Why you need a password manager
Why don't you have a password manager already? Our guest this week, Chris Hayner, blogger at hayner.net and host of the Chaos Lever podcast, wrote a great blog called Yes, you need a password manager. "Yes, You Do Need A Password Manager, Brett. Yes You Do!" Both Prasanna and Curtis DO have password managers, so he's preaching to the choir. But if you'd like to hear the argument for why you need one, and arguments against many of the usual excuses for not having one, then this is the episode you need. And, as usual, we have a little fun along the way.
Mentioned in this episode:
Interview ad
Hi and welcome to backup Central's Restore it All podcast.
W. Curtis Preston:I'm your host w Curtis Preston, AKA Mr.
W. Curtis Preston:Backup and I have with me, my carpet demolition expert, Prasanna Malaiyandi
Prasanna Malaiyandi:it going, Curtis,
W. Curtis Preston:It's um,
Prasanna Malaiyandi:so I have to say first, congratulations
Prasanna Malaiyandi:on being done with one room,
W. Curtis Preston:one room out of six.
Prasanna Malaiyandi:that's it's progress, right?
Prasanna Malaiyandi:It's progress.
Prasanna Malaiyandi:They say the first one's the hardest.
Prasanna Malaiyandi:And then the rest go faster.
Prasanna Malaiyandi:Right?
W. Curtis Preston:Well, in my case, the first one is absolutely the
W. Curtis Preston:hardest cuz it's the entryway and it's got like this rounded entryway and a
W. Curtis Preston:lot of funky angles and everything.
W. Curtis Preston:Everything else is a rectangle, like a normal house, but the front
W. Curtis Preston:room was absolutely the hardest.
W. Curtis Preston:And of course I did it as the first.
W. Curtis Preston:Um, so yeah, but, but, and then I ripped up a bunch more carpet
W. Curtis Preston:last night and uh, so, uh,
Prasanna Malaiyandi:the kids who eat broccoli first, and then they
Prasanna Malaiyandi:eat all the yummy stuff after.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:You get done with the bad stuff in the beginning and then everything else
W. Curtis Preston:Exactly.
W. Curtis Preston:Yeah.
W. Curtis Preston:So, um, but do you have any further advice for me from your, your YouTube pals
Prasanna Malaiyandi:for in terms of carpet repair or pulling
Prasanna Malaiyandi:up or anything else like that?
Prasanna Malaiyandi:No, not really.
W. Curtis Preston:Okay.
Prasanna Malaiyandi:Yeah, I got, I got nothing for you other, other
Prasanna Malaiyandi:than make sure your floors are flat.
Prasanna Malaiyandi:Make sure you don't work backwards or no, actually, I guess you
Prasanna Malaiyandi:have to work backwards this
W. Curtis Preston:I have to work backwards in this one
W. Curtis Preston:room, the one room I have
Prasanna Malaiyandi:And okay.
Prasanna Malaiyandi:The only thing I will say is take breaks.
W. Curtis Preston:Oh trust me.
W. Curtis Preston:That's happening.
W. Curtis Preston:I do.
W. Curtis Preston:Yeah.
W. Curtis Preston:Cuz I'm freaking old.
W. Curtis Preston:And, and now that now that my doctor has informed me that I have bursitis
W. Curtis Preston:on my knees, it just, who the hell?
W. Curtis Preston:Like why, why did I get this idea of laying down my own flooring anyway,
W. Curtis Preston:uh, you know, definitely falls into the category of I'm too old for this shit,
Prasanna Malaiyandi:And, and just, don't go asking a flooring person how
Prasanna Malaiyandi:much it would've taken to install it.
Prasanna Malaiyandi:Okay.
W. Curtis Preston:I already know, I have a quote this time.
W. Curtis Preston:I know, I know how much I'm saving.
W. Curtis Preston:yeah.
W. Curtis Preston:But, but at this point I am like really
Prasanna Malaiyandi:It's all good Curtis.
W. Curtis Preston:Yeah.
W. Curtis Preston:Uh, well, let's bring out our guest.
W. Curtis Preston:He has been in it for over 20 years with an MBA from Temple University
W. Curtis Preston:where he also managed infrastructure.
W. Curtis Preston:He was in presales for several years and is now a lecturer in computer science
W. Curtis Preston:at Montgomery county community college.
W. Curtis Preston:You can read his blog@hayner.net.
W. Curtis Preston:Welcome to the podcast, Chris Hayner.
Chris Hayner:How's everybody doing today.
W. Curtis Preston:Well, you know,
Prasanna Malaiyandi:I'm doing well.
Prasanna Malaiyandi:I dunno about
W. Curtis Preston:putting an ice bag on my knee, I'm doing great.
Chris Hayner:Yeah.
Chris Hayner:I feel like we should put out the it stuff to side and talk
Chris Hayner:about this flooring situation.
Chris Hayner:Some more.
W. Curtis Preston:Yeah, luxury, luxury vinyl planking.
W. Curtis Preston:That's what I'm all about.
W. Curtis Preston:Um, replacing, uh, like carpet, tile and, uh, the, what do they call it?
W. Curtis Preston:The laminate and the diner and the dining room.
W. Curtis Preston:Like, so with one solid thing.
W. Curtis Preston:Yeah.
W. Curtis Preston:Anyway, it's, uh, it's a, it's a fun project.
W. Curtis Preston:I feel a bit, a lot more fun if it was like, I Don.
W. Curtis Preston:10 15 years ago.
Chris Hayner:It was somebody else's knees.
W. Curtis Preston:if I was doing this with my 40 year old body instead of
W. Curtis Preston:my 55 year old body, but, uh, yeah.
W. Curtis Preston:Anyway, so, uh, I, I know we brought you on, um, I don't remember how I came upon
W. Curtis Preston:your, uh, your article, but we brought you on because you know, I read this
W. Curtis Preston:article that speaks to something that I believe in, like I could have written
W. Curtis Preston:the article just as much as you had.
W. Curtis Preston:And that was this idea of, I, I think the title was, yes,
W. Curtis Preston:you do need a password manager.
W. Curtis Preston:Does that sound about right?
Chris Hayner:Yes, Brett, you do need a password manager.
Chris Hayner:Yes, you do.
W. Curtis Preston:Yes, you, do you think you don't?
W. Curtis Preston:For the record Prasanna and I both have password managers, actually.
W. Curtis Preston:I think Prasanna has two don't you Prasanna.
Prasanna Malaiyandi:just have the one.
W. Curtis Preston:Oh, I thought you had the, I thought you
W. Curtis Preston:had one for work and one for,
Prasanna Malaiyandi:Nope.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:So for home I have my own, but I took a different approach than you Curtis.
Prasanna Malaiyandi:I don't use a service.
Chris Hayner:So you host your own
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:I'm a da, I'm a Dashlane person.
W. Curtis Preston:Uh, I don't know what you're using there, Chris.
Chris Hayner:I have been last pass for the past couple of years, although,
Chris Hayner:and one of the things that actually got me to think about this article
Chris Hayner:that ended up being posted a few months ago was my renewal is coming up.
Chris Hayner:So I was kind of exploring some of the other options in the
Chris Hayner:marketplace and there's a lot,
W. Curtis Preston:Yeah,
Chris Hayner:um, you know, I, I did a quick check and I wanna say I got to
Chris Hayner:around 40 different pot, uh, different password manager, softwares that exist.
Chris Hayner:Some of them everyone's absolutely heard of.
Chris Hayner:Right.
Chris Hayner:Everybody's heard of Dashlane.
Chris Hayner:Everybody's heard one password.
Chris Hayner:Um, hopefully everybody's heard of last pass.
Chris Hayner:You know, those are like the main players, but then there's
Chris Hayner:a lot of little bit players.
Chris Hayner:Bit warden is an open source.
Chris Hayner:One that's pretty popular that you can also host your own with.
