I'm Moving to NordPass: Modern Encryption, Privacy and Preparing for Passkeys
HTML-код
- Опубликовано: 23 июл 2024
- NordPass has two types of accounts: personal and business. As one of the more affordable solutions for password management, they're offering viewers of my channel special pricing! I'm super excited to share this offer with you.
With this deal you can get 2 years of NordPass with 1 month free for a personal account:
www.nordpass.com/kathyzant (or use code kathyzant on checkout)
Business accounts (must register with a biz domain) can get a free 3 month trial of NordPass.
www.nordpass.com/kathyzantbus... (use code kathyzantbusiness)
Get my newsletter for exclusive content to help you stay secure and do more with your website.
kathyzant.com/
As so many of us are looking to move to new password managers in light of the latest LastPass breach, I've been looking at different password managers and evaluating them for my own digital security. NordPass asked me to look at their password manager, and there are a few things that put them in a class of their own. What's not to love with more modern encryption (XChaCha20), a commitment to privacy, and a prep for passkeys. In this video, I look at the benefits of NordPass and why I've chosen them for my own password management.
I'm looking towards the future. I am excited about what passkeys will bring to better and more secure credential management and authentication. And with plans to add passkey management, NordPass is best positioned to bring the future of authentication to my credential management.
I'm watching so many of my friends and colleagues migrate from LastPass in painful ways. I want to choose a password manager that is preparing for the future like NordPass is, focusing on ISO 27002 compliance, privacy, and so much more.
NordPass Business Information Security Management System is ISO/IEC 27001:2017 certified and SOC 2 Type 1 audited. It is also fully GDPR compliant.
(disclosure: NordPass business relationship)
Links!
en.wikipedia.org/wiki/Salsa20...
NordPass implementing passkeys:
nordpass.com/blog/passwordles...
Business White Paper:
nordpass.com/nordpass-busines...
#nordpass #nordpassreview #nordpass2023 
Развлечения
Things I love about this…hearing Kathy Zant’s voice….trusting that Kathy knows what she is talking about, after all she was the one in the late 90’s who sent me an email to try a new search engine called Google….the tutorial and walk through of the security….having this explained in layman’s terms…I guess I just like it all.
I jumped ship from Lastpass to Nordpass Premium a few weeks ago, and it's taken me that long to change every password within my vault over a few hours per day. I also took the plunge and have two Yubikey5 (NFC) keys which are now used as 2FA wherever I can - the only problem is remembering to take a Yubikey with me as I don't generally use a keyring/keyfob. Maybe Passkeys might be a way ahead after all, it's usually the human element that is the weakest link with regards to data breaches. Thanks for the content. 🙂
I feel your pain. I am looking forward to putting passwords behind me completely. Thanks for watching!
Why is subtitle (cc) turned off?
Just doublechecked and subtitles are turned on in the RUclips studio. Since it was just published, there might be lag on RUclips's end?
@@KathyZant It's on, now - thx
Great thanks for letting me know!
NordPass need a 2FA generator in my honest opinion. One of the reasons I didn’t go with NordPass a while back. I need everything in one place. Especially if you’re coming from 1Password, with a bunch of amazing features and cool login methods. And you also have the CLI tool + different ways to store/use SSH etc.
Yeah, that was one glaring obvious omission. Not a big deal for me as I use the phone for 2fa but I could see some people missing that. Working in software, I know that's not a huge deal to add. But if they had a list of priorities, passkeys is a bigger future-proof need and I know they're working on it, so I'm excited about that. Passkeys is the future.
Does the 2FA option now exist?
On a phone a Passkey is protected by the secure enclave. It's a similar story for a Yubikey. What hardware protection does NordPass provide? If the goal is to use Passkeys, NordPass is an odd place to store them as the Passkeys would be easily accessible to malware. You also recommended not keeping 2FA codes inside a password manager to keep it separate in case the vault is exposed. Why is Passkey storage in NordPass a feature you're excited to see?
For some of the logins I have, I will need passkeys for separate devices. For example, I have a few websites that I need to access from multiple computers. Storing that passkey in a pw manager like NordPass offers that flexibility. As always, security is a continuum and not all solutions apply to all applications. There are some times where you need to account for ease of access rather than full security. If I applied full 100% security to everything, all computers would be encased in cement and buried on a remote island. I don't see where you get that anything stored in a password manager is "easily accessible to malware"; that's just not true. I do appreciate you watching and commenting!
I'm trying to find a security whitepaper for NordPass. How are the passwords protected when they are fetched locally into the app?
For Passkeys that are stored on an Android phone, these are automatically accessible though all your desktop/laptop browsers using the normal FIDO prompts in the browser. So there isn't really a need to sync them on the desktop/laptop.
Even security-minded individuals get distracted and make mistakes and can accidentally download something harmful. That's why FIDO started as a hardware backed solution. But it didn't take-off well because folks needed to buy additional hardware. Passkeys are in some respect a usability compromise on the original design. Passkeys use the secure hardware-backed storage on devices many folks already have (their phone). And Passkeys attempt to avoid human mistakes by linking desktop browser FIDO authentication with the Passkey storage on the phone. That way the private key portion of the Passkey can stay within the secure enclave on the phone.
Info stealer malware families typically target password managers too. J e s t e r is one example.
