Last year I moved from Avira Password manager to Bitwarden. I really like the simplicity, open source and security of Bitwarden.

@Fian_so

7 ай бұрын

I've found one sticky problem though , and I wonder if anybody can help : Bitwarden shares it's clients IP address with gov agencies !?!😑 Being in jurisdiction that is part of the 5eyes alliance ?

@mynameisdavidwalters

4 ай бұрын

how do you come to this conclusion? Any sources?@@Fian_so

@gsftom

Ай бұрын

Would be interesting to see a reply to this.

@unholydonuts

Ай бұрын

@gsftom that would be interesting.

@Felttipfuzzywuzzyflyguy

8 күн бұрын

​@@Fian_soEvidence/references?

Apparently a sheet of paper is the safest way to store passwords

@mauricioflores3732

Ай бұрын

Saving yes but creating a strong one not really. AI can easily crack human base passwords 😅

@markrothenberg9867

Ай бұрын

At work my desktop support staff would routinely find an employee’s computer login and password on a sticky note attached to the underside of the keyboard, in the pencil drawer or worse yet written very small on the corner of the cubicle whiteboard. My employees would destroy the paper or erase the board requiring the employee to change their password-but not their bad habit.

Hey, Dashlane engineer here, awesome video (sincerely, it's valuable and transparent, well done). Side note: Dashlane shut down the Password Changer feature due to maintainability costs and difficulties in scaling websites support over time

@mhzprayer

Жыл бұрын

Oh wow thx for this comment..that was truly an eyebrow raiser when she mentioned that. But I guess..it really was too good to be true

@NaomiBrockwellTV

Жыл бұрын

Yeah I presume that's why most of these things get deprecated. I noticed they now have support for ios apps that can also be used on macs, is this essentially the same thing as a desktop app?

@davinp

Жыл бұрын

Other password managers don't have this convenient feature and this is why they don't have it.

@louis-grasset

Жыл бұрын

@@NaomiBrockwellTV True, implementation and support for this technology represent a non negligible cost for a success rate that is currently too low for a paid feature

@clinten3131

9 ай бұрын

Its also not often you need to use this feature so cost vs usage is probably bad. As a Dashlane user for 2 years think it is a great password manager. Also the vpn is decent and nice to have.

Very well thought and helpful tips regarding security and management of passwords! I've used most of the password managers mentioned here--both the online and offline versions. I have tons of passwords and it was an eventuality for me to end up using one. Thank you for your continued efforts in bringing awareness in cyber security. 👍

An incredibly digestible explanation of what I know is important to consider, but also of what I had no idea is important to think about. I feel well equipped to now make an informed decision. Thanks a mil!

Providing a comprehensive review of the most prominent password managers and maintaining consistency is always welcome :D

I am a self-hosting nerd and mainly use my own instance of Vaultwarden. That way I am in charge of security, and - even if it's a hassle - have full control. On the other hand, if something leaks or breaks, it's all on me.

I was waiting for this video since the 2FA video you published a couple of months ago. in the meantime, I decided for a PW manager and I'm glad to coincide with your suggestion based on my needs, I guess your previous educational videos worked for me, thanks!

@NaomiBrockwellTV

Жыл бұрын

Awesome!!

This was a seriously well done video with tons of useful information distilled in easy to understand language. Your examples and descriptions of things like rainbow tables and hashing, your overview of the lastpass issues, your description of how to create secure passwords were all spot on and solid from a security point of view, which is rare in videos like this. You could give this video to any level of user and they would come away with a solid understanding of the topics covered. I appreciated your discussion of the pro's and cons of the various password managers and where they might / might not be useful. It is very rare to see such a well done video on these topics. You earned a subscription and $20 donation from me.

@NaomiBrockwellTV

Жыл бұрын

Thank you so much!!!! I really appreciate the support!

@victorforzani3433

3 ай бұрын

you must know this person to agree on what ever she have said just for views not that is the only solution.

@rustyrebar123

3 ай бұрын

@@victorforzani3433 I have no idea what you are trying to say. Maybe try with a coherent thought?

@victorforzani3433

3 ай бұрын

@@rustyrebar123 what Im trying to say charlock is that companies are being hack every day, and I would not give my financial information to any company to secured, I rather have if with a pass key that I control how was that, did you get it now do I have to Draw a map for you.. I think you must be a KId not to understand what Im saying., but that is ok we all cant be Genius.