Chris Hayner:And one of the things I think that makes it helpful is it's not that difficult
Chris Hayner:to build these types of products.
Chris Hayner:It's difficult to build them though with a feature set and a security reliability
Chris Hayner:that people are going to be confident in.
W. Curtis Preston:Yeah.
W. Curtis Preston:Let's start, with why do we need a password manager?
W. Curtis Preston:Right.
W. Curtis Preston:Let's just, let's just start there.
W. Curtis Preston:I mean, basically the whole purpose of your article, because there, you know,
W. Curtis Preston:there are people we run into 'em and they're like, well, I don't, you know, I,
W. Curtis Preston:you know, we, we should talk about like, why we need one and then we should talk
W. Curtis Preston:about the, like the objection of, well, well, I feel that that puts all my stuff
W. Curtis Preston:in one place that makes it easier to hack.
W. Curtis Preston:Right.
W. Curtis Preston:I'm worried that someone will get in and then they'll have my entire world.
W. Curtis Preston:Uh, I think that's a valid concern.
W. Curtis Preston:I just, I.
W. Curtis Preston:I think that that any of the decent products have addressed that concern.
W. Curtis Preston:Uh, and then, and then I think we can talk about like, um, basically, like you
W. Curtis Preston:talked about the features, the features and function, like the ones that I,
W. Curtis Preston:that I like a lot from Dashlane that, that made me choose it, some of which
W. Curtis Preston:are now available in other products.
W. Curtis Preston:Um, and, um, I think that would round us out.
W. Curtis Preston:So let's talk about, let's talk about first, Chris, you know, what it, why.
W. Curtis Preston:Why
Chris Hayner:Just why just.
W. Curtis Preston:that's just why
Chris Hayner:Um, so the biggest reason is you are being required to get a username
Chris Hayner:and password and log into pretty much every website that exists in the world.
Chris Hayner:Now we can set aside whether that is necessary or advisable,
Chris Hayner:but we have to do it.
Chris Hayner:And if you don't use a password manager, what you end up doing
Chris Hayner:inevitably is using the same password over and over and over again.
W. Curtis Preston:Right.
Chris Hayner:The trouble.
Chris Hayner:There is a lot of the times when a website gets breached, that username and password
Chris Hayner:combination becomes immediately available to anybody who wants to pay for it.
Chris Hayner:And I've actually looked into this and it is really, really sad in terms
Chris Hayner:of how much a hacker has to pay for a valid username and password combination.
Chris Hayner:It starts out at less than one 10th of 1% per person.
Chris Hayner:And it goes down to $0 because about a week after a breach, that
Chris Hayner:information is publicly available.
W. Curtis Preston:Right.
W. Curtis Preston:Wow.
Chris Hayner:Publicly available to
W. Curtis Preston:Oh, I see.
W. Curtis Preston:I see two, two people that know where to go.
Chris Hayner:Yeah.
W. Curtis Preston:Right.
W. Curtis Preston:The I'm I'm assuming this is a dark web
Chris Hayner:That's the one.
Chris Hayner:Yeah.
W. Curtis Preston:Right, it seems now that I've had a password manager for
W. Curtis Preston:forever, but I know there was a time when I knew that I shouldn't use, um,
W. Curtis Preston:The same password everywhere, but I didn't wanna use a password manager and
W. Curtis Preston:I didn't wanna just use a spreadsheet.
W. Curtis Preston:So I had this, you know,
Prasanna Malaiyandi:System.
W. Curtis Preston:out it's, it's not that uncommon, but I had a system where
W. Curtis Preston:I did use the same password everywhere.
W. Curtis Preston:Well, just the places it mattered.
W. Curtis Preston:Right.
W. Curtis Preston:Like, but okay.
W. Curtis Preston:Let me rephrase if it was a site that it didn't matter.
W. Curtis Preston:I had the same password everywhere.
W. Curtis Preston:Like who cared if somebody got my, you know, login credentials to.
W. Curtis Preston:Whatever, what to what?
W. Curtis Preston:Not to yo, not to yo no, but yeah, anything that I thought mattered, I had a
W. Curtis Preston:separate password that was semi complex.
W. Curtis Preston:And then I had a string that I would put on.
W. Curtis Preston:I would append to that.
W. Curtis Preston:That was unique to each site.
W. Curtis Preston:So I just had to remember that string for each site.
W. Curtis Preston:I don't think I'm completely alone in that, in that idea.
W. Curtis Preston:Um, but at some point.
W. Curtis Preston:I got the idea of trying a password manager and honestly, it's so much easier.
W. Curtis Preston:Right?
W. Curtis Preston:It's so much easier than, than the alternatives.
W. Curtis Preston:I mean, Prasanna you, how, how long have you been doing this?
Prasanna Malaiyandi:
Speaker:using a password manager.
Prasanna Malaiyandi:
Speaker:I wanna say the last eight years or so, or eight or 10.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:And I agree.
Prasanna Malaiyandi:It's easy.
Prasanna Malaiyandi:I don't have to remember it.
Prasanna Malaiyandi:Um, and like you said, you can make those passwords more secure.
Prasanna Malaiyandi:Cause I'm the type who always runs into here's the max number of
Prasanna Malaiyandi:characters, website supports, right.
Prasanna Malaiyandi:Because I'm always like 32 characters plus special characters plus everything.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:Throw the kitchen sink at it because I'm like, I don't need to remember it.
W. Curtis Preston:Yeah, that's a Chris.
W. Curtis Preston:That's something that comes up pretty regularly on here is, is we talk about,
W. Curtis Preston:we use these password managers and then we, we have these giant passwords and then
W. Curtis Preston:we get a site that says like, oh, you can only have 16 characters in your password.
W. Curtis Preston:And, and you can't have these special characters.
W. Curtis Preston:Right.
Prasanna Malaiyandi:can't be repeating characters or things like that.
Prasanna Malaiyandi:That always bugs me too.
Chris Hayner:Right.
Chris Hayner:They're basically putting together a recipe for an insecure password,
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:Yeah.
Chris Hayner:which is another reason to be really, let's just say paranoid
Chris Hayner:about the username and password combination, not being able to.
Chris Hayner:get into more than one website,
Prasanna Malaiyandi:Yeah, I, I actually wanna make a comment about that.
Prasanna Malaiyandi:Something you just brought up, Chris, a lot of people think password
Prasanna Malaiyandi:managers are just for creating random passwords, but you could also use
Prasanna Malaiyandi:it to create random usernames, which actually help secure you in addition
Prasanna Malaiyandi:to just having a random password,
Chris Hayner:Yeah.
Chris Hayner:You're I mean, That is, that's a very good point.
Chris Hayner:And, and especially around Prasannal security, there's no reason
Chris Hayner:that you need to have the same username all over the internet.
Chris Hayner:So if you're logging into a site that you don't necessarily care for,
Chris Hayner:or don't care about that much, you know, like a good example would be
Chris Hayner:the website, uh, called newsr, which is just a news aggregation site.
Chris Hayner:They don't need to know who I really am.
Chris Hayner:They just wanna know where to send their newsletter.
Chris Hayner:Right.
Chris Hayner:So my username doesn't have to be associated with me as closely.
Chris Hayner:So then if there's an, an incident and a user or that like gets breached, then the
Chris Hayner:breach doesn't associate with me directly because I didn't use the same username.
Chris Hayner:And in fact, you can use a password manager to save a whole Prasanna, so
Chris Hayner:you can create a fake name for yourself and just have that auto fill as well.
Prasanna Malaiyandi:And also going one step further.
Prasanna Malaiyandi:Some sites also require like security questions.
Prasanna Malaiyandi:I remember we had a guest Curtis.
Prasanna Malaiyandi:I don't know if you remember Zoe, right?
