How To Use Just A Single Password For Everything
Рет қаралды 85,822
Күн бұрын⚛️ So many sites require a password, it's very tempting to use only a single password everywhere. That's dangerous, and there are better alternatives.
⚛️ Using just one password
Using the same password for all your accounts is extremely risky. Poor security at one service can compromise them all. A better approach is to use a password manager to remember and generate strong passwords. The only password you need to remember is the master password to your vault.
Updates, related links, and more discussion: askleo.com/3511
🔔 Subscribe to the Ask Leo! KZfaq channel for more tech videos & answers: go.askleo.com/ytsub
✅ Watch next ▶ What Should I Do If I Lose Access To My Password Vault? ▶ • What Should I Do If I ...
Chapters
0:00 Single Password For Everything
0:40 The same password everywhere
1:55 The ideal world has different passwords
2:50 Password vault
3:33 One algorithm
5:10 Do both
❤️ My best articles: go.askleo.com/best
❤️ My Most Important Article: go.askleo.com/number1
More Ask Leo!
☑️ askleo.com to get your questions answered
☑️ newsletter.askleo.com to subscribe to the Confident Computing newsletter.
☑️ askleo.com/patron to help support Ask Leo!
☑️ askleo.com/all-the-different-... for even more!
#askleo #password #security
@askleonotenboom 6 ай бұрын
It’s possible; just not the way you think.
@alananderson8619 6 ай бұрын
In an ideal world, there are no hackers and identity thefts.
@buddyboy4x44 6 ай бұрын
Even password managers can be hard. They are wonderful when they function as expected. When they do not it causes major problems until you can figure it out. I use a password manager for all non-money related sites. For money sites I keep a written record securely locked which simply reminds me of password structure. Any third party finding it could still not figure it out.
@olafschluter706 6 ай бұрын
Password. managers need to rely on analysing a web page in a browser for user and password entry fields. They may fail in doing so, as there is no standard web sites can adhere to and password managers can rely upon when doing their work. All password managers have is intruding into web browsers, look at the pages you are loading, find the username/password fields based on heuristic rules and fill them. This has been a technology applied for a decade now, and it did not got any better. And it is so much bailable by any means. Thw upcoming alternative to resolve that issue (among others) are passkeys. They can rely on a standard to work - either a browser supports that standard or it doesn''t (all major browsers but Firefox (which I find very disappointing) do today). And third party password managers start do it as well, and it does not require all of them to figure out what is going on und supposed to happen by analysing web pages - passkeys are a well-defined standard including web-sites accessing them for login: they simply place a well-defined javascript-statement on their page.
@bgtubber 6 ай бұрын
What exactly do you find hard about password managers, if I may ask? I use KeePassXC which is one of the most trusted password managers and it's pretty easy to use.
@drescherjm 6 ай бұрын
I do the same. I don't trust my cloud based password manager to protect my financial sites because they have been hacked multiple times.
@almuric1baggins337 6 ай бұрын
@@drescherjmDid you ever think of changing your password manager! Doh!
@drescherjm 6 ай бұрын
@@almuric1baggins337 Too much work. I have around 400 hundred accounts. I also as a person in IT use 20+ devices on a given day which can limit the options.
@megapangolin1093 6 ай бұрын
Great, helpful video, Leo, thanks for all your great help and information over the past year. I wish you well for 2024.
@ChrisW228 5 ай бұрын
I’ve used a password vault for many years. And then it was breached. My husband thought I should change services. I felt that at least we know this one is now beefing up, where the rest are still unknowns as fas as security.
@NoSpam1891 6 ай бұрын
Keepass - very happy with that one.
@mnphoneemail113 6 ай бұрын
I've never understand the issue with passwords. There is no need to think up and remember a password. The simple solution is to use a password manager. Within that manager, I have it generate a complex password typically up to 20 characters. It will have numbers, special characters, upper and lower case text, etc. When asked for the password, I simply copy and paste. Done.