@kidslovesatan34

3 ай бұрын

Your grammar is terrible and your thoughts poorly expressed.​@@victorforzani3433

Finally catching up with you Naomi. It was another incredibly enlightening upload. Just brilliant and thank you once again.

This is probably the best video to explain password managers and how they work. Great job!

@adam.maqavoy

Ай бұрын

Sad part I found out about (Both our Schools and Library) in 2018. You can only write short *Passwords* 90% of the time. And *Our Library's* don't even let you set a password, let alone store anything. But they do allow both CD & USB usage..

Home run! Such a great video, flawless! I'm sending this to all my friends.

This is sound advice, well thought out and presented. Thank you Naomi for providing this invaluable information to us user plebes. Keep up the good work.. 👏

I started using a password manager when I worked in client support for an outsourcing company. Needed to remember (or store) over 250 passwords for access to the various devices and systems which fell under my purview. I felt I needed something secure but with local-only storage of the passwords. Settled on B-folders. Only stored locally, but able to be synchronised over multiple platforms. It generates random passwords which can include upper and lower case characters, numbers and special characters. Storage of the passwords is local only, and synchronisation is manual-only and via local WiFi. Never had any issues with passwords being compromised. Old tech, but seems more secure than putting your passwords in the cloud.

this is an awesome video. thanks for breaking it down so it can be shared to others. one of the best password managers for users at the time with regards to usability, convenience and security out of the box was 1password standalone version. although it is not open source, unlike bitwarden or keepass xc, it didn’t require setting up a dedicated server to sync across local devices. it synced from a primary computer to other devices on the same local network. and you can change primary computers at any time. this limits your surface area of potential attacks by not requiring any cloud or even any always-on local server as a target for attackers. you can simply turn on your computer which devices sync to , unlock it, connect your devices to the same network, and then turn that off when you are done. today this does not seem possible without putting way more extra work and dedicating a server for this function. it’s more steps and stuff you have to deal with when compared to how 1password did it all through software local syncing. since 1password changed business models to force the cloud and a subscription model, the only option now is bitwarden or keepass xc on an encrypted volume for the same usability. keeping it off the cloud requires way more work / effort in setting up a local server in the form of something like nextcloud or other instance. then you can layer it with a docker container, vm, veracrypt or other encrypted volume, etc… the point here is it gets more complex with more in-depth troubleshooting issues because there are far more moving parts. 1password standalone version was like 75% to 90% of the way there for users without further setups. lastly, you didn’t mention strongbox and other various “accessories” but i also see that probably you wanted to keep things clear since it is already a very well done and detailed overview video. perhaps a more advanced part 2 can delve in local db encryption, syncing and storage methods. linux is also a wildcard since there are more unique scenarios. also if the cloud has to be used for whatever reason, like business, there is now proton drive in the mix of other options. and cloud always requires some form of encryption method with a good way to sync them.

Fantastic video! Every point I could hope for you to cover was well explained.

Great video Naomi. I wish you had spent some more time on the browser extension XSS threat surface and also on mobile apps for these password managers, e.g. KeePassium for KeypassXC and advice on using these stand-alone v/s credentials auto fill. Thanks again.

COOL! Appreciate all you and your team does. Always lots of good info!

Been using dashlane for a few years. Works good enough for me. I might change to bit warden when my subscription runs out.

1Password also uses both a master password and a secret key, which is a 32 character alphameric key which adds 32^36 levels of entropy in case your vault is every captured. I feel much more comfortable using a memorable master password for my private vault because of the additional entropy afforded by the private key. Of course if your device is stolen and there's no protection on the device, the memorized secret key protection goes out the window.

@yuchoob

6 ай бұрын

Which is why 1Passwords method is, ultimately, flawed. People download the PDF onto their computer and that's it. I much prefer Yubikey. You can have it on your keychain (not with your phone/laptop) and have spares (one at the office, one at a friend's house) without compromising security.

@whulum

5 ай бұрын

Word. Really convenient feature to have for peace of mind

Another superb video! I’m beginning to understand the differences among password managers. Mahalo.

It's the dance at the end for me. Haha Great content, as always!