Prasanna Malaiyandi:Who talked about how the fact that she uses, like the security question, she
Prasanna Malaiyandi:creates some randomly she's like, you don't need to know my birthday or the
Prasanna Malaiyandi:city I was born in, as long as I remember.
Prasanna Malaiyandi:And you can also use a password manager, some of them to store that
Prasanna Malaiyandi:additional information as well.
Prasanna Malaiyandi:So like you said, Chris, you have an entire new Prasanna created for.
Chris Hayner:Yeah.
Chris Hayner:And I think that's a great point, cuz it also comes into password.
Chris Hayner:Management.
Chris Hayner:It doesn't have to be in a password manager itself, but the idea that you
Chris Hayner:are managing your information, that's a great rule for people, no matter
Chris Hayner:what do not ever answer those security questions, honestly, you know, what
Chris Hayner:was the city that you grew up in?
Chris Hayner:Sorry, I was born on one twenty three anywhere street, and I
Chris Hayner:dare you to prove different.
W. Curtis Preston:Right.
W. Curtis Preston:As long as you answer them the same way on the front end and the back end
W. Curtis Preston:doesn't really matter what you put there.
Chris Hayner:exactly.
Chris Hayner:And that's another great use case for a password manager to
Chris Hayner:keep that information for you.
W. Curtis Preston:Yeah.
W. Curtis Preston:The only thing that, and I, I agree with everything you just said, the
W. Curtis Preston:only thing that stinks about that is that that's not auto fillable.
W. Curtis Preston:Right.
W. Curtis Preston:Um, you're gonna put that in the notes for your password manager in most cases,
Chris Hayner:Yeah.
Chris Hayner:That's I mean, that does bring up, uh, a challenge because it depends on the
Chris Hayner:password manager, whether or not they have an ability to natively store,
Chris Hayner:additional information or custom fields.
W. Curtis Preston:Right.
Chris Hayner:And how is the website built?
Chris Hayner:Because nothing drives me up the wall faster than when a website
Chris Hayner:puts in JavaScript that blocks a password manager from auto.
W. Curtis Preston:Yes.
Chris Hayner:That seems so unnecessary,
W. Curtis Preston:There are, there are even some that won't allow you to paste,
W. Curtis Preston:like even manually paste the password.
Chris Hayner:right?
W. Curtis Preston:That's when I get that's, when I get like, it's one thing
W. Curtis Preston:where, you know, if it won't auto fill it, but then you're like, okay, fine.
W. Curtis Preston:It's one of these sites where I have to copy and paste it and then you
W. Curtis Preston:go to copy and paste it and it's like, Nope, here's what I, here's
W. Curtis Preston:what I think we should do, Chris.
W. Curtis Preston:I think we should start a website, like a website shaming website.
W. Curtis Preston:Where, you know, we list companies that, that do stupid stuff like this.
W. Curtis Preston:Like they, they, they have fewer than, you know, they, they have
W. Curtis Preston:limitations on the size of the password.
W. Curtis Preston:They have limitations on the number of characters we can put in, um, and
W. Curtis Preston:the, you know, all that kind of stuff.
W. Curtis Preston:And, um, you know, and, and they can't, and they won't allow us
W. Curtis Preston:to auto fill or copy and paste.
W. Curtis Preston:I think we should.
Chris Hayner:I like
W. Curtis Preston:yeah, think we should do a little password shaming dot.
Chris Hayner:Oh, there was, there was already a robust traffic in,
Chris Hayner:um, pass, not password shaming, but S3 bucket malfeasance, shaming,
W. Curtis Preston:Oh, nice.
W. Curtis Preston:Yes.
W. Curtis Preston:Yes, exactly.
Chris Hayner:sadly ha still happens.
W. Curtis Preston:Well, you know, what, if, if it still happens like with new
W. Curtis Preston:stuff, then you deserve what you get.
W. Curtis Preston:Because, because AWS makes it really, really hard to make an open bucket now.
W. Curtis Preston:Right.
W. Curtis Preston:It used to be the default.
W. Curtis Preston:Um, if you create an open bucket now you really meant to do it,
W. Curtis Preston:which means you deserve, you deserve everything that's coming to you.
Chris Hayner:Yeah.
Chris Hayner:You had to click through giant flashing banners that say, don't do this ever.
W. Curtis Preston:right.
Chris Hayner:And yet here we are.
Chris Hayner:Someone is still doing it.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:moving on to sort of the password managers itself, I'm sure
Prasanna Malaiyandi:a lot of people are like, Hey, Google Chrome or safari or Mac has key chain.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:Why can't I just use that.
Prasanna Malaiyandi:Why do I need, like what you were talking about Chris, like a dash
Prasanna Malaiyandi:lane, a one password last pass, etc.
Chris Hayner:right.
Chris Hayner:So that comes out to very simply the preference that you're gonna have.
Chris Hayner:Do you want to use something all within one infrastructure?
Chris Hayner:Or do you want to use something that is independent of that infrastructure?
Chris Hayner:So there's a, there's a big difference.
Chris Hayner:For example, between using the password manager, that's built into
Chris Hayner:Chrome and the password manager that's built into apple, right?
Chris Hayner:Because the coverage is very different, but.
Chris Hayner:For example, in a Chrome environment, you can have a Chrome account and
Chris Hayner:you can save passwords and share them across securely, assuming you trust
Chris Hayner:Google of course, across different installations of that browser.
Chris Hayner:So it's the same exact concept in the sense that wherever you try to log
Chris Hayner:in, as long as you log in with your valid username and password, you get
Chris Hayner:all of your passwords along with you.
Chris Hayner:But there.
W. Curtis Preston:let me, let me just append to your comment.
W. Curtis Preston:All of the passwords associated with that Chrome profile.
Chris Hayner:right.
W. Curtis Preston:Because I use two Chrome profiles constantly.
W. Curtis Preston:So that's an important point.
Prasanna Malaiyandi:But it
Chris Hayner:that's, that's a great point because it to, it speaks immediately
Chris Hayner:to the limitation of doing it this way.
Chris Hayner:The one thing about it that you, that is true is that it
Chris Hayner:is, uh, simple, straightforward.
Chris Hayner:You don't have another product to manage.
Chris Hayner:You don't have another product in many cases to pay for, because most.
Chris Hayner:Professional password managers that we're gonna talk about are not free.
Chris Hayner:They might have some type of free tier, but it's usually deeply limiting,
Prasanna Malaiyandi:Yeah, but just to the Chrome example, isn't it a little
Prasanna Malaiyandi:bit of a chicken or egg problem, because you still need to remember the password
Prasanna Malaiyandi:to how to log into Chrome right.
Prasanna Malaiyandi:Into your Chrome account, right before you can get access to
Prasanna Malaiyandi:the rest of your password.
Prasanna Malaiyandi:So
Chris Hayner:Which is
W. Curtis Preston:I mean, but that's the same as a password manager, right?
W. Curtis Preston:You need to remember that password, right?
W. Curtis Preston:I will say.
W. Curtis Preston:Again, this is something that comes up regular on the pasta on, on the podcast.
W. Curtis Preston:Something is always better than nothing.
W. Curtis Preston:Right?
W. Curtis Preston:Not using any password manager at all.
W. Curtis Preston:Like we're not arguing.
W. Curtis Preston:You have to use Dashlane or last password, one pass, right?
W. Curtis Preston:We're we're just arguing.
W. Curtis Preston:You need a password manager.
W. Curtis Preston:If you wanna live in the one that's free with, with Chrome.
W. Curtis Preston:And again, I don't know anything about the security of how that is managed.
W. Curtis Preston:I, I have that concern still better than nothing, I think.
W. Curtis Preston:Um, right.
Chris Hayner:And to their credit, a lot of the major browsers can do
Chris Hayner:this and they do it a lot better now than they used to do it.
