Password Security Best Practices 

Sometimes for fun when I'm at an ATM I like to shout out 4 random numbers when I enter my pin.

dat cheeky wink though.

I keep mine simple to remember it. I never forget Password123

Password length limiters forcing to have only 10-12 characters at max with upper case, numbers, and symbols are the cancer of the internet

Guys, what should I use instead of 69allday? ;(

The reason I like this channel so much is because whenever i watch a video i 99% of the time learn something new, and i find that so amazing. thanks Linus & the team.

I literally loved the intro dialog beginning with the "If you want to see...", well played Luke!

Would love to see more cybersecurity related videos like this. Very informative video!

"Don't Write Down Your Password." This is pretty safe depending on the security situation of where you live. Most people don't have to be paranoid about documents in a dresser drawer or under their bed.

Fun thing is that yahoo just noticed me that someone in north korea just entered my account.

Thanks for recommending Dashlane. I've been having issues with Lastpass not loading up anymore after starting Chrome, so I switched to this and it's working pretty well so far.

A good video, and one I liked. Luke's at his best when he isn't imitating Linus and doing his own thing instead. Thumbs up! 👍

Great video.

Taran van Droogkloot and Taran van Eikel :D

Great review! More people need to know this stuff!

Thank you for this, i have just changed my passwords and am now using two level authentication. Thanks again for another great video.

1Password isn't cloud-based, Luke. It, much like KeePass, has available Dropbox integration but doesn't store the actual database on a remote server. The password database (which is strongly encrypted) is stored locally. The primary differences between 1Password and KeePass are that 1Password has a more user-friendly UI but lacks Linux support while KeePass is a bit more utilitarian in the UI field but has a wider compatibility base.

talks about password protection then says: "a trick i use to come up with password is..." :D strill bro love luke

thanks, linus tech tips, for great and interesting content

THAT INTRO OMG! THAT WAS HILARIOUS!

Guys I just won a new iPhone 6S and all I had to do was send a Nigerian prince my bank account details!

This is why I don't use the internet, or any technology for that matter. I am currently writing this comment on my iStone tablet.

Love the shirt, man! Bastion is awesome!

very important video, nice - good job!

Techquickie: password security explained

Why is physically writing down the password a bad idea? As long as somebody doesn´t break into my house, they are safe. Family members do not even know that I have something like that and I won´t lose the sheets of paper since they are all stored in one place for years now. Written down password cannot be stolen by some fancy hacking program. Using a password manager isn´t an option for me, I do not need it anyway and it can get decrypted too. If you have all your passwords stored in a program, good luck getting to them if you PC is dead...

grrrrrrr, why couldnt this video come out like 4 hours before, i had a whole ICT lesson about this today and it ansered EVERY question

nice video - hope you do more security stuff, but some reviews of security options that are out there would be pretty cool as well! Also, where can we recommend tech to be reviewed? couldn't find it on the forums.

What are you talking about? 69allday is a great password

I litteraly changed most of my passwords after seeing this video I think most people did

very informative. great video.

Thanks for the tips.

Never use cloud storage for passwords. Note: LastPass was compromised earlier this year. You also shouldn't be trusting proprietary software for password storage. You don't know what's happening to your passwords

The problem is these websites with all these criteria for passwords.

I finally realised what the *putting right hand down to side for a second every now and then* thing is. Moving the slide on for an auto-cue/script type thing. Can't believe it took me so long to figure it out. I just thought it was a weird habit of Linus'.

Cool vid! Can you please make a comparison vid of different local and online password managers?

"I changed all my passwords to 'incorrect'. So whenever I forget it, it will tell me: Your password is incorrect".

My password is over 30 characters long with capitals, letters, and jumbled words xD Takes a while to log in

Hey, I'd use passwords like "correct horse battery staple" except that many sites require varying case and numbers and non-alphanumeric characters for their passwords. Many sites also still limit the length of passwords to 10 characters, so using those non-alphanumeric characters are as good as we can get in many situations.

If the site you are creating a password for supports spaces. It is also great to make your password into a word or sentence and your normal password. Like for LinusTechTips forum it could be 'linustech ' and for Facebook it could be 'bookoffaces '. This way, you get a long password and also as password that you can remember!