By "easily accessible", I meant once running there are no hardware protections in place to prevent these info stealers from reaching the password manager in typical desktop OSs (Windows/Mac). That's true for any application that is downloaded; it has full access to every other application running as the same user and all of that user's data.
As mentioned in a prior comment. Even security-minded folks have been tricked into accessing harmful content. IMO it's not realistic to expect that anyone is 100% capable of avoiding it. So why take that chance? I understood the analogy, but this is not a situation where the computer needs to be encased in cement. This is a situation that FIDO has tried to make very simple. It's just a matter of putting the Passkey in a hardware-backed storage location so the private portion can't be accessed by malware. And Passkeys make this very simple for a user to do, as they already have a phone with hardware-backed secure storage.
... and apologies for making multiple replies instead of just one. RUclips's spam algorithm was nuking my comment.
I trialed Nordpass a few months ago. I currently use the free version to secure copies of my secure notes.
For my needs, a cloud-based password manager needs to have a great browser extension. A desktop application is unnecessary for me. I use KeepassXC for desktop app purposes. I would use it exclusively if it had a good extension, but honestly, it sucks. Keepass vaults support nested folders, tags, custom fields, and a variety of encryption methods and key stretching customization. They support TOTP as well. The best (most functional) extension I can find (among the big cloud-based password managers) is implemented by Bitwarden. Bitwarden also supports nested folders, TOTP, and custom fields, but has no support for tags. Close enough. The Bitwarden browser extension does just about everything I need. Auto-fill is user-prompted, and can be prompted three different ways (Ctrl-Shift-L, clicking directly on the extension icon next to the URL bar, or Rt-clicking anywhere on the page with the mouse). If I need to copy/paste information from my custom fields, I can do this pretty easily, right from the extension icon. The only annoyance I have with it is having to use the extension icon, instead of rt-clicking with a mouse, in order to input custom field information. Well, you can't have everything, I guess.
Nordpass has some severe limitations with its extension, and the service is incomplete. It supports folders, but not nested folders. It doesn't support tags, and doesn't implement TOTP. Entries cannot be edited directly within the extension. Instead, it opens a new tab to the website. There is no support for custom fields, so all of that stuff needs to be stored in a secure note, forcing me to flip between tabs in order to do a copy/paste. The extension is nonfunctional without first installing the desktop application (hassle/annoyance). Logging into Nordpass is a 2-step process, forcing you to first log into Nord, then into Nordpass (that's two long, strong passwords to memorize -- not convenient at all). As a free service for saving secure notes, it's perfectly serviceable. From the browser, you can Ctrl-F search notes, and edit very easily. As a cloud-based password manager, it's quite lacking. It's pretty though, unlike Bitwarden and KeepassXC. Functionality wins over appearance, in my opinion.
NordPass does have browser extensions, and you illustrate some good points. I do use NordPass for cloud purposes and have non-cloud secured data as well. I personally do not use browser extensions at all for credentials. I think each of us has our own methodology of authentication and credential management and it's great there are so many ways of doing this now. Thanks for watching.
So you picked NordPass in the end..? Why did you pick this app over 1Password8? Just curious. Like I mentioned before, I miss son features with NordPass, and I want a much better/quicker way of logging in to all different websites and apps. I myself, have actually gone back to a very basic tool called pass, it’s a terminal-based tool, stored and encrypted locally on my machine. And it also has OTP support.
I tested a bunch of password managers yesterday, and I was soooooooo disappointed with all of them. And not to talk about Bitwarden. I can’t actually believe people are still using it.
Btw, great and informative video 👍🏻
Did you try Keepass? That could be fun for you if you want a retro trip to the 1990s, lol. Yeah, everyone is trying to fix the "passwords are broken" problem. I went with NordPass for the bulk of my credentials because they're adding passkey support in the next few months, and I'm future proofing myself. I use multiple devices/computers to do things and I really want to be able to use one passkey across them easily when needed. So, here I am for now. Thanks for watching.
@@KathyZant Yes Passkey has been around for some time at least with 1Password and Apple I think. My only hope is that developers implement this new feature pretty quickly. At the moment you can only test it out with 1Password because nobody has implemented it yet. Or perhaps a few but…
Hallelujah! Thank you so much. I am so grateful for this discussion. Moving now after trying 1Password, Keeper, and Bitwarden and fumbling around on their interfaces. I LOVED how LastPass worked. So easy! Forced to clean out this closet with so many records and surprised to see sensitive records in there, too. I really appreciate your insights and expertise here. The saving grace here is a thoroughly cleared out pw closet, across the board, and fresh pw for all sites. Thanks, too, for the deal!
Thanks for letting me know, Barb! I'm glad you've found something that works for you. I agree, this entire experience with LastPass has been disappointing. There is a lot of cool stuff coming to solve some of these problems. Check out my video about passkeys. ruclips.net/video/7l1laopH-tQ/видео.html This new technology is going to make us all a lot safer. Until then, I'll continue to share what I know about these things so you can make good decisions to protect your data. Thanks for watching!
Can you be my mentor please, because am so interested in cybersecurity
With this deal you can get 2 years of NordPass with 1 month free for a personal account:
www.nordpass.com/kathyzant (or use code kathyzant on checkout)
Business accounts (must register with a biz domain) can get a free 3 month trial of NordPass.
www.nordpass.com/kathyzantbusiness (use code kathyzantbusiness)