When you install software or take actions requiring admin rights, Windows will prompt you for an admin password to authorize the action. In most cases, you don't need to login under the admin account. Use of certain administrative tools will require actually logging in with an administrator account, but these are not part of day-to-day usage of the machine.softwaregeek wrote: ↑Sun Jan 08, 2023 12:16 pmShould not be an issue except installing new software or doing system recovery type stuff, where you may need to use admin account. Average user will rarely need admin privileges.DebiT wrote: ↑Sun Jan 08, 2023 11:53 amAssuming I add a new separate administrator account first, what are the ramifications of then downgrading my current account to standard? Would I experience problems or changes in how my current software runs? Or would it be the same experience as my current high UAC settings, but safer?
I really appreciate the advice here. This is what my late husband would have been able to answer for me, even though he didn’t necessarily set things up that way. On the other hand he’s not around to help me if I a virus gets through Norton, or if I brick my computer myself by getting too fancy with changing settings.
SoftwareGeek's Guide to Computer Security
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
No it is not. Challenge-response is a standard, technical term in the security community, and refers to a specific protocol based on public key cryptography in which no key or password is transmitted between user and service, and no challenge used in one authentication session is re-used in a later authentication session for that user (unless a new public/private key pair is established for the user). Password authentication does not meet these requirements.StrongMBS wrote: ↑Sun Jan 08, 2023 12:23 pmNot sure what this means since “password authentication” is a type of “challenge-response authentication”?Northern Flicker wrote: ↑Wed Jan 04, 2023 12:48 amBetter yet, ditch the password altogether. Challenge-response authentication is a robust protocol that replaces password authentication. Add a yubikey pin and if desired 2FA to that.StrongMBS wrote: Where usual FIDO U2F has the password as the first factor and the key as the second factor which allows your password to be compromised (FIDO U2F dirty little secret). They have the key as the first factor and your password as the second factor, maintaining security on your all-important master password if you are being phished.
Last edited by Northern Flicker on Sun Jan 08, 2023 7:02 pm, edited 1 time in total.
-
- Posts: 42
- Joined: Fri Oct 21, 2022 1:06 pm
Re: SoftwareGeek's Guide to Computer Security
I’m not by any means an expert on this, but I believe the idea of UAC is to provide the same security protections as running from a non-administrator account, without actually needing to create a separate account. I think the only difference you’d see is that with a second account, the UAC prompt would ask you for the password of the admin user, vs just “yes/no” if logged in with an admin account.
https://learn.microsoft.com/en-us/windo ... l-overview
https://learn.microsoft.com/en-us/windo ... trol-worksMicrosoft wrote:UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
That type of account is fine to use, and preferred to having to logout and back in as an admin user. For Windows today, it is the default behavior of a standard, non-administrator account.BoglesBeagle wrote: ↑Sun Jan 08, 2023 1:43 pmI’m not by any means an expert on this, but I believe the idea of UAC is to provide the same security protections as running from a non-administrator account, without actually needing to create a separate account. I think the only difference you’d see is that with a second account, the UAC prompt would ask you for the password of the admin user, vs just “yes/no” if logged in with an admin account.
https://learn.microsoft.com/en-us/windo ... l-overview
https://learn.microsoft.com/en-us/windo ... trol-worksMicrosoft wrote:UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
Re: SoftwareGeek's Guide to Computer Security
Does this apply to Win 11 Home with M365 Family? I am the primary administrator for the M365 family plan, and also Settings/Accounts shows I am logged onto my Win 11 Home desktop as Admin. Should I change something to take advantage of this, or is UAC for Win Pro and Server environments?Northern Flicker wrote: ↑Sun Jan 08, 2023 1:53 pmThat type of account is fine to use, and preferred to having to logout and back in as an admin user. For Windows today, it is the default behavior of a standard, non-administrator account.BoglesBeagle wrote: ↑Sun Jan 08, 2023 1:43 pmI’m not by any means an expert on this, but I believe the idea of UAC is to provide the same security protections as running from a non-administrator account, without actually needing to create a separate account. I think the only difference you’d see is that with a second account, the UAC prompt would ask you for the password of the admin user, vs just “yes/no” if logged in with an admin account.
https://learn.microsoft.com/en-us/windo ... l-overview
https://learn.microsoft.com/en-us/windo ... trol-worksMicrosoft wrote:UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
Re: SoftwareGeek's Guide to Computer Security
Most of the time nothing. What will happen is you will get the same UAC, but you have to type in the admin account password instead of just clicking ok. This has the added benefit of ensuring that you really want to do this. Just make sure you remember the admin account's name and password.DebiT wrote: ↑Sun Jan 08, 2023 11:53 am Assuming I add a new separate administrator account first, what are the ramifications of then downgrading my current account to standard? Would I experience problems or changes in how my current software runs? Or would it be the same experience as my current high UAC settings, but safer?
I really appreciate the advice here. This is what my late husband would have been able to answer for me, even though he didn’t necessarily set things up that way. On the other hand he’s not around to help me if I a virus gets through Norton, or if I brick my computer myself by getting too fancy with changing settings.
Some badly written software will flip out and not work properly. I find that these are generally really old programs written in the days when everything was admin and some children educational software.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
I have not used Win 11. On Win 7 and 10 for instance, when you create an account, the user account graphical tool allows you to configure an account as a standard account and as an administrator account. What we do is DW and I have admin accounts and standard accounts on all machines. We login and use the standard account, and escalate to admin only when required. This is a standard, best practice of system administration.stan1 wrote: ↑Sun Jan 08, 2023 2:03 pmDoes this apply to Win 11 Home with M365 Family? I am the primary administrator for the M365 family plan, and also Settings/Accounts shows I am logged onto my Win 11 Home desktop as Admin. Should I change something to take advantage of this, or is UAC for Win Pro and Server environments?Northern Flicker wrote: ↑Sun Jan 08, 2023 1:53 pmThat type of account is fine to use, and preferred to having to logout and back in as an admin user. For Windows today, it is the default behavior of a standard, non-administrator account.BoglesBeagle wrote: ↑Sun Jan 08, 2023 1:43 pmI’m not by any means an expert on this, but I believe the idea of UAC is to provide the same security protections as running from a non-administrator account, without actually needing to create a separate account. I think the only difference you’d see is that with a second account, the UAC prompt would ask you for the password of the admin user, vs just “yes/no” if logged in with an admin account.
https://learn.microsoft.com/en-us/windo ... l-overview
https://learn.microsoft.com/en-us/windo ... trol-worksMicrosoft wrote:UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
Some admin tasks, such as killing a process with the task manager, and some control center functions, do require logging in with the admin account, but many just require entering an admin password to escalate privileges for a particular operation, such as changing a Defender setting or installing/removing software.
