Where do your passwords fit in these three levels of security? Leave a comment to let me know and if you want to check out the resources mentioned in this video, the affiliate links are here: ▶ Password Journal (Amazon): geni.us/password-logbook ▶ 1Password: www.allthingssecured.com/try/1password ▶ OnlyKey: www.allthingssecured.com/try/onlykey

@mlungisindlela491

2 жыл бұрын

I personally use BRIWPED simply because instead of remembering my passwords it also encrypts it so that it always secure even on third party systems. I use it on Brave, Chrome as well as Firefox

@AllThingsSecured

2 жыл бұрын

Thanks for sharing! I'm not familiar with that.

@mlungisindlela491

2 жыл бұрын

@@AllThingsSecured Well you can find it on Add-on web stores

@leesweets4110

2 жыл бұрын

I used to have a "standard password" for all websites, sort of a backbone to work from. Then I would apply an algorithm to it, a sort of hash that is based on the website domain name. In this way, every website has its own rather unique password that I dont really even know and couldnt recite if I wanted to, but could always generate when I needed to. Its unlikely anyone who comes across my password by hacking a website or keylogging me would know either my seed password or how to encode it for any particular website. I have moved away from this though.

Let's appreciate this guy's efforts making these videos for us paranoid mofos

@AllThingsSecured

2 жыл бұрын

😂🤣

@busyrand

Жыл бұрын

Remember... Just because you're paranoid, doesn't mean they're not trying to get you....

@BillAnt

8 ай бұрын

At 5:35 "that crazy scenario where my password vault somehow gets hacked" Ya well, it has happened with LastPass and some other password managers, where vaults have been cracked after a leak in 2023, following by a slew of phishing attempts based on the stolen data. Offline password managers tend to be safer while giving up a little convenience, since there's no chance of being leaked online. Of course it all depends on the security employed by the user when storing the vault file offline, including the storage locations and the master password. The bottom line is that as long as it's stored offline only, there's a lesser chance of getting hacked. For example storing the vault file on an encrypted SDcard in your phone or internal storage if there's no SDCard slot, basically provides double encryption, once by the phone and second the master password in case it gets lost or stolen. Needless to say, backups must be made on several SDcards stored at multiple physical locations and updated regularly. Regardless of using online or offline password managers, if a particular website gets hacked and the login data gets decrypted, no amount of effort and due diligence by a user can prevent that.

Taking 2 small sheets of paper, write your passwords down on each. Roll the sheets of paper tightly. Slide each roll into a pocket size tube. (an old lipstick tube would work great as would a straw) Give one to your loved one(s)

secure keys are obviously the best possible option out there . at first I though it was a waste of money when I purchased 3 secure keys . 2 of them USB A NFC and one UBC C NFC . in total I spent 90£ but the peace of mind that they offer is priceless

Great advice. I used to store passwords on a spreadsheet on an encrypted USB stick that was securely stored. Eventually I found this was inconvenient for logging into accounts on different devices, and I still had to think of new, unique passwords myself. I've now moved over to a much more secure and convenient password manager, it took a couple of sessions to add all accounts and update all passwords, but it is so worth taking the time to do so

Second lvl looks good for a common person its more compatible to alot of users thats what i like to say

@AllThingsSecured

2 жыл бұрын

I would agree.

I am also a Bitwarden user and the one thing about companies like this is that they are a target, so if they aren't trustworthy and secure we would hear about it from the Web. That kind of thing would be hard to cover up and if a company tries to, they may as well shut the doors. I bounced around and I am of the mindset that in this day and age you should not have to pay much for a password manager... I also use Keepass as a backup locally, just export and import every so often. Also I have been enabling Authy for 2FA where possible, but what irks me most is that most financial companies don't have an option for hardware level 2FA, like the Yubikey. In fact most don't even support TOTP. It is coming along from what it was but TBH we need to have better support as consumers to bring internet security into the forefront of everyone's mind.

