Passwords: safe use and alternatives

The security of your passwords is almost as important as your own identity. That’s why World Password Day, celebrated on the first Thursday in May, aims to raise awareness of the importance of creating strong and secure passwords to protect your privacy.

However, it is no longer enough to create long and complex passwords with numbers, capital letters and other characters. Especially because these often get lost on a post-it note, and that’s exactly what cybersecurity experts advise against: Leaving traces of our passwords in unsecured places. That’s why, in the face of increasingly frequent cyberattacks, two tools come to our rescue.

Password Managers: Goodbye Post-its!

Password managers like Keepass and 1Password allow us to store all our usernames and passwords under one key, so we don’t have to worry if our memory fails us. In the following, we will go into the most important aspects of the two programmes.

Password generator  

Both platforms have a manual password generator. 1Password’s secure password generator can generate random passwords, passphrases and PIN numbers. You can customise it by setting the password length, capitalisation and character types. KeePassword’s password generator, on the other hand, also allows for a lot of creativity. Besides the length, there are 9 other boxes you can tick to specify the character types you want to include in the password (uppercase, lowercase, numbers, special characters, etc.), and you can also generate them with custom patterns or algorithms.

 

Sharing passwords 

As a 1Password user, you can share passwords and other stored items with others via a single link. The platform also allows you to specify who has access to the link and when it expires. In addition, users of 1Password’s Family or Team and Enterprise plans can also share a vault. With this option, the family organiser or team administrator manages the permissions and access level for each user.

In contrast, KeePass does not have a dedicated sharing function. Their solution for sharing with other users is to set up a common database and share the master password. This is not exactly convenient or ideal, but it is still the best option at the moment.

 

Security & encryption

1Password uses the latest encryption methods to protect your personal data from hackers, including AES-256, PBKDF2 and end-to-end encryption. For added security, 1Password requires users to enter a secret key when attempting to log in to their accounts. This provides an extra layer of protection in case someone guesses your master password; unless the hacker enters your secret key, the master password alone is not enough to gain access to your accounts. Another helpful security feature is the ability to store passwords in multiple vaults. With this feature, it is possible to store some data in a separate vault, making it even less likely that someone can access it.

KeePass is an open source password manager that uses advanced security methods to protect your data. The features you have depend on which version of the software you are using. Version 1 has security process protection, security-enhanced edit controls and password quality assessment. Version 2 also uses security process protection, security-enhanced edit controls and password quality estimation, but gives you the option to enter your master password via a secure desktop, further enhancing your security. Version 1 is designed for Windows, while version 2 is designed for Windows and Mono.

Tariffs and prices 

1Password offers a variety of plans for all types of users. For private users there is:

1Password Personal – 1.63€/month for 1 user

1Password Families – 2.73€/month for 5 users

1Password Personal is the best option for single users. It can be used on an unlimited number of devices and offers unlimited password storage, 1GB file storage, autofill, 2FA, 1Password Watchtower, a digital wallet and travel mode.

If you want to add more users, you can upgrade to 1Password Families. It can accommodate up to 5 users and includes everything included in 1Password Personal. It also includes access/permission management and account recovery.

On the other hand, Keepass is a free software, but you are allowed to extend the features of KeePass with various plugins (autofill, database backup and breach/leak checker).

Platforms, interface and usability

1Password and KeePass are compatible with all major operating systems. But 1Password surpassed KeePass by offering browser extensions for all common names. In contrast, KeePass has no official browser extensions or official mobile apps.

Second, multi-factor authentication is the alternative that will make passwords disappear in the future. We probably know this tool, but many people don’t really know what it consists of.


Multi-factor authentication: the end of passwords?

Multi-factor authentication (MFA) is a security measure that requires a user to provide two proofs of identity. The common factor is the password, the other can be a security token or a biometric factor. There are five types of authentication factors:

  • Something you know (knowledge factor): This factor is usually a password, PIN or an answer to a security question. This is the information that only you know, no one else.

 

  • Something you have (security token): This factor refers to information sent to a physical object, such as the devices you carry. It can be sent to your mobile phone or in the form of an ID card or security key. There are three classifications for a security token:

 

  1. HMAC one-time password (HOTP): These security tokens are used only once and expire after use.
  2. Time-based one-time password (TOTP): This token expires after a certain period of time, usually after 30 seconds. When the time has expired, a new token is generated.
  3. Universal 2nd Factor (U2F): These devices allow you to access highly sensitive websites and platforms without using your mobile phone or entering passwords. It records all passwords and uses highly complex cryptography to keep everything secure. All you have to do is plug in the device (usually a USB device) and click the little button when you log in.