- tuningfork
- Posts: 885
- Joined: Wed Oct 30, 2013 8:30 pm
Re: SoftwareGeek's Guide to Computer Security
@SoftwareGeek and other security experts: can you recommend other online forums for discussions about computer security issues? Would like to see broader security topics than what is discussed here, and am fine with it going deeply geeky.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
The Microsoft User Account Control (UAC) concept is how Microsoft implemented the current account behavior. It is not a useful concept to introduce into this discussion unless one wants to understand how the implementation works. From the perspective of securing your accounts, the useful conceptual framework (level of abstraction) is what is presented in the User Account GUI in the Control Panel.
If you go to User Accounts -> "Manage another account" in the control panel, it will prompt you for an admin account password if you are not logged in with an admin account. Once that is executed, you will see the accounts for the machine.
All accounts should be password protected.
There should be a named Administratrator account for each individual you wish to have administrator privileges.
There should be a non-administrator for each user of the machine, including those who have administrator accounts.
Microsoft has made it harder to create local accounts, which are my preference from a privacy perspective, but I'm not aware of a (non-privacy) security issue with using a microsoft.com account (which does not of course preclude the possibility).
Thus, we have 4 accounts for DW and me:
jack
jill
jack_admin
jill_admin
All are password-protected local accounts. The two with admin suffix are password-protected, local, administrator accounts.
That is the level of abstraction presented on the User Accounts screens of the Control Panel, and the best level of abstraction to use for Windows account security engineering.
Be sure to create new admin accounts and save passwords in password safes, with testing of the logins, before downgrading other accounts to non-administrator accounts.
If you go to User Accounts -> "Manage another account" in the control panel, it will prompt you for an admin account password if you are not logged in with an admin account. Once that is executed, you will see the accounts for the machine.
All accounts should be password protected.
There should be a named Administratrator account for each individual you wish to have administrator privileges.
There should be a non-administrator for each user of the machine, including those who have administrator accounts.
Microsoft has made it harder to create local accounts, which are my preference from a privacy perspective, but I'm not aware of a (non-privacy) security issue with using a microsoft.com account (which does not of course preclude the possibility).
Thus, we have 4 accounts for DW and me:
jack
jill
jack_admin
jill_admin
All are password-protected local accounts. The two with admin suffix are password-protected, local, administrator accounts.
That is the level of abstraction presented on the User Accounts screens of the Control Panel, and the best level of abstraction to use for Windows account security engineering.
Be sure to create new admin accounts and save passwords in password safes, with testing of the logins, before downgrading other accounts to non-administrator accounts.
Last edited by Northern Flicker on Mon Jan 09, 2023 8:18 pm, edited 2 times in total.
-
- Posts: 42
- Joined: Fri Oct 21, 2022 1:06 pm
Re: SoftwareGeek's Guide to Computer Security
If I understand correctly, what you get after a default Windows installation, which is a a single local admin account (perhaps better termed “account with the ability to assume local admin rights”, since that still only happens after a confirmation) would be no different than a non-admin account until a UAC prompt to elevate privileges appears and is approved. And then at that point, it would just be difference between a prompt with yes/no (same account) and a prompt for the second account’s password (separate accounts). With that being the case, it’s not obvious to me why two separate accounts (jack and jack_admin) is more secure than just using the jack_admin account, since the jack_admin account and anything running within it still doesn’t have admin rights unless explicitly granted after a UAC prompt. UAC, if working as intended, should protect against background processes, downloaded apps, etc unexpectedly assuming those rights without permission.Northern Flicker wrote: ↑Sun Jan 08, 2023 1:53 pm That type of account is fine to use, and preferred to having to logout and back in as an admin user. For Windows today, it is the default behavior of a standard, non-administrator account.
I can certainly understand why the two accounts were best practice before UAC but it seems to me like now it provides the same protection the separation of accounts is intended to provide. I may be missing something though as far as additional safeguards provided by the two being separate.
Microsoft wrote: With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
What the UAC architecture can provide is for a non-administrator account to elevate to administrator by typing in an administrator account password when prompted. This is very convenient but not all admin tasks can be completed that way. Having a single administrator account that is shared by family members with admin privileges, in addition to individual non-admin accounts also will work, but is not the preferred practice.
Last edited by Northern Flicker on Sun Jan 08, 2023 8:40 pm, edited 1 time in total.
-
- Posts: 2748
- Joined: Thu Feb 15, 2018 6:31 pm
Re: SoftwareGeek's Guide to Computer Security
What's wrong with Bitwarden free version? IT seems there are differences for the 2FA options, but you mentioned not to use a password manager 2FA optionssoftwaregeek wrote: ↑Mon Dec 19, 2022 12:21 pm
Total Costs per year -
Cheapest Acceptable. Bitwarden Premium $10, Authy or Microsoft Authenticator, Windows Defender - $10 a year total for an individual, $40 for a family.
As I configure: 1Password Family $60, Authy, McAfee Antivirus $25, O365 Family $70 for backup and email, OpenDNS $20. Total $175 a year.
