🔐 How vulnerable are you: managing complexity
The key difference between complex and complicated systems is simple; one is a sophisticated orchestration, the other, obstructively awkward.
My previous article explored the guaranteed risks inherent in weak or absent password practices. While we wait for those who haven't yet read it do so, let's enjoy this educational video of John Cleese explaining human brain function, because: John Cleese.
So, now you're wondering "How am I supposed to remember let alone use 10's or 100's of unique passwords like 0MGHowAmISûpp0s3d2R3m3mb3rTh!s?
The answer is simple: you don't. Let a computer encrypt, decrypt, store, and retrieve complicated data like that. That's exactly what they were invented for.
Image courtesy of Pixabay
Encrypted Password Storage & Retrieval
If you're put off by the thought of using multiple unique and complex passwords and you own crypto-currency, guess what? You're already using unique and complex passwords all the time, in the form of wallet addresses. I won't explore PKI here, that's a discussion for another time. The fact is, you already use at least one tool to store secure authentication data in an encrypted form and decrypt it for use later. That tool is your wallet, be it Exodus or BTC Core.
You're already half way there, just apply the same principles of complexity and security to your other systems of authentication.
How? I'm glad you asked...
Introducing: KeePass Password Database
For starters, by now you really should be using a secure, encrypted password management system, like KeePass for example, which we will look at now.
KeePass interface images, courtesy of Dominik Reichl, developer
KeePass is an award winning, OSI Certified open source, free, light-weight, actively maintained, and easy-to-use password manager that stores data in a proprietary 256-Bit (AES, Rijndael + Twofish algorithm) Encrypted database using SHA-256 one-way hash for the master password which output is in turn used as key for the encryption algorithms. There are as yet no known attacks against SHA-256.
What's more, KeePass utilises Process Memory Protection to maintain encryption of your passwords while KeePass is running and even when the operating system dumps the KeePass process to disk, ensuring your passwords aren't revealed. KeePass goes even further in it's mission to safeguard your private data by employing session key encryption (Protected In-Memory Stream) when loading the inner XML format. That's just the summary of KeePass security implementation, read more here: http://keepass.info/help/base/security.html
- Strong Security
- Multiple User Keys
- Full Installation and Portable no-install options
- Export To TXT, HTML, XML and CSV Files
- Import From Many File Formats
- Easy Database Transfer
- Support of Password Groups (folders & sub-folders)
- Time Fields and Entry Attachments
- Auto-Type, Global Auto-Type Hot Key and Drag&Drop
- Intuitive and Secure Clipboard Handling
- Searching and Sorting
- Multi-Language Support
- Strong Random Password Generator
- Plugin Architecture (full & extensive list of plugins)
- Did we mention KeePass is OpenSource and anyone has full access to its source code for inspection/verification/contribution? Yes? Good. That is A Very Good Thing™.
But wait, there's more, to top it all off, KeePass even supports multi-user access and handles synchronised merging of changes (v2.x only, no steak knives included in offer, sorry) so you can even store the credentials database in shared storage for anyone you wish to grant access.
Two major branches are available for download: Classic Edition and Professional Edition. The two versions are available because:reasons, but the TLD;DR: is, generally speaking, get the Professional edition, unless you particularly hate .NET and don't care about reduced encryption options of the use of plugins, of which there are legion.
KeePass can be used to secure any form of authentication, not just username/password combinations, but also credit cards, crypto wallets & addresses, bank accounts, passport details, etc, et al. Entries even support file attachments so you can add QR codes or scans of drivers licenses etc.
ℹ️ For any questions or issues you may have, extensive help and support is available in the site forum: http://keepass.info/help/base/index.html
Cross Platform
Contributed & Unofficial KeePass Ports have been produced to support many platforms/environments, which I won't cover in total here, instead refer to the KeePass download page, but here's a brief list:
- Android
- Blackberry
- Chromebook
- iPad
- iPhone
- Javascript (web server & offline)
- Linux
- Mac OS X
- Palm OS (yes, really)
- Web servers (serving to front-ends)
- Windows Phone 7 / 8.1
So you should be pretty well covered no matter which system or environment you wish to run it under.
Additionally, mobile device ports of KeePass that I have used are able to directly open a web resource listed for a given entry so you can access the site then tap to supply username and tap to supply password. Neat-o...
Combined with the Favicon Downloader plugin to grab any given site's icon this makes for an easily recognisable method of accessing secure services on the go using a mobile device, even if the password is ktvy%*V5ubtj9biVY8$*%)YRB8iovutBITu954
Cross Device Database Sync/Sharing
Now that you have a collection of unique and complex passwords locked up in a secure and encrypted database requiring only one master password (& optionally a key-file) to access the contents, this part becomes quite easy to achieve.
Go right ahead and store the *.KDBX database file in your favourite cloud storage service, be it Google Drive, or Dropbox, or OneDrive. Whether you completely trust the service provider, be it today or tomorrow when their policy or ownership changes, your private data will remain private, provided the master password is Su!t@blyL0ng&C0mpl3x!
ℹ️ For best and most convenient results I advise managing the *.KDBX password database from your main computer, where it is easier to enter all the data for each entry, acquire favicons, etc, then use the database from your mobile device.
⚠️ A word of caution: in my experience the *.KDBX file synced to your Android or iDevice will not automatically update when changed, you will need to open the cloud storage app on your device, navigate to and open the *.KDBX file to download a fresh copy.
Where's E Z Mode?
Too much work for you to create a secure database of authentication credentials with a master password and share it to devices via cloud storage sync?
Yes.
Ok, well there's a more turn-key solution available that also supports encrypted credential storage in a cross platform solution with auto-fill features etc etc just-tell-me...
In the next post I publish. Stay tuned.
While KeePass is completely no-obligation free, you should consider donating to the KeePass cause, because if it helps you then supporting it is a positive feedback loop that can only serve to strengthen you, and all of us.
^vote, resteem, and comment below. Considerable effort has gone into researching, testing, and formatting for this article.
Congratulations! This post has been upvoted from the communal account, @minnowsupport, by neuromancer from the Minnow Support Project. It's a witness project run by aggroed, ausbitbank, teamsteem, theprophet0, someguy123, neoxian, followbtcnews/crimsonclad, and netuoso. The goal is to help Steemit grow by supporting Minnows and creating a social network. Please find us in the Peace, Abundance, and Liberty Network (PALnet) Discord Channel. It's a completely public and open space to all members of the Steemit community who voluntarily choose to be there.
Congratulations @neuromancer! You have completed some achievement on Steemit and have been rewarded with new badge(s) :
Click on any badge to view your own Board of Honor on SteemitBoard.
For more information about SteemitBoard, click here
If you no longer want to receive notifications, reply to this comment with the word
STOPyou are gifted and so a gift to most of us,kindly continue doing your good work,more blessings to you boss.
Thank you chuxlouis for that very kind comment, it encourages me to produce more meaningful, beneficial content. I hope the information was useful to you, if you think it may benefit others please consider resteeming.
Noted @neuromancer more blessings to u.
This post has received a 0.18 % upvote from @drotto thanks to: @banjo.
Thank you drotto, that's a very generous vote.
Will look further into this later... Really need to get a good way to help me manage my passwords safely....