Aye, I have this argument with our security team. Make the password requirements good and hard and then scale back the expiry to once a year. If you have good complexity, more than once a year is silly (barring actual hacks and leaks and whatnot).
Although the security team maybe hampered by the Active Directory setup which is always a pain in the arse, particularly when finding decent AD architects is incredibly difficult, and then finding an AD security expert to adequately check and test the setup and determine where the issues lie that prevent a unified approach.
Thankfully, these situations are rare, though.
How does it all work if you have multiple accounts for things? And use more than one browser but different logins for different accounts on each browser?For those asking or thinking about password managers, I can't recommend one enough. I used to use Lastpass but changed to Bitwarden when Firefox changed to Web Extensions and Lastpass stopped working. They're both equally as good and I'd recommend either.
I guess because Lastpass has been hacked (twice I believe), then you might think Bitwarden is a safer choice, but as Chz said up thread, it doesn't matter much.
When I first met my girlfriend I was so sick of her complaining about forgetting her password. It was constantly. Daily. Not the same service, but whatever she happened to need that day and hadn't used in a while. She's not that IT literate so going through the process of reseting her passwords every day or so was really getting to me. I was banging on about password managers for ages, but she resisted. I did too. I didn't think I needed one or didn't see the point. And there are times when they are slightly annoying*, so it's not all good.
But, she got the password manager. And we had a couple of weeks of her asking how does she get x or why doesn't y show up. But then...silence. She's never forgotten a password since, because she doesn't even know what they are. Just like me. I don't know what my Google password is, but I use it every day. It's irrelevant now.
A couple of weeks ago, she was on her laptop doing stuff while I was playing on my phone, and she suddenly said, "You know, Bitwarden has changed my life. Seriously"
I just laughed, tbh, but I understood what she meant.
As well as not needing to know what the password is, the other features that make them good are:
You can share passwords on Bitwarden's paid service. So if you and your partner have a bills account say, and it's in one person's name. You can just share the credentials inside Bitwarden. Now you both have it. If one person changes the password, it's updated for you both.
You can choose arbitrarily complex passwords to meet the requirements of whatever service you're using. Like Google might allow 32 characters, containing spaces, special chars and numbers and letters. But BT might say you can only have 16 and no special chars. etc. When you sign up to a new service, Bitwarden (and Lastpass, IIRC) asks if you want to generate a new password. You set the length, tick the box next to uppercase, tick the box next to special chars, etc and it makes one for you and saves it. It'll remember your option for next time, so you only need to adjust this if you come across a crappy site that doesn't let you have the strong password you want. Most of mine are 20 characters of random nonsense.
Another thing that puts them above browsers is that the passwords are stored on a website that is accessible from any device. So, with Firefox Sync, for example, if you don't have a Firefox browser handy, you can't access your passwords. I don't think you can access them if you're on someone else's computer, either. Whereas I can go to Bitwarden.com and log in and all my passwords are there. I think Apple lets you do this with Keychain, but only from an Apple device, so you're stuck again if you're on Android.
Also, I have all my credit cards saved in Bitwarden. When I go to buy something, I auto-fill the cc field as if it was a password. It's all encrypted on Bitwarden's services, and encrypted locally, so I have no fear about this. My password is very long and is required every time I have a new browser session - even if I stay signed in to the browser.
This all sounds like an ad, I know, but seriously, it's one of the simplest ways to improve your security and it actually makes your online life a little bit more convenient at the same time. And it doesn't have to cost you anything.
*The annoyance is when I have to type my password into something like a TV and it's 20 characters long, and I have to keep switching between different on screen keyboards. Samsung TVs have the worst keyboards I've ever used in my life
This is a completely different topic to password management, IMO, but Firefox has a great feature to handle this situation - container tabs.
This is a completely different topic to password management, IMO, but Firefox has a great feature to handle this situation - container tabs.
Basically, each tab can run in its own isolated environment, which means you can be logged into, for example, different Google accounts on the same browser at the same time. I use it for work, as I mostly use Google docs for work, but never YouTube, Gmail, etc. So I have it setup that whenever I go sheets.google.com, my "Work" container opens and I'm already logged into my work Google account in the new tab. If I go to youtube.com, it automatically opens in my "Personal" container and I'm logged into my Gmail account.
You can also override this on an ad-hoc basis, by right clicking the link or bookmark, and selecting which container you want to open it in. So if I ever did want to view Youtube on my work account, that's easy to do without messing up my container automation.
Another benefit of this is you can have Facebook in its own container, and only login on the Facebook container. That means you can click links and they open with you already logged in. But if you're on another other site, you're not logged in, so FB can't track you with it's Like button and embedded pixels.
It's a great feature, and not that well known.
For you Epona, password managers can easily have more than one login, sure. I can't remember how LastPass works, but for Bitwarden, it's does a lookup of the URL and compares that with your password vault. If there's a match, it offers to log you in. If there's multiple, you just choose the one you want at that time.
I just checked and I actually have 7 Google accounts. One personal, and various work ones, and some for the clubnight I run. When I go to Google, if I wasn't logged in, I just click the Bitwarden button, and the 7 logins show up. I click the one I want and it auto-fills the username and password for me, just like any browser autofiller.
For multiple browsers with different logins for each you could handle that by renaming the login. Here's my urban login, for example:
View attachment 409035
So if I wanted to login using my firky troll account when on Chrome, but stay as fez909 on Firefox, I can add a second login and change the "Name" bit so I know which one to use. Now, you can manage your cross thread beef really easily without detection. Just go to urban, open Bitwarden and you'll see all your accounts. Select the one that matches your persona and browser for that day, and continue your mission to piss everyone off.
View attachment 409036
So, it's not automatic...but it's easy.
For games etc, it's not quite as handy. There are plugins for all the major browsers to handle web stuff, so that's no problem. And I have an app for Android that detects when I enter a password field on almost every app, and then I get a popup asking if I want to use Bitwarden to fill it. It takes me out of the app, but it's pretty painless. Then I copy the password from the Bitwarden app, press back and paste into the app I'm trying to login to.
For desktop apps, it's not as good. You will have to switch to the browser extension or website, search the vault, click the copy password button and switch back to your app. It's definitely the worst thing about password managers, but it's actually not a big deal. It was this that stopped me using them for years, and then when I finally did switch, I found it wasn't that much of a problem.
I think you'd definitely benefit from container tabs on Firefox, assuming FF can run your games (I find it's slow for some JS stuff). Everyone would benefit from a password manager
The other day I was talking about security with my grandson, he was wary of giving bank details. I just stopped myself from saying 'Have you never written a cheque?'.
"And if you'll just confirm your signature with the three-digit code on the back of your credit card ..."The other day I was talking about security with my grandson, he was wary of giving bank details. I just stopped myself from saying 'Have you never written a cheque?'.
The other day I was talking about security with my grandson, he was wary of giving bank details. I just stopped myself from saying 'Have you never written a cheque?'.
My data has been breached twice according to pwned, in 2019 and 2016. So far nothing too nasty. It's worth being cautious with passwords and having a different password for your email and more sensitive stuff for sure. I use the same generic passwords for most other websites but maybe dont copy me on that
www.independent.co.uk
As highly possible as it sounds, this was piss poor reporting from the Indy and it was only a thought experiment.Millions of hacked toothbrushes could be used in cyber attack, researchers warn
Army of infected devices could cause millions of euros of damage