Great episode. These things should be mandatory subjects in school.

I just got word Proton is releasing an open source code password manager. This is the one I’m waiting for. Great video. Thank you!

Excelent video! I've been pushing my frineds and family to password managers for the past year. I'm about to give a presentation to my company to push for change as well. I will be adding a lot of the information you gave here. Thank you so much! Aslo, great to hear you on Micheal Bazzels podcast, that was a fun surprise listening on a flight las week.

@NaomiBrockwellTV

Жыл бұрын

Awesome to hear!

@gmansi

Жыл бұрын

"I'm about to give a presentation to my company to push for change as well" What product do you recommend for your company?

Yoo, the xkcd comic actually appeared here. Nice. That's what inspired me to get password manager. Used to use lastpass, then migrated to BitWarden since I heard it's open source. Thank god I did. And it's a nice balance of convenience and security too. We also need more TOTP 2FA in general though. Or at least something more secure than SMS.

Great stuff as always. I had to smack my forehead after watching this one. We use a password manager at work but I never thought about the home. Guess I'll be investing in one. Took your advice on Libre office and love it so now it's passwords.

I've been complaining about LastPass forever because their interface was clunky and they hadn't made any changes in years. Well, they just released a new version and it is not completely and utterly UNUSABLE. Which is fine because it has finally given me the push I need to move to a better solution. This video was helpful so thanks!

@willy7968

Жыл бұрын

which one are you migrating to

@ajbrady4357

Жыл бұрын

Look into 1Password. I know you probably have - but they have great blog posts about their security practices and how they exactly work

@countermeasuresecurityengi9719

7 ай бұрын

proton pass

great video naomi! i've been happily using bitwarden for the last 5-6 years.

I really love your channel. I do care about privacy and security . I learn alot from you from now on . Thank you

BTW 2fa Protection of your vault (download) access is easy but does not help against attacks like stolen vaults (like in the recent breach). Only tokens generating part of the encryption key would help here. Yubikey can do that with the HMAC mode but this requires a local/offline app to do it.

Just the video is was waiting for, thanks for the video

Awesome video! Thanks for sharing this essential info so well! 😊🎉

Good info. I also agree 2fa is needed too, as a (minimum) secondary layer of defense, but with family members, getting them to keep using it is problematic. I'm a bit of a paranoid about password security, so mine is a bit different than most users.

@BillAnt

7 ай бұрын

The problem with 2FA especially via SMS is the inconvenience of having to type a bunch of codes every time you log in. Also 2FA by SMS is vulnerable to SIM swapping and SS7 signaling. Using a 2FA app may not work if the phone loses cellular connection, gets lost, stolen, and also having to type long codes. IMO if one uses a good password manager or even the built-in browser one with long, strong, and unique passwords for each login, that should suffice for the average user. I just don't like password managers or even the browser syncing the password file to the cloud, it's just one more opportunity for hackers, and the bad guys to snoop on it. I would only use an offline password manager like KeePass or the like.

Great video... I recommend open-source BitWarden which can be self-hosted on own VPS protected with own open-source VPN

I personally use the original keepass, I find the use of complex triggers really helpful, but I have also used keepass xc in the past and is a really polished open source password manager that I definitely recommend !

@sebastiangonzales46

Жыл бұрын

same i use it with otp it works flawlessly

@Steliosgiannatos

Жыл бұрын

@@sebastiangonzales46 yes best thing ever writing the whole thing!

@Steliosgiannatos

Жыл бұрын

@@Hrubicundus keepass has something called triggers, you can find out more in the official website. You can do complex stuff or even simple quality of life stuff. For example I have a database for my personal passwords and one with all the subscriptions of my family ie. Netflix in a common database. With a trigger you can open the database automatically with a reference to a specific entry in the database (so the password of the database you try to open is not hardcoded into the trigger) or you can import whole databases into one for organizations or you can make it so that a file is saved on your PC and then automates moved to your Google drive Dropbox etc by the trigger. So you won’t have sync issues. The possibilities are many and there are a lot of stuff you can do. Also I failed to mention the plug-ins support !

@la3135

Жыл бұрын

@@Steliosgiannatos A trigger is a nice feature. Just checked the documentation, however it's not available on KeepassXC on MacOs. This trigger feature is massive and i would like to use it. Any ideas for users on MacOS? Other clients?

