[nmjava]

Times have changed, we are now in the 21-century, yet we’re still using the age old password system, hackers now have state-of-the-art tools to steal our passwords, we also need better ways to protect ourselves, we need to be a few steps ahead of the hackers. The fact that accounts with traditional passwords will be hacked is a matter of “when” not “if”, they are just one hidden camera/keylogger/phishing attempt away from being compromised. Let’s wake up to the cruel reality, rather than pretending not to see it by playing ostrich, hackers will see what you don’t want to see [ weakness in traditional passwords ] and take advantage of it, a chain is only as strong as its weakest link ! Let’s face it and fix this weak link !

Password managers only solve part of the password problem [ too many passwords to remember ], but leave the other important part unsolved [ user pin exposure during login : peek over the shoulder / keylogger / video camera ], if you rely on password managers for first part of the problem, they might come back and bite you big time for the 2nd part of the problem, because once your master password is exposed [ by keylogger / hidden camera ], all your passwords will be stolen. Hackers will enjoy the benefits password managers bring them, instead of having to hack dozens of your accounts, with the help of password managers, they now only need to hack just ONE ACCOUNT to get the master password and all your other accounts will be compromised.

A solution to the above problem is GATE_For_PM. The purpose of GATE_For_PM is to protect passwords from exposure, especially the master passwords of password managers. With GATE_For_PM, user’s GATE passcodes are interception-resistant, which means even if someone is watching / keylogging / video recording the user log into the GATE system, user passcode will not be exposed.

Details : https://gatecybertech.com/Dir_GATE_For_PM_Pages/gateforpm_download.html

Topic

[abonillasl]

For master passwords, or for any password, I strongly recommend you implement MFA or 2FA which stand for Mjulti Factor Authentication or 2 Factor Authentication which could be the same thing for purposes of this discussion where in addition to your traditional user name + password combination you add another authentication mechanism which could rely on using services like Google authenticator, etc that provided a one time unique combination which is updated every 30 seconds, or another option is to include your phone number as another mechanism by which you receive an SMS with a verification code for the second authentication.

[James333]

Thanks for your guidance nmjava and abonillasl

Having said that, do you advocate using a separate password for every account, or do you believe it is sound to stratify them, with perhaps common password for sites where personal details are not kept, through to unique passwords for accounts which can for example authorise payments

Also, I have often wondered how safe the backup encryption is for password managers such as Dashlane or DataVault – this is the backup from which you can restore should your password manager be corrupted, – accordingly, these backup systems are commonly stored in the Cloud (such as Google, I Cloud or Drop Box)

[Author]

Replies