5 minutes ago?.. dam i here!

The problem with the word combination or sentences is that many sites dont allow for this. Many sites require special characters AND numbers AND lower case AND upper case. a few sites have a minimum of 8 characters and a maximum of 14. Idiotic, but I cant force it to work. And now you have to remember which sites have what weird rules. So back to a lot of hard remembering again.

Password manager guide series would be amazing!

1password can also be used for local storage (and local Wi-Fi sync, which is very useful)

Is it bad that I use the same password for everything?

hunter2

*lol* enjoyed the Dutch last names (droogkloot, eikel, etc.) in the first few minutes of the video :-) Greetings from the Netherlands

I have a pretty airtight method I think, I have 5 different passwords that I'll alternate between for every account I own. I have all of these memorised and if I require a hint for a password, the hint will normally be something like "password 1" which acts like a trigger, immediately telling me which of the 5 to use.

Why not write them down? its hard to hack paper?... and you'd have to have something somebody really wanted online for them to break in to your house / rob you to take your password book just to login to your online accounts?.... but that's just my 2 cents..

So imagine you have 50 accounts, that means 50 passwords, you then need to remember 50 passwords?

The quality of the video production has improved quite noticeably. Well done to all concerned. :-)

Better late than never that this finally arrived on RU-vid, but I still say that this should have been posted here in the first place.

Every time someone smart talks about password security, I always wait for the xkcd references. Remember kids: correct horse battery staple.

RU-vid actually blocks out your password if you post it, like this: My password is *******

Nice lighting and color

I personally would say that KeePassX is a pretty good open alternative to some of the desktop solutions for password management out there. Mainly because it's available for all of the major operating systems.

first on a video but last to get laid

Who the fuck is Aiden?

Dayum that wink came out perfect!

I have a password that has four sections that I switch around whenever I make a new password and then I also have a fifth unique section for every password. It works very well for me

Me and my friend use to write down our passwords with a custom book in skyrim and put it in our house.

Wonder how many people tabbed out of this video to go and change their passwords. I know I did.

"Or with friends... I don't judge." I love you guys!

please make a video on negative and positive off does difrance password managers.. i would love a video like that. and bett others would to.

Oh yeah don't write your passwords down on a file that will remain on my desktop but DEFINITELY send them across the internet resting in the CLOUD. goddamit Also if your password is just words it WILL be broken by a brute force program

This! Should really gain more views!!!

You should also talk about websites that set using special characters, numbers andcapital letters as a mandatory thing. Tips for memorizing, and all that. I'd say, make the first letter capital, just like you'd do to a name, add a number to that object (the tube), and switching an "s" for "$" should pretty much do it IMO.

love the usernames in this video xD

Luke please do a video on the password managers. also the thing you mentioned at the start ;)

Yubico just made a sale, thanks to you!

Dayum 1 AM upload.

A video comparing the different 3rd party password systems would be great.

The pass phrase is superior. You can even use concepts to help remember them. You can right down the concept as a reminder since someone would need to both know you very well and have the concept to crack it. An example of a concept is what I call topical favourites. So for example: Location - Car - Food, from this randomly I could have a password of dubaifordburger, sydneylancercheese or newyorknissancake. Both functional and comical making them easier to remember. 2-Factor authentication is based on a principle of both something you know coupled with something you have. So a password combined with a pin from an App, Text Message or RSA token makes this more viable. While someone could steal your phone or RSA token, chances are they won't have your password and vice versa. There is a TED talk on this exact topic if you want to know more. I need to point out this won't work everyone. Some developers for whatever reason limit password character length, eg. Password must be between 6 and 12 characters in length. While this would help prevent SQL injection attacks, it is overzealous as proper input validation would prevent this.

How exactly does Google encrypt my passwords when I use multiple machines with different windows logins? Does it encrpyt it again if I use another windows password or just the first time I ever saved a pw in chrome?

I they should make a video about usual PC problem symptoms for each part of a system. Like "Usual symptoms of a failing Ram As fast as possible", " Usual symptoms of failing PSU as fast as possible" so on an so forth.

