How to Use a Password Manager

A strong password looks like this:

That’s difficult to brute force, and a dictionary attack won’t work on it… but how do you remember this?

You don’t – your password manager does.

Here, I made a fake one to show you, this is inside my manager.

How it works:

1 – make 1 master password, like 25 characters long, write it down on paper, and ideally, memorize it
2 – use that master password to log into the manager. That’s it, no more remembering from here on
3 – use the password generator to create a unique password for each site you log into

Add login information, notes, click okay to save.

Each time you log into a site, you’ll go to your manager, copy the password, back to your browser, paste, done.

4 – routinely backup the database, and store it on 2 USB keys in 2 locations (why? Here.)

Which manager program to use?

Here’s a shopping list:

– 256 encryption minimum, AES-256 (Advanced Encryption Standard)
– ideally the backup file is encrypted
– has the ability to exclude certain characters when generating passwords
– can sync between devices
– be wary of plugins that are independent of any software
simple is best! It’s like a car – the more features it has, the more there is to break

Possible Programs:

– KeePassX – open source

– 1Password – (a Canadian company!)

– Password Safe – open source

Important: this is not an endorsement any of these programs, do your homework

This post has been brought to you by Nuix and KeriBlog.

Meet Nuix here.

 

 

Auto Security 40 Years Ago

If I was blogging about auto security back then, here’s what I’d be saying.

– when parking, turn off the ignition and take the key with you

– when returning to your parked car, make sure both your licence plate and VIN number plate aren’t missing

– remember to add a gas line shut-off lock

– they had car alarms back then

***

Blog tag = auto security

 

 

Why an 8-Character Password is Not Enough

Take a common password8 characters in length, composed of 1 word, 1 numbers and 1 punctuation mark:

The Attack

Using a script (a program that automatically executes tasks instead of a human), the script starts to guess all possible 8-character password combinations. This will take about 3 days.

This is a brute force attack – very little elegance, just plain old grinding it out.

The More Sophisticated Attack

Using a dictionary attack, again the attacker runs a script, but this time instead of random guessing, dictionaries of words are tried first, specifically, the most common password words are tried.

See yours in here?

The Defence

Choose 3 obscure words, string them into a sentence separated by punctuation and numbers.

***

This post has been brought to you by Nuix and KeriBlog. Meet Nuix here.

 

 

Never Call when This Happens

Kind’ve clever eh: a real-sounding URL, “Support for Apple”, and a toll-free number, how nice for someone else to foot the bill.

The Attack

Pop-up window appears > you call the number > whomever answers is skilled with words > you’re tricked (social engineered) into doing something stupid, like providing a password or downloading a malicious file.

The Defence

Never call. This will never happen.

***

See also: You’ll never win a contest via text

 

 

Defeat New Car Tech by Using a Wire & Wedge

I was locked out of my car at the airport a few weeks ago, and had to call for help.

A gentleman showed up with these primitive tools, and as I watched I realized how ironic that all the electronic this and automatic that can be defeated using a wire and rubber wedge.

How it works:

1 – jam the wedge between the door’s window jam and frame, creating a gap
2 – slide the wire through the gap
3 – use the J-hook on the end of the wire to unlock the door

Sorry for the grainy photos, it was like:

Guy – woah wait, are you filming this?
Me – no no, they’re just photos, it’s okay.