Chris Hayner:Um, when password management first came out in internet Explorer, it
Chris Hayner:was saved basically in encoded, but in plain text on your computer.
W. Curtis Preston:right.
Chris Hayner:So that's.
W. Curtis Preston:the first, the first step in, you know, Dashlane I remember
W. Curtis Preston:was sucking all the passwords outta my browser that I had in my browser, which
W. Curtis Preston:meant that they were stored in plain text
Chris Hayner:And exactly how did they do that?
Chris Hayner:Yeah.
W. Curtis Preston:they do that
Chris Hayner:Um, but yeah, I mean the Chrome ones are better.
Chris Hayner:Everything these days is at least at rest encrypted AEs 2 56.
Chris Hayner:It's not really a problem with any major browser that you can think of.
Chris Hayner:Everybody has their favorites.
Chris Hayner:We've been talking about Chrome, but Firefox does it too.
Chris Hayner:Uh, edge does it too.
Chris Hayner:And then with Microsoft and apple, it gets a little bit more confusing because you
Chris Hayner:can do it at an operating system level.
Chris Hayner:Right.
Chris Hayner:So depending on the applications you're using, you can also use, um,
Chris Hayner:uh, what is it called in, in windows?
Chris Hayner:I don't actually use windows all that often, but I know they have
Chris Hayner:a similar built in like key chain
W. Curtis Preston:It's called not key chain.
Chris Hayner:yeah, something like that key bucket.
Chris Hayner:Um, but that's where the third party tools really have some value.
Chris Hayner:So you immediately have to manage two different things.
Chris Hayner:For example, when you install last pass, you install an application
Chris Hayner:that reaches out to all your browsers plugs in and to that connection,
Chris Hayner:an actual third party plugin.
Chris Hayner:So if you're on Chrome, you log in right.
Chris Hayner:Click fill password.
Chris Hayner:If you're in internet Explorer, same thing you can't have that
Chris Hayner:kind of spread if you're just using the Chrome password manager.
W. Curtis Preston:And also mobile and.
W. Curtis Preston:Um, like I, I have Dashlane installed on my phone, so I get
W. Curtis Preston:all this stuff on my phone as well.
Prasanna Malaiyandi:But I believe though, if you're using like
Prasanna Malaiyandi:an iPhone plus a Mac, right.
Prasanna Malaiyandi:And an iPad, right.
Prasanna Malaiyandi:I think with apples now they have an iCloud key chain.
Prasanna Malaiyandi:That'll sort of sync everything now across assuming that you're using the same
Prasanna Malaiyandi:iCloud account across all your devices.
Chris Hayner:Yeah, that's correct.
W. Curtis Preston:Yeah.
W. Curtis Preston:And I don't, I don't know anything about that.
W. Curtis Preston:Right.
W. Curtis Preston:I haven't tried to use that.
W. Curtis Preston:I mean, once I, once I went down the Dashlane.
Prasanna Malaiyandi:There's no,
W. Curtis Preston:I was pretty and I'm paying like 39 bucks
W. Curtis Preston:a year or something like that.
W. Curtis Preston:Uh, and it comes with some like dark web monitoring or whatever, which, which is,
W. Curtis Preston:I don't know, which is just depressing.
W. Curtis Preston:They're like, Hey, your email address showed up over here now.
W. Curtis Preston:Um, right.
W. Curtis Preston:And you're, you know, and I'm like, oh, okay.
W. Curtis Preston:All right.
W. Curtis Preston:When I see my fake birthday showed up over in this other place.
W. Curtis Preston:Cause I use a fake birthday just like we were talking about, I
W. Curtis Preston:don't use my real birthday unless I'm dealing with like a bank or,
Chris Hayner:Right.
W. Curtis Preston:that sort of thing.
W. Curtis Preston:Right.
Chris Hayner:Yeah.
Chris Hayner:Just because a website is asking for your honest information, as long as
Chris Hayner:you're not, like you're saying a bank is a great case where you're gonna
Chris Hayner:want to be honest, but, uh, sorry.
Chris Hayner:target.com.
Chris Hayner:I was born in 1923 and I dare you to prove me different.
W. Curtis Preston:Um, but by the, just, just how many, uh, we could have a
W. Curtis Preston:little contest, cuz I think I might win.
W. Curtis Preston:How many passwords do you have in your password manager?
Chris Hayner:oh, that's a great question.
Chris Hayner:Um, I looked at this before and it was somewhere in the four to 500 range.
W. Curtis Preston:Yeah, I win.
W. Curtis Preston:I have about double that, but, but okay.
W. Curtis Preston:But again, I share the password manager with my wife, right.
W. Curtis Preston:So
Chris Hayner:Ah, interesting thumb on the scales.
Chris Hayner:I feel there,
W. Curtis Preston:what's that.
Chris Hayner:it says a little bit of a thumb on the scales
Chris Hayner:having more than one person.
W. Curtis Preston:It is, it is.
W. Curtis Preston:Yeah.
W. Curtis Preston:I, I, but I think I'm more than I'm more, I'm definitely more
W. Curtis Preston:than half of that, of that.
W. Curtis Preston:Uh, so I think I might win, even if I go through it, but I don't even wanna
W. Curtis Preston:look and I wanna look at 800 accounts.
W. Curtis Preston:start doing, start doing accounting of that.
W. Curtis Preston:Um, but let's talk about, so we, we we've talked about some of the alternatives.
W. Curtis Preston:I, I, I don't think.
W. Curtis Preston:Just not having anything, is it, I mean, there are people and I've seen it.
W. Curtis Preston:There are people that use spreadsheet as password manager
Prasanna Malaiyandi:Or use their heads.
Prasanna Malaiyandi:I used to do that.
W. Curtis Preston:I, there was a guy, there was a guy that
W. Curtis Preston:I interacted with on Reddit.
W. Curtis Preston:That was just like, it's not that hard to remember a unique
W. Curtis Preston:password for every website.
W. Curtis Preston:And I'm like, are you serious?
W. Curtis Preston:Like.
Prasanna Malaiyandi:you're only at five websites that they visit, right.
W. Curtis Preston:and well, and he, and I, I argued with that.
W. Curtis Preston:He's like, no, I have, you know, and he gave some number, there was a significant
W. Curtis Preston:number and I'm like, really like
Chris Hayner:Yeah.
Chris Hayner:And I think that comes back to what you, what you said at the top, which
Chris Hayner:is one way to get around using the same password everywhere is to come up
Chris Hayner:with some kind of a mental algorithm that takes into consideration the
Chris Hayner:website that you're using, for example.
Chris Hayner:So my, my algorithm could be, uh, I hate the Nike store.com.
Chris Hayner:I hate adidas.com.
Chris Hayner:You know, I recognize that these are different passwords.
Chris Hayner:, but they're the same in the sense that the algorithm is very easy to figure
Chris Hayner:out once a password gets broken.
Chris Hayner:So even know each password is
W. Curtis Preston:yeah, all, but the, the problem there is all, all,
W. Curtis Preston:again, all that somebody has to do is hack one of those passwords.
W. Curtis Preston:Right.
W. Curtis Preston:And then it's not that hard to figure out others again, it just
W. Curtis Preston:depends on it's still again, that's still better than nothing.
W. Curtis Preston:That's still better than using the exact same password.
W. Curtis Preston:Every.
W. Curtis Preston:But
Prasanna Malaiyandi:even with unique passwords or even
Prasanna Malaiyandi:whatever the algorithm is, right.
Prasanna Malaiyandi:Even if it's something more complex, that's still so much like mental loads
Prasanna Malaiyandi:you have just to remember that stuff.
Prasanna Malaiyandi:It's like, why would you want to take that on with everything else in the world you
Prasanna Malaiyandi:could be doing with that mental capacity?
Prasanna Malaiyandi:You know, it's just, why do you wanna clutter your brain?
Chris Hayner:Right.