Re: SoftwareGeek's Guide to Computer Security
There have been some pretty substantial attacks in the past against UAC where an attacker could get admin privileges without the Yes/No prompt when using an account that has administrator privileges. Running a local account without admin privileges protected against most of those attacks. Some people with a long memory of historical Windows vulnerabilities, security practices, and programming practices prefer to keep that approach now, rather than trust that Microsoft has everything correct in the current implementation of UAC. It's a minor hoop to jump through to get protection against the fall-out if another major UAC vulnerability is revealed.BoglesBeagle wrote: ↑Sun Jan 08, 2023 6:16 pmIf I understand correctly, what you get after a default Windows installation, which is a a single local admin account (perhaps better termed “account with the ability to assume local admin rights”, since that still only happens after a confirmation) would be no different than a non-admin account until a UAC prompt to elevate privileges appears and is approved. And then at that point, it would just be difference between a prompt with yes/no (same account) and a prompt for the second account’s password (separate accounts). With that being the case, it’s not obvious to me why two separate accounts (jack and jack_admin) is more secure than just using the jack_admin account, since the jack_admin account and anything running within it still doesn’t have admin rights unless explicitly granted after a UAC prompt. UAC, if working as intended, should protect against background processes, downloaded apps, etc unexpectedly assuming those rights without permission.Northern Flicker wrote: ↑Sun Jan 08, 2023 1:53 pm That type of account is fine to use, and preferred to having to logout and back in as an admin user. For Windows today, it is the default behavior of a standard, non-administrator account.
I can certainly understand why the two accounts were best practice before UAC but it seems to me like now it provides the same protection the separation of accounts is intended to provide. I may be missing something though as far as additional safeguards provided by the two being separate.Microsoft wrote: With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system.
-
- Posts: 42
- Joined: Fri Oct 21, 2022 1:06 pm
Re: SoftwareGeek's Guide to Computer Security
Thanks for the explanation. I wasn’t aware that there was a history of these types of vulnerabilities. Makes sense.Mudpuppy wrote: ↑Sun Jan 08, 2023 7:40 pm
There have been some pretty substantial attacks in the past against UAC where an attacker could get admin privileges without the Yes/No prompt when using an account that has administrator privileges. Running a local account without admin privileges protected against most of those attacks. Some people with a long memory of historical Windows vulnerabilities, security practices, and programming practices prefer to keep that approach now, rather than trust that Microsoft has everything correct in the current implementation of UAC. It's a minor hoop to jump through to get protection against the fall-out if another major UAC vulnerability is revealed.
Re: SoftwareGeek's Guide to Computer Security
Thanks to this thread, this is what finally sunk in. Thank you for your patience, @northernflicker. I’m big on risk mitigation these days, and therefore best practices. (I love that phrase, it appeals to my finicky self). So here I am on this one thread , learning about UAC issues and password managers, and thereby changing my ways. I learn so much from the Bogleheads.Mudpuppy wrote: ↑Sun Jan 08, 2023 7:40 pm
There have been some pretty substantial attacks in the past against UAC where an attacker could get admin privileges without the Yes/No prompt when using an account that has administrator privileges. Running a local account without admin privileges protected against most of those attacks. Some people with a long memory of historical Windows vulnerabilities, security practices, and programming practices prefer to keep that approach now, rather than trust that Microsoft has everything correct in the current implementation of UAC. It's a minor hoop to jump through to get protection against the fall-out if another major UAC vulnerability is revealed.
Age 66, life turned upside down 3/2/19, thanking God for what I've learned from this group. AA 40/60 for now, possibly changing at age 70.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
Having to simulate a mouse click on yes is a much lower bar for an attacker to overcome than having to simulate typing in a password. Independent of past attack history, the principle of least privilege leads to the use of non-admin accounts and elevating to admin by typing in an admin password when asked, or logging in with the admin account when necessary.mudpuppy wrote: There have been some pretty substantial attacks in the past against UAC where an attacker could get admin privileges without the Yes/No prompt when using an account that has administrator privileges. Running a local account without admin privileges protected against most of those attacks. Some people with a long memory of historical Windows vulnerabilities, security practices, and programming practices prefer to keep that approach now, rather than trust that Microsoft has everything correct in the current implementation of UAC. It's a minor hoop to jump through to get protection against the fall-out if another major UAC vulnerability is revealed.
Re: SoftwareGeek's Guide to Computer Security
When I setup a new windows machine, I typically setup an admin account, which I name something other than admin. The account is always local and the password for each machine is different. The reason the account is local is because I do not see a reason for an online admin account. Over the years, MS has made this more difficult because they keep insisting on setting up an online account. In addition, it's probably better not to have the same password for each machine.
After the admin is setup, I then create a new users that I will actually use. This could be a MS online account that may integrate with Office or other MS services. The admin account I will only use for system related task like software install, drivers update, etc.
After the admin is setup, I then create a new users that I will actually use. This could be a MS online account that may integrate with Office or other MS services. The admin account I will only use for system related task like software install, drivers update, etc.
-
- Posts: 1215
- Joined: Thu Apr 22, 2021 3:29 pm
Re: SoftwareGeek's Guide to Computer Security
I know I asked this last year, but I didn't end up buying a new PC. Since I may buy one this year and I know methods change, could you outline the latest technique for bypassing creating an online account on a new PC? Thanksgavinsiu wrote: ↑Sun Jan 08, 2023 9:53 pm When I setup a new windows machine, I typically setup an admin account, which I name something other than admin. The account is always local and the password for each machine is different. The reason the account is local is because I do not see a reason for an online admin account. Over the years, MS has made this more difficult because they keep insisting on setting up an online account.
Re: SoftwareGeek's Guide to Computer Security
I have not upgraded to windows 11 yet. Perhaps someone else can chime in?
Re: SoftwareGeek's Guide to Computer Security
Is this to create a local admin account and then an online standard account?roamingzebra wrote: ↑Mon Jan 09, 2023 1:40 pmI know I asked this last year, but I didn't end up buying a new PC. Since I may buy one this year and I know methods change, could you outline the latest technique for bypassing creating an online account on a new PC? Thanksgavinsiu wrote: ↑Sun Jan 08, 2023 9:53 pm When I setup a new windows machine, I typically setup an admin account, which I name something other than admin. The account is always local and the password for each machine is different. The reason the account is local is because I do not see a reason for an online admin account. Over the years, MS has made this more difficult because they keep insisting on setting up an online account.
