First of all, get a password manager such as Lastpass (TWiT sponsor), 1Password, or Apple's Keychain. Any password manager is better than no password manager. Secondly, it might be a good idea to create a backup (like your important computer files) of those strong passwords in case something goes wrong with accessing your vault of account information. Maybe make a USB key of passwords and store it in a super safe and secretive location at home just for worst-case scenarios regarding your master password.
Rocco is seeing all sorts of security warnings for passwords in his iPhone's settings. Leo says that is Apple's latest security feature that not only reviews passwords to make sure they are secure but will warn users if they reuse them, and provide a link to change them if they are compromised or not secure. LastPass does the same thing. Other vaults include One Password and BitPass.
Chuck has to run through a tour at LastPass every time he has to log in. Leo says that he can disable going to the page to log in since he doesn't need to go to the vault every time he logs into LastPass. There's a checkbox in the settings to disable the vault popping up with each login.
Jane has a ton of passwords and needs a password vault to keep them all straight. She was looking at LastPass and wants to know if that's the best one. Leo loves LastPass, and they are a sponsor on the show. He has been using it for ten years and it's very secure. But it's not the only option. There's also 1Password, KeePass, and DashLane.
Mark wants to combine his work's LastPass account with his personal one. Leo says that his personal stuff can be attached, but it won't be visible at work. Leo recommends keeping the accounts separate. That way, if he leaves the job, his employer doesn't have access to his data.
(Disclaimer: LastPass is a sponsor)
Tom heard that Authy is better than Google Authenticator. Is that true? Leo says that any authenticator will be better than no authenticator at all, especially when keeping password vaults protected. Most services offer 2 factor authentication now, but the danger there is that some SIMs can be duplicated or even hijacked with some creative social engineering. In fact, the authenticator can be re-routed. Authy sends a secret number and combines it with a time of day (hashing) that changes after 30 seconds.
David uses a bunch of different browsers and everyone wants to save his passwords. It seems easier, but he says that it fills in the wrong password often. Leo says that's probably because David has multiple password managers and they are fighting. It's like antivirus software. It's best to have just one. Relying on the browser saving passwords isn't safe because that's not their main business and many have security flaws. David should use one password manager like LastPass, and it will input the right password.
Taylor is talking about using LastPass and its 2-factor authentication. How does that work? Leo says that 2-factor can be a biometric thing, like his thumbprint, or it can be an authenticator which will text him a code to his phone that he would input into the prompt. It's secret and only good for about 30 seconds before he would have to input a new code. It's a great way to protect online data.
Walter wants to know if he can install LastPass into his browser to save his passwords online. Leo says there's a LastPass browser plugin that does just that thing. Then he can let LastPass choose his passwords.
Leo says there's a new feature in Android Oreo 8.1 — it will let you know how fast a Wi-Fi access point is before joining it. Leo says any password vault should enter his password into the web portal when he signs in. Leo prefers using password vaults to any mechanism offered by the browser or phone itself. Password vaults will remember all of his passwords, and on Android, it will actually fill in the password automatically.