Digital Identities

1. 00:00Now, let's have a closer look at tools which help to deal with
2. 00:05secure passwords: the so-called Password Manager,
3. 00:08in our openHPI course about Digital Identities.
4. 00:13You remember secure passwords need to be long, need to be complex,
5. 00:18difficult to remember. One
6. 00:22needs a secure password, such a secure password is needed for each account,
7. 00:28for each identity. And if you think about your own situation, how
8. 00:33many internet accounts, how many internet services you are using,
9. 00:38then most of the users have more than 20 such internet accounts and identities.
10. 00:45So, you can't remember all the passwords because
11. 00:50taking one password for several accounts, we
12. 00:54argued already that this should not be done.
13. 00:58So, one possible solution to deal with, and to remember such passwords is
14. 01:03to use technical support, technical support that's provided by so/called
15. 01:10Password Manager or Password Safe.
16. 01:15These password managers or password safes are services in the
17. 01:18internet, or programs for your computer that manages
18. 01:23and encrypts all the passwords with a single strong password.
19. 01:29To get to this tool you need one very strong single password
20. 01:34and then later on the system supports you and creates complex passwords,
21. 01:42stores this complex password - what is for us humans difficult.
22. 01:46So, with a password manager, with one single password the password manager stores
23. 01:53all our password inputs to services
24. 01:59and it creates
25. 02:02passwords which are long and strong - what is difficult for humans to do.
26. 02:09This service also automatically enters the password
27. 02:14on the right website, on the right web service. So, when
28. 02:19one registers with the help of a password manager
29. 02:23with a new service, at that moment of registering a new digital identity
30. 02:28is created. In this identity, the password is an important part.
31. 02:32The system helps to create a secure password, the system remembers
32. 02:38that exactly for this service this password was valid. So,
33. 02:43all this help is given by the tool
34. 02:48and they are very valuable.
35. 02:52Password managers exist in two variants: in an offline variant and
36. 02:58in an online variant.
37. 03:02In the last few years, such password managers have been integrated
38. 03:07in browsers. So, let's start with an
39. 03:13offline password manager, and here I already show you one system
40. 03:18that could be used. The idea is to use such a system here, for example, "KeePass"
41. 03:23or "1Password" and to store it locally
42. 03:28on your device in an encrypted form.
43. 03:33Advantages: No third-party is involved, no third-party has access to
44. 03:39this password manager and in this way also not to the passwords.
45. 03:44The disadvantage is that the data is stored only locally on the user's device.
46. 03:50So, if you want to use this service, for example,
47. 03:55you have it created and registered with on your laptop and if you
48. 03:58want to use the service with your smartphone,
49. 04:02it is not possible, without some
50. 04:07installations it's not possible to access your accounts.
51. 04:13So, synchronization is needed, so that also with other devices
52. 04:20that you have, you can access the services.
53. 04:25Another disadvantage is if the hardware has defected,
54. 04:29for example, if your laptop
55. 04:32is broken or if a theft happens,
56. 04:35then of course also your password manager is gone
57. 04:42away or is no longer working. So, it's very important to run
58. 04:47backups regularly, to not come in a situation that you
59. 04:54are no longer able to
60. 04:56log into any of the services.
61. 05:04Here the "KeePass" - I recommend, that's an open-source
62. 05:11software that's used. So, people have checked it, have seen it and
63. 05:15many people trust this system. There are also commercial solutions,
64. 05:21"1Password" is such a commercial solution. So, there are different
65. 05:28possibilities and offers for such offline
66. 05:34password manager.
67. 05:38Here I want to give you an example
68. 05:41with KeePass. So, you have to set a master password when
69. 05:46you create a new database with this KeePass,
70. 05:50and this master password that needs to be really strong,
71. 05:56because this is the only password you have to remember
72. 06:01in future, when you start to work with such a password manager, in this case
73. 06:07with KeePass. Here you get a number
74. 06:11for the evaluation of the strongest of your master keywords (master passwords). You
75. 06:17see with the colour code, whether you are more in the secure area or whether
76. 06:23you are not in the secure area. The number of bits
77. 06:27which result from the letters and characters you use,
78. 06:33can be seen when you choose a strong password.
79. 06:36Then you have this KeePass installed, you have your password
80. 06:43and now you want to register with a new service.
81. 06:47A strong password is needed for establishing a digital
82. 06:52identity with this new service and this is done by the keyword manager (Password Manager),
83. 06:59in this case by KeePass. So, you can see here the system once the
84. 07:06account is created and then the password manager creates a
85. 07:11strong password for you. You can choose what kind of characters the password
86. 07:17contains and then you can say "Yes create the password".
87. 07:22This was the registering and then when you go back later
88. 07:27to the service, you need to write the password. Here KeePass is helping you
89. 07:33in finding the right password for that service
90. 07:37in its database. So, for example, here
91. 07:42for an openHPI account.
92. 07:47The idea was that this is a software installed on your computer.
