3. Basic security for my parents

Basic security for my parents

I’ve had similar issues with my in-laws (directly and though my wife.)

My personal belief, if some assumptions hold true, is that writing the passwords in a physical book is probably going to be the most reliable and avoid those exception cases where the PW manager doesn’t “hook” into the applications or sync. I think it also sort of registers as a “thing” to be protected like the checkbook or a passport.

This is less of a good idea if their living space is not secure or anyone that enters their house is not trustworthy—anything from a shady family member, a kid who is just smart enough to cause problems, service providers, or couples who expect and maintain a degree of privacy from one another—but keeping it under lock and key isn’t a bad idea.

I wouldn’t suggest this if they were set in using a PW manager, or the system could somehow demand anything password related be globally-system wide enforced to a degree of difficulty (though I know why that isn’t a “thing”, random sites with legacy requirements, especially length that disallows pass phrases, or inconsistent complexity.) My thinking based on what you’ve said, is that if they can bypass it, they will bypass it.

Beyond that; the challenge with many PW managers or hardware keys is that they don’t necessarily work with their handheld devices, or they integrate though some interfaces but not others (e.g., browser enabled, but not randomapp). Some work well enough though copy and paste, others not as much.

iCloud password sync is probably suitable for their purpose and has broad integration on both. The “Keychain Access” program on Mac functions as a system-integrated PW manager—secured by their login password on Mac and (Passwords Control Prefs) the Passcode on iOS.

The downside is that it is hazardous if they (like a lot of people) allow others to use their phone. It won’t reveal the password unless someone enters the passcode/PIN, but gives anyone who gains control of their unlocked device (again, shady relatives to irresponsible children) the ability to login. 2FA won’t provide much help in this regard either if they can just as easily access the texts or any app-based token.

A physical hardware key is probably as vulnerable as a written book when it comes to family or any situation where someone touching that key wouldn’t be immediately seen as nefarious.

At some point, there is only so much that can be done, like that some people leave their front door unlocked, or will give out any information to whoever asks over the phone.

If you are the one who gets roped into helping with these things, you might insist that when you are told the password—you change it, write it down in whatever you do decide on and make it long enough that you can’t remember it.

I’ve done this with my family. I don’t want to know their password. If I have to fix or set something up, I write it on an index card, and give it to them to handle wherever they keep important papers. One does a PW manager, but sets anything that will allow it their widely used password at least 9 people know, and one does not (but has very few people in the house and does keep them with important papers.)

This can also help avoid a few situations. They cannot say it “just easier to call <him> to do <x>, he already knows the password”, because they’ll at least have to look up the password they probably haven’t memorized. It also makes them go out of their way to reset them back and familiarizes whatever process you use.

I cannot speak to your family dynamic, but it also helps, should the worst happen, where there aren’t situations where X family members know passwords can could hypothetically (along with external attackers) make problematic account activity.

Beyond that, I personally think the only real way to change the behavior is consequences. I don’t think anything can be made so simple that someone who doesn’t care will do anything that takes more effort. “I tried to help you prevent this, I warned you and you went around it, and it happened.”

Again, I cannot tell you how to manage your affairs with them, but I think at some point there has to be a consequence if the secure process is ignored or undermined—such as having to go to the apple store to fix it or fight with whomever if weak accounts are breached. If someone else manages the fallout, it just incentivizes whatever is easiest because it doesn’t affect them personally.

/r/opsec Thread
Previous
Next

Recently removed from /r/opsec

LUKS: eliminate chance of forensic recovery of removed keys Deciding on a VPN is exhausting and most people don’t seem to have the same concerns I do, any recommendations?

More Random Comments

Stephen Crowder Slams H3H3 I posted in r/USPS for help. This is the help I received from people who claim to work there. Watching Maul or Dooku's lightsaber fights are orgasmic Anyone else staying online unless schools make the vaccine mandatory? Just been made O/N maintenance supervisor. Diet restrictions. Need cheap healthy food snacks that are easy to take for lunch and for dinner. Daily General Discussion and Match Links Thread - May 28, 2021 Have you ever been an abusive partner or friend or family member? Please share your thoughts. I'm looking for ideas on how to stop being codependent on everyone in my life even on taxi drivers, total strangers, etc. My mental health tanked during the one week my therapist was out of town and I am embarrassed about it The Nashville Predators have been eliminated from the Stanley Cup Playoffs after losing to Carolina Hurricanes in 6 games Surviving Charlamagne Tha God - The Horrific Story of Jessica Nicole Reid Surely we can say something more specific than that "the situation in the Middle East is complex" yowza Can you put into words the strategy the USSR had when taking half of Poland? What is your opinion on religions/spirituality and gods?