Security Fundamentals: Passwords and Phrases
Strong passwords are hard. They're hard to create, hard to remember, and hard to manage on your own. However, the alternative of creating simple passwords can be detrimental to your security. This video will take a look at passwords and offer essential recommendations you can apply today.
NIST Password Guidelines:
https://auth0.com/blog/dont-pass-on-t...
Strong Passwords... (CNET):
https://www.cnet.com/tech/services-an...
The Record Article:
https://therecord.media/attackers-don...
Timestamp Chapters:
00:00 Intro
00:55 Overview
02:10 Password Basics
03:07 Attacker Goals
05:02 Elements of Strong Passwords
07:03 Password Challenges
8:59 Password Managers
11:45 Recap
12:18 Outro
1
view
Getting Started With: Cryptee
Cryptee is an encrypted writing tool and photo storage application. It has an excellent document editor with great features, and it's all done behind a secure progressive web application. This means there are no apps to download from an app store and no waiting for security updates to go through an approval pipeline. It has a clean, minimalist image while retaining a broad array of features.
This app could be considered by nearly all security or privacy focused individuals.
Cryptee
https://www.crypt.ee/
March 2022 Updates:
https://blog.crypt.ee/march-2022-updates/
Timestamp Chapters:
00:00 Intro
00:37 Overview
04:30 Creating Folders and Documents
05:47 Document Editing
08:10 Search Options
09:54 Embedding Videos
10:25 Creating Photo Albums
11:25 Ghost Folders
13:11 Settings
15:23 Cryptee User Experience
16:30 Outro
10
views
2
comments
Security Fundamentals: Threat Modeling
Threat modeling is a useful tool for examining your life with the purpose of determining threats and vulnerabilities with the aim of protecting against them.
“A way of thinking about the sorts of protection you want for your data so that you can decide which potential threats you are going to take seriously.” ~EFF
Timestamp Chapters:
00:00 Intro
00:56 What is Threat Modeling?
05:57 Steps to Threat Modeling
06:31 Step One
07:25 Step Two
08:06 Step Three
09:04 Step Four
10:02 Step Five
11:16 Closing Thoughts
12:57 Outro
5
views
Getting Started With: NordPass
NordPass is a new addition to the password manager scene, but draws on the success and security the company developed in earlier products like NordVPN. It maintains End-To-End encryption, zero knowledge practices, and applies encryption while in use and at rest. It offers Two-Factor Authentication (2FA), which helps prevent account takeover.
It is for these reasons that we recommend this app.
NordPass:
https://nordpass.com
NordPass Username Generator:
https://nordpass.com/username-generator/
NordPass Password Strength Checker:
https://nordpass.com/secure-password/
Passphrase Generator:
https://untroubled.org/pwgen/ppgen.cgi
NordPass Export/Import Password Guide:
https://support.nordpass.com/hc/en-us/articles/360002377197-How-to-import-passwords-to-NordPass-
Timestamp Chapters:
00:00 Getting Started With NordPass
01:30 Why We Need Password Managers
03:26 Installing and Account Creation NordPass
09:13 Review of Features
10:45 Recovery Code and Biometrics
11:41 Review of Settings
14:05 Logging Into a Website With NordPass
14:48 Export and Import Passwords
18:19 Random Username Generator and Password Strength Checker
19:36 Outro
6
views
Getting Started With: 1Password
1Password is one of the older and more respected password managers available, and possesses many strong features. It maintains End-To-End encryption, zero knowledge practices, and applies encryption while in use and at rest. It offers Two-Factor Authentication (2FA), which helps prevent account takeover.
It is for these reasons that we recommend this app.
1Password:
https://1password.com/
1Password Password Generator:
https://1password.com/password-generator/
Passphrase Generator:
https://untroubled.org/pwgen/ppgen.cgi
1Password Advanced Sync Options:
https://support.1password.com/sync-options/
1Password Export/Import Password Guide:
https://support.1password.com/import/
ZDNet Article on Third-Party Keyboards:
https://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/
Timestamp Chapters:
00:00 Getting Started With 1Password
01:01 Password Managers Explained
03:27 Install and Setup of 1Password
07:51 Creating a New Login
10:39 Logging In With 1Password
11:09 Review of Settings
13:42 1Password Features
14:55 1Password Browser Extension
16:30 Outro
18
views
Getting Started With: Wickr Me
Wickr Me is an ephemeral encrypted messaging app that really shines in terms of its privacy features. Although this app may take a little more getting use to because of its layout, it is a great option for secure communication.
This app may be more appropriate for those with much higher privacy considerations, as other apps like Signal have the same level of outstanding encryption but with a slightly more natural messaging platform. Wickr Me certainly deserves its place among the top secure messaging apps.
Wickr Me:
https://wickr.com/me/
Wickr Me Terms Of Service:
https://wickr.com/terms/
Wickr Me Support and FAQ:
https://support.wickr.com/hc/en-us
Wickr Me Transparency Reports:
https://wickr.com/transparency/
ZDNet Article on Third-Party Keyboards:
https://www.zdnet.com/article/popular-virtual-keyboard-leaks-31-million-user-data/
Timestamp Chapters:
00:00 Getting Started With Wickr Me
00:29 Brief Description of Wickr Me
02:46 Installing Wickr Me and Account Creation
05:53 Finding Contacts and Sending a Message
07:03 Review of Message Features
09:03 Screen Capture handling
09:40 Overview of Settings
11:11 Account options
11:40 Conclusion and Outro
Photo by Christina Morillo from Pexels
30
views
Getting Started With: Signal Private Messenger
Signal is a private messaging app with incredible end-to-end encryption (E2EE). No product can claim to be perfect. This app does offer potentially the best security and privacy for communication for everyday use. In this video we show you how to install Signal, get started with account creation, and explore a few of the many great features.
