Password Etiquette

Are you following the good password etiquette? Here are some good practices to follow when it comes to passwords.

Use a strong password

Always use a password that is at least 10 characters long, has combination of upper case and lower case letters, numbers and special characters like * @ # $ % ! etc. A good way to generate a strong password which you can also remember and easily type is to take a dictionary word, capitalize random character in it and add special character and numbers to that. Some examples of strong passwords

RanDom@2015!
Future#190295
101+Spider4
Sellers.100&

It is perfectly fine to use a dictionary word in the password as long as you randomize it further with additional characters and numbers and change the placement. Length of the password is the key. Longer the password safer it is.

Generate strong and easy to remember password at strongpassword.io.

Do not reuse password

This cannot be stressed enough. Never use the same password on multiple accounts. It’s a bad idea! You never know how, and in which format your password is stored in the database of the website/app you are using. Most services do not store the password in plain text format. Password are stored in hashed format where a computed hash string is stored for the password. There are several algorithms that can be used to generated hash of a password and most are one way, in the sense that the original string cannot be derived from the hash. However, it is safer to use a different password for each account. In case one of the websites or apps are attacked and your password is leaked, the attacker will try to use the same password on common accounts like Gmail, Facebook, Twitter, Yahoo etc. If you are using the same password everywhere, you are doomed!

Never use the password of your main email account for anything else.

Change your password regularly

Keep changing your password. Password that was secure last year may not be so secure and strong this year because of constant progress being made in the computational power and speed. Your mobile phone is now more powerful than your computer was 5 years ago. New algorithms are being developed to crack passwords, new security flaws are discovered in major applications constantly. You must keep changing your password to stay ahead of the attackers.

Use a password manager

If you use long, complicated passwords, use a different password for each service and change it regularly, you can’t remember so many passwords. You have to use a password manager to store and manage the passwords. Are password managers safe? What if somebody hacks the password manager? They will get access to my accounts instantly!

Password managers are safe. HexaVault or any other leading password manager uses strong encryption to store the passwords. Some store the password on their secure cloud, some like HexaVault store the encrypted data only on your phone. The encryption used is super strong and if you use a long, strong password as mentioned above it cannot be cracked. You however also have to change your password manager’s password often. But in that case, you just have to remember one secure password and not multiple.

Passwords are everywhere, and you must make sure you follow the best practices to avoid getting hacked or your data stolen.

Facebook hacked: 50 million accounts affected

Facebook has reported a security vulnerability in one of their features that has affected 50 million accounts. The vulnerability was discovered in the “View as” feature in Facebook that lets users see what their profile looks like to others. This bug allowed hackers to steal access tokens which granted them access to other people’s Facebook accounts.

50 million Facebook accounts were compromised because of the vulnerability and Facebook has reset their access tokens. In addition, tokens for another 40 million accounts have also been reset. These 90 million users will have to login to Facebook again the next time they visit it.

Facebook is working on fixing the vulnerability, however it is advisable to change your Facebook password and change it regularly.

Never use the same password across different accounts.

Change passwords frequently.

Generate strong, uncrackable passwords at strongpassword.io.

HexaVault – a better password manager than LastPass and others

I am Yash Gadhiya, creator of HexaVault. Let me tell you why I created HexaVault. I was frustrated with available password managers on the internet. LastPass, Dashlane, 1Password etc. None of them allowed me to add additional details about any type of information. I wanted a simple password manager which would allow me to add any number of details in key-value pairs.

LastPass, Dashlane et al. are very good password managers. But they are good at storing mostly one thing – passwords. I wanted something more. Not just a password manager but a personal information organiser. One where I could store all my financial accounts, membership accounts and such. Yes, these apps allow you to store information more than passwords but that is such a half baked and poor executed feature, it almost seems like it was added just for the namesake.

Here is the template for adding a credit card from LastPass. There are some predefined fields for storing most common type of information but there is no way to add anything else. If I wanted to add my username and password for accessing the card account online, I can’t store it with the credit card details. I can’t store a secondary password or PIN or any other security or other information I may have associated with my card.

Here is the add credit card template from HexaVault. Not only does HexaVault have way more predefined fields, it allows adding multiple custom fields where you can provide your own label and provide the value for the field.

That is the biggest advantage of HexaVault. It is a key-value store of information. It is simple. It is customizable.

LastPass has many features when it comes to password management, but all those features are of no use if I can’t use it for storing whatever else I want. HexaVault will eventually get there in terms of those additional features as well. For now, there is one thing it does better than others – it allows you to add custom fields. Others are just password managers. HexaVault is a personal information organizer.

Get organized. Get efficient. Get HexaVault. HexaVault for Android. HexaVault for iPhone.

Is It Safe to Store Passwords in Password Managers?

Should I store ALL my passwords in one place?

Is it safe? What if my phone is lost? Can somebody hack it?

No. Your vault cannot be hacked.

Password managers like HexaVault encrypt the data using Advanced Encryption Standard (AES). It’s the world’s strongest encryption standard.

The key is to use a strong master password. Use a 10+ character password with uppercase and lowercase letters, numbers and special characters and your vault can not be hacked! Check how strong is your password.

