Your Secure Life Podcast (7 Part Series)
Hey, what's up, Garrett here.
Today we're talking about password managers because this is probably the bare minimum you should be doing and it's often misunderstood.
There are some objections that people might have to this that are unnecessary. The fact of it is: everybody should have a password manager.
That's the bare minimum you should have.
There's quite a few out there. In fact, I did some research just to see how many were out there and I don't think I found them all but the list that I did find, there was:
- Norton Password Manager
- Password Keeper
- Zoho Vault
- Chrome's password manager
- Password Safe
- Password Vault
- Bit Warden
- Keeper Password Manager, which maybe is the same as Password Keeper? I don't know
- Password Vault Manager
- Windows Password Manager
- iCloud's password manager
- Trend Micro Password Manager
- Samsung Password Manager
- Myki Password
- Kaspersky Password
- Avira Password Manager
How do you decide which one you're going to use?
Honestly, you just gotta go with one of the big three.
People will probably argue with me.
We're going to go through each one individually in that order because these are the ones that you're going to want to look at.
We're going to talk about the features, the benefits, the prices. Not all of them are free. Some of them are more convenient than others.
First, let's get started talking about why you should not use iCloud's password manager or your browser password managers.
First of all, these password managers, they're not very secure. They're not super secure. They're a little lacking.
One of the reasons why browser password managers are lacking is because it's not really their full business. It's just a part of their business.
And the same thing with iCloud, or Windows, or maybe Samsung if it's in your phone.
These are only a small portion of their business and that means they're not dedicating their entire work time to it.
For most reputable companies, it's really important to have safe customers.
When you're balancing between a lot of different aspects to your business, you're gonna dedicate less to other things.
For example, if you're Chrome or Firefox or Opera, or any other browser for that matter, your main focus is on a working browser.
Secondary to that would be things like ad blockers, password managers. There's also going to be support for extensions and plugins.
These are all things that are going to put password managers a little bit lower on the priority list for these companies .
If you go with a company such as LastPass, or 1Password , or any of the password manager specific companies, that's their whole business. Their entire business is on storing your usernames, your passwords, sometimes other things like credit cards.
All of that will be stored andit's going to be a lot better because that's their whole business and they're going to focus on you.
Another benefit to going with a password manager specific company is that you can take this with you anywhere, forever, for the rest of your life.
Assuming the company doesn't go out of business. I don't really see that happening with any of the major players.
One of the problems with switching platforms is taking your passwords with you. A lot of them do have easy exports and imports but you can't rely on that forever .
Let's say you're using Firefox and you decide you want to switch to Safari. Or you're using Chrome and you want to switch to Firefox.
You have to hope that these export and import properly.
If you go with a password manager that is just a password manager, like 1Password or KeePass or LastPass, they work on any system.
So you can just open it on that system and all your stuff is there.
You can switch systems in the future.
You can go from Apple Computers to Windows computers to Linux computers or whatever you need to switch to.
And you'll always be able to access that stuff because you're not locked into a specific platform by using their password managers.
Let's get talking about password managers in specific.
I want to talk about LastPass first.
LastPass is what I use for a majority of my stuff. A lot of my general online stuff uses LastPass and the reason why is because...Honestly, I started with it for work many years ago and the way it works sharing passwords within an office is just extremely convenient and it's very affordable.
I ended up just sticking with it for a long time because that's just where everything was. Of course, I can move it all but I just haven't yet and LastPass has been good to me.
I also like their authenticator for two-factor authentication. That's something we'll talk about in a future podcast; we'll also talk about it later in this one, but only briefly.
It's just been really convenient for me, and so I've been using LastPass.
This isn't sponsored by LastPass or KeePass or 1Password. This podcast isn't sponsored by anybody. So, I'm not trying to harp on any specific one. I'm just sharing with you the ones that I have found to be the best or at least the best for me. You can do your own research and look into these but these are pretty much the most popular.
With LastPass, the pricing model is pretty good. The free level is probably all you need.
There's a premium level, which has better sharing.
There's a family level, which gives you multiple users with sharing and stuff like that.
And then there's business levels if you need to handle whole businesses.
If you're just a family, the family one's really great. Especially if you have kids.
One of the things that I really like about LastPass sharing is that you can share a password with someone without showing them the password.
They can still drop it into forms by using LastPass plugins in whatever browser they're using, but they can't see the password.
So you can allow them access but not allow them to see a password. You can also revoke that access at any time.
If you have kids that you want to have access to things, you can do that, and because they don't know the password,they can't share it.
You keep it locked in your family that way, but you still have access and you can revoke their access to it if you need to.