If so, do the process the other way. Use the normal process to create a user online account of type admin then create a local admin account - logout of both make sure you can login to the local admin account and then change the first account to a standard user.
-
- Posts: 1215
- Joined: Thu Apr 22, 2021 3:29 pm
Re: SoftwareGeek's Guide to Computer Security
The intention is for the PC never to touch the internet.StrongMBS wrote: ↑Mon Jan 09, 2023 7:14 pmIs this to create a local admin account and then an online standard account?roamingzebra wrote: ↑Mon Jan 09, 2023 1:40 pmI know I asked this last year, but I didn't end up buying a new PC. Since I may buy one this year and I know methods change, could you outline the latest technique for bypassing creating an online account on a new PC? Thanksgavinsiu wrote: ↑Sun Jan 08, 2023 9:53 pm When I setup a new windows machine, I typically setup an admin account, which I name something other than admin. The account is always local and the password for each machine is different. The reason the account is local is because I do not see a reason for an online admin account. Over the years, MS has made this more difficult because they keep insisting on setting up an online account.
I'm not well-versed in Windows these days but my current set-up (Win10) has a local sign-in box (which lands me on the desktop) with an option using various techniques to elevate the privledge to Admin. I'm not sure of the appropriate terminology, but everything is local.
Re: SoftwareGeek's Guide to Computer Security
I've started using Apple "hide my email" anytime I sign up for a new website. This way if the website is compromised no one gets my email. If I start getting spam to one of my spoofed addresses, I just shut the address off.
Re: SoftwareGeek's Guide to Computer Security
I'm not one of the experts, but I learned about this site: https://www.bleepingcomputer.com/tuningfork wrote: ↑Sun Jan 08, 2023 4:35 pm @SoftwareGeek and other security experts: can you recommend other online forums for discussions about computer security issues? Would like to see broader security topics than what is discussed here, and am fine with it going deeply geeky.
Re: SoftwareGeek's Guide to Computer Security
Sorry for the delay I thought I had sent this, but I got distracted dealing with some pressing LastPass issues.Northern Flicker wrote: ↑Sun Jan 08, 2023 12:57 pmNo it is not. Challenge-response is a standard, technical term in the security community, and refers to a specific protocol based on public key cryptography in which no key or password is transmitted between user and service, and no challenge used in one authentication session is re-used in a later authentication session for that user (unless a new public/private key pair is established for the user). Password authentication does not meet these requirements.StrongMBS wrote: ↑Sun Jan 08, 2023 12:23 pmNot sure what this means since “password authentication” is a type of “challenge-response authentication”?Northern Flicker wrote: ↑Wed Jan 04, 2023 12:48 amBetter yet, ditch the password altogether. Challenge-response authentication is a robust protocol that replaces password authentication. Add a yubikey pin and if desired 2FA to that.StrongMBS wrote: Where usual FIDO U2F has the password as the first factor and the key as the second factor which allows your password to be compromised (FIDO U2F dirty little secret). They have the key as the first factor and your password as the second factor, maintaining security on your all-important master password if you are being phished.
Here is the definition from the NIST glossary “An authentication protocol where the verifier sends the claimant a challenge (usually a random value or a nonce) that the claimant combines with a secret (often by hashing the challenge and a shared secret together, or by applying a private key operation to the challenge) to generate a response that is sent to the verifier. The verifier can independently verify the response generated by the Claimant (such as by re-computing the hash of the challenge and the shared secret and comparing to the response, or performing a public key operation on the response) and establish that the Claimant possesses and controls the secret.”
The challenge is the thing that provides the replay protection. There are many ways to generate a response and since a password is a shared secret it can be used and often was. More modern and secure techniques are used today. So, a challenge-response using a password as the shared secret is a type of password authentication.
We can go round and round on this if you like but I have better things to do.
Re: SoftwareGeek's Guide to Computer Security
Why? For users who are looking just for FIDO2 functionality a Yubico's Security Key Series (the blue keys) will suffice at half the cost often allow almost twice the number of keys for the same cost. The only advantage for these users that a YubiKey 5 Series provides is connectivity (e.g., Lightning) and form factor (e.g., Nano). Although for some of us the cost difference might not matter, for others it is important especially if you are buying 4 keys. This is especially true at enterprises rolling out FIDO2 to thousands of employees it adds up quickly. I personally only use Yubico keys and have a wide variety of types but most of them are Security Key Series (the blue ones).softwaregeek wrote: ↑Sun Jan 08, 2023 12:38 pmIf you are going for the hardware key, get Yubikey 5. It is the standard and the software is excellent.
Re: SoftwareGeek's Guide to Computer Security
Today Washington Post's tech columnist chimes in on this topic. Interested readers may paste the url on archive.ph to read the full article. Here are the 4 key recommendations :
- Aim for longer password phrases (at least 16 characters)
- Consider two-step authentication on your important accounts
- Use a password manager if you can (she uses Dashlane subscription)
- Password-less future may already be here in the form of "passkeys"
https://www.washingtonpost.com/technolo ... passwords/Last week, I deleted the password from my Microsoft account and asked to log in without a password. Now when I tap on Skype on my Android phone or use Outlook email on my computer, I am prompted to confirm a two-digit number I can see in the Microsoft Authenticator app on my phone. (I need to unlock the Authenticator app with my fingerprint.) That’s it.
Microsoft told me that nearly half a million people have removed the password from their accounts and opted to log in without a password.
This password-less system, which the technology industry is calling “passkeys,” is now baked into Android phones, iPhones, personal computers and major web browsers.
I usually roll my eyes when I hear that magical technology will fix a broken existing technology. In this case, yeah, passkeys might be the magic fix.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
Challenge-response authentication was first proposed by Popek & Kline to be able to authenticate over an open/unsecured network without transmitting a password or secret key over a network as cleartext. (I cited the seminal article upthread if interested).