@AllThingsSecured

2 жыл бұрын

Yes, it irks me too that banks and other financial institutions have been the slowest to adopt the best security practices.

Holy Smokes!!!! That double blind password idea is a Game Changer! I'd have never thought of it...

Great advice as always.

@AllThingsSecured

2 жыл бұрын

Thanks, Gabriel!

New subscriber here. I really appreciate channels like this. I would love for this subject to spread.

@AllThingsSecured

2 жыл бұрын

Thanks so much. Welcome!

@MusicToTheEars141

2 жыл бұрын

@@AllThingsSecured No, Thank YOU

Thank you for this great video

@AllThingsSecured

2 жыл бұрын

Glad it was helpful!

Brilliant video, never heard of double blind passwords before, excellent advice, just to be sure, to be sure...

@AllThingsSecured

2 жыл бұрын

Thank you for the comment!

I really like the idea of storing the first 3/4 of a password in a password manager and then manually adding a few characters at the end. That's a really good idea. Thank you for sharing.

@AllThingsSecured

2 жыл бұрын

Glad to hear it was helpful!

@Fatman305

Жыл бұрын

The trick is that you don't want to over do it. If you did it for all accounts, then soon enough two such passwords could leak and reveal that typed chunk. That's why I suggest you only do this with critical accounts (email, social, banking, domain registrars) together with a hardware key for (at least) those accounts.

That intro was all my problems before i found this channel. When i saw 1 video i instantly subscribed.

@AllThingsSecured

2 жыл бұрын

Thanks, Dino!

Loved the intro - so true 😅

@AllThingsSecured

2 жыл бұрын

😂 😆

I use the lvl 1 method. Although I don't put all of the actual password in it. Instead of hints, I replace some characters with asterisks or underscore for the majority of the characters and leave some correct ones just enough for me to remember them. I also have a backup for my passwords in another secure single sheet of paper that I have at all times. Also, my password are kinda random, jumbled mix of alphanumeric characters (with lower/uppercase). If the site that uses my password allows it, I try to have at least 12-20 characters long passwords for it (or add some special characters to it for the added security).

@AllThingsSecured

2 жыл бұрын

Sounds like a good system!!

Great video 👍 Yubikey or Onlykey then?

@AllThingsSecured

2 жыл бұрын

I use them both, but my preference is Yubikey.

The fact you mentioned the OnlyKey means you get an insta sub from me. I love the onlykey soo much

@AllThingsSecured

2 жыл бұрын

Ha! I’m glad you like it.

I made my own offline password manager/generator, works the best for me.

@AllThingsSecured

2 жыл бұрын

You coded it yourself?

Multi-level keychain isn't such a bad idea, encrypt your password with password with another password. One overly paranoid method is one you can just hide in plain sight that nobody would even be able to suspect, and that is encrypting your logins within another file, or at least the private keys that you want to keep secure, maybe a password vault that can be updated into a file each time something is added or removed from the list. I'm talking the use of Steganography, one that can hide something encrypted in a file that nobody will ever suspect, be it an image or word document, a your favourite PDF of sorts that you like to read. But anytime you need access to your hidden vault it decrypts it for the duration you need it to be unlocked, before removing itself and keeping it secured.

@AllThingsSecured

2 жыл бұрын

Interesting idea. Thanks for sharing.

Password manager is more then enough + if one can add another double blind method that's what is already insane level of security! 😀

@AllThingsSecured

2 жыл бұрын

👍🏻👍🏻😎

You can sync keepass with cloud storage. 😉

@AllThingsSecured

2 жыл бұрын

Very cool. Thanks for sharing.

*Most password manager apps required PC for setup and import export data and are not mobile friendly.Josh it would be great if you make video password manager apps dedicated to mobile devices*

@AllThingsSecured

2 жыл бұрын

1Password, Dashlane, LastPass and others are all mobile first apps and they’re really easy to use!

