Of Astrophotography and Cyber Security
Previous Post
Next Post
Nov 15
2012 in Cyber Security, Infosec, Tech, Privacy 0 Comments
Moophz's picture

Password Managers - The time is now!

Keeping it straight;

You daily deal with a limited number of passwords you easily memorize despite their complexity. But how about the other numerous ones you don't utilize on daily basis?
 

Your domain server? your hosting server? your SSH? your PGP? your other E-mail? your MSN? Forums? your FTP (never use FTP). All this non-exhaustive list disregarding the saved logins such as your Skype account.
 

How do you maintain all those passwords in a secured manner? Do you write them down on a paper under your keyboard? on a sticky? do you self-mail them? or do you simply reset them each time you login? Well none of the above!
 

As a Penetration Tester, I daily deal with other people's passwords. Each time I break into a server, I search for files containing 'password' - and this provides me god access over complete banks' networks. Password policies enforce complex passwords that people fail to remember, to avoid forgetting them, they write them down.
 

Briefly, passwords should be:

  • Complex (hard to guess)
  • Different (between accounts)
  • Periodically changed (for each account)
     

Passwords should never be:

  • Stored or written in clear text (neither file nor paper)
  • Shared with enyone else but you
  • Reused with different accounts (chaging the last two letters is not wise)
  • Sharing a pattern with other passwords (once compromised, all compromised)
     

One solution: Password Managers

Password managers are a software-based solutions, that help you to securely:

  • Store your passwords
  • Generate complex passes each time you create an new account 
  • Regenerate complex passwords periodically
     

Do not mistake Password managers with browser's integrated "save passwords" features. Browsers' password managers are rarely encrypting passwords. (Firefox exceptionally gives you a master password option, but doens't generate strong passwords).
 

There are many rising types of password managers solutions:

  • Host based (stored locally, on your mobile or computer) 
  • Cloud based (mainly non-web, can be synced and accessed from different mobile phones, computers and web)
  • Browser based (opens an iFrame within your login screen to insert your password on your behalf).
     

I will be providing no recommendation for there is no 'best solution' in IT and Security. Do your own research and pick the one that suites you the most.
 

لقِّحوا أطفالكم لا ينفع الندم

Share this:
912
Moophz's picture
About the Author:
I fix things that are not broken, I create things that do not exist, I break perfectly working unbreakable stuff

Leave a comment!

More information about text formats

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.

Social Media

 

Astronomy Picture of the Day

IC 348 and Barnard 3
IC 348 and Barnard 3