Using a Password Manager

Now let’s do a little demonstration. So I’m going to go over to my Windows machine here. There we go. And I have a keylogger running here. Now this is a pretty typical keylogger. Again, it keylogged this piece of software. Or it could even be a hardware device– not as common. Usually it’s going to be a software keylogger. And, as the name implies, it logs every keystroke that we type. So the dangerous part is, if we have a keylogger on our computer, it can record every keystroke we do– so our username, our passwords, the URLs we’re going to– take that information, and it can send it off to whoever installed it on our computer. And the deployment method can be anything.

It could be somebody came by here with a USB drive and installed it. It could have been wrapped up in some other piece of software he had. It could have been a macro inside a document. The fact of the matter is, if it gets on our system, it’s a very dangerous thing to have, especially if we’re typing in our passwords manually. That’s where a password manager will come in handy. So on this virtual machine I have KeePassXC installed on here. So I’m going to type in my password here. And again, one of the great things about a password manager, all we have to do is remember one password.

And the password is going to be for your password manager. So it should be a long, complex, unique password. So I’m going to go ahead and enter one in here. And that password was really short. I do recommend doing a long one. This is only a demonstration, so I just created a short password. And you can see, I have a couple usernames in here. Now, this particular one, they all pretty much operate the same. I’m going to click on the new entry here. And I can type a title in here, I can type a username. I create the password. And I repeat the password. And I can put the URL in here. And I can put notes in here.

You could, with this particular one, you could do an expiration date so it’ll remind you, “Hey, you need to change this password at this time and date”. So I’m going to cancel this. And let’s take a look at some ones I created here. OK, so if I go in here, you can see this is a test. The username is “AUsername,” and it puts the password behind a bunch of dots. So if I want to see what it is– I’m going to click on here. I can see “apassword.” Again, horrible password, horrible username. But again, this is only a demonstration. But as the password manager, you could always do an autotype too, which is what we’re going to be doing.

And then I can put a URL if I want to go ahead and just click it and have it type in the URL. So I’m going to cancel this out here. And we’re going to go into Gmail here. And we’re going to do the sign-in. So, in here I could right click. And I could do “copy username,” and paste it, or I could do autotype. Now, if I did the autotype, if I had the URL in there, it would pop up the browser, open the URL, autotype the username, autotype the password. So there’s a couple of great things about that. One, keylogger can’t pick up any of that. It won’t know where you’re going.

All it knows is that a browser opened. It doesn’t know your username, doesn’t know your password. And the second thing that’s great about it is if I click on that, it just saves me a lot of time. I can just have it auto– hey, open up Gmail and log me in. I don’t have to sit there, type in gmail.com, enter the username, enter the password. But for this, since I didn’t put the URL in, I’m just going to copy username. I’m going to go in here. I’m going to paste this in here. “AUsername”– that’s not my email account, either. So don’t send any emails to that please. And I’m going to do “copy password.” I’m pasting it here.

And obviously, this is the wrong password, because it’s not my account. And let’s go back in our keylogger. As you see, we don’t have any new entries here. So let’s go back in again, and let’s manually type this in– “ausername”, and hit “next.” OK, now I’m going to go back in the keylogger here. And let’s take a look at if it did anything here.

OK, so, we went back in here. As you see here, gmail.com, it didn’t see anything here. It sees I went in to KeePass, and I typed in password for the password. That was able to pick up. However, since we have a password manager, it’s not on the cloud. It can’t grab that information. Even if they got– even if they had access to our computer, most likely they can’t get that password manager, because it’s a stored password on our machine itself. They would have to use something a little bit more complex, like a remote into our computer to steal that password manager. But again, since we have the password manager here, not a problem.

Other great things about password managers are you could throw in an encrypted file. So even if somebody found out your password for your password manager later, they would still need to be able to get into that encrypted volume. Or, say, if you kept it on a USB drive. Unplug your USB drive when you’re not using your password manager. They can’t get to it. But let’s go back to the keylogger here. So here we have the Firefox OK, it found “ausername” because we manually typed that in. And now it’s time for a password. So I’m going to go back in here. I’m going to copy this. We’re gonna copy the password. We’re going to paste it in here.

And we’re going to click “next.” OK, didn’t find anything there, because, again, wrong password. I’m ready to toggle out here. Go back, and it can’t find it because I didn’t type anything. So again, I’m not manually typing anything on the keyboard, so the password keylogger– or the keylogger itself– can’t find that information. So again, really handy using a password manager because keyloggers cannot log that information. So let’s go back to our slide. So password managers, they store more than passwords. Password manager can store your password, your accounts, URLs, and more. Password manager allows us to remember complex passwords. Truthfully, we don’t need to remember very long, complex passwords.

We can make all these passwords completely random, because a password manager is going to remember it, not us. All we need to do is remember the password for our password manager. And three, it can stop keyloggers. Since we’re not typing anything, keyloggers will have a difficult time discovering our passwords, which, again, secures our various accounts that we have. So that was all about password managers. Next up we have understanding best practises for application software. Thank you for watching. I’ll see you in the next video.