Passwords: safe use and alternatives

The security of your passwords is almost as important as your own identity. That's why World Password Day, celebrated on the first Thursday in May, aims to raise awareness of the importance of creating strong and secure passwords to protect your privacy. However, it is no longer enough to create long and complex passwords with numbers, capital letters and other characters. Mainly because they often get lost on a post-it note, and that's exactly what cybersecurity experts advise against: Leaving traces of our passwords in unsecured places. That's why, in the face of increasingly frequent cyberattacks, two tools come to our rescue.

Password Manager: Goodbye Post-its!

Password managers such as Keepass and 1Password allow us to store all our usernames and passwords under one key, so we don’t have to worry if our memory fails us. Below, we will go over the most important aspects of the two programs.

Password generator

Both platforms have a manual password generator. 1Password’s secure password generator can generate random passwords, passphrases and PIN numbers. You can customize it by setting password length, capitalization, and character types. KeePassword’s password generator, on the other hand, also allows for a lot of creativity. Besides the length, there are 9 other boxes you can tick to specify the character types you want to include in the password (uppercase, lowercase, digits, special characters, etc.), while you can also generate them with custom patterns or algorithms.

Share passwords

As a 1Password user, you can share passwords and other stored items with others via a single link. The platform also lets you specify who has access to the link and when it expires. In addition, users of 1Password’s Family or Team and Enterprise plans can also share a vault. With this option, the family organizer or team administrator manages the permissions and access level for each user.

In contrast, KeePass does not have a dedicated sharing feature. Their solution for sharing with other users is to set up a common database and share the master password. It’s not exactly convenient or ideal, but it’s still the best option for now.

Security & Encryption

1Password uses the latest encryption methods to protect your personal information from hackers, including AES-256, PBKDF2, and end-to-end encryption. For added security, 1Password requires users to enter a secret key when attempting to log in to their accounts. This provides an extra layer of protection in case someone guesses your master password; unless the hacker enters your secret key, the master password alone is not enough to gain access to your accounts. Another helpful security feature is the ability to store passwords in multiple vaults. With this feature, it is possible to store some data in a separate vault, making it even less likely that someone can access it.

KeePass is an open-source password manager that uses advanced security methods to protect your data. The features you have depend on which version of the software you use. Version 1 has security process protection, security-enhanced editing controls, and password quality assessment. Version 2 also uses security process protection, security-enhanced editing controls, and password quality estimation, but gives you the option to enter your master password through a secure desktop, which further increases your security. Version 1 is designed for Windows, while version 2 is designed for Windows and Mono.

Rates and prices

1Password offers a variety of plans for all types of users. For personal users there are:

1Password Personal – 1.63€/month for 1 user

1Password Families – 2.73€/month for 5 users

1Password Personal is the best option for single users. It can be used on an unlimited number of devices and offers unlimited password storage, 1GB file storage, autofill, 2FA, 1Password Watchtower, a digital wallet, and travel mode.

If you want to add more users, you can upgrade to 1Password Families. It can accommodate up to 5 users and includes everything included in 1Password Personal. It also includes access/permission management and account recovery.

On the other hand, Keepass is a free software, but you are allowed to extend KeePass’ features with various plugins (autofill, database backup, and breach/leak checker).

Platforms, interface and usability

1Password and KeePass are compatible with all major operating systems. But 1Password outperformed KeePass by offering browser extensions for all popular names. In contrast, KeePass has no official browser extensions or official mobile apps.

Second, multi-factor authentication is the alternative that will make passwords disappear in the future. We probably know this tool, but many people don’t really know what it consists of.

Multi-factor authentication: the end of passwords?

Multi-factor authentication (MFA) is a security measure that requires a user to provide two proofs of identity. The common factor is the password, and the other can be a security token or a biometric factor. There are five types of authentication factors:

Something you know (knowledge factor): This factor is usually a password, PIN, or an answer to a security question. This is the information that only you know, no one else.
Something you have (security token): This factor refers to information sent to a physical object, such as the devices you carry. It can be sent to your cell phone or in the form of an ID card or security key. There are three classifications for a security token:

HMAC one-time password (HOTP): These security tokens are used only once and expire after use.
Time-based one-time password (TOTP): This token expires after a certain period of time, usually after 30 seconds. When the time expires, a new token is generated.
Universal 2nd Factor (U2F): these devices allow you to access highly sensitive websites and platforms without using your cell phone or entering passwords. It records all passwords and uses highly complex cryptography to keep everything secure. All you have to do is plug in the device (usually a USB device) and click the small button when logging in.

Something you make up (biometric factor): This factor includes anything that makes you physically unique. Your unique characteristics like your fingerprint, retina, voice, and face.
Your location (geographic location factor): This token uses IP and MAC addresses to locate a login attempt. Notifications of login attempts often appear in the emails you receive when someone tries to log into your account from another location.
Something you do (action factor): This factor generally relies on a record of your activities or behavior to identify your identity. However, due to its complexity, this factor is rarely used. This factor is also known as a picture password. Windows 8 allows you to use this feature by recording your mouse movements on a specific image.

The benefits of Multi-factor authentication (MFA) include:

Increased productivity through greater employee mobility: The ability to authenticate devices outside the workplace allows employees to be mobile and flexible in the workplace. According to a survey of 322 respondents conducted by CITO Research, 67% of professionals believe this improves their business processes. Multi-factor authentication allows employees to access the corporate network from any device, anywhere, without worrying about data security.
Early detection of suspicious login attempts and increased security: weak passwords will always be the biggest vulnerability in password-protected systems. Most of us find it difficult to set a strong password that protects and is easy to remember. There are many cases where accounts have been compromised by using simple passwords. MFA reduces the vulnerability of weak passwords by adding an additional layer of identification. It also enables your organization to detect any unauthorized login attempts to your accounts. Knowing the attempts helps IPAXES monitor the behavior and investigate the potential attack, which strengthens your protection.
Saves you money: in addition to increased employee mobility, MFA allows your employees to configure security without extensive support intervention or additional costs. It also saves you a lot of time from potential ransomware attacks that could cost your business hundreds of thousands of pesos and important customer data.
Reduced risk of identity theft and fraud: MFA makes it difficult for hackers to emulate a user’s unique characteristics through the biometric factor. Regardless of whether they can learn the user’s password, they will never learn the security token sent to the owner’s devices. Some websites do not allow access when logging in from a device that is not registered in their authentication system. This prevents hackers from logging into their systems.
Breaking the phishing cycle: if one of your employees is fooled by a phishing attack, the hacker cannot access the network because your organization’s system requires an additional factor. The attack would only be possible if the hacker can access the SMS sent to the device or has the authentication keys to access your company’s accounts.