It was Internet Safety Day on Tuesday, and Vanja Svajcer, Carole Theriault and I decided that was as good an excuse as any to record a special “splinter” episode of “Smashing Security” podcast – taking a close look at the thorny topic of passwords.
'Passwords - a Smashing Security splinter'
Listen on Apple Podcasts | Spotify | Pocket Casts | Other... | RSS
More episodes...
Hope you enjoy the show, and tell us what you think! You can follow the Smashing Security team on Bluesky.
For people who decide to use a password manager it's worth noting that you can use the software to generate a strong, unique, random password. The podcast wasn't entirely clear in this regard. So not only does a password manager store passwords but it creates them too. As long as you remember the master password (for your password manager) you don't need to worry about creating future passwords yourself.
Google and Microsoft offer a new way to login without a password. It's secure and convenient:
https://support.google.com/accounts/answer/6361026?hl=en
https://play.google.com/store/apps/details?id=com.azure.authenticator&hl=en_GB
https://itunes.apple.com/gb/app/microsoft-authenticator/id983156458?mt=8
Nowadays I recommend a cloud password manager because they work on multiple devices: phones, tablets, computers etc. LastPass is one such service which is cloud-based and it's free.
https://www.lastpass.com/
1Password is another cloud password manager although there are currently some problems with their service leaking metadata (on older versions… they call it a "feature") and on the most recent version if you use it to store sensitive documents you can find you lose access to them because of their decision to use the Windows Encrypting File System. There was also another (now fixed) vulnerability found by research Tavis Ormandy of Google. You've got to pay for 1Password although on the plus side it's a very nice design though and looks good on a Mac.
For people who prefer offline password managers (which I don't recommend anymore because people want to access their up-to-date passwords on multiple devices/platforms) then the two best are KeePass and Password Safe. Both are free, open source and highly recommended amongst the security community.
http://keepass.info/
https://pwsafe.org/
I thought that was made exactly clear. Great podcast. Thanks!