Category Archives: Technology

How to safely share passwords with others who need them

It’s easy to poke fun at companies that treat sensitive information recklessly, sending or receiving plaintext passwords via unencrypted email or chat, or storing customer information in ways that are far from secure. But it can be a logistical nightmare to let multiple remote employees log into a shared account in a secure fashion.

Luckily, there are a few options to make this a little easier. Here’s a quick run-through of some of the best options.

LastPass

Like most password managers, LastPass lets users to log in with just one master password; the tool stores all of their other passwords. Among other things, this makes it easy to create long and complex passwords and to use different passwords for each login account.

In addition, LastPass’ enterprise accounts will let you share login data between individuals and across teams, with customizable permissions. That means that you can choose who has access to which folders, and make changes that are synced automatically. Enterprise accounts cost anywhere from $18 to $24 a year per user, depending on the number of users.

It’s also possible for a Premium account holder to share password information in a single file with up to five other LastPass users, which could be useful for tiny startups, partnerships, or people needing to share passwords with friends or family members. Premium accounts cost $12 a year, and only the main account holder needs to have one.

Because LastPass is cloud-based, it makes things easier for people logging into multiple computers, but has some drawbacks as well. For instance, you’ll be uploading your passwords—though not your master password—to the cloud, though in encrypted form.

In addition, “[a] third party service [like LastPass] will be able to see which sites you have an account on … not the password itself, but when you’re accessing each password,” says privacy and security researcher Runa Sandvik, technical advisor for Freedom of the Press Foundation.

KeePass and KeePassX

“Keepass and Keepass X may not be as pretty as all the other tools, but it is open source, it is free, and it works,” Sandvik says. This password manager is one you have on your computer, so no third party knows when you access different sites. However, you do need to make sure you’re backing up the database frequently. (Let’s just say that losing your database of passwords would be … bad.)

To share passwords with others, you need to create a database, enter the password, send the database to another person, and somehow securely send them the password to open the database. We’ll discuss that a little later.

OneLogin

OneLogin is another cloud-based option. OneLogin allows users to log into multiple cloud services using a single sign-on account. It can integrate with a company’s “active directory” of user accounts and permissions.

Another benefit is that OneLogin can integrate with a large variety of enterprise applications. Plans range from $2 to $8 a month; there’s a free version as well.

1Password 

1Password is a personal privacy manager tool that allows users to create several password vaults, and share a single password vault with a group of people who also have 1Password installed. However, you do need to use Dropbox to synchronize the data.

“That is a sharing solution is suitable for a family and a small team, but it’s not an enterprise solution or one for a big company,” says security adviser Per Thorseim, founder of the Passwords hacker conference. Licenses cost $49+.

SplashID Safe for Teams

SplashID is an enterprise product that allows large teams or companies to share passwords and other information with larger groups of people, such as entire departments or large companies. The IT team can create users and groups and permissions, so only people who need access to passwords can see them, or to review logs of records and usage.

Dashlane

Dashlane for Teams is yet another privacy tool that works on the company level. It syncs passwords within a team, which is helpful any time someone needs to change a password, as the change will get pushed out to all team members and their devices.

Dashlane also sends security alerts to users’ devices when an account may have been compromised. A security dashboard provides tips for making an account even more secure.

Licenses cost $39.99 a year for each user. There’s also a freemium version with very limited features.

Strip

Strip is another enterprise solution that has team password sharing. It allows synchronization over Dropbox, Google Drive, and local Wi-Fi, and creates local backups of data.

Don’t Forget Two-Factor Authentication

LastPass, 1Password, and Onelogin support two-factor authentication, which adds an extra step to checking a user’s identity when they log into a website. For instance, logging into the service require not just a password, but an authorization code that’s texted to a user’s phone.

Two-factor authentication is challenging to use with tools like Twitter if you have a distributed team, since a single phone number must be used, but there are often other options. Google, for example, allows users to generate backup codes, which can be shared with remote users who don’t have access to the mobile device to which the SMS code.

How To Safely Share Just One Password

Suppose you need to send someone just one password, and would rather not deal with the hassle of setting up shared-passworld tools. Or, similarly, say you sent someone a KeePass database, but then also need to send them a password so they can open it.

“The challenge is that even if you were to store a shared password, you’d still need a password to get into the database in the first place,” Sandvik explains. So what’s the easiest way to safely share that single password?

Options might include sending encrypted emails, which require a bit oftechnical know-how, or using encrypted phone or messaging apps. Open Whisper Systems’ RedPhone (Android) and Signal (iOS) apps are particularly user-friendly.

SnapPass is open-source software used at Pinterest that allows people to send a URL to someone that links to a password. It may require a bit of tinkering to set it up; it stores passwords in a Redis database on the user’s own computer system.

 “The URL leads to the password,” says web operations consultant Dave Dash, a former internal tools engineer at Pinterest who built SnapPass. He continued:

You can only click on it once and it expires after a few days. If I need to set up an account on any system for someone, I could send them the URL, and then they’d have the password and could then change it for added security.

Dash recommends that anyone setting this up make sure that the application and database aren’t publicly accessible. It’s also wise to limit the number of people who have access to the running application and its associated database.

