2024 - General Account Security - Passwords & 2FA

Information Technology Docs, How-To & Solved
1

Hi all. Will update and clean up as things progress. Probably.

Would like to reference this thread from TechJamaica - a site that I frequent for general technical chats.

Please also note that the same information is in another thread over there.

https://www.techjamaica.com/forums/showthread.php?108601-Why-passwords-have-never-been-weaker—and-crackers-have-never-been-stronger

I’m loving the fact that discussions were going on from 2012. With how things have been in more recent times, it becomes more important and far more necessary to take added precautions with your accounts.

When the internet was young, having a single password for all your accounts was very convenient. Yahoo. Hotmail. Gmail. Your hosting provider. Your bank account. Everything. Then came the breaches.

Many companies have suffered data leaks and breaches over the years, some of which have even been password manager companies. Suggestions are made - but what would be the best course of action to take? Well. Here’s a few suggestions.

With the increase in breaches, many companies have added 2FA to their sites. Even if you use an “easy” password, having 2FA enabled will ensure that your account cannot be breached unless the hacker has your hard or soft token. Impossible to breach? Not really - but the amount of work required for YOUR specific account is too much of a hassle. They’ll give up or move on. But this brings us to the other option. Your password.

An issue that most persons will have is remembering ALL the passwords for all the different sites. Personally, I have accounts with over 200 websites. That’s a lot to have 200 different passwords - so how can that be managed? A password manager.

The beauty of any good password manager is the single password. Think of that as your key to get access to all the other passwords. It’s best to use some really long password to get in - and it doesn’t need to be overly complicated - just mildly so.

I Love TechJamaica
1 L0v3 T3c4J@m@1c@

Some simple phrase about something that you know or like can be used. Adding in numbers and special symbols or substituting some for others will help in the complexity. Avoid using your name, family member names and date of birth and all that - but ensure it’s something you won’t forget.

RoboForm is probably one of (if not THE) oldest password manager out there. I had a license with them and moved to the subscription model, but then changed to other options thereafter. If you’re a real stickler for security, then you can get your own VPS, VM or dedicated machine to run something like BitWarden. You would then have full control and can setup sync between the devices you use.

Wary of something like that? You can use another option like KeePass with a key file. Simply setup your database and run your app. Purchase a license for Resilio Sync to ensure it syncs across your personal devices, or set up SyncThing to ensure things stay in sync. You could also use Google Drive, DropBox or other services, but the sync capabilities of Resilio and SyncThing are superior IMO.

Using a key file helps with the overall security. This could be a simple text file with a line from something you remember…“Do not go gentle into that good night” for example. A simple file that can be created and stored separately on your mobile device, and then created as needed on your desktop/laptop. This plus your password will keep your database secure.

As for which 2FA to use - that’s entirely up to you.

“Authenticator Plus” on Android was my favorite - since it would allow you the option to export your encrypted database into WinAuth for use outside of the phone. The development has stopped, but it’s still the only one that I’ve seen with that kind of feature. Since then - I push “Authy” for usage. They had a desktop app, but that’s being discontinued. “Authy” runs on all platforms and has the ability to backup/sync across all devices. I love the way it works overall, but wish I could export for use on a desktop app. Sad to see the desktop app go as well.

As things progress I may put in links and such, but for now it’s just information. Hopefully this helps others and gives some insight on what to do and how to secure your account. We can discuss more - and you can post your suggestions on what you’ve used or like.

Keep safe.

2

So now - I’ve been testing Aegis Authenticator as suggested by King_Jay16 from TechJamaica. It looks very promising. One feature I like is the cloud sync ability. Most apps really only use DropBox and Google Drive. I was able to point it to a different service that’s on my mobile device, and it has successfully added and synced the file to that service. So plus there. Will now start the painful task of migrating from the other platforms.

Kudos to King_Jay16 from TechJamaica for that - hopefully development on Aegis will continue. Only issue is it’s Android only at this time.

https://getaegis.app/

If you use iOS, I would still suggest using Authy. Not able to do exports, but their platform has been solid.

EDIT
So I made the move. “Painful” as I said due to issue with Authenticator Plus. Had to get it done on BlueStacks due to lack of support for newer Android platforms, but the import/export features in Aegis are really good. So now I’ve officially moved over. Thanks again to King_Jay16 from TechJamaica for the suggestion.

I never did get around to checking in more recent times, but you can see Aegis as the first alternative suggested on this site.

https://alternativeto.net/software/authy/

Authy has 200+ likes while Aegis has 100+. I should have checked it out, but I was too hung up on what I was using - hopeful that they’d pick up back development.

Well - moving on. Let’s see how this project goes. If it ever gets on iOS then it’ll make Authy #2. Only reason for Authy still holding a great spot is the website/domain integrations and the fact that it works on ALL platforms. Only issue is the Windows desktop app is going to be discontinued.

3

Let’s add some pictures for context.

image
image810×800 56.9 KB

It’s got a LOT of options for import. Only issue is it requires root access for some.

image
image814×410 30.5 KB

image
image814×498 35.1 KB

Exporting has only these 3 options above, but that’s more than enough. Bear in mind that any format other than JSON cannot be encrypted.

There’s a lot of ways the information can be displayed.

image
image1568×882 33.2 KB

I do love the “tiles” option which gives a more compact display. There are LOTS of options to customize, which allows for a robust app. The best one IMO is the ability to use ANY cloud service to do your backup. Tested and worked - as long as the cloud service shows up on your phone as an available save location.

Take a look at it when you have time. Good stuff. Only drawback? Not support on IOS (yet?) so Apple users will have to get Authy. Great alternative, but less (or no) control over backup and export options.

One of the nicest features as well is the ability to export single entries. This lets you show the barcode to be scanned by another device for sharing. If you have someone else that needs account access, you can grant that.

Overall - very robust - very nice. My new go to app for 2FA.