@user-tp5yb4hr4w

Жыл бұрын

i have been using what MacAfee used before he passed away. that man took all his secrets to the grave.

Loved the dance and the strawberry vest jumper. Info was really clear as well thanks.

For twenty years I've used passwords that I had to write down on paper. I make sure they're 26 characters, if possible, with numbers, lower case, upper case, and symbols. I also make sure there are no repeated characters, no reused passwords between accounts, and no clues to personal identity information, nor common phrases or media references, included in the password. But, for a long time I've been using a password manager with biometric security coupled with MFA.

Love your content. Thank you for helping us survive this Privacy/Security Jungle. One question, have you done any research on or have any good suggestions for the best privacy laptops? I use Linux at home and would like to move from my macbook to a linux based Laptop but am unsure about the security implications (broad options and preferences, but wondered if you had done any research on this topic?) Thanks again and keep up the encouraging work

@NaomiBrockwellTV

Жыл бұрын

system 76 does a lot to remove intel spying, take a look at their offerings

Dealing with all the passwords has always been a royal pain. I don't trust any of the password keepers but it looks like things are getting out of hand but least you've got a good list of them here to look into. Thanks for the dance bit as well.

@ajbrady4357

Жыл бұрын

What makes you not trust them? I Personally use 1Password and all of your account information is kept encrypted on their end at all times.

@jmtx.

Жыл бұрын

@@ajbrady4357 - Why should I trust any encryption method? Convenience is great but shouldn't lose sight of security.

EXCELLENT Video & channel! Most helpful. Thankyou 😊

I left Lastpass for Bitwarden. Also changed my gmail, apple id and bank passwords.

I've been using different password managers like Bitwarden, Yoti, and hPass which is from Hacken a trusted Web3 security company founded in 2017. The 3 password managers above are the 3 that I've liked the most out of the different password managers I've used. I have been thinking about moving from a cloud password manager to a self hosted one. I know Bitwarden does have a self hosted option but I also prefer that hPass uses a generated seedphrase like a crypto wallet and is from a Web3 security company.

I followed you on Odysee as soon as I saw your pop up, nice work!

@NaomiBrockwellTV

4 ай бұрын

thanks!!

YOU are brilliant.....you make your presentations in a way where he Average Joe can understand (most of) the content. I am technically-challenged, and don't understand all of it, but I like your style!😁😁😁

Great video, thanks. What about password managers such as Samsung Pass or Microsoft Authenticator, and some similar ones?

+1 for Bitwarden

Love the end dance!

Also, consider crashes and breaks of your browser that forces you to reinstall ist. If you're lucky, the passwords stored in the built-in manager are still there, if not (e.g you decide to apply a clean uninstall and delete all data including configurations etc.), all your passwords are lost forever. Sure, this can happen to your external password-manager too, but honestly, this never happened to me in 20 years of using such software.

I use passwords made from words in Irish Gaelic. So far so good.

I use a password manager for web sites that don't involve financial information. For banks, credit cards, etc. I keep long random complicated passwords in an encrypted text file. When I need to log in, I decrypt the file, copy and paste the login information as needed, and then wipe the decrypted file.

@TON-vz3pe

2 ай бұрын

That's the best way to do it. Trusting a password manager with financial site access is so dumb.

Hi Naomi, Tom Sparks (another KZreadr) spoke well of you so I recently started watching your video’s, man he wasn’t kidding, very well informed (and high quality) love your quad9 video and your videos on password managers… I recently ran across this new password manager called STASH PASSWORD (I am not paid by them, I’m just a regular paranoid internet user) I was really impressed by there product (alternative way of password management) but I’ve never seen any main stream KZreadr do a review on them so I’m still up in the air about making the purchase. Would love to see an honest review on them!

Thanks for the great content and help Naomi

I enjoy KeePass - it is one of the only PW managers which can set expiration dates for passwords, as well as advance notification when an expiration is approaching. This was huge for me since I have many websites and databases that require password access - all with different expiration dates and varying lengths of time between resets. Now I get that advance warning and NEVER have a password expire and lock me out! Any inconvenience is far outweighed by this feature alone.

I like the way you call your passwords manager "Madoffpasswords" classic love all your stuff. 🤣😅 Keep it up Naomi.