Please look at Yubkeys and their passwords functions. Cheers for your work !

@AllThingsSecured

2 жыл бұрын

I have!

If a keylogger was to be secretly installed on your computer, what are its capabilities? Obviously, if you type your passwords it will capture the keystrokes. What about copy and paste, or automatic insertion from your password manager and finally can it intercept the long button press from a Yubikey? Love your videos, thanks so much!

Best solution is Keepass with the database on Dropbox. Offline but online at the same time and accessible at all times with automatic backup. I access it on my computer and phone with ease.

Love your double blind advice

@AllThingsSecured

2 жыл бұрын

Thanks, Gordo. Glad it’s been helpful.

Option 3 looks easy for me ...need more assurance when it comes to internet security..

@AllThingsSecured

2 жыл бұрын

Whatever works for you, Kevin!

You're a handsome guy. That reason alone made me to like and subscribe lol

@AllThingsSecured

2 жыл бұрын

Gee…thanks?

I use the password generator that comes with my ExpressVPN subscription and I save those passwords in my samsung notes folder that's inside my "Secure folder" which is protected by a screen pattern lock

@AllThingsSecured

2 жыл бұрын

Sounds like a good strategy for you, Ryan. Thanks for sharing!

@glasslinger

2 жыл бұрын

@@AllThingsSecured Until his computer craps out! Backup, backup, backup!

I have different PWs for different type of sites or accounts, ranging from simple words for free games to pass phrases.

@AllThingsSecured

2 жыл бұрын

That’s good. You definitely don’t need to treat each online account equally.

Apricorn ASK3Z, Ledger Nano X and Lastpass

@AllThingsSecured

2 жыл бұрын

That’s specifically for your crypto? Or all your passwords?

@emonty62

2 жыл бұрын

@@AllThingsSecured Well Ledger is only for crypto, the other 2 for all passwords and backups, then also offline in safe and secure location

I have a little bit of redundancy going on! :) 1.All my PW's are saved in aWallet offline PW manager (set to delete and override all data after 3 incorrect login attempts. I offload those .csv files to a physical-pin code protected thumb drive; as well as store them in my Samsung SSD encrypted portable drive (kept somewhere else). 2. I also use NordPass for more important online accounts (except for banking & investments), which makes it convenient across devices and most website/ app logins. 3. Finally, I use iKeychain (when on iOS device) for those lesser important online logins; mainly online food ordering- LOL.

@AllThingsSecured

2 жыл бұрын

Haha! Sounds like a good method.

I use bitwarden. I was skeptical at first but your double blind password strategy video really convinced me. What are your opinions about bitwarden? They say the online database is encrypted. Can i trust them?

@sabinopereira1631

2 жыл бұрын

@Shun Goku Satsu Your comment is making me paranoid again lol.

@AllThingsSecured

2 жыл бұрын

How many times have you heard news about a password manager getting hacked? I mean, I know that's not the best way to judge their security, but it's worth thinking about. Sometimes paranoia is just adding more locks to a door that's already locked shut. You have to consider where you draw the line. Personally, I've decided to trust password managers (and that goes for Bitwarden as well) and just make sure I add extra security for my most important accounts (i.e. the double blind password or 2FA).

Question. Level 3. Iam thinking about this type of PS, looking at yubikey, not sure I can even buy something different where I live, so - Is it possible to buy already compromised physical key? This thing is really bothering me for some reason, what If I buy this key from some reseller, it would be in a pretty box, looks just like new one, but its already "hacked" somehow, lets say it will send everything as soon as I plug it in... speaking about paranoia :)

@AllThingsSecured

2 жыл бұрын

Ha! Definitely paranoia. I think it would be very hard to hack the device itself without great effort and expense…unless you’re being targeted for something, I don’t think they would do it for random people.

What’s your opinion on iCloud Keychain?

@AllThingsSecured

2 жыл бұрын

It’s has a good track record. I just haven’t used it much so I don’t have much of an opinion yet.

