'%3e%3crect%20x='109.185'%20y='253.397'%20width='350.859'%20height='857.656'%20fill='white'/%3e%3cpath%20d='M274.77%20708.572H233.194V888.205H286.632C302.651%20888.205%20314.635%20883.711%20322.461%20875.088C330.287%20866.465%20334.322%20851.404%20334.322%20830.149V779.138C334.322%20752.539%20329.797%20734.2%20320.382%20723.997C310.966%20713.795%20295.681%20708.451%20274.77%20708.451V708.572Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M310.966%20610.558C320.015%20601.206%20324.539%20585.295%20324.539%20563.19V530.518C324.539%20490.559%20308.887%20470.519%20277.705%20470.033H232.949V624.768H269.512C287.977%20624.768%20302.039%20619.91%20311.088%20610.436L310.966%20610.558Z'%20fill='%23FF5C00'/%3e%3cpath%20d='M277.582%200C124.362%200%200%20123.399%200%20275.704V1069.3C0%201221.48%20124.239%201345%20277.582%201345C430.803%201345%20555.165%201221.6%20555.165%201069.3V275.704C555.165%20123.52%20430.926%200%20277.582%200ZM426.523%20833.064C426.523%20878.367%20414.539%20912.739%20390.817%20936.423C375.898%20951.241%20356.7%20961.322%20333.221%20966.909V987.677C333.221%201002.5%20320.993%201014.64%20306.075%201014.64C291.156%201014.64%20278.805%201002.5%20278.805%20987.677V971.888H232.949V987.677C232.949%201002.5%20220.721%201014.64%20205.803%201014.64C190.884%201014.64%20178.655%201002.5%20178.655%20987.677V971.888H170.218C150.53%20971.888%20140.625%20962.05%20140.625%20942.496V415.743C140.625%20396.188%20150.53%20386.35%20170.218%20386.35H178.655V357.201C178.655%20342.383%20190.884%20330.238%20205.803%20330.238C220.721%20330.238%20232.949%20342.383%20232.949%20357.201V386.35H278.805V357.201C278.805%20342.383%20291.034%20330.238%20306.075%20330.238C321.115%20330.238%20333.221%20342.383%20333.221%20357.201V388.78C333.221%20389.994%20332.977%20391.087%20332.855%20392.18C354.499%20397.524%20371.863%20406.512%20384.703%20419.386C406.469%20441.491%20417.597%20475.377%20417.597%20521.045V544.364C417.597%20604.363%20397.42%20642.743%20357.556%20659.14V660.719C403.656%20676.265%20426.646%20717.074%20426.646%20782.782V833.064H426.523Z'%20fill='%23FF5C00'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='clip0_1_174'%3e%3crect%20width='555'%20height='1345'%20fill='white'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e)
- Efficient Password Management and Authentication Strengthening: An Academic Approach
- Towards a Post-Password Era: Exploring Credible Alternatives
- Computer security: imperatives of safe practices and risks related to human negligence
Efficient Password Management and Authentication Strengthening: An Academic Approach
Three are key dimensions to consider when talking about password managers: the creation, updating, and implementation of passwords on websites.
It is generally not recommended to use browser extensions for automatic password filling. These tools can make the user more vulnerable to phishing attacks. Renaud, a recognized expert in cybersecurity, prefers manual management using KeePass, which involves manually copying and pasting passwords into the application. Extensions tend to increase the attack surface, can slow down browser performance, and therefore present a significant risk. Thus, minimising the use of extensions on the browser is a recommended practice.
Password managers generally encourage the use of additional authentication factors, such as two-factor authentication. For optimal security, it is advisable to keep OTPs (One-Time Passwords) on your mobile device. AndOTP provides an open-source solution for generating and storing one-time password (OTP) codes on your mobile device. While Google Authenticator allows exporting authentication code seeds, trust in backup on a Google account remains limited. Therefore, the OTI and AndoTP applications are recommended for autonomous OTP management.
The question of digital inheritance and digital mourning highlights the importance of having a procedure in place to transmit passwords after a person's death. A password manager facilitates this transition by securely storing all digital secrets in one place. The password manager also allows you to identify all open accounts and manage their closure or transfer. It is recommended to write down the master password on paper, but it should be kept in a concealed and secure location. If the hard drive is encrypted and the computer is locked, the password will not be accessible, even in the case of burglary.
Towards a Post-Password Era: Exploring Credible Alternatives
Passwords, although ubiquitous, have several disadvantages, including the risk of transmission during the authentication process. Leading companies, such as Microsoft and Apple, offer innovative alternatives, including biometrics and hardware tokens, indicating a progressive trend toward abandoning passwords.
Passkeys, for example, offer encrypted random keys combined with a local factor (such as biometrics or a PIN), which a provider hosts but remains out of their reach. Although this requires updating websites, the approach eliminates the need for passwords, thus providing a high level of security without the constraints associated with traditional passwords or the issue of managing a digital safe.
Passkiz is another viable and secure alternative for password management. However, a major question remains: the availability in case of provider failure. It would therefore be desirable for internet giants to propose systems to guarantee this availability.
Direct authentication to the relevant service is a viable option that eliminates the need for a third party. However, the Single Sign-On (SSO) offered by internet giants also poses problems in terms of availability and risks of censorship. To prevent data leaks, it is crucial to minimize the amount of information collected during the authentication process.
Computer security: imperatives of safe practices and risks related to human negligence
Computer security can be compromised by simple practices and the use of default passwords, such as "admin". Sophisticated attacks are not always necessary to jeopardize computer security. For example, the administrator passwords of a YouTube channel were written in a company's private source code. Security vulnerabilities are often the result of human negligence.
It is also worth noting that the Internet is highly centralized and largely under American control. The DNS server can be subject to censorship and often employs deceptive DNS to block access to certain sites. DNS is an outdated and insecure protocol that can lead to security issues. New protocols, such as DNSsec, have emerged but are still not widely used. To bypass censorship and ad blocking, it is possible to choose alternative DNS providers.'
Alternatives to intrusive advertisements include Google DNS, OpenDNS, and other independent services. The standard DNS protocol leaves DNS queries visible to the Internet service provider. DOH (DNS over HTTPS) and DOT (DNS over TLS) encrypt the DNS connection, providing greater privacy and security. These protocols are widely used in enterprises due to their enhanced security and are natively supported by Windows, Android, and iPhone. To use DOH and DOT, a TLS hostname must be entered instead of an IP address. Free DOH and DOT providers are available online. DOH and DOT improve privacy and security by avoiding "man-in-the-middle" attacks.
It is also worth mentioning the system called "Lightning authentication", which generates a different identifier for each service, without the need to provide an email address or personal information. It is possible to have user-controlled decentralized identities, but there is a lack of standardization and normalization in decentralized identity projects. Package managers such as NuGet and Chocolaté, which allow downloading open-source software outside of the Microsoft Store, are recommended to avoid malicious attacks. In summary, DNS is crucial for online security; however, it is essential to remain vigilant against potential attacks on DNS servers.