When the web was developed, there was no appetite for managing the creation and distribution of public-private key pairs for end users, so instead SSL and trusted certificates with public keys for domain sites were used to encrypt sessions so that cleartext passwords would move over the internet in encrypted sessions. Other than encryption of the sessions, this is no different from password authentication on a centralized multiuser computer.
In challenge-response, a unique random challenge is generated by a service, and encrypted with the public key of a user or client. The result is transmitted to the user over a network that does not have to be secured or use an encrypted channel. The user decrypts the challenge with their private key, and sends the original challenge back to the service. The challenges may not repeat for a given public-private key pair because otherwise someone sniffing the connection can capture the challenge in both cleartext and encrypted form for that key pair.
The unique challenge and uniqueness of each reply are required to avoid replay attacks.StrongMBS wrote: The challenge is the thing that provides the replay protection.
The NIST definition generalizes this so that public key encryption is not part of the definition, but I do not interpret it as attempting to generalize to include password authentication. There would be no reason to have unique challenges that always have the same response. I believe that most people in the security community do not include password authentication in the scope of what they are referring to when using the term challenge-response authentication. There would be no great harm in doing so, but it leaves us needing to agree on a new name for the Popek & Kline and related protocols, which meet requirements that are unmet by password authentication.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
Two digits, really? So if they give you three tries to get it right, an attacker has a 1 in 33.3 chance of a successful guess?inv123 wrote: ↑Tue Jan 10, 2023 6:55 pm
Last week, I deleted the password from my Microsoft account and asked to log in without a password. Now when I tap on Skype on my Android phone or use Outlook email on my computer, I am prompted to confirm a two-digit number I can see in the Microsoft Authenticator app on my phone. (I need to unlock the Authenticator app with my fingerprint.) That’s it.
Something seems amiss there.
Re: SoftwareGeek's Guide to Computer Security
On my mac, the drive is encrypted so that if someone took out the drive and try to read it, it's gibblish. On my PC, if I pull out the drive, I can read it without issue. Most of my PC are pretty old, so encrypting the drive probably result in performance degradation. I do have one new PC, I like to enable hardware encryption on the drive.
What are your experience with hardware encryption on the drive?
What are your experience with hardware encryption on the drive?
Re: SoftwareGeek's Guide to Computer Security
You don’t have to encrypt the entire drive, just do the sensitive files and folders.gavinsiu wrote: ↑Thu Jan 12, 2023 8:38 am On my mac, the drive is encrypted so that if someone took out the drive and try to read it, it's gibblish. On my PC, if I pull out the drive, I can read it without issue. Most of my PC are pretty old, so encrypting the drive probably result in performance degradation. I do have one new PC, I like to enable hardware encryption on the drive.
What are your experience with hardware encryption on the drive?
I use Windows BitLocker to encrypt the thumb drive that has my password manager and it’s database; seems to work fine.
Bad spellers of the world untie |
Autocorrect is my worst enema
Re: SoftwareGeek's Guide to Computer Security
No this is Microsoft's implementation of mobile push-notification-based MFA number matching to minimize risk to "MFA fatigue". Here is the CISA explanation of this mechanism across a number of vendors.Northern Flicker wrote: ↑Thu Jan 12, 2023 12:49 amTwo digits, really? So if they give you three tries to get it right, an attacker has a 1 in 33.3 chance of a successful guess?inv123 wrote: ↑Tue Jan 10, 2023 6:55 pm
Last week, I deleted the password from my Microsoft account and asked to log in without a password. Now when I tap on Skype on my Android phone or use Outlook email on my computer, I am prompted to confirm a two-digit number I can see in the Microsoft Authenticator app on my phone. (I need to unlock the Authenticator app with my fingerprint.) That’s it.
Something seems amiss there.
https://www.cisa.gov/sites/default/file ... s-508c.pdf
Although not phishing-resistant MFA, like FIDO2 security key solutions, it is more secure than most of the other legacy-MFA mechanisms.
Re: SoftwareGeek's Guide to Computer Security
Just wanted to clarify that the quoted section ("Last week, I deleted the password from my Microsoft Account") is from the Washington Post article and not something I've done myself.Northern Flicker wrote: ↑Thu Jan 12, 2023 12:49 amTwo digits, really? So if they give you three tries to get it right, an attacker has a 1 in 33.3 chance of a successful guess?inv123 wrote: ↑Tue Jan 10, 2023 6:55 pm
Last week, I deleted the password from my Microsoft account and asked to log in without a password. Now when I tap on Skype on my Android phone or use Outlook email on my computer, I am prompted to confirm a two-digit number I can see in the Microsoft Authenticator app on my phone. (I need to unlock the Authenticator app with my fingerprint.) That’s it.
Something seems amiss there.
Re: SoftwareGeek's Guide to Computer Security
I saw this piece and I found it cringe-worthy that these were worded in such a wishy-washy way. "Aim", "consider," "if you can."
On 2FA I'd be more direct and say, implement it if it is available and strongly consider changing institutions if it isn't offered by your existing institution.
I suppose there might technically be a case where a PW manager can't be used but I sure can't think of one. Maybe someone who doesn't have any devices and only uses a device not belonging to them.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
What was amiss in the description is that it requires both entering a 2-digit number and clicking a button received on a phone by the push notification, ie it requires access to the phone as the primary part of the authentication, with the 2-digit number augmenting it to deal with a specific additional issue.StrongMBS wrote: ↑Thu Jan 12, 2023 11:41 amNo this is Microsoft's implementation of mobile push-notification-based MFA number matching to minimize risk to "MFA fatigue". Here is the CISA explanation of this mechanism across a number of vendors.Northern Flicker wrote: ↑Thu Jan 12, 2023 12:49 amTwo digits, really? So if they give you three tries to get it right, an attacker has a 1 in 33.3 chance of a successful guess?inv123 wrote: ↑Tue Jan 10, 2023 6:55 pm
Last week, I deleted the password from my Microsoft account and asked to log in without a password. Now when I tap on Skype on my Android phone or use Outlook email on my computer, I am prompted to confirm a two-digit number I can see in the Microsoft Authenticator app on my phone. (I need to unlock the Authenticator app with my fingerprint.) That’s it.
