Secrets: Password Managers and Hardware Keys

Greg Heffner August 18, 2024

Welcome to 2024 where just having a secure password isnt enough. Remember when a password was secure when a "1 or !" was at the end of your favorite buzz word? I mean who would guess "Password1!?" Whenever I think of password management I think of my mom. She is super smart and has been dealing with PII and HIPPA info her whole life and knows the importance of security. Immediately I can hear her saying "How can anyone be expected to remember all this?" and she has a point. Memorizing complex passwords is a very hard task. Expound this task to also making sure you dont use the same password twice can feel impossible to most people, myself included. So what I see people do, is sacrifice password security for ease of use. They end up either using less secure passwords that can be easily remembered or very secure passwords but used for multiple accounts. This is the worse decision someone can make when it comes to password security. Password managers like 1Password make generating, saving, and sharing passwords super easy. It even has some really cool features I like to use with SSH and WiFi SSID credential storage.

Lets say someone has a "safe" password and they also use Two Factor Authentication (2FA) from their favorite provider. Remember 2FA is a second form of identification to verify your identity. What is 2FA for a brief overview. This is mostly done be sending text messages to a cell phone, or by using an application to view your 2FA code as it is renewed. What I have found is SIM swapping is very prevalent in the wild meaning cloning a phone number and receiving your text messages is easy to an attacker. How can you make sure you are protected? What would you do to immediately stop and revoke the access? YubiKey is a hardware authentication device manufactured by Yubico that supports one-time passwords, public-key cryptography, and authentication, and the Universal 2nd Factor and FIDO2 protocols developed by the FIDO Alliance.

Enhancing your security posture involves implementing secure, isolated, and well-managed passwords alongside a robust 2FA solution using a physical encryption key. This approach significantly increases your protection, safeguarding both your identity and devices. My aim is to address the gaps in these critical areas by using 1Password with Yubikey.

NBC Los Angeles SIM swapping - CISA Use Safe Passwords - Forbes Remembering Passwords

1Password

There are many password managers out there. I have used a few of them. There are a few reasons why I chose to pay for 1Password over other "free" solution that are available.

1. Password Security Features- Watchtower, password generation, used password lists, compromised passwords. Having all of these features in one application makes it very easy to have a strong and safe password. I also like to play the High Score WatchTower game. Whats your score?
2. Secrets Sharing- Securely share 1Password items with anyone Sync between devices, share vaults with familys, share passwords with people with limits. Think about sharing password with your family when they come over or sharing video stream login details to the kids. I also make separate vaults for personal or work passwords so they dont get mixed.
3. SSH and SSID key management- create keys, store keys, share keys with servers. Creating or sharing wifi passwords and SSH keys with people has never been easier.

These features is what brought me to 1Password. As far as I am concerned a password is just that. I needed an application that can help me find passwords that either were compromised or were unsecure. I needed an easy way to send the passwords to people without just texting or writing it down. I wanted something to help alert me when my passwords or email addresses were leaked. Being able to log in to 1Password in the CLI and connect to my secure SSH keys on a new virtual machine is really nice. I have used password sharing countless times and I love the fact you can set limits on how long a person has access and also how many times it can be viewed.

Check out the 1Password website for more information on their features and pricing. Also you can watch this video on how to use 1Password for more information.

Yubikey

Ive exclusively used Yubikey as my hardware key. Not because of any specific reason, but mainly because the market wasnt very extensive at the time, and Yubikey fulfilled all my requirements. Hardware security keys offer fantastic features, including SSH key support.

1. 2FA/MFA accounts- Having a device immune to phishing attempts or man in the middle attacks. You can save up to 32 different accounts.
2. Login key for computer- Not needing to save easy to remember user passwords and being able to insert your key and login with a pin.
3. Hardware key needed for sudo- Pin prompt whenever needing to run sudo on my laptop or servers in my network. Keeping unauthenticated people from running commands in the terminal.

I would recommend buying two keys and setting both up at the same time. This way if you lose one or one gets destroyed you have a backup. Case in point is as I am writing this article I lost my keys and the dogs found it. They thought it tasted good. Wild that it still works. Never have had an issue other than this incident. I like that I was able to get both USB-C for my computer and then also NFC for my cell phone so I dont have to carry both devices. Not having cell signal, not relying on power, and not having to depend on someone elses application working is nice.

Check out the Yubikey website for more information. Check out Unlocking The Power Of Your Yubico 2fa Key: Expert Tips And Tricks! on how to use Yubikey.

Bing AI views of the solutions

1. 1Password: Imagine 1Password as a magical vault where you keep all your secret keys (like the keys to your tree house or your treasure chest). But instead of physical keys, these are digital keys—your passwords! 🗝️ Whenever you need to unlock a website or an app, 1Password helps you remember and use the right password. It’s like having a friendly dragon guarding your secret codes! 🐉
2. YubiKey: Now, YubiKey is like a superhero gadget. It’s a tiny USB stick or a special key that you plug into your computer. When you’re trying to get into your secret clubhouse (online accounts), YubiKey swoops in and says, “Hey, I’m here to help!” 🦸‍♂️ It adds an extra layer of security, like a secret handshake. So even if someone tries to sneak in, YubiKey stops them! 🛡️