00:20:34	Alan German:	Tonight's deck is available at https://opcug.ca/presentations/keeping-passwords-safe.pdf
00:24:14	Tom Trottier:	MONKEY!
00:24:37	Tom Trottier:	https://haveibeenpwned.com/
00:26:58	Tom Trottier:	winkey-L locks your PC if away
00:27:49	Tom Trottier:	Maybe write/print all passwords for your estate if you die
00:29:25	Gail:	what about random passwords? are they good?
00:30:19	Alan German:	KeePass can be downloaded from
https://keepass.info
00:31:23	Jocelyn Doire:	Saving all or only relevant password into KeePass and then send or let someone know about that file, and how to access it, the way to do depends on your circonstances
00:32:34	Alan German:	Jocelyn - Is that suggestion related to estate planning?
00:32:45	Jocelyn Doire:	yes
00:33:21	Stewart Bruce:	Can a Windows device with a fingerprint scanner be set to use the finger print for individual programs or even websites such as apps in an Android device?
00:36:30	Kathryn Vedder:	To make a stronger master password, should you use numbers and characters too?
00:36:33	Tom Trottier:	Ditto for FIDO key
00:37:10	Tom Trottier:	2FA - 2nd factor authentication , Authenticator app
00:39:52	Tom Trottier:	Good to use other keys easily available on your keyboard
00:40:55	Tom Trottier:	fwiw, passwords>20 characters hard to OPHcrack for windows passwords
00:41:58	Dennis Gruending:	I share passwords, bank for eg, with my wife. She uses an iPhone. I use a PC and a Samsung phone. Can we share KeePass in one account?
00:42:14	Iqbal Jaswal:	I cannnot hear any spoken words now
00:43:01	Jocelyn Doire:	For those that speak French and use accented can make passphrase harder to crack
00:43:07	Alan German:	Sound is fine here
00:43:15	Bill Van Dijk:	Did you "join with audio"?
00:43:35	Tom Trottier:	SQRL, if available, an alternative to passwords if the website supports - https://sqrl.grc.com/threads/videos-demonstrating-sqrl.293/
00:44:02	Stewart Bruce:	Letters will always be better than numbers as each character has 52 possiblities rather than 10.
00:44:24	Tom Trottier:	Using both 62
00:44:36	Tom Trottier:	add special characters, too
00:45:27	LucL:	Question : Is the assumption of the software that you will enter the password using English USA or Canada ???
00:46:48	Tom Trottier:	中文密码？
00:47:15	Tom Trottier:	= "Chinese passwords?"
00:47:46	Jocelyn Doire:	replacing some letters with numbers, such as the letter O with then number 0 can make the passphrase easy to read but more obfuscated
00:47:59	Alan German:	Easy for Chinese hackers?!
00:48:06	Timothy:	Chinese password for Tom
00:48:14	Bill Van Dijk:	Some systems do not allow certain special characters. Any idea why?
00:48:38	Jocelyn Doire:	Does KeePass take Unicode characters?
00:49:01	Greg:	If you are using a base phrase for all your passwords, an approach to have variation is to be "algorithmic" with your selection for example using a mapping of the first letter of the website e.g. for IMDB.com use "I" as 9 and then the password would be "base phrase" + "9". 
00:49:42	Michelle:	It is recommended that you change passwords every 3 months. Do you need to change the master password every three months? Do you need to change the passwords that you have entered in the password manager?
00:50:06	william Bradwin:	can you just cut and paste from manager to site?
00:50:49	Tom Trottier:	https://haveibeenpwned.com/
00:51:05	Alan German:	Cut and paste is possible but Chris will probably show an easier way.
00:51:27	Tom Trottier:	--- have your passwords been used  before? (then used by hackers to attack)
00:53:30	Bea:	some sites require that you change them regularly like the government or the city of Ottawa - do you suggest using rotating password?
00:54:02	Stan Pomeroy:	you can record account numbers
00:54:07	Jocelyn Doire:	In my experience having to change the password often made me use easy and short password and/or write it down, making that scheme less safe.
00:54:19	Tom Trottier:	y
00:55:31	Tom Trottier:	is the picture encrypted too?
00:55:36	Timothy:	Good if you loose your passport
00:58:31	Coreen:	Where is the database stored? 
00:58:52	Alan German:	Is anyone attending this meeting here because they saw the event posted on Twitter?
00:59:43	Alan German:	Coreen - Almost the first thing to select is where to store the database file.  It's way ba-a-c-k in the slides.
01:00:00	Jocelyn Doire:	if you click on the URL, is the username and password entered too?
01:00:48	Alan German:	Help with Auto-Type in KeePass
https://keepass.info/help/base/autotype.html
01:01:22	Jocelyn Doire:	ok, it's being answered.
01:02:16	Tom Trottier:	I'd suggest $-associated passwords be kept in your head
01:02:26	Tom Trottier:	banks, paypal, ...
01:05:24	Tom Trottier:	? and phones?
01:06:32	Tom Trottier:	banks, especially, have short passwords
01:08:02	Tom Trottier:	Yubikey is a FIDO key
01:08:11	Jocelyn Doire:	How banks can get away with just 4 digit number for password?
