Password Security Best Practices
Linus Tech Tips
·Linus Tech Tips
·2016-05-06
·
1,518 words · ~7 min read
0:00
so password security i mean we all know that password abcd or 69 all day are
0:06
really terrible passwords we know that you shouldn't reuse passwords across
0:10
multiple sites we know that you shouldn't write down your password yet
0:13
many people do these things every day today we'll discuss the ramifications of
0:17
bad password habits and give you some best practices to incorporate into your
0:21
personal security routine and on the subject of privacy give the like button
0:25
a click if you'd like to see a video on the best ways to hide your important
0:28
pictures and video that you like to look at by yourself at night or with friends
0:34
i don't judge
0:44
logitech g303 features a lightweight design and advanced optical sensor with
0:48
delta zero technology for precise tracking and RGB lighting to match your
0:52
setup click the link in the video description to learn more
0:56
so i don't want to fear monger but i do want to open with a few realistic
1:00
scenarios that could occur if your passwords were broken into or leaked or
1:04
whatever even ignoring the obviously horrible stuff like what if someone had
1:08
access to your online banking account strap in it's about to get a little
1:12
freaky first off facebook or something like facebook maybe it doesn't seem like
1:17
that big of a deal sure i mean maybe they'll see that you're the admin of the
1:20
combined fan groups of both narwhals and five gallon buckets but nothing can
1:25
really go wrong here right wrong not only can they glean more
1:30
information very easily like your phone number but they can also change your
1:34
privacy settings opening up your account to the world doesn't sound that bad okay
1:38
let's take it up a notch the intruder could glean information from your
1:42
friends either by just having closer access to their pages or by using social
1:46
engineering practices like simply asking them things so effectively your own
1:51
failures can compromise the privacy of your friends and family not cool and
1:56
that's ignoring that an especially malicious attacker could ruin
2:00
friendships or people's perception of you by posting things on your wall that
2:04
are highly inappropriate or asking things of people that wouldn't be
2:07
appropriate so now let's do scenario number two losing your email this is
2:12
actually one of the worst things that can happen not because someone might
2:16
read the love letter you wrote in high school but because your email is usually
2:20
used as a password and even username recovery mechanism for your other
2:25
accounts poor email security is basically like handing an intruder the
2:29
master key to your online identity which brings into play another aspect identity
2:34
theft by having access to a few of your accounts especially your email it can
2:39
actually be pretty damn easy to steal someone else's identity once that
2:42
happens registering new credit cards getting healthcare on their dime or your
2:46
dime or even registering their bridge or highway tolls under your name or their
2:50
name is relatively all easily possible so we
2:54
all agree that password security is important and yes some things are
2:57
somewhat out of your hands like website security and whatnot but what can you do
3:01
to help protect your own accounts well you can protect against hacking attempts
3:05
with some fairly simple things never store them in plain text on your
3:09
computers never write them down never use your real name username birthday
3:15
phone number or any other easily identifiable information in your
3:19
password never use an easy keyboard combination like abcd qwerty or qazed
3:25
and there are some other good tips too be careful with the answers to security
3:30
questions if you don't feel like any of them are strong enough use an unrelated
3:33
answer that you know you can remember and if you have to send your password to
3:38
someone for some probably terrible reason in plain text online try
3:43
splitting it up across a few different mediums never reuse a password but
3:48
especially for your email many people are guilty of using passwords including
3:52
myself in the past but please at the very least use the unique and strong
3:56
password for your email and finally use
4:00
two-factor authentication wherever possible you can learn more about it
4:03
here but basically with two-factor authentication you can have security
4:07
code sent to your mobile device or email in order to double check that it's
4:10
actually you trying to log in this can really help against things like key
4:14
loggers skimming your passwords as these codes are one-time use i would highly
4:20
recommend two-factor authentication even if you ignore all of my other
4:23
suggestions that i've made please listen to this one
4:27
moving on now to create a good password is actually rather simple and if you'd
4:31
like to see a great infographic on it look up xkcd password strength in that
4:36
infographic it has stated that and i quote through 20 years of effort we've
4:40
successfully trained everyone to use passwords that are hard for humans to
4:44
remember but easy for computers to guess end quote
4:48
i completely and wholeheartedly agree with this stop using short but insanely
4:52
complicated passwords and start using long and more simple ones that you can
4:56
actually remember this will help you to not write them down or store them
4:59
somewhere and makes them actually a lot harder to break a trick i use is
5:04
describing something in my environment for instance this is a long skinny white
5:09
tube but that happens to have tape on it so i could make my password long skinny
5:13
white tube tape and it would actually be a pretty secure as long as i don't break
5:18
any of the other rules as well but this really isn't enough there's still a huge
5:22
amount of unique and long passwords to remember so you might be inclined to
5:26
tell your browser to remember your password for a certain website don't do
5:30
that chrome's passwords are encrypted based on your Windows login password the
5:35
security of which is iffy at best
5:38
considering there's a few ways to decipher them quite easily and firefox's
5:41
passwords are normally very easily accessible unless you set your own
5:45
master password which for whatever reason it doesn't prompt you to do at
5:50
this time so how do you remember them all well i would recommend using a
5:53
third-party password manager for cloud-based options you have lastpass
5:58
dashlane and one password amongst others and for local storage options you have
6:02
keepass roboform and password safe again
6:06
amongst others there are positives and negatives to each of these solutions but
6:10
that may be for another video at another time a different route than these would
6:14
be if you would like to use truekey from Intel a new password security system
6:18
based around using your fingerprint or your facial recognition
6:21
as encryption utilities again there's positives and negatives to that as well
6:25
and the last but not least option is a physical security key like yubikey from
6:30
yubico this is a token that's trusted by everyone from google to facebook to the
6:35
freaking united states department of defense and that can provide an
6:39
additional factor of authentication against anything from your Windows login
6:43
to your email to your password manager itself so you'll never really have to
6:47
worry about some jackass intruders netflix suggestions and ratings invading
6:51
your chill time next time you want to log in
6:54
massdrop has another one of their pretty killer deals going on today the lg 34 uc
6:59
87m-b is currently available for a whopping
7:03
250 dollars off of msrp this is a
7:06
34-inch 3440 by 1440p ultrawide 21 by
7:11
nine inch monitor of course this product is only available through massdrop at
7:14
this significantly discounted price thanks to their group by model
7:18
essentially the more people that buy the more the price goes down to a set
7:21
minimum which this monitor is already at you you can check out this drop and many
7:25
others and link in the video description which is dro dot ps Linus tech tips so
7:29
head over there now if you're interested that link doesn't really give us a
7:33
kickback or anything but it does let them know that we sent you
7:36
thanks for watching guys if this video sucked do you know what to do but if it was awesome get subscribed hit the like
7:41
button or even consider supporting us directly by using our amazon affiliate
7:45
code to shop on well amazon buy a cool t-shirt that probably isn't from bastian
7:50
or with a direct monthly contribution through the forum now that you're done
7:53
doing all that stuff you're probably wondering what to watch next so click
7:56
the little button in the top right hand corner to check out NVIDIA's new full
8:00
desktop grade 980 in a laptop