Signal:
https://www.signal.org/#signal
Signal Private Contact Discovery:
https://www.signal.org/blog/private-contact-discovery/
Signal Blur Tools:
https://www.signal.org/blog/blur-tools/
Signal Sealed Sender:
https://www.signal.org/blog/sealed-sender/
Timestamp Chapters:
00:00 Getting Started With Signal
00:58 Installation and Account Creation
06:44 Face Blur
07:52 Metadata Removal
09:44 Review of Settings
11:25 Outro
Background Photo:
Photo by fauxels from Pexels
72
views
Getting Started With: ProtonMail
Video
ProtonMail is one of the most reputable and innovating secure and private Email services available. It offers a solid free tier, and several outstanding paid tiers depending on your needs. The support PGP, forward-secrecy, zero-access, and very strong encryption options, including a way to encrypt messages outside of their system of servers.
If you’re using another “free” Email service like Gmail, Yahoo, or Outlook then you should consider switching to a more secure option like ProtonMail.
ProtonMail:
https://protonmail.com/
ProtonMail Aliases:
https://protonmail.com/support/knowledge-base/creating-aliases/
Pixel Trackers in Embedded Email Images:
https://www.theverge.com/2019/7/3/20681508/tracking-pixel-email-spying-superhuman-web-beacon-open-tracking-read-receipts-location
Malicious Code in Embedded Email Images:
https://securelist.com/png-embedded-malicious-payload-hidden-in-a-png-file/74297/
How to Recognize and Avoid Phishing Attacks:
https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
Timestamp Chapters:
00:00 Getting Started With: ProtonMail
00:57 Why You Might Consider a More Private Email
02:37 Download and Install ProtonMail
03:03 Setting Up Your ProtonMail Account
06:16 Sending an Email and Email Options
07:58 Overview of Settings in ProtonMail
10:06 Folders and Labels
10:35 ProtonMail Account Settings
11:59 Making ProtonMail Your Primary Mail App
12:15 ProtonMail Settings in the Browser
13:18 Setting Up Two-Factor Authentication for ProtonMail
13:55 Using Aliases in ProtonMail
14:56 Outro
60
views
1
comment
Getting Started With: Tutanota
Tutanota is one of the more secure and private Email providers available. It offers incredible encryption, goes above and beyond to respect user privacy, is open source, and has a really clean interface in its mobile and desktop apps. Tutanota offers a generous 1GB of storage on their free accounts, and has reasonably priced paid accounts.
Arguably one of the best Email providers that we have used.
Tutanota
https://tutanota.com/
Tutanota Email Security [Technical]
https://tutanota.com/blog/posts/tutanota-uses-dane-on-top-of-ssl-pfs/
Tutanota’s Efforts to Make Post-Quantum resistant Encryption [Technical]
https://tutanota.com/blog/posts/pqmail-post-quantum-cryptography/
Pixel Trackers in Embedded Email Images:
https://www.theverge.com/2019/7/3/20681508/tracking-pixel-email-spying-superhuman-web-beacon-open-tracking-read-receipts-location
More About Pixel Trackers from BBC:
https://www.bbc.com/news/technology-56071437
Chapters:
00:00 Getting Started With Tutanota
00:47 Install and Account Creation
03:54 Login and Sending a Message
07: 03 Navigating the Mailbox
08:32 Tutanota Key Settings
11:07 Main Page Features
11:28 Outro
43
views
Welcome to Jehu Security
A brief introduction to our channel and to the Jehu Security goals for future videos.
Internet Advancement Articles:
Farming - https://www.iotforall.com/smart-farming-future-of-agriculture
Medicine - https://healthtechmagazine.net/article/2020/01/how-internet-medical-things-impacting-healthcare-perfcon
Banking - https://www.gobankingrates.com/banking/technology/new-banking-technology/
Knitting - https://www.theguardian.com/media/pda/2008/jan/22/knittingandtheinternet
Data Breaches mentioned:
BlueKai - https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/
OneClass - https://www.cyber.nj.gov/public-data-breaches/oneclass
Postbank - https://www.cpomagazine.com/cyber-security/south-africas-postbank-replaces-12-million-bank-cards-after-internal-security-breach-exposes-master-key/
TrueCaller - https://icssindia.in/truecaller-data-breach/
Nintendo - https://techcrunch.com/2020/06/09/nintendo-accounts-affected-breach/
Facebook 2019 - https://www.cbsnews.com/news/millions-facebook-user-records-exposed-amazon-cloud-server/
Facebook 2019 - https://www.techradar.com/news/millions-of-facebook-user-phone-numbers-leaked-online
Facebook 2019 - https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
Facebook 2018 - https://www.forbes.com/sites/kateoflahertyuk/2018/09/29/facebook-data-breach-what-to-do-next/?sh=62ce57672de3
Microsoft - https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/
WhatsApp - https://www.fightingidentitycrimes.com/whatsapp-vulnerability-spies-on-users/
Instagram - https://techcrunch.com/2019/05/20/instagram-influencer-celebrity-accounts-scraped/
We would also like to mention the incredible work done by the following organizations:
Center for Humane Technology- https://www.humanetech.com/
Electronic Frontier Foundation- https://www.eff.org
Girls Scouts STEM- https://www.girlscouts.org/en/raising-girls/school/STEM.html
Photos by:
Photo by ThisIsEngineering from Pexels
Photo by David Yu from Pexels
Photo by Tracy Le Blanc from Pexels
Photo by RF._.studio from Pexels
Photo by Julia M Cameron from Pexels
Photo by Markus Spiske from Pexels
Photo by Roberto Nickson from Pexels
Photo by cottonbro from Pexels
154
views