Browsed by
Category: Security

Security Chapter 2 : Using A Password Manager

Security Chapter 2 : Using A Password Manager

If you have not read part 1, why you should not share site passwords, you can do so here first.

A password manager (surprise surprise!) is software that helps you generate, save and manage your passwords.

Good ones will be almost transparent – only appearing when you need to log in or generate a password.

I personally use 1Password. It’s not free but I’ve used it for several years chiefly because it has been around for a very long time and has a corresponding mobile app that seamlessly works with the desktop

There are several free alternatives

There is also LastPass but this one was hacked some years back and their database was compromised. I like to think they have since tightened up their security.

Of course the question arises  – if these can be compromised, what is the point?

My reasoning it is much easier to breach your lax security than it is a password manager.

For illustration purposes I will walk you through setting up and using Enpass.

Disclaimer: I have no affiliation with 1Password (other than I use it) or Enpass, or any other password manager.

Also, I have never used Enpass before, and just picked it at random. The experience for me will be just as it is for you setting it up for the first time.

First, let us grab Enpass. Go to the site https://www.enpass.io/downloads/ and download the appropriate version for your operating system. For purposes of this demonstration, let me grap the Windows version for my (virtual) machine

Double click on the downloaded file to set it up

Accept the license agreement

Finalize the installation

Now, launch Enpass

The next screen is the important one. Here you are expected to supply the master password. This is the one true password that will secure all your other password, and the only one that you will be expected to remember. If you forget this password – you’re done!

The indicator (in green) shows the strength of your password. Type a nice long password. Try to make it something memorable that is easy to remember for you, but difficult for someone else.

You can use an entire sentence as your password – for example a bible verse or a line from a poem. Just make sure the indicator turns green.

Once you have typed and confirmed it, click done.

By the way, the reason you are asked to confirm passwords is to make sure that if you have made a typo, it will be caught.

You should have the following screen.

If you leave this screen idle for more than a few minutes, it will lock

To unlock, enter the master password

The next order of business is to enable browser integration.

For enpass you do this by going to Tools > Settings

In the screen that opens, click ‘Browsers

Then click ‘Install browser extensions

This will redirect you to this page https://www.enpass.io/enpass-browser-extension/

Click the button to install in your browser of choice

In my case I clocked Chrome.

You will be taken to the following page

Click on ‘Add To Chrome

You should see the following

 

Click ‘Add extension‘ and you’re done.

You will see a new icon on the browser bar. (The far right key in a circle)

There is one last thing you need to do.

  1. Launch Enpass, go to Tools > Settings
  2. Click Browser
  3. Check ‘Enable browser extensions

To check that you are good to go, lick on the icon in the browser toolbar.

You should see the following

Now let us see how it works.

Let us set up, for example, an amazon account. Here is the screen for creating an account

Provide a name, and then an email.

At the password, don’t provide your usual go-to password. Hit Ctrl and then / (at the same time)

If you are logged in to Enpass, you will see the following popup

If you are not, you will see the following. Go on and log in

Once you are logged in, click the gear icon at the bottom.

You will see the following

What you are seeing here is a password that Enpass has automatically generated for you. You can customize the password length and set whether it is pronounceable (for easier memory of for example).

Of note is the password, usually something like !Ly3*4i*;U\3WGdNpm

This is an 18 character long password that  is almost impossible to guess, and very difficult to crack (a discussion for a future post). Which makes it pretty secure.

A pronounceable password looks like this

lucas-addis-pad-mull-mayer-dyad-rabid-kepler-moron-scar

Click the chef hat to customize the password further – number of digits, symbols, etc. There are some sites that have niche requirements.

Once you’re done, click Fill & Copy

The Enpass extension should auto-fill the password and the conformation, and then copy the new password to your clipboard in case you want to see it.

Once Enpass has filled in the password and confirmation, click create account.

You should see the following prompt, showing that Enpass has recognized you have created an account and saved both your login and password. Go ahead and click Save

And we’re done.

If you launch Enpass you should see the following

Now let us verify that it works.

Go to the amazon login page

Hit Ctrl and / (At the same time)

If you are logged in, Enpass will fill in your details and automatically log you in

If you are not logged in, you will get a prompt to log in. Once you do, Enpass will fill in your details and log you in.

And that is how you use a password manager.

Any time you are creating a new account, or logging into an existing one, hit Ctrl and / to generate and autofill the password.

This should work for most sites.

You no longer need to remember your passwords! I do not in fact know any of mine. Except, of course, the master password

A good password manager also allows you to save and autofill additional data such as:

  1. Credit and debit card details
  2. Software serial keys
  3. Frequent flyer numbers
  4. Remote server credentials
  5. Router username and passwords

So try one out and let me know your experience.

Security Chapter 1 : Don’t Share Site Passwords

Security Chapter 1 : Don’t Share Site Passwords

Quick, how many online accounts do you have?

If, you are the typical online citizen, you at least have the following:

  1. Primary email, usually gmail
  2. Secondary email, usually that yahoo account you set up decades ago
  3. Facebook
  4. Twitter
  5. Office email

And then there are the rest

  1. Tumblr
  2. Pintrest
  3. Tinder (We see you!)
  4. Amazon
  5. AppleID
  6. etc

Those are at least 10 online identities. With 10 usernames and passwords.

Let’s face it – if you add credit card PINs, debit card PINs, MPesa PINs and all sorts of other things we need to remember  – it becomes a challenge keeping up with all the accounts.

It is also a challenge remembering all these passwords and PINs.

So, like most people, you chose one (or more of these options)

  1. Choose a simple password
  2. Re-use the same password across sites
  3. Write down your passwords in a notebook or text file on your PC, or saving them as contacts

What’s the harm?

Very simple. If someone compromises (or guesses) one of our passwords, then they have access to all your accounts.

Which is pretty bad.

What is even worse is this.

If someone compromises (or guesses) your primary email account – GAME OVER.

This is because your primary email account likely contains the following

  1. Correspondence from your bank – statements, credit card details, etc
  2. Correspondence from family and friends – upto and including sensitive / private details – family issues, health, etc
  3. Scans of your national ID, passport, PIN numbers etc

On top of all this, most people use their primary email to register to create other accounts. That means, if a nefarious individual has access to your primary account, they can access all your other accounts very simply without needing to know those passwords by the simple technique of clicking ‘forgot password’.

Guess where the new password or instructions will be sent?

Securing your primary email account is something I will go into depth later.

But for this article – back to the topic at hand.

Let’s face it – most of us (including yours truly) lack the inclination, let alone the ability, to create and remember unique passwords for all our online identities.

Luckily, there is a tool that can help with this – a password manager