This is a great video. Thanks for sharing what you know with others. I love you what you do and share.

I am still using 1Password 6 which offers WiFi sync to iPhones and iPads (even with 1Password 7 on those devices). My local computers synchronize 1Password via NAS. Works great and I don’t have to pay a monthly fee.

wow,i love your video !!!! thanks for the advice.very very interesting. im a new fan 👍👍👍

Thanks for the excellent video!

Thank you for your videos and the work behind them. Thanks to these videos, I am almost completely away from Apple, Google and co. Keep up your great work.

Great video Natalie

I've never trusted password managers, for various different reasons, some of which you covered. I am however looking forward to the new PassKeys system now being rolled out by Google, Microsoft and Apple. Average people will be able to use PassKeys. And Apple offers another password manager (for its KeyChain) called Advanced Data Protection for iCloud - which is something you probably should have described since you cover Apple's security services sometimes.

Great video, thanks. Thorough job

now that proton added a password manager they have a good all rounder package. It's new so it's not as refined but with time it will surely become one of the best options

pass is a hidden gem. It works from the command line.

As password manager vaults age, they become less secure as computer science advances. Lastpass did not increase the key derivation iterations for older vaults (it has to be done client-side), and those vaults are exposed now to brute force attack. I'd like to see an automatic vulnerability test & conversion utility, only requiring the users consent for conversion steps. That might be hard to implement across all platforms.

@babybirdhome

Жыл бұрын

This right here is a crucial point in evaluating whether to stay with LastPass. I’ve been with them since the very early days, and thankfully I’ve always used a quite long and very secure master password, so although I was stuck with the old configuration for iterations, I’m still more secure than people who used less secure master passwords with the newer settings. But the fact that I’ve been a paying customer for all these years and this breach was the first time I was ever told about the change to the configuration is troubling to me. A browser extension or mobile app update should have popped up an alert telling me about that. Or the popup that shows up for insecure/re-used/breached passwords that pops up when telling it to fill in the login information on a page for the first time would be another good place to tell me that I’m using a no longer recommended critical security setting on my vault. That should have been done across multiple channels to ensure that customers were aware of the issue and the trivially easy fix for it. I have hopes that things will improve now that they’ve split the LastPass portion of the company off onto its own again after LogMeIn acquiring the company years ago, and am hoping this was just a bad timing thing. The nature of this particular breach is less concerning to me, even as a cybersecurity professional than many other breaches are, because they basically used information obtained in the previous and reasonably inconsequential breach to spearphish someone with extraordinary access to get access to the s3 bucket containing people’s encrypted vaults, and people are always the weakest link in any security chain, so that could have happened to any organization (and honestly does happen many times a day, every day). That by itself isn’t evidence of bad security practices, especially when you’re the biggest fish in the sea - just ask Microsoft. But the not telling users in a reliable way about the need to update their vault settings - that one counts, I’m afraid. That was poorly handled and is the primary reason I’m evaluating other options now after over a decade with LastPass.

@madtech2010

Жыл бұрын

Couldn't increasing the password length offset the low key derivation iterations?

@collectorguy3919

Жыл бұрын

@@babybirdhome Has any password manager provided the capability to upgrade (re-encrypt) old vaults under better security parameters? I'm not aware of any. LastPass just happens to be the largest target. Alerting won't do any good if average users are unable to act (if it's too hard), or if LastPass couldn't implement a vault upgrade utility across all platforms. Not excusing LastPass, but this might be non-trivial. Personally, I don't like one 3rd party handling synchronization for everyone. Too many vaults in one juicy target.

@collectorguy3919

Жыл бұрын

@@madtech2010 Assuming you started out with a long random password, yes. If your password was "monkey123" then you can't change the data the adversary already has.

@davinp

Жыл бұрын

LastPass also did not encrypt all the data in the valut

Keepass original is the best, period. My 26 years as a Computer Systems Security Officer for the U.S. Military provided me with the chance to test every PW manager that popped up. Online managers are by far the least secure. After I retired from the military, I worked for a private company with multiple locations. We ran Keepass offline at each location. The PW manager data file was stored on a local NAS protected by Security Key access. It was backed up daily to an immutable storage device. Only certain personnel had access to the keys which were stored in a safe when not being used. The keys had to be signed in and out by the Security Office. All passwords used by the company were centrally controlled and generated. It was a little inconvenient at times but we had no data breaches due to stolen or hacked passwords.

