Episode: 3547
Title: HPR3547: Password Managers
Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr3547/hpr3547.mp3
Transcribed: 2025-10-25 01:13:34

---

This is Hacker Public Radio Episode 3547 for Tuesday 8th of March 2022.
Today's show is entitled, Password Manager and is part of the series, Privacy and Security.
It is hosted by some guy on the internet and is about 14 minutes long and carries a clean flag.
The summary is, how I manage password security.
Hello and welcome ladies and gentlemen to another episode of Hacker Public Radio. I'm your host,
some guy on the internet. Please forgive the audio quality. I haven't had the best time
recording lately and I'm doing laundry so you might hear some humming in the background as well
from the heater that's on. I apologize I will try to edit the show as best I can to reduce that
but I just know that things have not been ideal for recording and I haven't put out a show in a while.
I also looked online and see that I can put out an announcement that we call for shows.
We need to give what we can. I have a few in the pipe that I'm working on but they're just not
up to par with what I want to do and I figured here's one I can just throw right off the cuff.
I want to talk to you guys about my method for online security. Now before I'd say six maybe
12 months ago I used to have a book that I would write down my passwords into and then I'd
use those passwords on my accounts. Now it's maybe like three to five different passwords that I
would use based on how important I believe the account was. So if it was like banking or whatever
that would be like top level and then you know so on and so forth but that's how I did it.
My apologies for the clicking sound in the background. I had to stop the dryer. I have a pair of
sweatpants in the dryer and the string on the sweatpants has this little plastic part at the end
and as it spins in the dryer it makes that clicking sound as it hits the walls of the dryer.
So I eventually learned about something called a password manager and that's what I moved to.
I started using bit warden that was the open source one that I heard about from a podcast
and also heard about other password managers that were available some in the terminal other
GUI base and I learned about key pass XC. So I started using both key pass XC for certain passwords
and then bit warden for others. I eventually leaned more toward bit warden it felt more fleshed
out and it gave me the capability to share passwords with my spouse. So I created the you know the
I forgot what I called it some sort of grouping thing that they have that you can share with your
significant others so that you can manage passwords together because you know me my me my spouse
we have a joint email, joint bank accounts and other things that we share together. So bit
bit warden was perfect it's open source I feel more secure with it and we can share passwords
without you know compromising our independent accounts. I have to admit though my spouse isn't
exactly technically savvy so she's a you know resisting she's reluctant to move on toward the
bit warden train right now but I'm encouraging her to eventually come around it'll take some time
I'm not trying to push it I just want her to see the convenience and it because I understand
who she is as a person and when she sees the convenience she'll eventually adopt it for herself.
Also I'm explaining the important as for why I'm selecting bit warden for instance if I got hit
by a train a bus or whatever tomorrow and I'm incapacitated I can't do anything for the family
anymore and there's you know pretty much no likelihood that I'll be coming back she'll have
some instructions on how to gain access to my bit warden which would then give her access to
all of my other accounts and then she can manage the family from there I don't want her to have
to go through untold amounts of hardship to be able to say getting gain access to our money so
that she can manage things for the family so bit warden manages a majority of the online
type accounts and keep past xc manage most of the land based I wouldn't really call them accounts
but basically I have passwords on ssh keys and things that I use for my raspberry pies and other
devices on the land I use keep keep past xc for that but bit warden for all the other stuff
and bit warden also has teotp now the teotp is very cool I like that I can manage everything in one
spot I've heard it's not a good idea to do it that way that you should probably you know do
passwords with a bit warden but your teotp and by the way teotp stands for one time the one time
yeah I'm hearing you should use the teotp in another application don't have all your eggs in one
basket so to speak so teotp over here passwords over there and that way if there is a compromise
you know you'll be you'll be in a better position they won't have them both in the same spot
however I understand that I only have so much time and I'm only willing to do so much
I know the security is important and I'm taking steps to not be the low hanging fruit most of the
the so-called hackers out there are just you know the script kitties people are just running whatever
they find online trying to catch the low hanging fruit I believe that I'm well above that and even
though both the passwords and the teotp are in one location the the bit warden unless they gain
access through bit warden servers which again bit warden encrypts locally then send out so they
would only gain access to a bunch of encrypted data they would have to somehow I guess break the
encryption and I'm not worried about that right now technology has not landed itself to just regular
folks you know I heard a little bit about quantum computing and things like that but I really doubt
regular everyday people have access to that kind of technology right now even though I have
created a bit of a bottleneck as far as security is concerned at putting the teotp and the passwords
under the same umbrella I still feel very secure using bit warden and I don't believe there's
going to be a problem now what I've done is I've made my bit warden as secure as I possibly can
nice long complicated password and I've also secured bit warden using you be key so that way
you have to have a physical device to gain access to the bit warden before you can then gain access
to the passwords in the teotp so it's fairly it's fairly uh secure I don't feel as though
anything's gonna get into that right now nice encryption as well as all the security measures
it's as safe as it's gonna be when doing all of this and going through all my different accounts
and setting up the teotp on all the different accounts online or whatever email banking etc etc
I was surprised by how many of the different accounts do not support you be key for one and do
not support teotp through third party applications like bit warden some of them will announce that
hey you know they they refer you to like the google authentication app so that you could use that
but they will also give you the manual method and that's what you use to then get get that key
that they'll give you inserted into the bit warden teotp section which will then generate your
teotp codes so you can still use bit warden from or at least I was to use bit warden for a majority of
my accounts using bit warden's teotp but there were certain accounts like with Verizon Verizon has
their own third party company that they they make it to where you can't just use your own you have
to download and use this companies teotp and I wasn't about to do that so I stuck with the old
school method of they'll text me a code or email me a code and then I'll use that code from my email
or the text whichever option you select at the time that you need to log into your account.