Something seems amiss there.
https://www.cisa.gov/sites/default/file ... s-508c.pdf
Although not phishing-resistant MFA, like FIDO2 security key solutions, it is more secure than most of the other legacy-MFA mechanisms.
Last edited by Northern Flicker on Sun Jan 15, 2023 12:51 am, edited 1 time in total.
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
It appears that the iPhone password safe currently supports public key based challenge-response authentication. I was able to set up password-less authentication to eBay using it. There was no way to disable the password, however. I think setting the password to a long random string and not saving it anywhere or using it would accomplish the task, were it not for a password reset protocol.
Re: SoftwareGeek's Guide to Computer Security
The latest version of 1password's mobile software has had outstanding issues dating back to September. I totally got stuck with the android version not working. I am not sure it is worth sticking with this product. Actually it's all one issue, auto-fill does not work. If you read the thread 1password support tries to make it seem like various issues but the previous version of 1password did not have mobile issues.
https://1password.community/discussion/ ... 1password8
It should not take 4 months (and counting) to resolve this issue. This seems to indicate a very small support and development team.
https://1password.community/discussion/ ... 1password8
It should not take 4 months (and counting) to resolve this issue. This seems to indicate a very small support and development team.
Re: SoftwareGeek's Guide to Computer Security
SoftwareGeek:
My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
I’m trying to understand your assumptions in this statement. You seem to assume that the hacker has available an encrypted version of my password. The hacker then uses a fast computer to try different variations of a clear text password and somehow is able to know when one is valid.Lots of people use password managers to store variations on the same password. WeakPassword1, WeakPassword2, etc. I want you to consider the concept of a rainbow table. Basically, a rainbow table is a giant file with millions or billions of precracked passwords. Now, if you're dealing with Microsoft or Google or Amazon, they probably take steps to protect against this (for the technical types out there, this is "Salting the Hash") but basically the vast majority of sites don't bother. So you can pretty much assume that if you are not using one of the giant providers, your password will be cracked in about 30 seconds if it is 10 digits or less. Use the automatic generator in your password manager to make a long complicated password and store it.
My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
Re: SoftwareGeek's Guide to Computer Security
Regarding 1Password. I too have had issues with support. I was interested in changing up my security after reading through this thread although I didn't use LastPass. 1Password seemed appropriate for my situation, however I was unsure which 1Password version to use. On the site they have version 8, but on the Mac's App Store they have version 7, and also a separate version for Safari. I sent 1Password a question asking the difference in the versions, but they have yet to get back to me - it's been five days - no response and I also haven't been able to find the answers to my questions. Disappointed.
2 questions:
- Is 1Password's support team viable?
- And, for curiosity's sake does anyone have idea of the differences between 1Password (for the Mac) from their site (version 8) vs the Mac App Store which has vs 7, versus the App Store which also has a1Password Safari version?
I'm also going to investigate Keepass XC and Bitwarden as well.
2 questions:
- Is 1Password's support team viable?
- And, for curiosity's sake does anyone have idea of the differences between 1Password (for the Mac) from their site (version 8) vs the Mac App Store which has vs 7, versus the App Store which also has a1Password Safari version?
I'm also going to investigate Keepass XC and Bitwarden as well.
Re: SoftwareGeek's Guide to Computer Security
This is part of the LastPass issue. They stole unencrypted data (such as LP login name and website URLs) plus encrypted data (site username, site password). It was in a proprietary format used on the LP backup server. If someone's LP login name (email address) and website login name were the same it would just be a matter of being able to identify the encrypted password. We don't know how easy or hard that is. Cybersecurity is all about layers of defense, so if one is broken there are multiple layers left. The problem with this LP breach is that multiple layers of defenses were penetrated and made worse by sloppy implementation (such as not encrypting URLs).dual wrote: ↑Mon Jan 16, 2023 10:59 am My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
An attacker would have to have a dictionary of cleartext passwords encrypted with the proprietary encryption protocol. To have done that, an attacker would have need to know the encryption algorithm used and the encryption key. I've not followed the details of this breach but I am skeptical that these were known in advance, and I've not heard that they were divulged in the breach. If they were, the passwords could just be decrypted directly without a dictionary of encrypted passwords, and the news would be that cleartext passwords were compromised. This is a different scenario from a 1-way hash of a password being divulged.stan1 wrote: ↑Mon Jan 16, 2023 4:11 pmThis is part of the LastPass issue. They stole unencrypted data (such as LP login name and website URLs) plus encrypted data (site username, site password). It was in a proprietary format used on the LP backup server. If someone's LP login name (email address) and website login name were the same it would just be a matter of being able to identify the encrypted password.dual wrote: ↑Mon Jan 16, 2023 10:59 am My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
Encrypted passwords are different from 1-way hashes (cryptohashes) of passwords. The simplest 1-way hash algorithm was the original Unix algorithm that appended a salt (fixed constant string) to an 8-character password, and used that as a key to encrypt the number 0. That result was stored in a password file that was readable by anyone with an account on the machine. The purpose of the salt was to increase the computation time of a single trial in a brute force attack. It does not increase the search space.
Today, more sophisticated salting protocols are used, longer strings than the number zero are encrypted, and more robust encryption is used. The result is not an encrypted password, but a 1-way hash of the password. A password safe needs to recover the cleartext password, so will encrypt the password with a secret key, which could be compromised. There is no direct decryption to recover the password from a 1-way hash-- there is no decryption key.
If the details of such a 1-way hash protocol were public for some service, someone might make a dictionary file of possible passwords and their cryptohash values. Then, if there were a breach of the service provider so that the file of password cryptohashes were compromised, it would be a simple search of the dictionary file to break any password that was included in the dictionary file. No beefy computer would be needed if your password were in the file. Two factor authentication being enabled most likely would give you time to change your password before your account was compromised.