From browsing your merch I'm now pondering the idea of Dredd Pirate Roberts having a skyscraper headquarters...

Love the dance at the end! 😄

@NaomiBrockwellTV

Жыл бұрын

Yay you made it!!!

I have been using Enpass password manager and highly recommend it it’s an off-line password manager system although you can choose your own storage places to sync it to, but not with Enpass company by itself does not give you the option to store your vault on their servers

@_zerocool

8 ай бұрын

I also use Enpass for the same reason

I like Mr. Snowden's passphrase idea. I like to use the craziest anagrams I can find for the phrase I've chosen.

Hi Naomi, with the announcement of Proton Pass. Do you think it would be worth considering as a password manager? Would it be as secure as the ones you mentioned here? Or would it be putting too many eggs in one basket?

Very informative, thanks!

Hi Naomi! I love your content. I have a question about the fundraiser summaries that come with each video: Are they cumulative or per video?

@NaomiBrockwellTV

Жыл бұрын

Per video. Each of our videos costs many thousands total to make, and we receive a small amount of donations on KZread to help offset that

@duaneatnofroth

Жыл бұрын

@@NaomiBrockwellTV Thank you for clarifying. I've always appreciated the transparency with which you operate!

I use vanilla Keepass since I only use on Windows, haven't tried KeepassXC but I hear it's almost as good (with added functionality of being cross-platform/OS). I used to use Lastpass a long time ago but I'm REALLY glad I stopped.. Offline / Keepass just seems so much smarter. It's a little annoying not having it online but I'd rather offline only and less risks.

@dejavu5121

Жыл бұрын

KeePass vanilla is the most secure way to store your passwords and it has lots of useful plugins. And yes, you CAN make it online with synchronization. Furthermore, you can also protect your database stored in the cloud with additional secret key + strong master password. But secret key must be located only locally, in the cloud should be only database. And even if your cloud would be compromised and hacker even will know somehow your master password, without a secret key they have no chance. It’s the most secured way to use and store passwords. I’m an IT technician, trust me ;) All these Online password keepers like Dashlane and others only a matter of time when they will be compromised.

Thank you for the video! Finally a topic where I'm already using one of the best solutions :) Do you plan to create a video about online file storage services? Like Google drive, Dropbox and similar. I'm curious how good/bad is the one I'm using currently. (Pcloud, Proton drive)

@NaomiBrockwellTV

Жыл бұрын

Yep that’s the plan!

@bm2085

Жыл бұрын

@@NaomiBrockwellTV looking forward to it, and thank you!

very informative, and the strawberries keep the focus ;) i personally use 1Password due to its reputation and the Family/team features which allows extremly complex passwords to be shared between all sorts of people on different levels of tech usage, which makes them stand out dramatically.

I use a Corsair Padlock stick with a database with all my passwords, it's very convenient, if I have to work on somebody's computer and connect straight to my server, to get software If needed. Only downside is that I have to use a USB extension cable, to handle the stick, if it's in a computer, it isn't handy.

Haven't watched yet (I will) but just wanted to know if you have any thoughts on Keeper? I did a bit of homework when I signed up just under a year ago, and it seemed to be a solid choice, but I find it's now missing from a lot of reviews (including this one) so am wondering if I ought to try another instead of renewing?

Don't really have much to say but thought that a 'like' wasn't enough to thank you for your work, thus. this comment for an extra thank you for the depth of your analysis. Thanks.

Glad I subscribed.

We need more uploads, Queen!!!

Thank you so much! Which password manager do you use (if I’m allowed to ask😳) I wanted to use Keepass, but just yesterday I heard that it got hacked/there is a exploit to see the master password.