Now with my email accounts I'm very happy to know that email is sophisticated enough to use
Ubiki because email was one of my original two-factor authentication you know with where they'd
email you a code then you copied a code from your email put it in the account and verify that it's you
so I'm thankful I was able to secure all of my email accounts using Ubiki as well as being able
to secure those passwords for those accounts in bit warden so I feel like everything's pretty secure
I have three Ubikis I carried two on me funny story about that I bought two Ubiki type A that I
think they're the series five with the NFC capability and I figured hey most of my devices have
USB type A so I'm not going to need a type C Ubiki I have only few devices to have type C at the
moment so I figured fine type A will be great that's that's very popular and I have a cell phone and
iPhone it I checked online check YouTube videos I see people using an iPhone with the NFC I have
an iPhone 8 plus so I figured hey it should be able to do it order up the keys got them all signed
up to the multiple online accounts and they tried to use the phones NFC capability to scan the Ubiki
so that can gain access to my bit warden while on the iPhone fail the phone does not have NFC so
that's why I had to order a third Ubiki that has the lightning and the type C capability so that's
why I carried two on me one is just the type A and the other is the the one that has both the
lightning and the type C attached to it I think they both also have NFC so when I upgrade my phone
I'm going to upgrade to the iPhone 14 pro whenever it comes out I like to stay on the even number
iPhones but yeah I figured from the 8 to the 14 is going to be a significant upgrade
yeah one of the other things I've done is a good note to anybody anybody use bit warden to manage
their passwords I have been in the note section of my accounts under the bit warden password manager
I put the information in for each of the accounts that have limitations on the type of passwords
you can submit so when when I go to change a password that I feel is no longer secure because it
hasn't it hasn't been changed in a while or if I learned the past the account has Ubiki ability I
will then change the password first to try and get the most secure password I can and if it does
give me a limit like you can only use a password from 8 to 16 characters or some silly you know
limitation for a password I will copy that information off the page into the bit warden manager so
in the future if I have to change that password again you know if I feel like there has been a
data breach or anything and I want to change that password or if I just want to email because I'm
I'm also putting together a little note so I can email certain companies especially my banks
and asking oh hey why aren't we able to use a Ubiki or why am I not able to use a TOTP through
something like I'll mention to them something like Google authentication but in reality I'm really
looking to use bit wardens up I figure I will language I want to use when I email them I probably
just say bit warden because super secure audited by third party open source just wonderful in all
regards it should be the forefront of everybody's mind not just when you know things like Google
authentication but yeah we're going to put an email and eventually right now it's a tackle the two
year old deal with the misses and try to create more shows I'm pretty sure you guys can tell I'm in
a bit of a rush I'm getting ready to head out the door to go to work and I just wanted to try to
get a show down turns out I had to wait for the pest control guy to get here so I've been stopping
repeatedly bouncing back and forth to all the old deals yeah so bouncing back and forth to make
sure that he can get in access into the place a squirrel got in got stuck in a closet and just
nightmare the misses kept telling me I think I hear something in a closet and I'm like now you're
just thinking of it I went into closet the other night and there's a squirrel in there so yeah we
don't exactly know how but the pest control guy was taking care of that earlier and I had to deal
with that as far and keep pausing to do the show doing a lot yeah so let me go ahead and get out
here as you can hear my phones there are people going where are you so let me go ahead and get
out of here I'll edit up the show tonight and go ahead and get it submitted okay guys yeah
yesterday I didn't get a chance to put this in yesterday but I contacted a bit warden via email
they said that the snap packages with a produce in house but the flat package produced by the
community they also produce an app image so there are multiple forms that you can get bit
warden on as well as windows and iOS I also have bit warden on my iPhone and on windows I rarely
use it on windows because windows is mostly for gaming but it's still there so it's it's on all
platforms as well just wanted to edit this and before saying goodbye but now this is truly goodbye so
have a good one you've been listening to Hecker Public Radio at HeckerPublicRadio.org today's show
was contributed by an HBR listener like yourself if you ever thought of recording a podcast then
click on our contributing to find out how easy it really is hosting for HBR this kindly provided
by an honesthost.com the internet archive and our sync.net unless otherwise stated today's show
is released under a creative comments attribution share like 3.0 license