Tips for protecting your password manager account

This is a great article that applies to any password manager (PM):

7 Tips to Protect Your Bitwarden Account | Bitwarden

If you've implemented a password manager for you or your org, there is more to do!  Here are some additional suggestions that build on the article:

  • Treat as a crown jewel the email account that owns your PM account and all your other cloud accounts.  If baddies can take over that account, they can take over almost all your accounts by doing password resets.
  • You have to properly use a PM to get the value: it's not enough to just have a PM account and store your logins in it.  For starters, for your important accounts, change their passwords to long random strings, and use the PM to autofill your credentials into web login pages; that will make you very resistant to phishing.
  • Two-factor authentication (2FA) is critical for your important accounts, including your PM and email accounts.  Authy is an excellent 2FA authenticator app/service.
  • Backing up your vault is a great idea, but be aware that if you're on a Windows PC, your main drive is not encrypted unless you have enabled BitLocker (or the Device Encryption found on Microsoft Surface-type devices); so you'll need to store your PM vault export somewhere else.

If you or your org haven't yet implemented a PM, it's usually the very first thing to do (along with 2FA) to improve your cybersecurity. Three excellent PM to consider are BitWarden, 1Password, and LastPass.  Check out their business tiers if your org is multi-person.


Buying a new smartphone: security updates

When buying an Android phone, or tablet, you need to pay a lot more attention to the issue of security updates speed and longevity than with an Apple device. 

Most of the articles listed on the first page of the search below are worth reading to understand what manufacturers/phones are the best for security updates.  You want a phone manufacturer that will quickly pass on to you the security updates that Google releases, and will continue to do so for as many years as possible.  When the Android security updates stop getting to your phone, it's good only as a paperweight.


With Apple you have much less to think about, and a phone will always get 4 or 5 years of updates.  Some 5-year old iPhone and iPad models are getting 6 years, which is unusual.  And Apple is even providing occasional security updates to devices on iOS 12 (and above), which way behind the current iOS 15.