Having all the necessary tools to maintain your online privacy and your data, such as a reliable web browser, email client and messenger, do not forget about saving your passwords.
In this part, we will take a detailed look at password managers, which applications to use, how to optimize managers, and which ones to avoid.
It is becoming more and more important for all users to use a password Manager, because frequently used login data, and repeated use of login and password combinations are two of the weakest security points of any ordinary person on the network. Meanwhile, memorizing dozens of unique and complex phrases is beyond what most people can do, especially in the long run. As such, password managers were created as a way to store them in a single file, which can help ensure your online security and privacy. This is one of the best solutions to this whole dilemma.
Basics points of working with a password manager
First of all, we should note that not all password managers are created in the same way as the software in all our other articles. In general, we will look for similar characteristics in our managers as in our other software, which includes open source protocols and advanced software security practices.
And when it comes to Bitcoin, cryptocurrency, and your entire life on the web, there’s a lot at stake. I would say that a password manager is more important than any other app, as it will put your entire livelihood on the line.
The most amazing thing about demanding open source software for your password Manager is that it will also, by definition, be free at the most basic level. This is because if it wasn’t, all it would have to do is fork the program to make it free.
This way, in a sense, you get the best of both worlds – free software of the highest quality. Meanwhile, ironically, many of the most well-known password managers, such as Dashlane or Lastpass, use closed-source software, and often charge for using their services.
Oddly enough, Lastpass, the password Manager itself, has been hacked before. It can be argued that this is at least partly due to its closed-source software, since open-source SOFTWARE, at least in part, makes the software more secure. In short, don’t use closed-source services that are often advertised online, as they are harmful to you in many ways.
Recommended best managers
Bitwarden is our first recommendation. Bitwarden is truly one of the greatest developments, as it allows you to manage passwords on an individual, group, and even corporate level, creating a universal solution. Bitwarden is compatible with almost all devices, from desktop computers to mobile devices, etc. In addition, although they offer a free centralized cloud service, Bitwarden is also configured to allow you to run your own private server, and keep your key database completely under your control and fully encrypted.
Next we have KeePassXC, which is a fork of one of the oldest existing password managers, formerly known as KeePass, which suspended most of its current development some time ago.
KeePassXC was created as a local password management application that could run on different platforms. Unlike Bitwarden, where your key file is stored in cloud storage, KeePassXC is just a software client and a local file that you have to maintain and back up yourself.
This has its pros and cons. The good news is that you have full control over everything related to KeePassXC, since The program in most situations will not interact with any online server that may reveal personal or confidential information.
The bad news is that if you ever lose control of a key file, you will be out of luck. Really. For this reason, it is extremely important to make a backup copy of your encrypted key file in several places to protect yourself from what could lead to a catastrophic loss. You can do this with USB drives, email accounts, cloud storage, safes, or a whole host of other creative solutions that you can come up with.
The last recommended option is LessPass. This is a very interesting technology, because it is a password Manager without knowledge. When you enter multiple pieces of information, which can be a master password combined with an email address or username, the password is automatically attached to any URL. It will simply cross-link all this information through PBKDF2 and SHA-256 to get random but consistent results for any of your web browsing.
The advantage of this program is that it is extremely light, and if you remember your email address, account name, and master password, you can now get full access to everything on the Internet, without the need for any files. The downside is some level of control over the flexibility of passwords, since they are generated automatically.
Summing up these three options, BitWarden is the best for most use cases. Meanwhile, LessPass is probably best suited for the most average user who has fewer online accounts and wants something extremely simple and easy to use. Finally, KeePassXC will be the latest password Manager technology for privacy, and is best suited for those who are willing to take additional steps to ensure that their key file is up-to-date as a long period of time passes.
Recommendations with your new password Manager
Once you have selected the password Manager from the list above, it is important to change all the secret phrases of your account one by one to include them in the new system. This will help you get rid of frequently used username and password combinations and switch to a new, more secure and reliable setup. In the new setup, if you have a key file to back up, you should start doing so, especially after major or important changes to your password Manager. Or, if you want to use BItWarden with a private cloud server, make sure that It is fully configured and running.
Generally speaking, when choosing the length of a phrase in your Manager for standard and reliable security, 25 random letters and characters are generally considered non-hackable. This is because while every password can theoretically be tricked, over time it takes significantly more computing power to figure out what your password is, and at some point it becomes impractical. However, the NSA’s security layer often contains up to 50 random characters, which is considered unbreakable, even on a government-wide scale.
On the same token, you will need to use the master password for your password Manager. Given that you only need to know one password, it will now be extremely important to make it very secure. Since the password you need to remember most likely won’t (or probably shouldn’t) be completely random, it should be at least long in order to be easy to remember. I would suggest making sure that you come up with a master password that is at least 40 characters long, or 125 bits of information. To check how many bits of entropy your master password has, you can enter it in the KeePassXC password field, and it will tell you roughly how secure your master password is. While 40 characters may seem like a lot, keep in mind that this is now the only gateway between you and all your access keys to all your accounts stored in this account.
Finally, it’s worth investing in a YubiKey or similar 2-FA device if you can get one. This may apply to BitWarden and KeePassXC. When using regular password managers, a hacker will need access not only to your code word, but also to your key file in order to be able to freely manage all your accounts. However, an experienced hacker who has full access to your device using a Keylogger can theoretically compromise your entire setup, and this will be a disaster for you.
Fortunately, this can be solved by purchasing and activating a Yubikey or other similar device. Yubikey requires that the private key you set for your password Manager be present to access your database. Therefore, even if a hacker gets your key file and master password, they still won’t be able to access your account. However, as a precaution, if you lose access to your Yubikey or private key, you will also be blocked. Therefore, it is important to keep a backup copy of your Yubikey, and have additional copies.
Owning cryptocurrencies comes with a lot of responsibility if you want to minimize the risk. As well as maintaining a strong hacking-proof presence on the network. One of the best protections you can do is implement a password Manager.
Similar to the previous articles we wrote earlier, it will take a little setup work to fully adapt to your new system, but in the future you will thank yourself for doing so. And the sooner you start, the better, because the situation will only get more complicated, with more risk factors, as the Internet plays an increasing role in all of our daily lives.
Finally, although the article is relevant at the time of writing, it will undoubtedly lose its value over time. Be sure to check whether everything in this article has been updated, or whether any password Manager you selected in this article is still being developed, or adheres to proper best practice principles.
End of the fourth part.