@bgtubber 6 ай бұрын
You'd be surprised how many people don't use a password manager. A good chunk of them reuse a single simple password across all sites. Yikes!
@mnphoneemail113 6 ай бұрын
With your great presentations perhaps more will move to one. You might consider a presentation to demonstrate the generation of passwords and the copy and paste method. Also, aren't there some password managers that automatically connect and enter the password? One of the comments below states they don't always link and enter the PW.
@tomward876 6 ай бұрын
Or for computer sites - Memorize a list of 52 characters. Make it words and numbers. Example: 1Jerky2Party3Green4Horse5Sugar6 Banana ... It doesn't take long to memorize and you can use it forever. Completely uncrackable by any advanced method.
@geodavid51 6 ай бұрын
In an ideal password we wouldn't need passwords!
@raywarner7184 6 ай бұрын
In an ideal world we would not need passwords
@dennisd5776 6 ай бұрын
What happens if a hacker gets in to your pass word manager? Can they now get into every sight that is stored there?
@GosWardHen98 4 ай бұрын
Good tips & try to keep it simple for yourself too! 😊
@drdr73 5 ай бұрын
When i was a newby medical student 5decades ago...to remember complex anatomical structures we used mnemonics as an aide de memoire....now i remember esp the 'bawdy ' ones!....so even algorithms may be forgotten....
@byrd203 6 ай бұрын
With Apple tv's no more typing in passwords on the screen setup iCloud keychain then calling up the built-in remote app on the iPhone select that apple tv then it will ask or a password on the iPhone select your account password from the autofill it will fill in the password this gets around hand typing period
@user-yw1rp4rj4u 6 ай бұрын
Problem I have found with some password. Managers is the ability to save the complicated Auto Jen password. Sometimes there is an automatic prompt and other times. There is nothing.
@gjoseph1628 6 ай бұрын
Your advice or idea of an algorithm for choosing a password is excellent. I also have my own decided algorithm; but I am not telling what it is.
@Beavis-et8ox 6 ай бұрын
why not 😀??
@gjoseph1628 6 ай бұрын
still my secret! @@Beavis-et8ox, but you can think of your own method.
@terryshipe609 6 ай бұрын
Hi Leo, really enjoy your videos. I'm wondering what is your take on auto generated passwords such as the ones Firefox offers with auto log into each account that it creates a password for.
@askleonotenboom 6 ай бұрын
As long as you can configure the password to be sufficiently complex, they're great. I use 1Password's generator. Here's an example: o2EYjUJHryXFCgxvZ8UT
@cmdrbozo 5 ай бұрын
The best approach for password managers is to add the samd few secret characters to the beginning or end of every auto-generated password. Then if the vault is hacked it does not list your full password.
@juanparadinas7696 6 ай бұрын
Really bad idea store it in the cloud. Store it locally in an external disk mirrored in a file encrypted with AES. Just in case, print it and save at home in a secure and hidden place
@user-yw1rp4rj4u 6 ай бұрын
what about the windows 11 or iOS native tool?
@hassanmaje5849 6 ай бұрын
Do password vaults work in an Enterprise (Microsoft /Windows) setting when logging into on-premise, business software each with different usernames and passwords while adhering to company policies such as password length, password expiry? Examples of such software include Accounting, HR, Payroll, etc that staff have to routinely use.
@JohnSmoleskis 6 ай бұрын
IT support for the organisation I worked for wouldn't install anything like that, but 1Password has a web interface so I could copy and paste.
@nullx8 6 ай бұрын
in an "ideal world" you would not use a password at all, but authenticate yourself with a key. yet its 40 years down the internet road and microsaft still doesn;t know how keys work. the "problem" with password managers is, that you put all your data at a single point of attack.
@nick_vee 3 ай бұрын
@askleonotenboom What’s your opinion of using Apple Keychain as a password vault?