If you use KeePass (or one of its forks), your vault (a single file) is saved on your PC (and for 99.99999% of us, it will be a small file -- only a few MB in size). To avoid a catastrophe, make a copy of your vault (copy that file) to a different storage device, such as a USB drive, and keep that USB drive unplugged after you make the copy. This way, if you are hit with ransomware, or similar, you will still have your vault available to you from your USB drive, and that drive was kept safe because it was disconnected from your compromised PC. Also consider keeping another copy of your vault at a friend or family member's residence. This will protect you in the event of a burglary (where both your PC and USB drive get stolen) and in the event of a fire. As long as you use a strong, unbreakable master password, you can store your vault file with anyone -- including cloud storage. But remember that if someone steals your PC, they might be able to use it to gain access to your cloud storage account and delete your files. So make sure you have a copy of your vault file kept somewhere that it will always be available to you.

@TonyRule

Жыл бұрын

Get a decent backup system instead of this time wasting USB swapping and fannying about.

@deeyadeli1435

Ай бұрын

You can send me the file as well just in case. Lol, jk.

Thank you 😊😊

Recommended password managers are secure until they aren't. LastPass was recommended by Steve Gibson (Security Now!) a long time ago. Recently they did an episode on how it was broken.

@pepeshopping

Жыл бұрын

Steve DID have access to the code, but he was a fool by trusting that code access meant good code!

@Ultrajamz

Жыл бұрын

@@pepeshoppingthing is steve is one man. Bitwarden is open to every security expert to look at 24/7

Thank you.

can i just say, i love the end dance

End dance hype! 👯

I really like your videos Naomi!

What about apple’s keychain? I don’t know if I missed a video but how secure is it? How does it share passwords? How does it work? Because convenience wise it’s amazing, it auto syncs, creates passwords, alerts you if your password has been breached, uses AI to tell you if your password is weak and all that kind of stuff. But not knowing how it works I’m really going head first into their “password manager”

@CaroAbebe

Жыл бұрын

The keychain doesn’t appear to be the problem. However, lately some iPhones got stolen in the US after someone watched the owners put their password in to unlock the phone. If anyone gets hold of the password to unlock this means the keychain is theirs as well. As a result, quite a bit of money got stolen from each individual victim. A secure third party password manager adds an extra layer of security due to the fact that you need an extra password access to the password vaults. And some offer additional features such as an extra secure key.

While I like the content, I'm especially glad I stayed to the end!

@NaomiBrockwellTV

Жыл бұрын

🤣🤣🤣

Thanks Naomi for all your great content. Can you please further explain the advice on not using the auto fill? Aren’t all password managers actually for that to faciliitate auto fill password?

@NaomiBrockwellTV

Жыл бұрын

There are different kinds of autofill. Many password managers will auto configure to automatically fill in form fields as soon as you go to a page. Instead I recommend the option where you have to click on the form field first and select what you want to fill, there's less chance of something malicious happening. It's still "autofill" but requires an action from you first.

@MaxBob24

Жыл бұрын

@@NaomiBrockwellTV Got it. thank you so very much, Naomi!!

I have used a password manager for many years however, I have known the one I use is not 100% secure since it has had multiple breaches. I don't store any passwords for financial accounts in it as a result. I do store most everything else as I have several hundred passwords being that I work in IT as a medical imaging researcher and as a the head network administrator. For the financial accounts I store these on a sticky note that I keep attached to a ID card (that does not need to be used ever) in my wallet. When I need these passwords they are near me. And for added security they are just the passwords with a small 2 letter code to help me remember which password is used for what. It would be highly unlikely for someone to decode even if they stole my wallet.

I'd like to see the same analysis on hardware password managers such as Mooltipass. Compared to software password managers they seem to be more secure. Are they?

Great videos, can you say how does Apple key chain rate as a password manager.?

You dont know how much i have waited for a video like this!😄 Ive used KeepassDx on my phone and one day i saw the file with all my passwords missing.. I suppose i might have deleted it by accident but i really doubt that.. Luckly, before knowing anything about privacy i stored some of my passwords on SamsungPass and they are still there, some of them.. Every since that incident im inclined toward using a cloud based PM but i feel like an offline PM would be a better over all privacy choise.

Thanks for the dance, actually good food for thought.

Regarding the time to crack a password...the time examples you've used should be considered the maximum time a password of certain length with a certain encryption will take to crack if every option is iterated through...it should not be considered the time to crack but the maximum time it could take....it is possible to crack extremely complex passwords in a very short period of time, even on first guess (although unlikely but still possible).....again proving the point you've used as to why password managers should be used

@NaomiBrockwellTV

Жыл бұрын

good point

Excellent