LOL, DR WHO 3:33 love this channel.

i fucking love the new style of comedy on this channel lol

I made my own HARDWARE password manager 😊 It fits well on my keychain and can either show the password right on a small LCD display after decryption - or be plugged into USB and launch a webbrowser directly on its own storage (runs separately from the PC's browser) with the password automatically filled in/already logged in to the account due to cookies! Everything is backed up in 2 different ways as well, so I don't have to worry about loosing the keychain 😊 ...And nothing is stored on potentially untrustworthy third part cloud-servers! 😉👍

I use KeePass for personal and work. Don't need to remember passwords or even see them. Auto generated based on several options, or manual entry. Auto paste and clipboard timeout.

I used to use plmnkoijb as my pass. It's easy to remember HOW to type, but not easy to remember. Making mental patterns on how to type a pass can make it way easier to generate new ones and remember old ones.

Need a little help, I'm getting a new PC for Christmas and i was wondering if i could take the SSD out of my laptop and put it straight into my PC, or would i have to do something to it, im not sure as this is the first time that i am going to be building a PC. Also i don't really want to buy a new copy of windows lol. Thanks

i already do most of these thing but the lilr key card thing are they cheep and easy to set up?

Another good way Ive found is to use a passage from a book you like. Easy way to remind yourself of what the password is.

haha loving the dr who quote

the best one is a combination of numbers, upper case letters, lower case letters and symbols but if supported also alt+### combinations IF SUPPORTED some and probably most sites don't support them for a password nor a username

I already implemented the password suggestion you mentioned, wanted to find out if you were correct and have a video reference. Btw, this doesn't work 100% (password type) since some websites/games seem to get into the habit of requiring short passwords and numbers/symbols in the password. They need to take a look at this video and remove those requirements, lowers my possible security due to this.

+LinusTechTips I've always considered getting a password manager but was always concerned about having all my eggs in one basket. If someone gets into the manager everything is compromised. Never heard of Yubico or physical two step verification like this until today; did some research on their site and bought one of their keys and a subscription to LastPass. Thanks for the tip and advice!

1Password is not necessarily "cloud-based" like LastPass. You can happily turn off dropbox/icloud sync and sync Locally via WiFi. (Although I think at this time this is only supported with a Mac-iPhone combo) What I mean is that (although tedious) 1Password does not _require_ you to sync.

i love the background

One thing I'd like to point out that I do, is when recording your password, don't enter the correct password, enter it inverted, or with a missing or added letter or something like that. Just so long as its easy enough to remember.

I first heard it with Linus, now I'm hearing Luke say it. Agayhnst.

The problem with the 2step whats it, is that I live out in the sticks and I don't get mobile signal so if ever a website has to send me a text code, I have to drive 2 miles up the road to get it, then by the time I get back its timed out and I have to repeat the process which is ppointless.

1Password is NOT cloud based, it is local. It does however, allow syncing by copying the vault file between computers (typically using Dropbox) or direct device to device WiFi syncing which has no cloud involved at all.

Thanks for saying all of my passwords, Luke...

I use this method . I have an usb stick crypted with Veracrypt and inside the crypted memory of usb I have the password database crypted by KeePass . Every time I have to digit the password or see it I turn off the internet connection of the computer and copy and past the password in the site. The master password of Veracrypt and KeePass are saved in no digital device but they are in real life safe place. Inside home I use a second pc with no internet connection for open the database password. For mobility it's very simple , I use an otg cable for connect the usb to the smartphone and use two apps similar to Vera and KeePass. In total I have 3 copy backupn of this systems .

I will set a goal to change one password a day until I feel I am good with all the sites. Thanks guys.

you chould take a look @ passbolt self hosted and gpg encryped , did i mention it is encrypted ? and opensource ?

guys i have a question ... when you have finished building a computer like when you see in many guides and u tirn it on what happens ? i mean ... without OS and any softare ....?

Hell i want some program like one great old was on win Xp 32 where you choose folder to be locked and when you want to acces them a password request pops up that unlocks everything for a chosen amount of time.. Do anyone know something similar on win 7 64 ?

Still use a variant of the random password I was generated by this text based Naruto inspired game like 10 years ago. I sometimes use another "word" with similar structure to that one, or a fusion of the two, and combine it with various number combinations. :u These days most of my passwords are 20 to 30 characters long.