Generally, I think it's kind of a jerk move, but you could theoretically control your kids accounts that way and ground them from accounts by not letting them have their passwords again.
I think that's kind of a jerk thing to do. But you know, you're the parent. If that's what you want to do, that's what you want to do.
Another cool thing about LastPass, and this is something that you'll see in pretty much all password managers,it has a really great random generated password creator and I really enjoy this.
I not only use their password generator for my passwords.I also use it for my usernames, which in another podcast in the future we'll talk about why you should randomly generate your usernames as well as your passwords.
You definitely want to be randomly generating passwords. You want them to be as long as you can possibly get them to be accepted into a website.
Some websites will keep you under 8 characters. I think the original Xbox. Maybe the Xbox 360 to login to your Microsoft account it requires a pretty short password and I can't even get onto my Xbox 360s Microsoft Live or whatever they call it now because my password is longer than that and I can't type it in on the Xbox because the Xbox limits you to a character limit.
Fortunately, most websites and apps and stuff are getting past that but not all of them. I tried to sign up with TikTok the other day and apparently my 32 character password was too long.
So I didn't sign up with TikTok.
You can shorten it and lengthen it using their password generator and you can make it easy to say.
I use easy to say and easy to read and then I put only lowercase for my usernames.
Then for passwords, I put it on all characters, I put uppercase, lowercase, numbers, symbols, everything that it will let me, I will do.
I will sometimes put them at 99 for the password length if it will accept it. If an app or website won't then I'll start shortening it down. I try to keep it at 32 at the minimum but like I said some websites and apps need something shorter than that.
Either I don't sign up for them or I just go ahead and do it and just roll my eyes.
Another great thing about LastPass is storing things like your credit cards.
Some people don't feel comfortable with this but I do because again, this is their business. Their business is to keep you safe, and I just find it to be very safe and and well done.
It also makes it really convenient because I don't have to put in my credit card manually, which is annoying.
And also, pulling it out of my wallet, which is in my backpack. Probably.
Or somewhere else, especially if I'm here in my messy office, where I don't even know where my wallet is.
It's probably in my backpack.
I would have to go find it. It's just a pain in the butt. I don't want to do that.
That's all the features. I mean, there's a lot more features, but that's all the features I really wanted to go over in LastPass.
The next one I want to talk about is 1Password
1Password has all of the features that I just listed for LastPass. It really does. It has all of those.
It's got family pricing. It's got business pricing. It is a little bit more in pricing than LastPass. But it has document storage, which is nice. You get 1 gigabyte for the lowest level and you can get more gigabytes for higher levels.
1Password also has travel mode.
I want to go over travel mode a little bit because travel mode is really cool.
Travel mode with 1Password is really cool because basically it makes it so that you can't access your own stuff, nor anybody else when you're traveling.
This is particularly goodfor crossing borders.
We all know that nowadays crossing the United States border, as well as I'm sure other borders, border patrols and TSA agents and whatever you want to call them are checking our phones.
They're checking our computers. They're checking any electronic devices we have.
That kind of sucks. Not very cool.It's not right
People are being picked especially if you are not white, or maybe it has to do with your job such as being a journalist.
I know that journalists are being searched.
They're just going through and looking for this stuff.
What you can do is you can set up different vaults with different things.
Then you can set it so that when you're traveling you go in there and you basically lock yourself out of your vault.
Then you can't access that fault while you're traveling.
The TSA agents can't access the vault because you can't which means they can't get into your accounts and look at things.
Everything is locked and you have your plausible deniability because you can't get into it.
You physically cannot unlock it for them.
It's not only locking you and them out of it. It actually removes it from visibility.
You can't see it.
They can't see it. They don't know that it's not there.
Unless they're savvy with 1Password, in which case they still don't know. They are just assuming.
That to me makes 1Password waybetter than anything else.
If that is something that's important to you. If your job involves travelling across the border. Or maybe even just traveling within a country, if we ever reach the point where our phones are being searched just in regular travel. You have this option and if that's the case, then I would absolutely recommend 1Password over LastPass.
The third password manager I want to talk about is KeyPass.
KeyPass is where I keep all of my really important stuff.
I know I told you that I use LastPass for most of my stuff and that is true.
In KeePass I keep most of my really important stuff such as: banks, access to my doctor's accounts.
Anything that's really really important is stored in KeePass.
The reason why is because KeePass is not cloud storage.
With LastPass and 1Password, you'll be able to store your stuff on the cloud. You can access it across many devices. You can do that with KeePass too, but you have to store it in your own cloud.
The way KeePass works is it's open source software that allows you to keep a vault as a file on your computer, on your phone, in your cloud, wherever.