93. 07:52Such Password Managers also exist as online services.
94. 07:58Here the functionality of such a Password Manager is offered
95. 08:03as an online service. So, the advantage is, the passwords are synchronized
96. 08:09and available for all your devices, without taking any activity.
97. 08:14And if your system, if your computer is stolen or if something is broken,
98. 08:21it is no problem as the data is available in this online Password Manager.
99. 08:28But there is also the other side, the disadvantages.
100. 08:32This depends on the provider, what you know about the
101. 08:36availability of the provider: If the provider is not stable or if
102. 08:41it's not available all the time, then you cannot access your accounts,
103. 08:47you cannot access and use the services you want to.
104. 08:51Another disadvantage is, how secure is it to store all this very sensible data
105. 08:58with such an external service, because the service provider has access
106. 09:05to all the data stored in this.
107. 09:08So, often commercial providers, for example, "LastPass", "Dashlane", etc,
108. 09:15there are a number of such providers and here is the recommendation: you should not
109. 09:22use a cost-free service because there is a probability
110. 09:28that in those services people work with the data. Use only commercial providers you trust.
111. 09:35To mention that such password manager functionality
112. 09:42is also available with recent browsers,
113. 09:46here, I can show a few:
114. 09:49if you work with Firefox or with the Chrome browser or Safari browser,
115. 09:54often such browser vendors offer password managing functionality in the browser.
116. 10:02Sometimes they even support you in checking
117. 10:06with a password leak database, so to check if the password
118. 10:11you want to use if it is already leaked or if your password is leaked and
119. 10:16available in such a leak database.
120. 10:20Typically this password manager functionality within browsers,
121. 10:26this is in the category of an offline password manager because
122. 10:32this data is stored in your browser, on your device.
123. 10:37Typically they are offline password managers
124. 10:43but with synchronization functionality, provided for example,
125. 10:49via "Sync" in Firefox, with " Google Account"
126. 10:53in Chrome, and with "iCloud Keyring" when
127. 11:00you use the Safari browser.
128. 11:02But beware the master password for protecting your passwords
129. 11:06is activated by default, otherwise, the browser cannot access and work.
130. 11:12So this is a disadvantage of this very convenient
131. 11:18functionality, password manager
132. 11:21functionality within the browser. So, access to passwords is easy
133. 11:27when the browser is accessible, but then
134. 11:31it is available for everyone, for example, everyone who gets access to the browser
135. 11:36also gets access to the data,
136. 11:40the password data stored there.
137. 11:43So meanwhile all popular browser vendors
138. 11:46offer such password managing
139. 11:49functionalities in their browser. Here, for example, it looks in that way: (in the browser)
140. 11:56"Would you like Firefox to save this login for openHPI.de?"
141. 12:02This is what you're shown if you register and then you can
142. 12:05save or you can say don't save, and in this way later on
143. 12:11if you decided to save the password, automatically when you
144. 12:15go to this page, this password is put in the log in form,
145. 12:22and you can easily access without the need to remember the password.
146. 12:27But the availability of the browser gives also other people the
147. 12:34access to this password data. Here is another example, check
148. 12:40with the password leak is possible, this also comes from the Firefox browser.
149. 12:46Here for example, when you
150. 12:52connect to the Facebook
151. 12:55account then you see
152. 12:58a warning - "Vulnerable Password", because meanwhile, the browser has checked
153. 13:03some leaked data, like in our
154. 13:08in our openHPI ID Leak checker. And then it warns you that you should
155. 13:15definitely change this password.
156. 13:17Let's summarize what we have learned about
157. 13:20the password manager: Password manager in general offers multiple advantages.
158. 13:29They can form complex passwords, they can automatically generate
159. 13:33complex passwords that we can never
160. 13:38remember, they can integrate the right passwords
161. 13:43in the right service that we want to use - automatically. The password
162. 13:50manager remembers which passwords belong to which service.
163. 13:57We need to secure the access to the password
164. 14:04manager. We can do this with multiple factors.
165. 14:09In any case, what is very important is when we
166. 14:13decide to work with such password managers, first is that we really
167. 14:17create and remember a master password
168. 14:21which is really secure, because this master password which opens the password manager,
169. 14:27gives access to all the other passwords
170. 14:31that are stored there.
171. 14:34When unauthorised people
172. 14:36get access then, of course, it's very dangerous because they can use
173. 14:43all the functionality of the password manager, they can automatically access
174. 14:48all the services of the person who owns the password manager.
175. 14:55So, definitely, you need to have this master password and you
176. 15:00have to secure this master password. Then there is a question:
177. 15:05for what kind, what type of password
178. 15:08manager do you decide? For an online service or for an
179. 15:13offline service? Both have their advantages, both have their disadvantages,
180. 15:19we discussed this in detail.
181. 15:22The recommendation, in any case, is think about such a tool and
182. 15:28we recommend you to use such a tool.

To enable the transcript, please select a language in the video player settings menu.