Transcript of Inner Circle TV E.2: Passwords

Hi All,

As promised here is a rough transcript of Inner Circle Episode 2 You can press play on the video here, then scroll down and read along:

Also don’t foreget you can turn on Subtitles, hover ove the video after you press play and click the “CC” button.
I’m afraid we can’t promise to do these transcripts in the future. I’ve had a read of it and I haven’t done a good enough job of it, sorry.  We are working on getting the sound fixed for next time.
Again I’m really sorry about this.
I’ve split it up into the various subjects we talk about.
I’m really sorry this is so rough and ready (much like the actual video) 🙂 but it gives the general gist. Transcript ish, below.
Mike
You might want to watch along, press play above, as you read along:
Welcome

• Thank you so much for watching and the lovely comments from last week
• We are not aiming for slick like BBC, recorded at Mike’s Desk, warehouse things in the background
• We are going to talk about passwords, keeping everything online secure and safe

What the heck is a password and what are they used for

• T: whats the point of a password?
• M: we all use them all the time for lots of things, I have 100s of accounts,
• M: it identifies you when you log in, for example, you need an email address and password and systems know it’s you because you have the password.
• T: a way to prove it’s you and not someone pretending to be yours

A secure password

• T: one of the problems is remembering accounts, is it OK to have the same password?
• M: No, it’s a bad thing to do because if someone gets hold of your password they can get into your whole life online, you should have every account different.
• M: You shouldn’t just change 1 bit of the password because lots of companies have lost ‘plain text’ passwords
• Plain text means you can read the password
• T: They should not be a pattern to your passwords (for example including the company name in the password and then the same stuff for example   helpfulbooksPassword123 pcworldPassword123 is bad)
• T: how do you make a password secure so it’s hard to guess
• M: You should be aiming for over 9 characters in length and include mix upper, lower case, numbers and special characters !”£$%^&*(:@~}{
• T: not ‘cat’
• M: The more variation on the type of characters the better and longer the better
• T: It’s difficult because each company has different password rules, some don’t allow special characters
• T: Inner Circle password is weak because we have a shared password and don’t store anything sensitive on there like bank details or display email addresses. Don’t follow our lead on this.
• T: You choose a password, but it only asks for 3 characters from the password like 2nd 3rd and 5th, why is this better and where it’s used?
• M: it’s used by banking/financial systems and it’s used usually with another type of password, this is to try and stop key-loggers from working as if you are only typing in a couple of characters then they can’t know the whole password. Keyloggers track what you type into your keyboard.
• T: Sometimes they get you to choose it from a drop-down list as this stops keyloggers too adding a little bit of security

Password managers and writing passwords down – storing passwords

• T: We are talking about making the password Strong and Secure, but it can be hard to remember, you can come up with a sentence to remember for example “I must remember to watch Mike and Tim’s video”
• T: So the password becomes “Imr2wM&Tv” when you replace some of the characters
• M: I would add some type of ! or . to the end of this 🙂
• T: I know you’re a fan of PAssword Managers Mike?
• M: Can we write passwords down?
• T: Can we write passwords down?
• M: Yes, write it down and keep it safe, very safe
• T: It’s much better to write it down and have a strong password
• M: I totally agree 🙂
• T: Back to Password Managers, an alternative to writing down
• M: The password is stored on your computer.
• T: if someone takes your computer can they use all your passwords?
• M: Nope, they are stored in a super-encrypted ‘vault’ on your PC and you can only use it when you have the 1 master password, which should be strong and you should write down, again keep it safe.
• M: The way a password manager works is each time you log into a new website it asks if you want to save the password and you click yes and it
• M: what way I don’t have to remember lots of passwords,
• T: at least there is only 1 strong password to remember. It’s a little tricky to set up, but worth it if you have lots of passwords, but worth it.
• M: totally worth it, but the setup is tricky, link to LastPass guide here
• T: You can have 100 character long passwords you don’t need to remember

Extra security, banks, drop down selection of passwords and security questions

• T: We started by saying the password is a way to know it’s you, but some banks have a widget you type a number into and it generates a number each time you type one in.
• M: so it’s a one-time code? If we generated one now and showed it they couldn’t get in?
• T: It’s just a 1 time use code so that would be fine, but we won’t.
• T: Another thing is security questions, for example, “What was the name of your first cat”. How useful are these?
• M: Not good as a security measure as lots of answers can be found for example “Whats your mothers maiden name”
• T: Facebook quizzes? They often ask similar questions?
• M: Yep it’s a nightmare.
• M: This is why I lie on them, for example, “Whats your mother’s maiden name” I might say “fjkdfjkdfkj2234398fdi5opala” at random and keep this saved in LastPass, but you  could write it down
• T: it might be good to just lie even if you don’t want this, for example, answer “Jackson” even if it isn’t.
• M: And again, keep it different across different websites, Adobe lost Millions of password hints which were things like “My favourite colour” which then means guessing their password was easy, how many colours are there in the world “green”, “red”, “orange” but if you lie and had the hint as “What’s my favourite colour” but the password being anything other than a colour would be much more secure.

2-factor login – getting even more secure

• T: Ok, this is getting a bit more tricky, can we talk about 2-factor login?
• M: Errrmm I will do my best.
• M: This generates a 1-time code as you login, which means if someone gets your username and password, then they still can’t log in as you because they also need to generate a 1-time code which might be sent by a text to your phone, or ring a landline, or popup a message on your phone or generated on your phone.
• M: It’s a really good thing to have set up if a website will let you, for example, Gmail, Google and Yahoo! all have the ability to login
• M: Is it a pain every time you log in having to do this? Nope you can ask the site to remember you so you only get the 1-time code prompt once
• T: Yes I use one that asks for a 1-time code every 14 days
• M: yep, I would totally recommend you turn this on

Thank you and coming up next time

• T: Thank you
• M: Thank you,
• T: Hopefully we have made it better than the first one? Next time we are going to talk about Amazon Echo, Alexa, and OK Google all these Virtual Assistants you may have heard about in the news?
• M: are you going to order us one of each to try?
• T: errmmm I don’t think I want them listening to us.
• T: Thank you