Skip to content

Password Leaks and Password Managers

These last months have been very busy in password leaks, LinkedIn, Last FM, Yahoo, Le Figaro, PhAndroid, and finally today, I received an e-mail from Nvidia. After the Sony PS3 Network leak, I thought that I should use a secure password manager online, first because I ran out of passwords, then because I couldn’t memorize them all and I had to reset all the passwords all the time (which was not too bad for security), but I decided to give a shot at the different password vaults softwares.

Why should we care about passwords ?

As everyone knows our passwords usually protect our personal data and all our sensitive information. Unfortunately many among us understand that ‘personal’ concept but do not play with the rules and use the same password for all their services such as Facebook, Hotmail, Gmail, Online Banking, E-Bay, etc. and one day, a malicious (crack)(h)acker / ‘script kiddie’ decides that he should show the world that services that millions of people are using are not secure, and releases all the passwords he can find.

(Crack)(H)ackers / ‘script kiddies’ / do not always have bad intention (but this is another debate), but releases passwords on pastebin, secure pastebin or eventually on their own websites, and a few days later everybody receives spam, or malicious softwares on their e-mail address, because other ‘script kiddies’ found them, and want you to give them your credit card number, or other sensitive information and that’s why we should care about the data we put on the Internet, and about the data we try to protect via passwords.

What type of password should we use ?

Password rules  have never changed, this is a small summary of what type of password you should use !

  • Use a long password
  • Use special chars
  • Use numbers
  • Use Caps
xhEDiu&$8   will never be as secure as IL0V3H0rS3s&IP0ss3sses20OfTh3m$ as you can see you can use sentences and replace some letters by numbers to make it easier for you to remember those passwords !  for example  O can be replaced by Zero, or E  by 3   and S by 5  etc.
(Please Remember this rule if at the end of this blog post you end up installing the password vault I describe next)

The password vault I am using : Dashlane ?

For the last couple of months since the leak of the PSN  I have been using dashlane, as personal data assistant and  secure vault.  Dashlane  comes under the form of a plug-in for Google Chrome, available for Windows and OS X, sorry for all the other (Unix Users).

A bit more about Dashlane :

To get started you can download the application from their website and  install the the plug-in for google chrome . During the installation of the software dashlane is going to ask you a Master Password, this password has to be as long and difficult as possible, remember the rules we defined previously !

Once dashlane installed you will be able to see the following options in the menu :

  • Contacts
  • IDs
  • Payements
  • Notes
  • Logins and Passwords
  • Security Dashboard
  • Purchases

Contacts :  contains all your identities and addresses, for example if two persons (+ you ) are using your computer you should find 3 identities  and eventually 3 different addresses (but this wouldn’t make sense).

 

IDs  : Contains all your IDs, Passeport, Driving License informations.

Payements : Contains all your debit / credit cards information as well as your bank and paypal information.

Note :  Contains all your secure notes.

Logins and Passwords :  Shows up all the passwords generated via dashlane.

Security Dashboard :  Shows up all the passwords that you are using, and that dashlane possesses, these screens contains the also  a ‘security’ level for each password.

 

Purchases : Contains all the internet purchases that you did, you can also classify them following the amount of the purchase you did.

 

Finally each time you register on a website, you will be able to use dashlane to fill in all the information you registered in the plug-in or simply use dashlane to generate a strong password and remember it for you, this will allow you to have multiple different and secure passwords for all your websites without having to remember them all. 

 

How are this password stored and synchronized between my devices ?

Dashlane encrypt all the data in AES-256 before storing them on their server for sync on all your devices, and theses data can ONLY be unencrypted with the master password you used at the beginning, which means that if you used an ultra secure password (around 16 to 26 chars ) nobody will “ever” be able to decrypt them without your consent.

Keep your data secure and private

-All data is AES-256 encrypted locally on your computer

– The only way to access your data is with your master password, which only you have – Not even Dashlane can touch your data!

– You can remotely deactivate any device you’ve synced to your account in case of loss or theft Multi-platform and synced to the cloud –

Access your data wherever you are – Use it on Macs, PCs, at home, on your favorite browser, and your preferred smart phone and tablet

– Dashlane goes everywhere you go, and nowhere else

And that’s it,

I truly recommend you yo use dashlane as  password manager and password vault.

 

Post a Comment

Your email is never published nor shared. Required fields are marked *