HexaVault also stores all the data on your phone, not on someone else’s server. The vault is automatically locked after 30 seconds. The master password is not stored anywhere on your phone.

If you use a strong password, it will take millions of years even with a super computer to hack your vault!

Get HexaVault today from Apple App Store or Google Play Store.

StrongPassword.io – Check Your Password Strength and Generate Strong Passwords

Do you want to know how secure is your password? Have you ever wondered how long will it take hackers to hack your password? If you think you have a strong password that no one can hack then you should check the strength of your password at StrongPassword.io.

StrongPassword.io is a free web app which tells you how strong your password is. It tells you how long will it take a modern computer to crack it via a brute force attack. It also suggests you ways to make your password more secure.

A brute force attack is a method of checking all possible combinations of letters and numbers against a password protected file in order to find out the correct password. Modern computers can check billions of combinations per second. So it necessary to use a long string of random characters which contains numbers, upper case and lower case characters and special characters like @ ~ # & % etc.

StrongPassword.io can also generate a random super strong password for you. Just tap on the Generate A Password button to generate a password which you like.

Check out https://strongpassword.io

HexaVault 2.0 for iOS – Unlock Vault with Touch ID/Face ID

Fingerprint unlock comes to HexaVault for iPhone and iPad. New version of HexaVault for iOS adds support for Face ID authentication for iPhone X and Touch ID authentication for all other iPhones that have fingerprint sensor. So your vault now can be unlocked with your fingerprint or your face.

You can now also import information in bulk into HexaVault for iOS from an Excel file. Check out the detailed guide on importing data from Excel into HexaVault.

Update HexaVault now from the App Store.

Posted in: iOS

HexaVault 2.4 for Android – Unlock with Fingerprint

We have released an update of HexaVault for Android. It adds fingerprint unlock capability to HexaVault. You can now unlock your vault with your fingerprint instead entering your master password. If you phone or tablet has a fingerprint scanner you can activate the fingerprint unlock option.

To activate Fingerpting unlock, you need to set it up first. Tap on the menu icon on top and choose Fingerprint Setup option.

Before you can setup your fingerprint, you will be asked to share HexaVault with your friends. You can let your friends know about HexaVault via popular social networks like WhatsApp, Facebook, Twitter etc. It only shares a link and description about HexaVault with your friends. It does not share your vault with your friends.

After you have shared HexaVault with your friends, you can setup fingerprint unlock. Tap on the Set up button and touch the fingerprint sensor on your phone/tablet. Fingerprint will be authenticated and set up. Now all the fingerprints that are registered on your device can be used to unlock your vault.

Next time when you open your vault, you will see the fingerprint icon on the login screen. Touching the fingerprint sensor will log you in to your vault.

Update HexaVault now from Google Play Store.

Using a single password for all accounts is a bad idea, here’s why

Do you use a single password across all your accounts? Email, social media, bank accounts? Bad idea. Let us explain.

You might think keeping the same password everywhere is easier because then you don’t have to remember multiple passwords and you don’t have to write it down anywhere either. But guess what, if your password somehow gets leaked from one of those services, you expose all your accounts at once.

That’s what happened with Twitter. It turns out, due to a bug, users’ passwords were written in a log file in plain text form. Yes, your password which you thought was super hard to guess was being written in a file in simple readable format for anyone to read! The Twitter log files were not leaked but if they had then your password would be public. If someone got hold of your email and you had used the same password for your email, then your email account would have been compromised as well. Hackers would then try to login to every major social media service using hat email and password combination to see if you are present on anyone of them.

Never use a common password across all services. Use a unique password for each service and change it regularly. Especially never use the password which you use for email accounts for any other service.

How do you keep track of so many different passwords? Use HexaVault to store your passwords.

What about the security of HexaVault?

HexaVault stores your passwords in encrypted format on your computer, not on some server. And it is encrypted using world’s strongest encryption standard. Even if your phone is lost, nobody can hack into your HexaVault.

Get HexaVault now. And if you haven’t changed your Twitter password, do so immediately.

HexaVault 2.0 for Android Released

We have just released an upgraded version of HexaVault for Android. The new version now allows you to import information in bulk from an Excel spreadsheet.

This addresses one or the biggest roadblocks new users faced with HexaVault – entering a bunch of information the first time. You can now enter all your important information in an Excel spreadsheet in two columns and import it all at once in HexaVault.

We have created a simple tutorial on how to bulk import data from Excel to HexaVault.

We have also introduced optional user registration in HexaVault. You can provide your name and email the first time you run HexaVault. It is completely optional, and you can skip the step. We introduced the registration to know how many people are using HexaVault and to be able to communicate with them in future about updates, getting feedback and sharing important information about HexaVault and security of information security. The data you enter in HexaVault remains on your device and is not sent to any server.

Another feature we have added is periodic notifications for low usage of the app. Sometimes people download the app and forget about it because they can’t find time to enter all the information at once. In such cases the app will remind the user after a few days and implore them to import the data from Excel at once.

If you are an existing user of HexaVault for Android, do upgrade your app.