I personally do not keep my in the cloud. I keep it on the hard drive of my computer and I keep a backup somewhere else. And I'm not going to tell you where it is.
This vault has all of my important stuff: my most important information, my most important passwords, and some other stuff that I keep stored in there because it's just so much safer.
The reason why it's so much safer because it's not on the internet. You have to have physical access to my device to get it and even then it's still encrypted. It's still got its own password.
You still can't get into it unless you know these things. That, to me, makes KeePass one of the most secure password managers you can possibly have.
Luckily, I can put it in my cloud and send it to other devices if I need to be able to access it that way.
Because I'm a little bit paranoid and more secure conscious than most people, I don't even put it in the cloud unless I absolutely have to.
If I do it's encrypted within an encrypted zip file and then sent that way and then delete it as soon as I can delete it.
That just makes KeePass really important to have.
So, if you need that level of security, I highly recommend KeePass.
There's other ones. There's KeePassX as well.
I'm not 100% sure the difference between KeePass and KeePassX.
I've been using KeyPass for quite a few years. It's been good to me, and that's the one that I've used for this stuff.
It's open source. It's OSI certified. It's completely free forever, as far as I know.
It's been vetted. People have looked at the open source code and they've seen it and said, "hey, this is safe. This is secure. This really encrypts your stuff. It really stores your stuff in a good way."
That's at KeePass.info.
I'll be putting links to each of the password managers that we've talked about: LastPass, 1Password, and KeePass, in the show notes, which you can get to at YourSecure.Life/1 because this is the first episode.
I don't think I mentioned that earlier. By the way, welcome to the first episode. Happy to have you here.
Now that we've gone over the three main password managers that I recommend, I just want to go through a couple misconceptions.
Some people say, "well if I keep all my passwords in one place like a password manager, isn't that a single point of failure?"
By definition, yes, but it's not a single point of failure because you should be using something called two-factor authentication.
All of the ones mentioned allow two-factor authentication.
You should be using two-factor authentication. To get more into detail on what that is and how that works I'm going to dedicate an entire episode to that.
There are four main ways to use two-factor authentication.
The first one is having a one time use code sent to your email. Another one is sent to your phone.
I do not recommend these two.
The reason why is because if someone compromises your email, or your phone through sim swapping, then they can reset your passwords and get access to two-factor authentication that way and that sucks.
Other options are: an app that is dedicated specifically to two-factor authentication.
LastPass has an app. Google has an app. Zoho has an app.
There's lots of them out there. As well as open source ones, free ones.
There's also physical keys that you can get, such as the YubiKey, and that's something that I use as often as possible.
That one they have to have the physical key in their hand.
It goes into your USB or they have one that you can plug into your lightning port on your iPhone.
That's super secure because you literally have to have the key to plug it in to get access to stuff.
You can't get into my LastPass without that. You can't get into a lot of my stuff without having my YubiKey.
Getting into a lot of my accounts without that is near impossible.
The other common misconception we basically already touched on but let's touch on it again. It's not trusting the vendor.
First of all, go with a vendor you do trust.
We know that 1Password is a reputable company. They've been around for a while.
We know that LastPass is a reputable company. They've been around for a while.
We know that KeePass is reputable because it's open source software. It's been vetted and you can see lots of major security people use it.
We know that these are trustworthy.
We also know that iCloud is trustworthy. Although I'm still going to recommend you don't use that.
I recommend you don't use Firefox has because they're also trustworthy but these browser ones. I've already given you reasons not to use them.
You want to go with these companies that are dedicated to password management because that's their whole business and they're putting everything into making sure that you are safe.
If they're not putting everything into it, because they do have other stuff,at leastthat's their main priority. That's what they're focused on. That's what's going to have the most man-hours on it.
All right. I think that wraps it up. You can find me at YourSecure.Life.
You can check out the episode transcripts. There's going to be a video if you'd like to see my messy office. There's also show notes with links to anything mentioned.
This podcast isn't sponsored by anybody, so if you could please share it around that would be great.
If you know anybody who could use this: please, please send it on to them.
We do not intend on ever taking sponsors. I don't like commercials myself.It's so annoying when you're listening to a podcast and you have to skip through commercials.
It just sucks.
I don't want commercials. I'm not going to have sponsors.
The best way you can help is to help spread the word.
Again, YourSecure.Life has everything you need to get in touch. Or to re-experience this podcast
I will see you next week.
Sometimes stuff pulls the wool over our eyes and gets us. Sometimes our information gets out there other ways (like through breaches). We can minimize the damage with just a few actions. Get the free 5 step guide to clean up your digital footprint.