@askleonotenboom 3 ай бұрын
It's fine, as long as you don't need the info on a non-Apple device.
@gjoseph1628 6 ай бұрын
Here's why I do not trust "use just one password" for a password vault: The password manager fails too often to properly fill-in the correct password for person's username so the person still must either do some extra clicking OR enter the needed password using the keyboard. Even so, I myself do use a password manager with a "vault"; this vault having its one chosen password.
@user-fed-yum 6 ай бұрын
You need to get slightly more sophisticated, so will need at least four. One for your computer, one for your phone, one for your password manager, and one each where compromise might cost you huge financial losses, such as your bank account.
@captainkangaroo4301 6 ай бұрын
I always choose the really really bad approach in all of my endeavors.
@roseymalino9855 6 ай бұрын
Seems like a violation of the rule -- don't put all your eggs in one basket -- and dangerous.
@willardchi2571 2 ай бұрын
Yeah, but if someone somehow discovers your passkey password, aren't you then effectively as vulnerable as someone who used the same password for everything?
@markschuette3770 6 ай бұрын
i suggest eliminating passwords- i can never remember them! and go to a short series of personal questions you can answer. also i have no idea what you mean by "vault" !
@askleonotenboom 6 ай бұрын
Vault is a password manager program that remembers passwords for you, like 1Password, Bitwarden and others.
@drdr73 5 ай бұрын
How safe is a password vault./ manager...if that is hacked or down a user will be stuck....best is to keep a written list of the passwords in a physical 'vault'
@askleonotenboom 5 ай бұрын
Disagree. Even if the provider is hacked your passwords remain securely encrypted and useless to the attacker.
@Tensquaremetreworkshop 6 ай бұрын
Password 'managers' or 'vaults' do not work- you are often required to enter particular characters from your password. They cannot do this. My bank wants both this and specified numbers from my numeric code. Another fail. They can also cost money- which a password protected Excel file does not. And that, if all it gives is personal hints, is more secure than a password manager- they have been hacked before...
@ricknick5318 6 ай бұрын
Oh I left out part of something I meant by insurance use the same password on everything if one site gets compromised change password immediately insurance will cover anything else
@MichaelDomer 6 ай бұрын
So in other words, they only need to know the password of your vault. Meh, bad way of doing things, especially our passwords for bank, paypal and the likes, should be passwords that need to be memorized.
@ronandmary8471 6 ай бұрын
I would like to see the evidence that hackers crack passwords by testing character strings.
@TOSStarTrek 6 ай бұрын
Yes, but it needs to be 32+ random characters. Most hackers put a time limit on how long they spend to hack your password. Then they move on to the next one.
@bgtubber 6 ай бұрын
I normally do 24 characters. 32+ sounds a bit excessive, no? Is a 24 character purely random password (including special characters) easy to hack nowadays?
@TOSStarTrek 6 ай бұрын
@@bgtubber It just takes to much time. They can get into 5 or 6 for the time it take to break into one 32+. 16 is the norm now. Just put 2 or 3 random letter in it and that will stop 99.99% of the algorithm hacks.
@unglaubichuberlieber8048 5 ай бұрын
Use Just A Single Password For Everything...sure...losing or some one PERMANENTLY BORROW that password...you will also LOOSE EVERYTHING..yes this "intelligence"
@askleonotenboom 5 ай бұрын
I'm assuming you didn't actually watch the video.
@miklosbence3852 6 ай бұрын
We all know that passwords are static therefore they can be stolen - e.g. via a keylogger. The best solution would be if sites displayed a fresh code every time you want to log in and your personal, PIN-protected HW key would display the one-time password for you to type in manually. Simple, secure.
@hxndrik Ай бұрын
Dont all important services have 2FA anyways? Even if someone has my password, why would it matter? They can't login without 2FA.
@askleonotenboom Ай бұрын
No. Not all do. And not all people use it when they do.