Chris Hayner:Let's make life easier.
Chris Hayner:Let's do that instead.
W. Curtis Preston:the Sherlock Holmes, um, philosophy, right?
W. Curtis Preston:The cuz he has this thing, that's like, he doesn't want to put anything in his
W. Curtis Preston:brain that isn't useful for everything.
W. Curtis Preston:Right.
W. Curtis Preston:So, um, so I, I guess the only.
W. Curtis Preston:Um, I'll call it valid concern, cuz it, I, I think it's a concern that needs to
W. Curtis Preston:be addressed is, well, I'm worried that if I use a password manager, all of my
W. Curtis Preston:passwords will be in the same place.
W. Curtis Preston:And then someone will be able to not hack just one account, but my entire life,
W. Curtis Preston:um, you know, what do we say to that?
Chris Hayner:so the first thing to pay attention to with the provider that you're
Chris Hayner:using is where does the encryption happen?
Chris Hayner:If the encryption happens on your machine with your key.
Chris Hayner:And then the only thing that the provider saves is the encrypted content.
Chris Hayner:It doesn't matter if last pass gots hacked, for example, And that's a
Chris Hayner:significant concern, cuz like we talked about older versions that were directly
Chris Hayner:on the desktop weren't encrypted at all.
Chris Hayner:So it's definitely a possibility, uh, but what
W. Curtis Preston:last pass was hacked, right?
Chris Hayner:they were hacked, but they did not lose individual account
Chris Hayner:information in the sense of passwords.
Chris Hayner:They lost other information, but the passwords themselves were secure.
W. Curtis Preston:Okay.
W. Curtis Preston:Okay
Chris Hayner:But you're right in the sense that you now have really a master
Chris Hayner:account, for lack of a better word, that needs to be secured in a different way.
Chris Hayner:You can't have your password for your password manager in your password manager.
Chris Hayner:That's not gonna work, but really what you, yeah.
Chris Hayner:So what you need to do there is come up with a password that is
Chris Hayner:really secure and again, unique, but that you can trust your memory.
Chris Hayner:However, you should still double protect that account
Chris Hayner:with multifactor authentication.
Chris Hayner:Um, and a lot of almost all of these providers make that an, uh, a possibility.
Chris Hayner:So even if somebody does steal your master password to your password manager, they
Chris Hayner:can't log in without that six digit code.
W. Curtis Preston:Right, right.
W. Curtis Preston:I know with mine, it, you know, it pops up.
W. Curtis Preston:I actually have to go to my phone, um, and authenticate, like if I log
W. Curtis Preston:into a new browser, uh, I, I have to go to my phone and authenticate
W. Curtis Preston:that in the Dashlane app itself.
W. Curtis Preston:Um, which, which I, I like that.
W. Curtis Preston:I prefer that to, let's say an SMS.
Prasanna Malaiyandi:What happens though, if you forget your master password, right.
Chris Hayner:You're well, again,
W. Curtis Preston:that just.
Chris Hayner:I mean, it's, that's a really good question because for
Chris Hayner:example, if you have an apple account and you're enabled on iCloud, your stuff
Chris Hayner:is encrypted in action, and I'm sorry.
Chris Hayner:In motion and at rest, however, it's the master encryption of apple in iCloud,
Chris Hayner:which means that if you lose your apple password, apple can unlock it for you.
Prasanna Malaiyandi:Yep.
Chris Hayner:A lot of these providers don't do that by design.
Chris Hayner:So it's security versus convenience, which is a common Seesaw that we find.
Chris Hayner:But generally, if you forget and are locked out of your, like, I keep
Chris Hayner:coming back to last pass, cuz it's the one I know the best their answer is.
W. Curtis Preston:This is the way it's designed to
Prasanna Malaiyandi:
Speaker:they give you an option?
Prasanna Malaiyandi:
Speaker:Like I know Facebook, for instance, with their passwords, you could have
Prasanna Malaiyandi:
Speaker:like another person's account who you trust, who they could reach out to, or
Prasanna Malaiyandi:
Speaker:here's a recovery password that you can print out and store in a safe location
Prasanna Malaiyandi:
Speaker:just in case like a one time password.
Chris Hayner:Right.
Chris Hayner:Some of them do do that and they also have sort of a, a dead man switch option
Chris Hayner:that you can put in place as well.
Chris Hayner:We're starting to get into like enterprise level features though.
Chris Hayner:When you talk about that type of thing.
Chris Hayner:Cause another thing that exists, if you're a business, you can create an
Chris Hayner:organization and then you can kind of have here's the engineering master password.
Chris Hayner:Here's the sales master password, et cetera, all the way across your company.
Chris Hayner:And then because you're one layer down now, your it department has the ability.
Chris Hayner:If you enable it to say, uh, Steve forgot his password, please reset it.
Prasanna Malaiyandi:Gotcha.
W. Curtis Preston:Yeah.
W. Curtis Preston:Uh, for a while, my wife and I had, we, we both had Dashlane and, uh, I had my
W. Curtis Preston:Dashlane password in her account and she had hers in mind, but then we realized,
W. Curtis Preston:why are we both paying $39 a year?
W. Curtis Preston:For what is essentially the same service, you know, and as long, as long as I, and
W. Curtis Preston:neither of us had accounts that we didn't want the other one to be able to log into.
W. Curtis Preston:Right.
W. Curtis Preston:So that, you know, that that works.
W. Curtis Preston:But, um, the.
W. Curtis Preston:Uh, yeah, generally speaking.
W. Curtis Preston:And I know by the way that, um, let me throw out our, our
W. Curtis Preston:disclaimer, uh, Prasanna and I work for different companies.
W. Curtis Preston:He works for zoom.
W. Curtis Preston:I work for Druva.
W. Curtis Preston:And the opinions that you hear are, um, ours, and this is not an
W. Curtis Preston:official podcast of either company.
W. Curtis Preston:Uh, and I say that, you know, one, I just wanted to mention, you know, at Druva.
W. Curtis Preston:Up until just recently.
W. Curtis Preston:Um, this was the way Druva worked because we do our encryption using
W. Curtis Preston:the password and it's a, it's a, a envelope encryption system.
W. Curtis Preston:And it wasn't that long ago that I was talking with a customer who had done this,
W. Curtis Preston:where he had changed his Druva password.
W. Curtis Preston:And it's.
W. Curtis Preston:The only alternative was to basically just start over.
W. Curtis Preston:Right.
W. Curtis Preston:Because there was because we by design, didn't allow you to reset your
W. Curtis Preston:password because we couldn't figure out a way up until recently to do that
W. Curtis Preston:without allowing someone in Druva to also be able to reset your password.
W. Curtis Preston:Right.
W. Curtis Preston:Cause you it's a brain.
W. Curtis Preston:So, um, So we figured it, we figured out a way, uh, thanks of course, to another new
W. Curtis Preston:service by our, our lovely partner, AWS.
W. Curtis Preston:right.
W. Curtis Preston:Thanks.
W. Curtis Preston:Thanks to them.
W. Curtis Preston:We were able to figure this out.
W. Curtis Preston:So now you're actually able to reset the, the password.
W. Curtis Preston:Uh, it do, it does trigger up, you know, MFA and all that kind of stuff.
W. Curtis Preston:Right.
W. Curtis Preston:But so it, so you, you don't think that the concern of, of having everything
W. Curtis Preston:all in one place is a well you're, you're saying it's a valid concern.
W. Curtis Preston:But it just means you need to look into the way the, the, the products are built.
W. Curtis Preston:Right,
Chris Hayner:Exactly.
Chris Hayner:It's a concern that you have a number of options in the
Chris Hayner:marketplace as to how you manage it.
Chris Hayner:You know, one of the other concerns that people have that is similar
Chris Hayner:to this is, well, what happens if last pass goes out of business?