Hope my system will make you chuckle . I use up to a 4 stage verification. A) fingerprint, B) Iris, then C)Password or D) for financial matters and system generated code is texted and entered. Password is changed monthly comprised of 21 digits and must include numbers, caps, lower case and special characters. As ex-airforce I use airports, there are 43,982 airports around the world ( and since key military and civilian airports are in my head) and no I won't explain the system for determining the airport to start with ) + series of up to 7 numbers + up to a 5 character word +and 3 special characters. We tried to brute force crack the passwords in our company IT lab and we couldn't break it after 4 days. Can someone eventually break it, probably but you've only got 30 days. Downside is if I ever get dementia I'm screwed.

@AllThingsSecured

2 жыл бұрын

Wow…you’re nuts!

@rone7478

2 жыл бұрын

@@AllThingsSecured ha, ha, ha - maybe so. But I worked for a Fortune 200, in a highly regulated arena, as its negotiator and sat on its security committee until 4 years ago when I retired. 6 years ago I personally experienced an identity theft ( total breach - banking, taxes, etc) which took over 3 months to resolve. Since this protocol was implemented, touch wood, not one successful breach. So as crazy as it is I'll stay that way because it works .

Hey can you do a video about safe browsers ?

@AllThingsSecured

2 жыл бұрын

It’s on the content calendar 👍🏻

What is your opinion on Apple new privacy features for mail and private relay?

@AllThingsSecured

2 жыл бұрын

Still doing my research. I’ll be publishing a video with my thoughts later, so I’ll let you know then 👍🏻

Offline password manager + manual cloud sync is my choice

@AllThingsSecured

2 жыл бұрын

Glad you’ve found a method you like!

There is a question I have been asking my self about I hope you could answer it Password manager encrypt all passwords in my vault with my master password right ? Ok what if I changed my master password then all of the password which were encrypted in my vault how would I decrypt them and I have a different key now what if i was storing a large file on the server also

@AllThingsSecured

2 жыл бұрын

Changing the master password wouldn’t lock you out of your current passwords. In order to change to a new password, you would still need to have the old one.

*All the password manager apps you suggested all required pc for setup only dashlane is mobile friendly out there to transfer and sync data.Kindly make one video dedicated to password manager app that is easy to setup and export import data on mobile only*

@ps-zp6mr

2 жыл бұрын

I installed 1password,zoho vault and lastpass all of them have no option to import data in mobile it really sucks

@AllThingsSecured

2 жыл бұрын

You don’t need a computer to setup 1Password.

When you took out the physical key, I immediately thought what if someone kidnaps you? I guess with the deadman's code, in that situation, your accounts will be safe. I don't know if you'll be safe though

@AllThingsSecured

2 жыл бұрын

Ha! If someone is willing to go to that length, these security measures may only be as good as your willingness to endure torture.

my wireless carrier wants me to move to an password app called ZENKEY - i guess it can manage all my passwords on my phone - any thoughts?

@AllThingsSecured

2 жыл бұрын

I’ve never heard of a wireless carrier promoting a password manager…perhaps they have an agreement? Either way, I do t know if they’re any good because I’ve never used them.

Hmm, double blind PWs, might give that a try, thx

@AllThingsSecured

2 жыл бұрын

Let me know how it goes!

I'm all for the best level of security. Problem is I am not tech savvy enough. I become unsure of myself when trying to follow the necessary steps.

@AllThingsSecured

2 жыл бұрын

Yea, and you’re not alone. Find where you’re comfortable and then make that as secure as possible.

You could call the double blind method 2FA

@AllThingsSecured

2 жыл бұрын

I guess in a way it is.

First off, if I were desperate or foolish enough to write down my passwords. I could easily buy composition book from almost any store in m y immediate area. Depending on the quality and or quantity of pages. $2.00 to $5.00. An encrypted database. Better choice.