Re: SoftwareGeek's Guide to Computer Security
We don't know. The LP actor also got some source code, maybe all. It's quite possible they know how to decode the proprietary format, and could identify a vulnerability in the software. We don't know how much source code was taken. We don't know how many vaults were taken. We don't know the age of the vaults (possibly years) that were taken.Northern Flicker wrote: ↑Tue Jan 17, 2023 7:47 pmAn attacker would have to have a dictionary of cleartext passwords encrypted with the proprietary encryption protocol. To have done that, an attacker would have need to know the encryption algorithm used and the encryption key. I've not followed the details of this breach but I am skeptical that these were known in advance, and I've not heard that they were divulged in the breach. If they were, the passwords could just be decrypted directly without a dictionary of encrypted passwords, and the news would be that cleartext passwords were compromised. This is a different scenario from a 1-way hash of a password being divulged.stan1 wrote: ↑Mon Jan 16, 2023 4:11 pmThis is part of the LastPass issue. They stole unencrypted data (such as LP login name and website URLs) plus encrypted data (site username, site password). It was in a proprietary format used on the LP backup server. If someone's LP login name (email address) and website login name were the same it would just be a matter of being able to identify the encrypted password.dual wrote: ↑Mon Jan 16, 2023 10:59 am My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
Given no information about this it is basically necessary to assume a bad scenario not a rosy one. Part of a bad scenario is that the actor still has undetected access somewhere in the LP environment and LP doesn't know it (yet).
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
Agree. This is still not the scenario of looking up a 1-way hash or encrypted value of a password in a file of precomputed ones. Users who had passwords stored in the service certainly should change them at each service.
Re: SoftwareGeek's Guide to Computer Security
Hackers create "rainbow tables" of tens of millions of precomputed hashed passwords and compare the hash of your password with the rainbow table. If they find a match of the hash they know your password. Millions of common variations on weak passwords like pA55w0rd1234 are part of the table. Unless you use a random, machine-generated password or a lengthy passphrase your password is likely to be in the rainbow table.dual wrote: ↑Mon Jan 16, 2023 10:59 am
I’m trying to understand your assumptions in this statement. You seem to assume that the hacker has available an encrypted version of my password. The hacker then uses a fast computer to try different variations of a clear text password and somehow is able to know when one is valid.
My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
https://en.wikipedia.org/wiki/Rainbow_tableA rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack
-
- Posts: 15365
- Joined: Fri Apr 10, 2015 12:29 am
Re: SoftwareGeek's Guide to Computer Security
They have to have the cryptohash of your password from some provider, and the table has to have included the cryptohash of your password using the particular 1-way hash algorithm and salt used by that particular provider. Still, it is true that the the longer and more random a password, the less likely it will be present in such a file.gtd98765 wrote: ↑Wed Jan 18, 2023 7:10 amHackers create "rainbow tables" of tens of millions of precomputed hashed passwords and compare the hash of your password with the rainbow table. If they find a match of the hash they know your password. Millions of common variations on weak passwords like pA55w0rd1234 are part of the table. Unless you use a random, machine-generated password or a lengthy passphrase your password is likely to be in the rainbow table.dual wrote: ↑Mon Jan 16, 2023 10:59 am
I’m trying to understand your assumptions in this statement. You seem to assume that the hacker has available an encrypted version of my password. The hacker then uses a fast computer to try different variations of a clear text password and somehow is able to know when one is valid.
My first question is where does the hacker get the encrypted version of my password?
How common is it for an encrypted version of my password with for example Fidelity to be available in the dark web?
Another question is how does he know when he has a valid clear text password?
https://en.wikipedia.org/wiki/Rainbow_tableA rainbow table is a precomputed table for caching the output of cryptographic hash functions, usually for cracking password hashes. Tables are usually used in recovering a key derivation function (or credit card numbers, etc.) up to a certain length consisting of a limited set of characters. It is a practical example of a space–time tradeoff, using less computer processing time and more storage than a brute-force attack
Re: SoftwareGeek's Guide to Computer Security
If Bitwarden claims it would take "centuries" to crack a given password here: https://bitwarden.com/password-strength/, is it safe to assume that password would NOT be a part of any rainbow table?
Re: SoftwareGeek's Guide to Computer Security
No, not at all. It can certainly be a part of a rainbow table. The "x centuries to crack" calculation is based on length and complexity. Choosing a password by typing every key on your keyboard in sequence (!@#$%^&*()_+QWERTY...) will yield a "centuries" password since it is long and complex, but I'm sure such a sequential password's hash is in a rainbow table.JD2775 wrote: ↑Wed Jan 18, 2023 1:34 pm If Bitwarden claims it would take "centuries" to crack a given password here: https://bitwarden.com/password-strength/, is it safe to assume that password would NOT be a part of any rainbow table?
Rainbow tables are used to bypass brute-force attempts which would take centuries.
"Happiness Is Not My Companion" - Gen. Gouverneur K. Warren. |
(Avatar is the statue of Gen. Warren atop Little Round Top @ Gettysburg National Military Park.)
Re: SoftwareGeek's Guide to Computer Security
I have read this entire thread. Many thanks to all contributors especially SoftwareGeek for starting the thread. I find myself stuck not knowing which way to turn with respect to a password manager. I'm more technically inclined than some family members but obviously not as technically skilled as many on this thread. All family members are willing to learn. I also realize there is no perfect password management solution. I would probably go with cloudless solution myself but this would not be a family solution. This decision rests with me and it is not just a decision I am making for myself.
I find myself caught between (my questions are bolded):
- 1Password which only allows around 100,000 iterations (can't increase) has a secret key, and is apparently more family friendly). I would have thought I could have increased the iterations to over 300,000 and feel a bit skittish after reading what happened to LastPass users. I've also read it keeps less personal info. Is 1Password secure even though it only uses about 100,000 iterations? Is it any more secure than Bitwarden?
