Brian has tried several password vaults and he finds them all inconvenient. His frustration is that using his mobile device doesn't always work so well. He ended up on LastPass. Is that a good choice? Leo says yes. It's the one he uses. 1Password is another one, and it has the advantage of being able to save the vault somewhere else.
Yogi uses a text file to store all his passwords. It's encrypted, and his passwords are randomly generated. He then cuts and pastes the password to enter it. Is that safe? Leo says yes. If his computer has a key logger, it can't read a cut and paste like it can his typing. An easier way, though, would be a password manager like LastPass or 1Password. Steve Gibson also has a password generator at grc.com/passwords
This week, Leo's preferred password manager LastPass got hacked. Leo still recommends them though, because they can generate extremely long custom passwords, so all you have to remember is the one LastPass password. But that's where the achilles heal was.
Aiden made the switch to a Mac and his Time Capsule takes forever to backup. It works just fine in Windows, though. Leo says there are a number of different protocols, and Windows uses that SMB, which is the default language. Apple uses its own protocol called AFP, which is based on the older AppleTalk. Leo advises going into the settings and turning all the protocols on. That will allow it to use the fastest available.
With the breaking news that several celebrities who had their cloud accounts hacked and nude photos published on the internet, Leo says that this underscores the need for second factor authentication. Companies use secret questions so that you can answer them and get your password or reset it. But Leo says that people make the mistake of answering these questions truthfully. And for a celebrities, that's very easy to discover. Leo uses pneumonics and puts in bogus answers that only he knows and nobody can guess.
Leo says since most MacBook Pros come with SSDs now, it's important to turn on drive encryption right away. If he doesn't encrypt the drive from day one, some data could end up unencrypted on that drive. Turn on encryption before putting private data on it. The Mac comes with something called File Vault for encryption, which he can access right from the Mac's System Preferences. He just has to turn it on, and he won't even know it's running. The only reason to do this is in the event that his computer was stolen.
eBay announced a massive data breach and Leo advises users reset their passwords. What's interesting is that the news broke on Wednesday, and eBay has known about it for three weeks. It makes Leo wonder just how bad the breach was. eBay says it was a leak of encrypted passwords. Regardless of how bad, Leo says it's best to change your password. And if you use that password elsewhere, time to stop doing that and use a password manager like LastPass.
OpenSSL is a widely used protocol for providing secure internet traffic. The "Heartbleed" bug takes advantage of a hole in OpenSSL to peer into the memory of SSL servers. It can allow a hacker to ping 64K of random memory repeatedly, thereby allowing them to glean usernames and passwords, and even fake a server certificate.