Please,make video on best and secure keyboard for Android.😇

@AllThingsSecured

2 жыл бұрын

Keyboard? What kind of security concerns do you have?

@suvarnagadekar

2 жыл бұрын

@@AllThingsSecured I use Google keyboard, so I want to change my keyboard and want to move to more secure keyboard than Gboard.

@AllThingsSecured

2 жыл бұрын

I see. Thanks!

@TigasShitposter

2 жыл бұрын

@@suvarnagadekar Openboard and Florisboard

I thinkWhats best and expected more to know about are waysor apps or software‘soo ways to make it difficult for scammers to target you and ways to block and keep scammers away from you and specially these phishing attack and how to prevent it and stop it Wish you could give B more info and on these kinda things that people are daily are victims if ita don’t scam calls it doesn’t end you know

@AllThingsSecured

2 жыл бұрын

Thanks for the suggestions!

I bet *Family* is the strongest.

@AllThingsSecured

2 жыл бұрын

Family?

I just use the google password manager lol

@AllThingsSecured

2 жыл бұрын

If that works for you, great!

This is perfect for elders with dementia

@AllThingsSecured

Жыл бұрын

👍

you don't need a password manager to create good passwords, there are lots of random password generating sites

@AllThingsSecured

2 жыл бұрын

Very true! And you don’t even need a random password generator to create good passwords. It’s all about what is most convenient for you.

Im going to go ahead and guess at time 0:55 that I am rated at the insane level. 7:53 I was wrong. Im past the insane level and left you behind. Elevate yourself to a level 4, my man. Then we can talk.

@AllThingsSecured

2 жыл бұрын

Ha! Please, do tell what level 4 would be. I’m genuinely curious to learn.

@leesweets4110

2 жыл бұрын

@@AllThingsSecured Hey, I try to respond but youtube keeps censoring half my posts... ... I dont know what the deal with youtube is. I can post one liners but anything more gets auto censored.

Once upon a time i had a passwordmanager on my ipad. But than apple poisoned my app and said it was not compatible anymore.

@AllThingsSecured

2 жыл бұрын

What version of iPad and which password manager?

@stautonel

2 жыл бұрын

1passe on ipad air 2

2:41 Wait...how did you know my password?💀

@AllThingsSecured

2 жыл бұрын

😂 😆

I use my dog's name, which is 123456.

This is an ad for your affiliate link. How can you offer truly independent advice that can be trusted while you take a kick back from the product. I appreciate some of the advice you give in some videos but only advice that is not associated with a product kick back.

@juanthird

2 жыл бұрын

Dude the guy has to make some extra bucks to pay for bills too. He didn't even talk that much about the affiliate link.

@aussie8114

2 жыл бұрын

@@juanthird Sorry but I believe when pushing security based services the advice must be financially non biased. It’s like getting finance advice from a broker that’s pushing the product to get the kick back. I think we all know how that works out.

@AllThingsSecured

2 жыл бұрын

Thanks for the feedback (and the defense from Juan). I appreciate your view here and not sure I would be able to convince you otherwise, but here goes anyway: I’m trying to present information here that allows you to make your own informed decision. You can write your passwords down for all I care, as long as you understand any risks and ways to make it as secure as possible. 1Password doesn’t pay me to talk about them. They are the service I use, and that’s what I tell you in the video. I bought the OnlyKey with my own money and the company doesn’t even know I’m talking about them. I don’t even really love using the product, and I say so in the video, but if you want to help support the channel, you can use my affiliate link. So I guess my question to you is this: would you rather I not mention any actual products? I could take sponsorships, but don’t you think it’s better that I just plug the products I genuinely like and use?

