Yes, it bothers me that my collar was bunched up, but I discovered it too late to re-shoot. Oh well ¯\_(ツ)_/¯ Be sure to check out this week's sponsor, Trend Micro. Get 10% off their Premium Security Suite using code ATS10 at checkout: bit.ly/3DqMvCs

@christopherhartline1863

9 ай бұрын

Didnt even notice

I can’t stress the security questions advise enough - especially for banking accounts, never enter real answers to those questions. Always enter fake answers and store them in your password manager as Josh said. Thanks, Josh. I don’t see much people talking about this one, so I’m glad you did.

@AllThingsSecured

9 ай бұрын

🙏👍🏻

One can use the "bugs bunny" method. Password Manager 1 has "bugs" and the second Password Manager has "bunny". Neither of them have your password and one can even add something like "pi=3.14" which contains letters, numbers and symbols. This means that even if someone has accessed both of your Password Managers they still cannot log in to your bank.

@klauserwin9860

9 ай бұрын

The pi part is called a "pepper". Something only you know, but is nowhere written down or stored.

@LaMeanieLoka-issmrt

7 ай бұрын

@ionamygdalon2263

@LaMeanieLoka-issmrt

7 ай бұрын

OK lay

For the security questions: 1Password actually has a field for this to randomly generate them. Its not needed to be stored in the notes of the password item. Pretty neat.

@AllThingsSecured

9 ай бұрын

Really?! I haven’t seen that yet…and I’m a 1Password user 🤷‍♂️

@TimOfKenya

9 ай бұрын

@@AllThingsSecured you can also change the question, so you're not struggling to associate the default questions given with 1P, and the actual question

Great video! The aditional caracters inside a password that is generated by a passaword manager was the best point for me

Always GREAT information! Thank you!

Thanks, Always insightful!

Hi Josh Thank you very much for thise tips. This is the best video related to this topic that I have ever seen so far.

Nice thanks.

Did you use the bitwarden? Which password manager do you use? Thanks

Using Apple's Keychain as a passwaord manager, how can I create double blind passwords? Keychain automatically enters my password before I can add my own additional phrise that only i know. Appreciate your insights on how I can use Double Blind in Keychain.

Thank you, Josh, for another helpful and informative video (as they always are). Now I am curious to know, when you mention that you have a 2FA authenticator code and two security keys that you use with your password manager (02:33) what are the best practices in this case? To be more clear, what I am wondering when using security keys like the Yubikey is whether I should have my authenticator code on a separate app like Google Authenticator or Authy, or if I should only be using Yubico Authenticator? Ive also been wondering (since I am new to using security keys) if having 2FA codes stored in an authenticator app defeats the purpose of having the security keys? In other words, is it not best to only use the security keys and no authenticator apps for the 2FA in any account settings?

@AllThingsSecured

9 ай бұрын

Great question. Your security is only as strong as your weakest form of authentication, so you’re correct in wondering about Authenticator apps. In this case, my Authenticator app is another Yubikey, so I’m essentially backing up my password manager with 3 keys instead of two. Using Authenticator codes isn’t bad, but if you’re looking for the strongest possible form of security, keeping only 2FA keys and writing down the backup code/key phrase is best.

@JadeSambrook

9 ай бұрын

@@AllThingsSecured Thank you for the quick reply. I think a video on this subject would be great as there is maybe a little confusion for many (like me) on avoiding weak forms of authentification when using security keys. For example, when I first got my Yubikeys and set them up with my Facebook account I was not sure if I should turn off the other 2FA options (like SMS and Authenticator app) so I just left them all turned on. Then, after watching so many of your videos I learned that the SMS option is not the most secure and so I turned it off. But I still have the option to receive 2FA codes through an Authenticator app turned on despite having the Yubikeys, because I am not sure of the best practices. So now, I will try and do like you and get rid of my ''weakest form of authentication'' by getting a third Yubikey.

Thank you Josh 👍😄

@AllThingsSecured

9 ай бұрын

My pleasure!

Hi , how do you deal with your master password for the password manager ? I’ve got a yubikey as 2 factor but I still need my master password . Do you have a simple memorable password because of 2fa ?

How do you do the password salting or whatever you called it?

Double blind approach is no longer useable with Passkeys right ? Is that a security concern using it?

@AllThingsSecured

9 ай бұрын

Correct. I don’t think it’s possible with passkeys, but I think we’re still many years away from widespread adoption of passkeys, so it’s still a valuable technique.

Have you made a video to describe how to 'un'(re)do accounts that are using the same username for credentials?

@sirajpatel1768

9 ай бұрын

I think that depends if the services/websites allows you to change the username or not.

@AllThingsSecured

9 ай бұрын

Yea, in many cases you can’t change the username on existing accounts, but you can start creating stronger ones moving forward.

I would not use an email Alias for a bank account. In case the alias fails. I am having an email Alias issue/error with Proton Pass browser extension generated aliases - Proton notified.

@AllThingsSecured

9 ай бұрын

Sorry to hear that. Personally, I recommend using a separate, encrypted email account for sensitive accounts such as banking and investments.

But how do you remember the last part of the password for like Facebook

@manny7886

3 ай бұрын

Use the same for all the sites that you have an account. For example add your birth year (i.e. 1980) at the end of your auto-generated passwords. In this example you only need to remember to type 1980 at the end of your password to every site that you need to login.

❤️‍🔥🔥👍🏻

The biggest problem I'm facing is that quite a bit of websites have a character limit.

The 'removing the risk' bit just adds unnecessary complexity for most people. In the UK, Cyber Aware has done studies on why people don't use password managers - unfamiliarity with what they do, and the perceived complexity were the main reasons most people don't use them.

@AllThingsSecured

9 ай бұрын

You make a good point. And this video isn’t aimed at people who aren’t using a password manager. I’m more talking to people who already do and who are willing to consider even stronger forms of security.

2FA solves this problem without a PW manager.

@AllThingsSecured

9 ай бұрын

In some ways yes, but 2FA doesn’t remove the need for a password manager yet.

Great video, many thanks for reminding everyone about these tips. I myself recently switched to 1password, and the kit creation was done - My wife was so pleased now, always been a worry for her if anything happens to me.

@AllThingsSecured

9 ай бұрын

Agreed. 1Password makes it very easy.