 

  • Something you make up (biometric factor): This factor includes anything that makes you physically unique. Your unique features such as your fingerprint, retina, voice and face.

 

  • Your location (geographic location factor): This token uses IP and MAC addresses to locate a login attempt. Notifications of login attempts often appear in the emails you receive when someone tries to log into your account from another location.

 

  • Something you do (action factor): This factor generally relies on a record of your activities or behaviour to identify your identity. However, due to its complexity, this factor is rarely used. This factor is also called a picture password. Windows 8 allows you to use this feature by recording your mouse movements on a specific image.

 

The benefits of this tool include:

  • Increased productivity through greater employee mobility: The ability to authenticate devices outside the workplace allows employees to be mobile and flexible in the workplace. According to a survey of 322 respondents conducted by CITO Research, 67% of professionals consider this an improvement to their business processes. Multi-factor authentication allows employees to access the corporate network from any device and from any location without worrying about data security.

 

  • Early detection of suspicious login attempts and increased security: Weak passwords will always be the biggest vulnerability in password-protected systems. Most of us find it difficult to set a strong password that protects and is easy to remember. There are many cases where accounts have been compromised by using simple passwords. MFA reduces the vulnerability of weak passwords by adding an extra layer of identification. It also enables your organisation to detect any unauthorised login attempts to your accounts. Knowing the attempts helps IPAXES monitor the behaviour and investigate the potential attack, strengthening your protection.

 

  • Saves costs: In addition to increased employee mobility, MFA allows your staff to configure security without extensive support interventions or additional costs. It also saves you a lot of time from potential ransomware attacks that could cost your business hundreds of thousands of pesos and important customer data.

 

  • Reduced risk of identity theft and fraud: MFA makes it difficult for hackers to emulate a user’s unique characteristics through the biometric factor. Regardless of whether they can learn the user’s password, they will never learn the security token sent to the owner’s devices. Some websites will not allow access if one logs in from a device that is not registered in their authentication system. This prevents hackers from logging into their systems.

 

  • Breaking the phishing cycle: If one of your employees is fooled by a phishing attack, the hacker cannot access the network because your organisation’s system requires an additional factor. The attack would only be possible if the hacker can access the SMS sent to the device or has the authentication keys to access your company’s accounts.

 

Every year, millions of businesses suffer from their data being compromised, putting all their users at greater risk of theft and fraud. On World Password Day, several cybersecurity experts proclaim that passwords are an insecure and archaic method, which is why they choose to stop using them. With this in mind, multi-factor identification is emerging as the main alternative to increase the security of existing passwords or replace them altogether in the future. Companies like Microsoft have already put this into practice with the Microsoft Authenticator application, which allows users to remove all passwords from their account. The disappearance of post-its is already a reality, will passwords be the next to go extinct?

Beratung aus Leidenschaft.

CONTACT us

+49 7162 94 72 079

kontakt@peitz.consulting

Sonnenstraße 10, 73650 Winterbach

menu

Menu

Copyright 2023 Peitz Consulting | All Rights Reserved

Legal notice

Privacy policy

  • +49 7162 94 72 079
  • kontakt@peitz.consulting
  • Sonnenstraße 10, 73650 Winterbach

Windows Server 2012 Migration

The technical migration of 1250 servers and the move from Windows Server 2012 were carried out.

The procedure was as follows:

  • Conceptual design, data preparation and planning of the target state
  • Documentation and preparation of the actual state
  • Derivation of measures and recommendations for the migration
  • Planning and coordination of the migration path
  • Management of suppliers and service providers
  • Stakeholder management to ensure support for the project
  • Preparation of a report for the project manager
  • Preparation of documentation and reporting

Migration von Microsoft Server 2012

Die technische Migration von 1250 Servern und der Umzug von Windows Server 2012 wurden durchgeführt.

Dabei wurde wie folgt vorgegangen:

  • Konzeptionierung, Datenaufbereitung und Planung des Zielzustandes
  • Dokumentation und Aufbereitung des Ist-Zustandes
  • Ableitung von Maßnahmen und Empfehlungen für die Migration
  • Planung und Koordination des Migrationspfades
  • Management von Lieferanten und Dienstleistern
  • Stakeholder-Management zur Sicherstellung der Unterstützung des Projekts
  • Erstellung eines Berichtes für den Projektleiter
  • Erstellung Dokumentation und Reporting