@aussie8114

2 жыл бұрын

@@AllThingsSecured I can appreciate the approach to offering information in the video. I also recognise the issue of keeping passwords, I look after my own and 2 other family members that I care for. KZread has become affiliate bloated and although that’s a bit of a given, when it comes to matters like security or the almighty dollar my antenna goes up. Not a week goes by where I don’t get roughly a dozen scammers trying to get hold of my information, no doubt I’m not alone in that. I guess put simply if someone is encouraging me to try a method of giving all my passwords to a third party application then I want to know there is zero conflict of interest. Even if in that promotion safety options are explained as you did, and did well. Maybe I’m just a cynical old bastard. I would question though whether by giving passwords to a third party application, especially banking passwords, would breach the terms of the banking contract and leave you with no recourse in the event of that information being compromised. No different though to writing them down and having that physically compromised. We live in a time where even while tucked up in bed someone might be shafting us. Thank you for the information provided in your videos, but an online password manager is not for me.

The only password managers I have heard of that gets hacked. Is a user who used a garbage password.

@AllThingsSecured

2 жыл бұрын

Good point.

Guy with 45 automatic pointed to your head: "Log in or your brains will be splattered!" YOU: "YES SIR!" All the fancy password stuff can be screwed if someone REALLY wants your shit.

@AshGreen359

2 жыл бұрын

If it's a .45 the guy is probably 90 years old and senile. He won't remember anyway.

@AllThingsSecured

2 жыл бұрын

Yes and no. If I secure with a 2FA key, and I don’t keep that key on me if I go to a dangerous area, there’s nothing I can do to unlock the account.

I don't know, Josh. I appreciate that you bring up things most of us don't really study that much such as VPNs and Password Security systems, but it bothers me some that you get kickbacks for your recommendations. It is pretty dicey as to how much you are looking out for us, and how much you are looking out for your sponsors. I know a guy has to make a buck, but maybe Patreon sponsorships?

@steveipsen6293

2 жыл бұрын

Additionally, I would never buy a book that shouts "Here's my Passwords!!"

@AllThingsSecured

2 жыл бұрын

Hey Steve, I appreciate the feedback. Really! I’m sharing with you what I use - many of the companies, such as OnlyKey, don’t even know that I’m using their products. I bought it with my own money and the link I share is to Amazon where yes, I do get a small commission. In the video, I’m doing my best to share with you multiple options and telling you what I’ve decided on personally. My goal is to provide information that allows you to make your own decision and I certainly don’t want it to feel like I have a conflict of interest. So would you rather I not mention any specific products?

@vanguard3002

2 жыл бұрын

@Steve Ipsen Are you allergic to money?

04:40 so nobody will know their password 🤔

1Password protected with two Yubikeys. 2FA on important accounts also with the Yubikeys if supported. I was a big LastPass Premium user for many years but switched to 1Password after feeling like I had to push LastPass into doing what it is supposed to do all the time.

@AllThingsSecured

2 жыл бұрын

Very nice. Thanks for sharing, Timothy!

to re-phrase wargames: the only secure way to use passwords is to not use them at all a way better way are zero knowledge proof and a-symetric crypto

This did NOT age well. LastPass was breached and vaults were copied.

The trick is to be so poor and pathetic so that even if someone has all your passwords they wont use them Ive mastered this principal :)

@AllThingsSecured

2 жыл бұрын

Ha! I get what you're saying, but you have to remember that even your identity is worth something to a hacker, even if it doesn't seem valuable to you.

@TheLookingGlassAU

2 жыл бұрын

@@AllThingsSecured yes that's true :) I was being facesious. Crimes can be committed in my name even if I don't have any money or influence.

EXCELLENT strategies!!!😄👍 - I’ve used 1Password for YEARS (and I LOVE ❤️ it). But, I still use the [older] App [1Password], versus the [Newer] 1Password Online (web based) version, that the company has recently changed over to. My “syncing” is done via DropBox (which was, again, a service used in the past). I guess I’m just an “Old School” [Dinosaur], who would rather not deal [100%] with the Cloud ☁️ THANKS AGAIN (for your smart analysis 🧐👍)

@AllThingsSecured

2 жыл бұрын

Glad it was useful! 😉🙏