W. Curtis Preston:right.
Chris Hayner:That those passwords can be as secure as they want, but if they
Chris Hayner:go out of business and all of a sudden I can't use them anymore, then I might
Chris Hayner:be 500 passwords into a big problem.
Chris Hayner:Uh, and this is an argument that is often made and support of
Chris Hayner:self-hosting your own solution.
Chris Hayner:So a lot of the ones that we've been talking about live in the cloud, they're
Chris Hayner:a service, you log into a website, username password, the whole nine.
Chris Hayner:You can do all this stuff for yourself for $0.
Chris Hayner:If you'd like, or you can even have it's the best.
Chris Hayner:It's the best price out there.
Chris Hayner:Isn't it.
Chris Hayner:$0.
Chris Hayner:I'll take 10.
W. Curtis Preston:Yeah.
W. Curtis Preston:I, I, I think, again, this, this falls into the category of, I mean, if
W. Curtis Preston:Dashlane, I'll just say Dashlane, if Dashlane started going out of business,
W. Curtis Preston:we would get some kind of notification.
W. Curtis Preston:It wouldn't be like, okay, boom, Dashlane is outta
Prasanna Malaiyandi:I don't know
Prasanna Malaiyandi:though, I Curtis, but how many times have we talked to companies though
Prasanna Malaiyandi:that have basically been like, something happened to my environment
Prasanna Malaiyandi:and the next day the business is gone.
Prasanna Malaiyandi:Right?
Prasanna Malaiyandi:So
W. Curtis Preston:Yeah.
W. Curtis Preston:Okay.
W. Curtis Preston:It's a possibility.
W. Curtis Preston:I just don't think it's a,
Prasanna Malaiyandi:on Mr.
Prasanna Malaiyandi:Backup saying that that's not an issue, not a concern.
W. Curtis Preston:it's not a concern for me outside.
W. Curtis Preston:I mean, I'm because basically if, if, if dash lane, if they, if there was any hint
W. Curtis Preston:of financial instability, boom, I'm making a, I'm making a, an export real quick.
W. Curtis Preston:right.
Chris Hayner:Yeah.
Chris Hayner:And.
W. Curtis Preston:can then import that to another.
Chris Hayner:And that's exactly what you can do for yourself is
Chris Hayner:periodically take an export, encrypt that export, keep it someplace safe.
Chris Hayner:Um, and that
W. Curtis Preston:drive.
Chris Hayner:well, if you encrypt it, then we'll agree now.
Chris Hayner:Another way that companies are solving that along the lines of
Chris Hayner:the enterprise level type of tools.
Chris Hayner:Uh, one that comes to mind is keeper, which has actually been around for
Chris Hayner:a while, but they've only started making waves over the last year
Chris Hayner:or two in the enterprise space.
Chris Hayner:They have an option where you can enable local only.
Chris Hayner:Password management, which effectively means yes, they have a copy of it up
Chris Hayner:in the cloud and you can update and refresh whenever you want to, but you
Chris Hayner:can say I'm gonna be offline for a week.
Chris Hayner:I want my password manager to still work and it will still work.
Chris Hayner:So the services kind of neat in that way, where you can download onto your machine,
Chris Hayner:have it actively running and functioning.
Chris Hayner:And if their website or their business went out of business,
Chris Hayner:you would still be ok.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Yeah
Chris Hayner:So that's, that's a keeper thing that not every single provider has.
Chris Hayner:And again, we're talking about enterprise space with some of this
Chris Hayner:stuff, but it's an interesting solution.
W. Curtis Preston:Yeah, it is.
W. Curtis Preston:So I want to hear, I want to hear about what you do Prasanna.
Prasanna Malaiyandi:What do I do?
Prasanna Malaiyandi:So , so I use key pass, which is a free open source tool as
W. Curtis Preston:Mm-hmm
Prasanna Malaiyandi:
Speaker:for a password manager.
Prasanna Malaiyandi:
Speaker:And I create passwords on my desktop.
Prasanna Malaiyandi:
Speaker:um, I don't do browser integrations.
Prasanna Malaiyandi:
Speaker:Call me old school.
Prasanna Malaiyandi:
Speaker:I still copy and
Prasanna Malaiyandi:
Speaker:paste it from key pass.
Prasanna Malaiyandi:
Speaker:Yep.
Prasanna Malaiyandi:
Speaker:Right.
Prasanna Malaiyandi:
Speaker:Um, and then that's how I use it on my laptop.
Prasanna Malaiyandi:
Speaker:And then what I do is I actually have a mobile version of key pass installed on
Prasanna Malaiyandi:
Speaker:my phone and I manually sync the password file back and forth from my desktop.
Prasanna Malaiyandi:
Speaker:So my desktop is always the primary copy and I never make
Prasanna Malaiyandi:
Speaker:changes on my mobile phone for my.
W. Curtis Preston:Do you have, you have a backup of that?
Prasanna Malaiyandi:
Speaker:Yes, I do have a backup.
W. Curtis Preston:okay.
Prasanna Malaiyandi:Yep.
Prasanna Malaiyandi:I do
Chris Hayner:He actually, he hosted on his S3 bucket.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:It's wide open for everyone, but because there's a master password,
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:Um,
Prasanna Malaiyandi:like you said, I don't make changes on my phone.
Prasanna Malaiyandi:Right.
Prasanna Malaiyandi:So I don't have to worry about the syncing problem.
Prasanna Malaiyandi:Going back to it.
Prasanna Malaiyandi:And so it's always just any changes happen on the laptop and then
Prasanna Malaiyandi:periodically pushed to the phone.
Prasanna Malaiyandi:And on the phone side, they've done great things like now it integrates with like
Prasanna Malaiyandi:apples password managers or features.
Prasanna Malaiyandi:So you can go to website, you can say, Hey, by the way, there's username,
Prasanna Malaiyandi:password, click the password.
Prasanna Malaiyandi:As it automatically loads the password from the mobile side as well.
W. Curtis Preston:Yeah.
W. Curtis Preston:I mean, that sounds interesting for me.
W. Curtis Preston:I, you know, I, I, I think, I think I've gotten used to the features and
W. Curtis Preston:functionality that I get, you know, on Dashlane too much to, I mean,
W. Curtis Preston:when you start talking about copying and pasting, when I have to copy and
W. Curtis Preston:paste a password, I get pissed off.
W. Curtis Preston:Right.
W. Curtis Preston:It's just way too much, way too much effort.
W. Curtis Preston:Um, the, uh, I love, I mean, what happens to me is that.
W. Curtis Preston:Dashlane the way Dashlane now works.
W. Curtis Preston:Is it only, it, it, on the desktop, it only runs in the browser, right?
W. Curtis Preston:So you, you have to, when you log in, uh, a new time, like right now,
W. Curtis Preston:I'm looking up and I can see that Dashlane is deactivated at the moment.
W. Curtis Preston:It's a little, the little D is orange instead of green.
W. Curtis Preston:So I know if I went to a website right now to log in.
W. Curtis Preston:I would have to go log into Dashlane first, but as soon as I come back to the
W. Curtis Preston:website, my password's already there.
W. Curtis Preston:It's already auto filled and I just have to click submit.
W. Curtis Preston:It's just, I don't
Prasanna Malaiyandi:no.
Prasanna Malaiyandi:And I think that's a big thing that these password managers help with is you don't
Prasanna Malaiyandi:want, especially in security, right?
Prasanna Malaiyandi:You don't want things to be cumbersome in order for people to be.
Prasanna Malaiyandi:You want to be as seamless as possible, looking at Dashlane
Prasanna Malaiyandi:and all these other services.
Prasanna Malaiyandi:I think that's one of the biggest values they add, right.
Prasanna Malaiyandi:Is the fact that yes, it is very simple to still get access to your websites or
Prasanna Malaiyandi:whatever else it is while being secure.
