The Dangers of Passwords (part 2)

In the last video, we explored the importance of password strength. 0:00 They should be unique, sufficiently complex, and the longer the better, 0:04 but doing this for every site and service can lead to password fatigue. 0:08 Many people just don't think it's worth the inconvenience of coming up with long, 0:13 unique passwords for everything they do. 0:17 And it inevitably leads to the breaches we discussed in our very first video. 0:19 And one of the biggest risks you can take is to reuse a password for 0:23 more than one site. 0:28 Imagine that you've created a really strong password. 0:30 You think it's nearly unbreakable, so you use it for social media, 0:33 for your email, and for your bank. 0:36 If, for example, 0:39 the social media account is breached, that password is effectively out in the open. 0:40 Many attackers can then try what's called credential stuffing, using an automated 0:45 tool to attempt the username and password breached from one site, on another. 0:50 Now those attackers can access your bank and email, so 0:55 password uniqueness is just as important as password strength. 0:58 Now that we've sufficiently explored the importance of password strength and 1:02 security, I'll introduce one of the best tools available to help you stay on top 1:05 of your passwords. 1:10 Password managers. 1:11 There are several options available, and I'll demonstrate one of the most popular, 1:11 but do make sure to find the solution that works best for you and your needs. 1:16 Let's take a look at what LastPass can offer. 1:20 The whole premise of password managers is that you no longer have to generate and 1:22 remember all the passwords in your life. 1:26 As the name suggests, LastPass just needs that final 1:29 master password to access the other passwords you've stored. 1:33 So let's log in with that one password you'll have to remember. 1:36 Now that we're logged into our password manager service, 1:49 we can go to any site that would require a password, and 1:51 the manager will recognize that it has credentials available. 1:54 I just fill in the fields like this, and I'm in. 2:03 Another super helpful feature that most password managers offer is strong password 2:10 generation. 2:14 I can choose the password length, up to 100 characters long, 2:19 as well as set some character restrictions to match the site's requirements. 2:22 I can then store this super strong password with the manager and 2:34 never have to think about it again. 2:37 Password managers are great tools because they address the convenience security 2:42 tradeoff directly. 2:46 They reduce the inconvenience and frustration that can 2:48 come from password fatigue and they up your security in the process. 2:51 They're likely better at generating strong passwords than any human would be. 2:55 Now, with a strong unique password for each site, 3:01 we're safe from credential stuffing attacks if a service ever has a breach, 3:04 but that doesn't help for the hacked site itself. 3:08 Another type of tool exists to protect your data 3:11 even if your password is out in the open, it's called two factor authentication. 3:14 It's more of a feature that you can enable for sites that support it 3:19 than it is a service you can purchase, but it is highly recommended. 3:22 Two factor auth is an additional layer of security on top of your passwords. 3:27 It is often a code that is sent to you as a text message or 3:32 generated on a device you own like your smartphone. 3:35 In fact you likely already use it in your life without realizing it. 3:38 It's the reason you carry an ATM card and use a PIN. 3:42 This is how two factor auth often is used for your online accounts. 3:46 You log into a site with your username and password. 3:51 The site then prompts you again to enter a code. 3:54 That code is either texted to you or better yet you have set up a special app 3:57 on your phone that generates these codes for you every ten or so seconds. 4:02 You enter that code and now you're logged in. 4:07 It's a little extra effort up front, but 4:10 two factor authentication is an incredibly effective security mechanism. 4:12 Your data is safe even if your password was leaked or 4:17 even if you were tricked by a phishing scam. 4:20 I'd like to offer a few additional notes about password managers, 4:23 email, and security questions. 4:27 Password managers store your secrets, which make them prime targets for hackers. 4:30 Make sure that you are comfortable with that level of trust, and you still need to 4:35 be extra cautious with that final password used to log into the password manager. 4:39 Another security concern to think about is 4:45 that your email is often used as your personal identity. 4:47 If you lose access to your email or it's compromised in some way, 4:51 many sites offer password recovery or reset through your email. 4:55 Your email account would be an ideal place 4:59 to start enabling two factor authentication for this exact reason. 5:02 As another mode of password reset and recovery, and even sometimes as a limited 5:07 form of two factor authentication, sites will ask you security questions. 5:11 They're meant to be questions that only you would know and 5:16 would have the answers readily available, but 5:19 would prevent strangers from attempting to take over your account. 5:21 This may have been effective in the past, but choosing the right questions and 5:24 answers can often be harder then generating a strong password. 5:29 And with questions like what is the name of the high school you went to, 5:32 the answers can often be easily found on a person's social media profile. 5:35 So be mindful of these questions. 5:40 And when available, we should all be moving to more secure two factor options, 5:42 like the cogenerating apps on our smart phones. 5:47