Of course, there are non-technical solutions as well. You could, for instance, send a password through a different channel than the one used for login information—you could send one through email and another via chat, for instance.

This is the same concept that banks use when they send a debit card in one envelope and a temporary code in a separate one, and mail them out on different days, although of course it’s not foolproof. “That’s an option, but it assumes that NSA isn’t the entity you’re worried about,” Sandvik points out.

 If nothing else, just promise us you won’t store all of your passwords inplaintext in a directory called “passwords.”

Photo by Tit Bonač

This article appeared originally on readwrite.com

Why RAM Boosters And Task Killers Are Bad For Your Android

Stop killing your Android phone! There’s a lot of misinformation out there regarding the usefulness of RAM booster apps and task killer apps. At first glance they sound incredibly useful, but a closer look shows that they could actually be harming your phone instead.

Long story short: Simply avoid using RAM booster and task killer apps. They may have once been useful, but Android has progressed far enough that these sorts of apps are now outdated, unnecessary, and counterproductive. If you want to know why they’re bad, keep reading.

How Android Handles RAM and Apps

android-task-killers-overview

To understand how Android handles RAM, we first need to understand what RAM is and how it works.

There’s a lot of technobabble that could be said about it, but for our purposes, it’s enough to know that RAM means random access memory and it’s a type of storage that’s incredibly fast but disappears when the device shuts down. Therefore, RAM is useful for holding temporary information that changes a lot and gets frequently accessed.

On Windows, you want to keep as much RAM available as you can so that programs have enough room to operate. When RAM fills up, Windows is forced to start using hard drive space as virtual RAM and hard drives are much slowerthan physical RAM.

This is not true for Android.

Android’s operating system has its own native handler for assigning RAM to apps and making sure that all of it is being used in the most optimal way. In fact, Android purposely tries to keep apps loaded into RAM for better performance. RAM is fast, remember? On mobile devices, every bit of speed is critical for a good user experience, so keeping apps in RAM is actually a good thing.

If you use a lot of different apps, you may want to consider a model with more RAM the next time you buy a smartphone.

Not only does Android handle RAM assignment, but it also keeps track of background apps so they don’t use up unnecessary processor resources. There’s no noticeable performance hit for leaving apps loaded in RAM. There’s one exception to this, but we’ll cover that in the last section of this article.

The Deceit of RAM Boosters & Task Killers

android-task-killers-drawbacks

At this point, it might seem like RAM boosters and task killers are neutral. They might not necessarily help with Android performance, but they aren’t bad to have around, right? Maybe they provide some marginal benefits? Unfortunately, no. They are detrimental.

Typical Windows wisdom says to kill RAM-hogging processes and defragment your hard drive for faster speeds. This is good in the context of Windows, but applying it to Android results in negative gain.

For one, Android uses an SD card for file storage rather than a traditional hard drive. SD cards are a type of flash memory — similar to solid state drives — and don’t need to be defragmented. In fact, one of the downsides to flash memory is a limited number of times that data can be written to the card before it expires. By defragmenting an SD card, you can decrease its lifespan.

When you clear apps from RAM, Android is just going to load them into RAM again the next time it needs to access those apps (for notifications, updates, and other background details). This is actually slower for you since SD cards are slower than RAM.

And in the case of automatic task killers, you end up having to sacrifice some of your RAM and CPU to the task killer app itself, which is always running and monitoring for opportunities when tasks should be killed. This can be a big drain on battery life — and you aren’t getting anything useful in return!

Improving Android Performance & Battery Life

android-task-killers-performance

If you’re using a task killer, it’s likely the case that you just aren’t happy about your device’s performance. It’s slow, perhaps even sluggish, and using it is more of a nuisance than a joy. If a task killer isn’t going to help, what can you do to boost Android performance?

Kill misbehaving apps. You should avoid killing apps just to free up RAM, but always be on the lookout for apps that use an unusual amount of CPU. These can seriously slow down performance and kill battery life. Watchdog Task Manager is a great app for this.

Use lightweight apps. Many times, poor performance can be attributed to a particular app rather than the Android device itself. For frequently used apps (e.g., browsers, notebooks, music players, etc.) always go for the ones that are most lightweight and battery friendly.

Toggle unnecessary features. It’s convenient to keep your data on all of the time, but it’s going to have an impact on performance. The same goes for always keeping your WiFi, Bluetooth, and GPS on. Toggle them off when you aren’t using them to preserve resources. Use a toggle widget to make it even easier to handle.

Install a custom ROM. This tip is a bit more advanced and should only be considered by those who are familiar with Android troubleshooting. Installing a custom ROM is like installing a different distribution of Linux: some ROMs are faster and less battery intensive, which is great for weaker devices.

For more tips, check out Guy’s roundup of nine ways to extend Android battery life.

What are your experiences with task killer apps? Do you use one for your Android right now? Have they been helpful or have they just been placebo? Share your thoughts with us in the comments below!

Image Credits: Phone Apps Via Shutterstock, Phone Circuitry Via Shutterstock, Charging Battery Via Shutterstock

This article originally appeared on makeuseof.com