01:08:55	Tom Trottier:	Is longer for internet usually
01:09:04	Alan German:	Joc - Isn't this just foir PINs where you also need a physical access card?
01:09:21	Jocelyn Doire:	no, even for internet access
01:10:43	Stewart Bruce:	I had to call and reset a bank access password last week and was told at least 8 characters with the usual mix of Caps & #
01:10:58	Karen W-G:	Suggestions for dealing with sites which have don't allow to create passwords that don't meet the minimum safeguards Chris is recommending?
01:12:01	Tom Trottier:	Why not create long passwords that qualify?
01:12:21	Alan German:	Karen - Two factor authentication can be one option, e.g. banks
01:12:53	Tom Trottier:	Sync or Swim
01:14:05	Alan German:	KeePassDroid
https://play.google.com/store/apps/details?id=com.android.keepass
01:15:19	Bill Van Dijk:	Could you keep the DB on something like dropbox?
01:19:00	Alan German:	Bill - The database is just a file so it could be stored on Dropbox
01:24:29	Tom Trottier:	I talked to CTO of alterna bank & they said 12 characters enuff - and they use IP, etc. to detect problems
01:24:39	Timothy:	Libraries use 4 diigits.
01:24:40	Natalie:	The only one I've seen with only 4 digits is Air Miles.
01:25:02	Greg:	I believe that with phone banking, the password is 4-digit long or 6-digit long and simplified. 
01:25:15	Alan German:	Google Drive
https://drive.google.com
01:25:19	Natalie:	OPL allows for more characters.
01:25:26	Alan German:	Google Drive Download & Sync
https://www.google.ca/drive/download/
01:25:44	Greg:	*i.e.  with my bank
01:27:26	LucL:	So cloud servers is where hackers are focussing their energies...
01:28:48	Alan German:	Luci - That's why, if you use this method of synchronization, it's a strongly encrypted file
01:29:07	Tom Trottier:	Not today. MS Exchange is the prime target!
01:29:37	Alan German:	Verify Google Drive working
browse to https://accounts.google.com
01:29:53	Alan German:	Once logged in, browse to
https://drive.google.com
01:30:48	Alan German:	Google Drive Download & Sync
https://www.google.ca/drive/download/
01:37:49	Stephane:	What happen if the application is open on both device?
01:40:53	Tom Trottier:	Have you used SQRL?
01:41:51	Jocelyn Doire:	Who is at the heart of KeePass, a private person, or a company, or something else?
01:43:21	Tom Trottier:	Longer better!
01:44:22	Alan German:	have i been pwned?
https://haveibeenpwned.com/
01:44:57	Tom Trottier:	troyhunt.com is haveibeenpwned.com author, has a blog
01:45:12	Natalie:	What if it's an aggregate breach? Hard to know which site, or which password needs to be changed.
01:47:12	Tom Trottier:	paper! Paper!
01:47:32	Tom Trottier:	or...………...swear at life, once dead
01:48:43	Tom Trottier:	Executer...…...
01:49:02	Tom Trottier:	Executioner...……..
01:49:15	eod@ncf.ca:	Very funny.
01:49:33	Jocelyn Doire:	for estate, can you set alternate password in KeePass to let access to a subset of entries, for example all work related password?
01:49:53	Tom Trottier:	My epitaph: At last, root access!
01:49:59	LucL:	Any resources  on  Keeping passwords safe   for  Dummies  ( or for Cavemen ! )  ?  
01:51:16	Natalie:	Mic not working!
01:51:21	william Bradwin:	A lot of excellent information tonight Chris! Thank you so much. Thanks Alan.
01:51:52	Natalie:	Was informed that I was part of a hack that included 50 sites, not named.
01:52:00	Alan German:	Naralie - larify I chat?
01:52:03	LucL:	So much energy and complexity  to keep  one’s mind ‘calm’  :  the hypercomplexstructuration of organized information ?  
01:53:07	Natalie:	I did!
01:53:23	LucL:	Thanks for trying to bring us to the cusp ! Interesting !
01:54:10	Bob Herres:	Well said William Bradwin!  "A lot of excellent information tonight Chris! Thank you so much. Thanks Alan."
01:54:32	Natalie:	I needed to go through all of the subscriptions for that e-mail address. It was a pain!
01:56:06	LucL:	How do I find out if my email address was being used to do harm  to me or others ?
01:56:09	Wayne H:	Excellent Presentation.  Thanks Chris
01:56:20	Natalie:	Thanks!
01:56:27	Michelle:	Nice presentation as always.
01:56:39	Karen W-G:	Awesome!!! Thanks Chris and Alan!!!!
01:56:40	Gail:	thank you!
01:56:51	Bob Gowan:	Great presentation, Chris. Thanks !
01:56:51	LucL:	No Q and A tonight ? 
01:56:54	Bea:	Thanks - very useful
01:56:56	eod@ncf.ca:	Excellent presentation. A lot of info but at least I'm not crazy as some say when I use a very long password. I've been doing that for a while.
01:56:57	Michelle:	Will you do a presentation on backup in the future?
01:57:06	Timothy:	Maybe in 20 years there will be pgrams that may break passwords today.
01:57:07	Julie More:	Thanks. V
01:57:08	Jocelyn Doire:	yes, we get Q&A after
01:57:14	Julie More:	Thanks