The majority of people tend to use crappy passwords, they reuse them on different sites. How do we get around this? The solution is a password manager.
Password managers store your login info for all the sites you use. They can also help you log in automatically. They encrypt your password database with a master password. This is the only one you have ever have to remember. One password to rule them all.
Using passwords again and again is a serious problem. Any password leaks, which happen almost every year even on large websites can leave you vulnerable. When your information (password) leaks, malicious individuals have email, username, and passwords (among other info). If you have been using the same login info everywhere, a leak of one website you could have signed up to years ago, could make all your accounts vulnerable. If someone gains access to your email account this way (probably the worst one to get compromised). Then they could use password reset links on all your websites. Worst being banking or Paypal.
To prevent a password leak being so harmful and damaging. You need a unique password for every website. These should be really strong, long, unpredictable and a unique passwords that contain numbers, symbols, uppercase and lower-case letters.
The average person has tens of different passwords, if you are a bit of a nerd you might have hundreds. How are you going to remember all of these? Remembering multiple strong passwords is nearly impossible.
That is why a password manager will take a load of your mind. Freeing up that brain power for better more productive things.
When creating a new account, you can use your password manager to generate a secure random password. Some password managers can also be configured to automatically fill information in for you. Like your address, name, username, email address, and password into web forms.
Why browser-based password managers are not ideal.
Web browsers such as: Chrome, Firefox, Internet explorer (Ew), and others all have integrated password managers. Each browser’s built-in password manager is no where near as good as a dedicated password manager. For one thing they store your password on your computer in a plaintext form. NO ENCRYPTION. People could access your computer and easily view them. Unless you encrypt your hard drive.
A dedicated password manager will store your passwords in a more secure encrypted format. Helping you generating random passwords, and allow you to easily access your passwords across different devices.
One of my favourites, is KeePassX. I admit it is not for everyone. Some people prefer cloud-based password managers, and that’s fine. But KeePass/KeePassX is popular because you have full control of your database.
There are also browser extensions and mobile apps for keepass. KeePassX stores your passwords on your computer so you remain in control of them. It I open-source, so you could edit/audit the code if you wanted to. The only downside is you are responsible for your passwords and syncing them between devices. Slight inconvenience for heightened security. In my humble opinion off course. You can use a Dropbox to sync the database, or even email. Or the old USB stick.
After installing a password manager, you will most likely want to start changing all your website passwords to more secure ones. Especially if you did not use a password manager before.
The database is stored in an encrypted secure form. Everything from credit card numbers to secure notes. All data you store in a password manager is encrypted with your master password.
You can also set timers to remind you to change your password frequently. I would highly recommend this.
Below I am going to show you how to install KeePassX on both Linux and Windows. I will be installing this on Kali Linux as part my Kali Linux series of blogs and videos.
Installing KeePassX on Windows 10
- Google KeePassX
2. Select the latest version
3. Go to the downloads page
4. Select the windows version
5. Extract the file. (Right click and use 7zip to extract)
If you do not know how to install 7zip check out my blog on how to install Kali Linux 2020.4. Installing 7zip was the first step in this process.
6. Once you have extracted the Zip folder simply open it up and click on KeePassX.exe
7. Click on Database > New Database and Pick a master password.
This is the only password you will ever have to remember. So make it long, Add some numbers, special characters, and a mix of lower and uppercase letters.
8. From here you can right click Root > edit group to rename your database. Or click on Entries > Add new entry. Or you can click on the yellow key with the green arrow symbol.
9. So this is where you enter all the details for the account.
10. Clicking on Gen. Will bring up the generator (coolest feature)
11. This will generate a new secure password for you to use with any account. There are Character types to select from, you can change the length and much more.
Installing KeePassX on Linux
- Run the command
apt-get install keepassx
That is it, gotta love Linux. You can open it from your application list.
And just type KeePassX in your terminal and it will open up.
Check out my YouTube video on this!
No comments:
Post a Comment