Andrea's mother has problems remembering her passwords. What's the best way to do it? Leo says we all have a problem remembering them, and if it's easy to remember, there's a good chance it will be easily cracked. She'll want her password to be difficult, but by extension, that makes them difficult to remember. Writing them down isn't a bad idea as long as nobody has access to them. A password vault would be a good idea, where she would let the software generate all of her passwords and all she needs to remember is the master password.
Caleb wants to know if it's safe to use the same password across different web accounts. Leo says no, because once one site gets hacked, they can use that password information to guess the passwords for other sites. Many do this, and it's how the Turkish Crime Family was able to hack over a million iCloud accounts. Password vaults make different passwords for every site and you have only one password to open the vault. But that's not on the internet anywhere, he'd just remember that. It's much safer that way.
Brian has tried several password vaults and he finds them all inconvenient. His frustration is that using his mobile device doesn't always work so well. He ended up on LastPass. Is that a good choice? Leo says yes. It's the one he uses. 1Password is another one, and it has the advantage of being able to save the vault somewhere else.
Mark wants to know if password vaults are safe and what the best one is to get. Leo says yes, they are best because they generate impossible to remember passwords and keep track of them, so Mark would only have to remember the one password to open his vault. Leo uses LastPass. There's also 1Password. It's a valuable tool that everyone should use.
Mark was using the same password for every site he went to. Leo said that he used to do the same thing. The importance of password security has snuck up on us, and we should all really be using a password vault like LastPass or 1Password. The main important difference between LastPass and 1Password is that LastPass keeps your vault on their servers, whereas 1Password gives you control over where the vault is stored. Each are very securely encrypted.
Yogi uses a text file to store all his passwords. It's encrypted, and his passwords are randomly generated. He then cuts and pastes the password to enter it. Is that safe? Leo says yes. If his computer has a key logger, it can't read a cut and paste like it can his typing. An easier way, though, would be a password manager like LastPass or 1Password. Steve Gibson also has a password generator at grc.com/passwords
Kevin is looking for a password vault or manager to store all his passwords. Leo says that the best password is long and strong, with random characters, letters, and punctuation symbols. But he'll never remember it. That's why Leo recommends LastPass, which can not only generate the passwords, but also can keep them safe. 1Password is another. This also creates a single point of failure, though. There's nothing wrong with having a notebook that he can write them down in.
Chris is having problems with the keychain password feature of his iPhone. He can't change the phone number associated with his keychain on any of his devices. Leo says that is a recovery feature that will send a recovery code via SMS to change his passwords. Leo says that second factor authentication is an important thing. If he has to get rid of the number, simply deleting it is what Apple recommends. They've also had trouble with keychain, though. Apple support may be needed and have them reset the keychain from their end.
David updated his mobile phone and he's lost a lot of apps. Leo says that if he opens the Google Play store, there's a menu item for "My Apps." It'll show what's on his phone and what isn't. If he presses and holds the first app he wants, he can then select all the apps he wants and it'll reinstall them.
Bonnie wants to know why the user interface of LastPass had suddenly changed. Leo says its a good question, and programs do this all of the time to keep them up to date. Leo says a password vault is kind of a special thing, something that people need to trust. LastPass had been sold from an individual to LogMeIn about 6 months ago. One of the reasons he did it is because LogMeIn has more resources, and one of the things LogMeIn paid to do was update it to something more elegant. Bonnie can go back to the old style, however.