- Bitwarden. With this product I can increase the iterations, it seems as secure as 1Password, though no secret password and apparently collects more personal info. However I read today that Bitwarden has just acquired Passwordless.dev and I find myself a little concerned that that Bitwarden may possibly chase ROI and this might be an issue in the future with this product. I've read of the history of LastPass. Is this acquisition an issue? https://bitwarden.com/blog/bitwarden-ex ... quisition/
-Encrypted flash drive (Apple system) with a document on it that has the passwords and other info OR another alternative is an encrypted image on a hard drive, but I am unsure of either of these because I'd still be using a document and I'm concerned about leakage, for ex, the passwords showing up in images in recent. I am also concerned about how family members might understand the in's and outs of all of this. Is there a reasonable and secure way to deploy either an encrypted flash drive process or an encrypted image on a hard drive to eliminate security leakages?
Your thoughts would be appreciated.
I find myself caught between (my questions are bolded):
- 1Password which only allows around 100,000 iterations (can't increase) has a secret key, and is apparently more family friendly). I would have thought I could have increased the iterations to over 300,000 and feel a bit skittish after reading what happened to LastPass users. I've also read it keeps less personal info. Is 1Password secure even though it only uses about 100,000 iterations? Is it any more secure than Bitwarden?
- Bitwarden. With this product I can increase the iterations, it seems as secure as 1Password, though no secret password and apparently collects more personal info. However I read today that Bitwarden has just acquired Passwordless.dev and I find myself a little concerned that that Bitwarden may possibly chase ROI and this might be an issue in the future with this product. I've read of the history of LastPass. Is this acquisition an issue? https://bitwarden.com/blog/bitwarden-ex ... quisition/
-Encrypted flash drive (Apple system) with a document on it that has the passwords and other info OR another alternative is an encrypted image on a hard drive, but I am unsure of either of these because I'd still be using a document and I'm concerned about leakage, for ex, the passwords showing up in images in recent. I am also concerned about how family members might understand the in's and outs of all of this. Is there a reasonable and secure way to deploy either an encrypted flash drive process or an encrypted image on a hard drive to eliminate security leakages?
Your thoughts would be appreciated.
Re: SoftwareGeek's Guide to Computer Security
Got it. It's my understanding if specific institutions (Google, Vanguard, Fidelity etc....) use "salt" techniques with their encryption then the rainbow table hacking ability is greatly reduced? (forgive my ignorance if I am stating some of incorrectly, this is all new to me)samsoes wrote: ↑Wed Jan 18, 2023 2:07 pmNo, not at all. It can certainly be a part of a rainbow table. The "x centuries to crack" calculation is based on length and complexity. Choosing a password by typing every key on your keyboard in sequence (!@#$%^&*()_+QWERTY...) will yield a "centuries" password since it is long and complex, but I'm sure such a sequential password's hash is in a rainbow table.JD2775 wrote: ↑Wed Jan 18, 2023 1:34 pm If Bitwarden claims it would take "centuries" to crack a given password here: https://bitwarden.com/password-strength/, is it safe to assume that password would NOT be a part of any rainbow table?
Rainbow tables are used to bypass brute-force attempts which would take centuries.
Re: SoftwareGeek's Guide to Computer Security
Consider the password ji32k7au4a83JD2775 wrote: ↑Wed Jan 18, 2023 1:34 pm If Bitwarden claims it would take "centuries" to crack a given password here: https://bitwarden.com/password-strength/, is it safe to assume that password would NOT be a part of any rainbow table?
The Bitwarden link says it will take three years to crack, and it might look secure, but it's really a very common password in Mandarin that appears in hundreds of data breaches.
Although the Bitwarden link does show that mypassword12345 would take less that a minute to crack.
https://www.theverge.com/tldr/2019/3/5/ ... been-pwned
Re: SoftwareGeek's Guide to Computer Security
For what it's worth, 1password is buggy. I am a retired Oracle Database Admin and I find 1password a headache. I don't know that I would want to support a whole family when, for example, the popup prompts randomly don't work on cell phones for 1Password. Especially if my family had different cell phones as 1Password has different solutions for each cell phone. I am going to look at NordPass since at least they have chat support.URSnshn wrote: ↑Wed Jan 18, 2023 2:55 pm I have read this entire thread. Many thanks to all contributors especially SoftwareGeek for starting the thread. I find myself stuck not knowing which way to turn with respect to a password manager. I'm more technically inclined than some family members but obviously not as technically skilled as many on this thread. All family members are willing to learn. I also realize there is no perfect password management solution. I would probably go with cloudless solution myself but this would not be a family solution. This decision rests with me and it is not just a decision I am making for myself.
I find myself caught between (my questions are bolded):
- 1Password which only allows around 100,000 iterations (can't increase) has a secret key, and is apparently more family friendly). I would have thought I could have increased the iterations to over 300,000 and feel a bit skittish after reading what happened to LastPass users. I've also read it keeps less personal info. Is 1Password secure even though it only uses about 100,000 iterations? Is it any more secure than Bitwarden?
- Bitwarden. With this product I can increase the iterations, it seems as secure as 1Password, though no secret password and apparently collects more personal info. However I read today that Bitwarden has just acquired Passwordless.dev and I find myself a little concerned that that Bitwarden may possibly chase ROI and this might be an issue in the future with this product. I've read of the history of LastPass. Is this acquisition an issue? https://bitwarden.com/blog/bitwarden-ex ... quisition/
-Encrypted flash drive (Apple system) with a document on it that has the passwords and other info OR another alternative is an encrypted image on a hard drive, but I am unsure of either of these because I'd still be using a document and I'm concerned about leakage, for ex, the passwords showing up in images in recent. I am also concerned about how family members might understand the in's and outs of all of this. Is there a reasonable and secure way to deploy either an encrypted flash drive process or an encrypted image on a hard drive to eliminate security leakages?
Your thoughts would be appreciated.