W. Curtis Preston:Yeah.
W. Curtis Preston:And, and in the case, I, again, I want to hear about last pass, but I know in the
W. Curtis Preston:case of dash, so Dashlane has gotten where it was really rinky-dink was on the phone.
W. Curtis Preston:When I first got Dashlane.
W. Curtis Preston:Dashlane was at best a thing I could copy and paste passwords into, into a
W. Curtis Preston:website on the phone right now it's really integrated with the, with the website.
W. Curtis Preston:Generally speaking again, as long as I'm on, you know, a supporter browser
W. Curtis Preston:on there, it, it just automatically fills in the password, you know,
W. Curtis Preston:the username and password, and it also integrates with, um, face ID.
W. Curtis Preston:If I wanted to, you can turn that feature on and off.
W. Curtis Preston:So all I have to do is look at, literally look at the website
W. Curtis Preston:and then just magic happens.
W. Curtis Preston:Right.
W. Curtis Preston:Um, I do have to click the, there's a, the word password
Prasanna Malaiyandi:
Speaker:That's the same thing.
Prasanna Malaiyandi:
Speaker:I.
Prasanna Malaiyandi:
Speaker:Yep.
W. Curtis Preston:Yeah, yeah.
W. Curtis Preston:I have to click password.
W. Curtis Preston:Um, but, but then it, but then it, uh, it, it either makes me log
W. Curtis Preston:in with my password or used face ID to, to integrate with that.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and I, uh, I also recently found out that and I, and I was
W. Curtis Preston:happy about this is that it, it, it now supports password history.
W. Curtis Preston:Right.
W. Curtis Preston:So, um, because again, that, by the way that customer, that the Juva
W. Curtis Preston:story that I told we were actually able to get him logged in because his
W. Curtis Preston:password manager had password history.
W. Curtis Preston:So he logged in, he was able to, um, Forget exactly how, how it worked,
W. Curtis Preston:but he was able to use that password history feature to be able to log in.
W. Curtis Preston:Um, but, um, the, yeah, I love the password history feature.
W. Curtis Preston:I love the, you know, the fact that I can use it to also, it, I don't
W. Curtis Preston:use this much, but it has the ability to automatically reset passwords
W. Curtis Preston:on a lot of popular websites.
W. Curtis Preston:So you can just go into Dashlane and just say reset my Facebook password.
W. Curtis Preston:And it just does it cuz that's the other thing.
W. Curtis Preston:Changing your password on a regular website is, is way too much pain.
W. Curtis Preston:Right.
W. Curtis Preston:Um, and so automating that I think is, I think is good.
W. Curtis Preston:What about last pass?
W. Curtis Preston:Like how did you end up, you know, at last pass, cuz you've
W. Curtis Preston:had it for a while now as well.
Chris Hayner:yeah, I've had it for a while and I ended up going with them.
Chris Hayner:They were the first password manager that I actually paid.
Chris Hayner:Um, and I ended up going with them for the very reasonable logical and well
Chris Hayner:thought out reason that I had a coupon.
Chris Hayner:Um, and I found myself in the same situation that, that you just described,
Chris Hayner:which is I am now used to last pass.
Chris Hayner:I am used to its quirks and eccentricities.
Chris Hayner:I know how to do what I need to do with it with a minimum of fuss.
W. Curtis Preston:right.
Chris Hayner:So I've had it for the, the past five years, uh, on regular price.
Chris Hayner:So they got their value out of that coupon, I'll say.
Chris Hayner:and overall, I feel like it's solid.
Chris Hayner:Um, I don't think that it's mobile presence is great.
Chris Hayner:I think it's fine.
Chris Hayner:Uh, I also think that doing things on the phone is super complicated.
Chris Hayner:Um, I've never reliably had at work in terms of auto-filling the password on the.
Chris Hayner:Sometimes it works.
Chris Hayner:Sometimes it doesn't depends on the, the page.
Chris Hayner:It depends on the time.
Chris Hayner:It depends on the, the cycle of the moon.
W. Curtis Preston:Well, well, I have to say dashlane's pretty, pretty good there.
W. Curtis Preston:Um, it works.
W. Curtis Preston:I'm gonna say about 80, 80% of the time.
W. Curtis Preston:And when it doesn't work, it's the website.
W. Curtis Preston:It's not
Chris Hayner:Right?
Chris Hayner:Yeah.
Chris Hayner:And I.
Chris Hayner:I think that speaks to dash Lane's goals as a company.
Chris Hayner:Um, they actually, a few days ago, I wanna say their CTO did an interview, an
Chris Hayner:AMA on Reddit, uh, which was quite good.
Chris Hayner:And basically what he was saying and talking about was like touting
Chris Hayner:all these new advancements.
Chris Hayner:And it really feels to me like they're going hard after
Chris Hayner:the consumer level market.
Chris Hayner:And what that means is getting away from some of the enterprise features
Chris Hayner:like, you know, the password sharing or, or the running offline things
Chris Hayner:that a regular user is not gonna necessarily be that concerned about.
Chris Hayner:And in favor of let's build an absolutely rock solid cellphone service.
W. Curtis Preston:right.
Chris Hayner:Other companies are just like, listen, we've got 750 features.
Chris Hayner:I mean, we're working on that one, but we got all these other ones too.
Chris Hayner:And that was one of the things that he said in this interview is they
Chris Hayner:discontinued the application that it gets installed on the desktop tactically.
Chris Hayner:They said, there's too many products.
Chris Hayner:We have to focus on what customers want and need.
Chris Hayner:And this is not one of them.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:And if you think about it, a lot of people these days, they like, I don't
Prasanna Malaiyandi:know about you guys, but I use my mobile phone probably 80% of the time.
Prasanna Malaiyandi:Like I'm rarely ever on my laptop.
Prasanna Malaiyandi:And it's just like how I do things these days.
Prasanna Malaiyandi:Cuz it's always on me.
W. Curtis Preston:Yeah.
W. Curtis Preston:Yeah, absolutely.
W. Curtis Preston:Uh, my only criticism and again, it is something I'm they'll probably
W. Curtis Preston:add is they don't yet have MFA.
W. Curtis Preston:As part of their things that they manage.
W. Curtis Preston:I know some other password managers will manage both your
W. Curtis Preston:password and your MFA token.
W. Curtis Preston:Um, so I use, I use authy for that.
Chris Hayner:Yeah, that you might wanna check, uh, check your
Chris Hayner:terms and conditions that might have actually changed this week.
Chris Hayner:He specifically talked about the two FA options that can be built into
Chris Hayner:dash land if you want to use them.
W. Curtis Preston:Okay.
W. Curtis Preston:All right.
W. Curtis Preston:I will do that, Chris.
Chris Hayner:Um, and actually, incidentally, I'm curious what,
Chris Hayner:what you both think about using a multifactor authentication from
Chris Hayner:a password management company.
W. Curtis Preston:Whether or not that that violates sort of the,
W. Curtis Preston:The
Chris Hayner:separation of, yeah.
W. Curtis Preston:Yeah.
W. Curtis Preston:I I've gone back and forth on that.
W. Curtis Preston:I, I, I, I, I've gone back and forth on that.
W. Curtis Preston:Let's just say I, I, I was considering changing it because of that.
W. Curtis Preston:And then I had the same thought that you did of like, you know,
W. Curtis Preston:maybe I shouldn't, I don't know.
Prasanna Malaiyandi:I, I think the, I think the one thing to consider is like
Prasanna Malaiyandi:with the MFA, I would say a password manager is probably better than SMS
Prasanna Malaiyandi:based, two factor authentication,
Chris Hayner:Right.
W. Curtis Preston:Yeah.
Prasanna Malaiyandi:and some of the other forms of two factor authentication,
Prasanna Malaiyandi:is it as good as a standalone app?
