What is a Password Manager?

What is a password manager, and how can it save you from hackers and password fatigue?

As we discussed in the post Why Should I Use a Password Manager?, the average internet user typically has a few online accounts. All these accounts require that you provide a pair of credentials – a username and a password – to log in. As we know, a long password is more secure than a short one, but who can possibly remember tons of different long passwords? No one.

Because of this, many people use the same, short and uncomplicated password on all their online accounts. The username is also usually the same everywhere – more often than not, it’s the e-mail address of the user.

There’s no doubt that this is very convenient. It’s one pair of credentials to rule them all. But what happens if one of the services you use gets hacked, and your credentials are leaked? Since you’re using the same username and password everywhere, the hacker can now log in to all the online services you use!

To prevent this from happening, you should use a password manager. But what is a password manager?

Why Should I Use a Password Manager?

Short answer: You should use a password manager because good passwords are hard to remember. Long answer: See below.

To log on to a website on the internet, you normally have to provide a username and a password. A good password is a long one because the more characters a password has, the longer it takes for a hacker’s computer to guess it. But it’s also generally hard to remember long passwords, and many people tend to use the same password – and often username – on all the websites they log in to.

When you use the same credentials everywhere, there’s a higher chance a hacker can figure out your username and password.

Actually, it’s very likely that it has already happened.

Delete Your Instagram Account Today!

So you finally came around and deleted your Facebook account? Congratulations! Now it’s time to delete Instagram as well.

It’s Easter, which means a long weekend here in Norway. Thursday through Monday are holidays, and many people take the entire week off because schools and most kindergartens are closed for Easter vacation.

It’s common for Norwegians to head up into the mountains during Easter. They don’t do it to come closer to God, but to relax in their cozy cabins. Easter also means high tide in social media. People are not shy about sharing their photos of said cabins, snow, skiing, and of course, the evergreen Norwegian tradition of eating oranges and Kvikk Lunsj.

Many of these photos are shared on Instagram. It’s one of the most popular photo sharing services on the internet. In June 2018, Instagram had 1 billion monthly active users. These users have shared a total of 50 billion photos since the photo sharing service was launched in 2010.

On the surface, Instagram is pretty neat. But did you know that Instagram’s parent company is Facebook?

Is WebAuthn the Key to Passwordless Authentication?

Can WebAuthn succeed where Universal 2nd Factor failed?

Back in October, 2015, I wrote about the FIDO Alliance, their U2F standard, and the YubiKey implementation by Yubico. The goal of U2F is was to describe a method for universal two factor authentication (2FA). Today, 2FA is usually done either by text messages, or by using a mobile application that provides one-time codes. U2F is aimed more at physical tokens, with the YubiKey the most well-known implementation.

I thought the idea of a physical token was brilliant so I shelled out for a YubiKey Neo. Since 2015, I’ve used it for anything practical exactly zero (0) times1.

While using a physical token like the YubiKey for 2FA is a killer concept, U2F support was only implemented in Chrome, and only supported by a tiny handful of sites. Because of this, U2F never saw any wide spread adaption, and the YubiKey on my key chain continues to be dead weight. It’s not terribly heavy, but dead weight nonetheless.

Now, a new authentication standard, WebAuthn, is seeing the light of day. And it might succeed where U2F failed.

Welcome to the Fediverse

Wouldn’t it be great if you could participate on the internet without having your private data and habits sold for profit? You already can. Join the fediverse.

Imagine logging on to a social media site to discuss your anime obsession. But instead of logging on to a site owned, controlled, and monetized on by a Fortune 500 company, you log on to an instance being operated by a fellow anime fanatic in her spare time. The instance you log on to only has about 50 users, but it’s a friendly, tightly knit group of people who all share the same interest as you. No harassment, no hate-speech, no bigotry. Any bad apples not following the Code of Conduct decided by the instance administrator – “don’t be an ass” – is simply banned from participating in the discussion.

The instance you log on to is in many ways an isolated, private island. But it’s also part of a larger network consisting of hundreds of other nodes with hundreds of thousands of users. Most of the instances are owned and operated by private individuals, and together all the instances form a federation.

Welcome to the fediverse.