@robertspicer2947 5 ай бұрын
use a pattern of keystrokes tthat mean nothing
@mxzyk353 5 ай бұрын
Are you sure you are not working for some spy agency, because what is in the ether everything can be hacked, just saying
@TroyQwert 6 ай бұрын
What if the vault fails? Like any other soft.
@askleonotenboom 6 ай бұрын
This is why you should be backing it up regularly. (And even if not you haven't lost access to anything.)
@TroyQwert 6 ай бұрын
@@askleonotenboom , so, that means I need another password? For the back-up.
@askleonotenboom 6 ай бұрын
@@TroyQwert That depends entirely on how you choose to securely store that backup.
@TroyQwert 6 ай бұрын
@@askleonotenboom , I hear you. What the back-up fails simultaneously with the "A-roll"?
@askleonotenboom 6 ай бұрын
@@TroyQwert Hopefully that never happens, but most recommend two backups: one local, and one off-site. So that's an extra level of protection.
@loophole123 5 ай бұрын
Does not explain what a password vault is.
@thepurplesmurf 6 ай бұрын
YubiKey anyone?
@drescherjm 6 ай бұрын
I have that but its not supported everywhere.
@Grunfeld 6 ай бұрын
YubiKey is excellent as the *2nd* authenticator you use in addition to your password.
@shawndayvis6169 6 ай бұрын
Didn't realize the first half of this video was a lecture
@askleonotenboom 6 ай бұрын
Welcome to my TED talk.
@babismousikos 6 ай бұрын
instead of trah talking and talking give an example
@macnottsuk 6 ай бұрын
Several password vaults have been hacked in recent years they are no longer the safe and best bet. The algorithm is a good idea but over time your passwords will show a pattern that is not difficult to crack. The best way to deal with password authentication is to use a long phrase that is easy to remember but is nonsense. Couple that with MFA/TFA using your mobile to receive the chalange code. Until the industry implement passphrase technology. And by the way, use a Linux PC for your personal and sensative data. I run Windows for various none sensertive work. And a Linux box to access personal data sites.
@askleonotenboom 6 ай бұрын
"Several password vaults have been hacked" - please provide your sources. I don't believe "several". In fact, I know of only one compromise, LastPass, and so far NO actual password data has been confirmed stolen that I'm aware of. Password Vaults remain more secure than any of the alternatives.
@kevinsteinman8967 6 ай бұрын
@@askleonotenboom keep believing in fairies.
@kevinsteinman8967 6 ай бұрын
@@waynea4651 Yep I sure do.
@KingD2507 6 ай бұрын
Just use a simple password like 12345 so you can remeber it easily.
@bgtubber 6 ай бұрын
And get all your stuff hacked. 😂😂
@davidvaughn817 6 ай бұрын
Hey! That's the same password I use on my luggage.
@bgtubber 6 ай бұрын
And of course, never write down your vault/master password in a text file or on a piece of paper! That's like locking your house and putting the keys under the doormat. 😄 Even if nobody finds it, you could lose it. Just memorize it and make sure it's long and not simple to guess. Add symbols and numbers too.
@johncipolletti5611 6 ай бұрын
Oh, please just use one password. The hackers will love you for it!
@robertgalebach6227 5 ай бұрын
Waste a LOT OF TIME saying nothing!
@pepeshopping 6 ай бұрын
Dislike. You CANNOT use only one password everywhere! Done on purpose, of course, but the proper description is “use only one password to open the rest of your passwords!”. Clickbait is needed for some “creators”, but what kind of idiot crowd can this bring?
@woosiangboon 6 ай бұрын
Ask Leo!
Рет қаралды 74 М.
Rj Mobile 01
Рет қаралды 8 МЛН
Wylsacom
Рет қаралды 623 М.
Enderestories
Рет қаралды 7 МЛН
Electronics_latvia
Рет қаралды 1,4 МЛН