains will be splattered!"
YOU: "YES SIR!"
All the fancy password stuff can be screwed if someone REALLY wants your shit.
If it's a .45 the guy is probably 90 years old and senile. He won't remember anyway.
Yes and no. If I secure with a 2FA key, and I don’t keep that key on me if I go to a dangerous area, there’s nothing I can do to unlock the account.
Once upon a time i had a passwordmanager on my ipad. But than apple poisoned my app and said it was not compatible anymore.
What version of iPad and which password manager?
1passe on ipad air 2
The only password managers I have heard of that gets hacked. Is a user who used a garbage password.
Good point.
I use my dog's name, which is 123456.
I don't know, Josh. I appreciate that you bring up things most of us don't really study that much such as VPNs and Password Security systems, but it bothers me some that you get kickbacks for your recommendations. It is pretty dicey as to how much you are looking out for us, and how much you are looking out for your sponsors. I know a guy has to make a buck, but maybe Patreon sponsorships?
Additionally, I would never buy a book that shouts "Here's my Passwords!!"
Hey Steve, I appreciate the feedback. Really! I’m sharing with you what I use - many of the companies, such as OnlyKey, don’t even know that I’m using their products. I bought it with my own money and the link I share is to Amazon where yes, I do get a small commission.
In the video, I’m doing my best to share with you multiple options and telling you what I’ve decided on personally. My goal is to provide information that allows you to make your own decision and I certainly don’t want it to feel like I have a conflict of interest. So would you rather I not mention any specific products?
@Steve Ipsen Are you allergic to money?
This is an ad for your affiliate link. How can you offer truly independent advice that can be trusted while you take a kick back from the product. I appreciate some of the advice you give in some videos but only advice that is not associated with a product kick back.
Dude the guy has to make some extra bucks to pay for bills too. He didn't even talk that much about the affiliate link.
@@juanthird Sorry but I believe when pushing security based services the advice must be financially non biased. It’s like getting finance advice from a broker that’s pushing the product to get the kick back. I think we all know how that works out.
Thanks for the feedback (and the defense from Juan). I appreciate your view here and not sure I would be able to convince you otherwise, but here goes anyway:
I’m trying to present information here that allows you to make your own informed decision. You can write your passwords down for all I care, as long as you understand any risks and ways to make it as secure as possible.
1Password doesn’t pay me to talk about them. They are the service I use, and that’s what I tell you in the video. I bought the OnlyKey with my own money and the company doesn’t even know I’m talking about them. I don’t even really love using the product, and I say so in the video, but if you want to help support the channel, you can use my affiliate link.
So I guess my question to you is this: would you rather I not mention any actual products? I could take sponsorships, but don’t you think it’s better that I just plug the products I genuinely like and use?
@@AllThingsSecured I can appreciate the approach to offering information in the video. I also recognise the issue of keeping passwords, I look after my own and 2 other family members that I care for.
CZcams has become affiliate bloated and although that’s a bit of a given, when it comes to matters like security or the almighty dollar my antenna goes up. Not a week goes by where I don’t get roughly a dozen scammers trying to get hold of my information, no doubt I’m not alone in that.
I guess put simply if someone is encouraging me to try a method of giving all my passwords to a third party application then I want to know there is zero conflict of interest. Even if in that promotion safety options are explained as you did, and did well. Maybe I’m just a cynical old bastard.
I would question though whether by giving passwords to a third party application, especially banking passwords, would breach the terms of the banking contract and leave you with no recourse in the event of that information being compromised. No different though to writing them down and having that physically compromised. We live in a time where even while tucked up in bed someone might be shafting us.
Thank you for the information provided in your videos, but an online password manager is not for me.
04:40 so nobody will know their password 🤔
The trick is to be so poor and pathetic so that even if someone has all your passwords they wont use them
Ive mastered this principal :)
Ha! I get what you're saying, but you have to remember that even your identity is worth something to a hacker, even if it doesn't seem valuable to you.
@@AllThingsSecured yes that's true :) I was being facesious. Crimes can be committed in my name even if I don't have any money or influence.
to re-phrase wargames: the only secure way to use passwords is to not use them at all
a way better way are zero knowledge proof and a-symetric crypto
EXCELLENT strategies!!!😄👍 - I’ve used 1Password for YEARS (and I LOVE ❤️ it).
But, I still use the [older] App [1Password], versus the [Newer] 1Password Online (web based) version, that the company has recently changed over to.
My “syncing” is done via DropBox (which was, again, a service used in the past).
I guess I’m just an “Old School” [Dinosaur], who would rather not deal [100%] with the Cloud ☁️
THANKS AGAIN (for your smart analysis 🧐👍)
Glad it was useful! 😉🙏
This did NOT age well. LastPass was breached and vaults were copied.
1Password protected with two Yubikeys. 2FA on important accounts also with the Yubikeys if supported. I was a big LastPass Premium user for many years but switched to 1Password after feeling like I had to push LastPass into doing what it is supposed to do all the time.
Very nice. Thanks for sharing, Timothy!