Technology
72 TopicsChoosing Password Management Software
If there’s one problem we all experience, it’s having too many online accounts and passwords to remember. To solve this problem, we’ve developed a very bad habit: using the same passwords all the time. But there’s a much better solution: using a kind of software called a password manager. By Marc-André Gagnon, information security specialist. The way a password manager works is that you enter all your passwords into a database that itself is highly secure—a kind of digital vault. There are two kinds of password managers: local and cloud-based. Local password managers Local password managers save your passwords in a local database on your own computer. Your information never leaves your computer, and you are responsible for backing up your database manually at regular intervals. The two big players in this category are KeePass and Password Safe. Both of these software packages are open-source and free. KeePass for Windows was audited by the European Commission's EU Free and Open Source Software Auditing project (EU-FOSSA) in 2016, and no critical vulnerabilities were found in it. This represents a good guarantee that the source code is free of any major flaws or “back doors”. Because both KeePass and Password Safe are open-source, there are dozens of clones and derived versions of them, for all platforms (Windows, Linux, iOS, Android). But you have to be careful, because these clones do not provide any guarantees against vulnerabilities. If you’re concerned about security, use only the official versions. Local Password Manager Price Platforms KeePass free Windows (Linux/OSX: use the KeePassX clone) Password Safe free Windows Cloud-based password managers Cloud-based password managers save your database of passwords in the cloud. They represent an interesting compromise, in terms of ease of use and security. If well implemented, cloud-based password managers are considered secure and offer some additional benefits: they support all browsers; they let you access your passwords on all your devices at any time; they let you share certain passwords with other users, such as your spouse or your children; they let you monitor attempts to access your account, define trusted devices, and so on; some of them let you define an emergency contact who will be able to access your password database if anything happens to you. Like all other cloud-based services, cloud-based password managers charge an annual fee (although LastPass does offer a worthwhile free version). Cloud-based Password Manager Price Allows two-factor authentication? Platforms LastPass free or $US 24 per year Yes Internet Explorer/Edge Mozilla Firefox Google Chrome Apple Safari Opera 1Password $US 35.88 per year No Chrome Firefox Safari Opera Dashlane $US 39.99 per year Yes Internet Explorer Chrome Firefox Safari Can the software provider (or a hacker) access my passwords? The provider cannot read your database, because it is encrypted with your master password. All of the encryption and decryption operations are performed locally on your own computer, and your master password is never transmitted to the provider in any way. If this complex technology is properly implemented in accordance with best practices, it is considered impossible for the provider or potential hackers to decrypt your passwords without your master password. Essential advice Choose a master password that is complex and unique. Try to have 15 characters or more, including letters, numbers, and special characters. This password is going to protect all your others, so you can’t afford to be lazy! One good method is to use the first letter of each word in a sentence that will be easy for you to remember. For example, you could set your master password as “ta12aitb, ok?” and remember it with the sentence “There are 12 apples in this bag, OK?” For more details on this method, I recommend anarticle by Bruce Schneier. You’ll have to remember your master password, because there is no way to recover it. Some cloud-based password managers may offer options to make it easier to recover, but these options are still limited, because the provider can’t decrypt your information and doesn’t know your master password. Activate two-factor authentication For cloud-based password managers, two-factor authentication involves associating your account with your smart phone or other smart device (there are other options as well). Once you activate two-factor authentication, you will be allowed to access your database only if you enter your master password AND you demonstrate that you have physical access to the smart device that you have associated with your account. Thus, even if your password is compromised (by a virus, for example), the attack will be blocked by a second factor. I think this is the best way to make your account secure with the least effort. By the way, that’s true not just for your cloud-based password manager but for all your other cloud-based accounts—Google, Apple, Facebook, Microsoft, Amazon, etc.!8.2KViews0likes1CommentOK Google – Six Months Into Our Relationship
For the past six months, my family and I have been testing Google Home, an intelligent personal assistant for your home. It’s like a smart, internet-enabled speaker that responds to voice commands. Still not clear on what it does? Imagine if your Siri, Cortana or Google Assistant jumped out of your phone and into a speaker in your house. The device itself looks unobtrusive, like a decorative vase or candle with a fabric finish around the base. But inside there are two microphones and speakers, allowing the device to hear you and talk to you. The top portion is a smooth, touch-sensitive surface that allows you to control the device with touch commands. Configuring Google Home is easy and takes just a few minutes using the application. Then you’re ready to give instructions or ask questions starting with “OK Google” or “Hey Google”. The Google Home has been available in the United States since November 2016, but the French-Canadian version came into my life last June, just days before my second child was born. The device proved very helpful while my hands were busy prepping bottles, changing diapers or cuddling my little bundle of joy. Since Google Home is compatible with various applications and services, I found it easy and practical to ask it to “play some U2 songs” or “play my list of Baby #2 songs.” The Google Assistant does this by accessing my Spotify or Google Play accounts. It works the same way with radio, because Google Home is compatible with Tune In. It goes without saying that the Assistant “speaks” with ease to Google Chromecast, meaning I can use my accounts to watch videos on line. Since I did all these entertainment operations using voice commands, I never had to dangerously juggle my newborn and smartphone. For my other child, who is three, Google Home is a source of information, a learning tool and a jukebox. She and I are both amazed by the educational games available through Google Home. For example, our family has had tons of fun taking quizzes in which each family member has to answer questions asked by Google Home. These days, people rarely gather around audio devices with no screen. My daughter also enjoys learning more about real people and fictional characters by asking Google Home “Who is Santa?” or the less-cute “Who is Donald Trump?"An easy way to keep kids like my daughter entertained is by asking Google Home what sounds animals make. Listen for yourself: Wondering about Google Home for grown-ups? I mainly use Google Home to play music. Paired with my Spotify account, the Google Assistant plays all my special requests and the sound quality is surprisingly good given the size of the device. It won’t get a party started in a school auditorium, but it does a really good job for a large room in your house. Also, Google Home is connected to practically all the other information in my Google accounts. I can use it to check the weather, events in my calendar and traffic. It can even set a timer or calculate how long it will take me to get to work. I recently started using it to place calls and to control my recently purchased smart lighting systems. I should clarify the version of Google Home I use is not a French translation of the U.S. version. It’s a decidedly Quebecois version. The device understands my accent and even uses some regional expressions. In fact, the team behind its development taught it some pretty funny answers—the sort of thing that will make your French-speaking friends chuckle when they come over. If you set your user settings to French Canadian, try out these commands: OK Google… Quelle est ton équipe de hockey préférée? OK Google… J’ai un garage, un gros garage. OK Google… Chante-moi une chanson. OK Google… Dis-moi une expression québécoise. Checking my Google Home usage, I learned that 70% of my requests were for music (or radio), 15% were for weather, 10% were for my agenda, and 5% was for miscellaneous (games, quizzes, animal sounds, general queries, news headlines, etc.). Intelligent personal assistants may still be a curiosity, but they’re sure to become mainstream in 2018. The French-Canadian version of Google Home isn’t as versatile as the U.S. version, but with updates, there will be more and more services for us too. Already, I feel that Google has given me a head start. What about you? Are you interested in trying this type of assistant?3.6KViews0likes0Comments