Prasanna Malaiyandi:Probably not, but in order to make it seamless and easy for the user, I
Prasanna Malaiyandi:think that trade off may be acceptable, especially for the consumer side.
Chris Hayner:I think that's the correct answer.
Chris Hayner:And it kind of also goes along with the theme that we've been having here, which
Chris Hayner:is there's multiple levels of security.
Chris Hayner:It's up to you to determine how much is right for your use case.
Chris Hayner:As long as the answer is not no security.
Chris Hayner:We're in a much better place.
W. Curtis Preston:Yeah.
W. Curtis Preston:I, I, I think now that I'm thinking back, and, and again, we, we
W. Curtis Preston:should just investigate this.
W. Curtis Preston:Well, we'll see what, we'll see what they've done.
W. Curtis Preston:Like I would still want.
W. Curtis Preston:Like if it's not, if I don't still have to reach for my phone, that's not really MFA.
W. Curtis Preston:Right.
W. Curtis Preston:If I don't have to reach for a second device, something that I own, if it's
W. Curtis Preston:just the password manager's gonna manage my MFA, that's not really MFA.
W. Curtis Preston:Right.
W. Curtis Preston:Um,
Prasanna Malaiyandi:but, but what if it's your password manager
Prasanna Malaiyandi:plus using your face ID on your
W. Curtis Preston:no, I'm, as long as I have to reach for my
W. Curtis Preston:phone, that's what I'm saying.
W. Curtis Preston:As long as I have to have my phone on my.
Prasanna Malaiyandi:but so say you're logging in from your phone into a website.
W. Curtis Preston:That's I'm fine with that.
W. Curtis Preston:That's I'm, I'm fine with that.
W. Curtis Preston:What I'm saying is, is when I'm on a browser and then if the browser
W. Curtis Preston:version of Dashlane will manage both my password and my MFA token,
W. Curtis Preston:that's everything all in one place.
W. Curtis Preston:And that could potentially be cuz then if somebody's got my master password,
W. Curtis Preston:then they're in, there's no multi.
Prasanna Malaiyandi:Specifically about that Curtis, about the browser.
Prasanna Malaiyandi:I think one thing you could do, and I think I know Okta does,
Prasanna Malaiyandi:this is even on your laptop.
Prasanna Malaiyandi:Uh, if you use Okta and you log in, it has the ability to ask for your
Prasanna Malaiyandi:touch ID to verify that that is you.
Prasanna Malaiyandi:So it's not that it's automatic, right?
Prasanna Malaiyandi:It's just, you don't need to
W. Curtis Preston:Oh.
W. Curtis Preston:Oh, okay.
W. Curtis Preston:I see what you're
Prasanna Malaiyandi:push a button or something else.
Prasanna Malaiyandi:It's still using another factor.
Prasanna Malaiyandi:It's just
W. Curtis Preston:something that I own could be my finger.
Prasanna Malaiyandi:Exactly.
W. Curtis Preston:All right, Chris.
W. Curtis Preston:Well, Hey, you know, this, this was, this was like three guys in the same
W. Curtis Preston:choir, all singing the same song.
W. Curtis Preston:Right?
W. Curtis Preston:We were all We
Chris Hayner:I was thinking about that.
W. Curtis Preston:same page there.
W. Curtis Preston:Uh,
Chris Hayner:The title of the episode could probably just be, yes, I.
W. Curtis Preston:Yes.
W. Curtis Preston:Yes.
W. Curtis Preston:I agree.
W. Curtis Preston:What is interesting is that we've chosen three approaches, right?
W. Curtis Preston:I've got dash lane.
W. Curtis Preston:You've got last pass and he's got, what is it?
W. Curtis Preston:Key pass
W. Curtis Preston:key pass.
W. Curtis Preston:Yeah.
W. Curtis Preston:Which is a self-hosted, uh, thing.
W. Curtis Preston:Um, but just do it, man.
W. Curtis Preston:Like, I, I don't know.
W. Curtis Preston:It it's so, and the thing I think it's like, it's like, I, I, I'm gonna
W. Curtis Preston:liken it to virtualization again.
W. Curtis Preston:And that is like, like you don't get virtualization, try it right.
W. Curtis Preston:Once you've tried what it's like to, to be virtual, then you're like, why did I ever
W. Curtis Preston:use har you know, uh, raw metal, right?
W. Curtis Preston:Or bare metal once you've seen what it's like to log into
W. Curtis Preston:websites via a password manager.
W. Curtis Preston:You're like, how did I ever not do this?
W. Curtis Preston:Right.
W. Curtis Preston:I,
Prasanna Malaiyandi:Yeah.
W. Curtis Preston:it is just so much easier and so much more
W. Curtis Preston:secure, uh, than, than anything that you're gonna do on yourself.
W. Curtis Preston:Um, whether you cell phone, I'm not counting you, you know, I'm
W. Curtis Preston:saying, you know what I mean?
W. Curtis Preston:Like, like, like anything else, like spreadsheet or a normal
W. Curtis Preston:person doing it by themselves.
W. Curtis Preston:So.
Chris Hayner:Right.
Chris Hayner:Yeah.
Chris Hayner:What I often tell people is if you're skeptical, just do
Chris Hayner:it for one or two websites,
W. Curtis Preston:Yeah,
Chris Hayner:because then if you don't like it, no harm, no foul.
Chris Hayner:You un install and you move on.
Chris Hayner:But just see what it's like, do something, you know, do something like cover your
Chris Hayner:Facebook or go with something more secure, cover your banking account.
Chris Hayner:You know, you probably have a vested interest in keeping that
Chris Hayner:password as complex as possible.
W. Curtis Preston:right.
Chris Hayner:Feels like a great place to, to practice.
W. Curtis Preston:Yeah.
W. Curtis Preston:Agreed.
W. Curtis Preston:And, and I know, I don't know.
W. Curtis Preston:Um, I know Dashlane again, I haven't checked in a while, but Dashlane,
W. Curtis Preston:it used to be free as long as you only did it on one device.
W. Curtis Preston:Um, that was, that was their, that was their free version,
Chris Hayner:They also lock you down to 50 passwords at the moment,
W. Curtis Preston:oh, okay.
Chris Hayner:which, you know, like I said, they're going to, uh, pretty much
Chris Hayner:an all pay unless you host your own.
Chris Hayner:Uh, you're gonna end up paying something yearly.
Chris Hayner:But for right now, dash Lane's got their monthly, uh, special 29
Chris Hayner:99 for the whole year unlimited access to all of their features.
W. Curtis Preston:right.
Chris Hayner:you know, to, to use a very, uh, tortured metaphor.
Chris Hayner:It's like five cups of coffee.
Prasanna Malaiyandi:Yeah.
Prasanna Malaiyandi:It's like, what is
Prasanna Malaiyandi:your security worth?
Chris Hayner:Yeah.
W. Curtis Preston:up coffee though, Chris, so, you know,
W. Curtis Preston:um, anyway, well, thanks Chris so much for, uh, for coming on
Chris Hayner:Yeah.
Chris Hayner:It's been a pleasure.
W. Curtis Preston:and thanks Prasanna for, for film.
W. Curtis Preston:I, you know, I've never actually really asked you what the, what you were doing.
W. Curtis Preston:So I'm glad to, I'm glad to finally hear
Prasanna Malaiyandi:no, I, yeah, I don't talk about it a lot, but yeah, no, I know.
Prasanna Malaiyandi:You're I know you like to talk about your password manager a lot, but
W. Curtis Preston:You want a little bit of security by obscurity.
Prasanna Malaiyandi:yeah, exactly.
W. Curtis Preston:right.
W. Curtis Preston:Well, Hey folks, get a password manager.
W. Curtis Preston:Will ya?
W. Curtis Preston:And thanks for listening.
W. Curtis Preston:And remember to subscribe so that you can restore it all.
Listen On
