OERu/Orientation Password manager

On this {{{course}}} course, we use a number of different openly licensed internet technology platforms to help you build digital skills for online learning. To improve your security online you should:

• Create unique passwords for each account you have online. That way, if an attacker gets access to one of your passwords, they will not have access to all your online accounts using the same password.
• Avoid using personal information in your passwords, like your date of birth, home address, or names of partners or pets that can be garnered from public information online.
• Create passwords that are long and strong - for example, create a password that uses at least 14 characters including a mix of numbers, letters (both upper and lowercase), and symbols.
• Store passwords in a secure place (don't store passwords in emails, unencrypted files on your computer, or sticky notes).

Remembering a unique password for every account you have online will be difficult. We therefore recommend that you use an independent online password manager - to create different strong passwords for each website account you create on this course. That way you can gain experience in using this technology (if you don't already use a password manager).

Advantages of using a password manager

A password manager is a software application that uses advanced encryption methods to securely store passwords. When using reliable online password managers, the administrators of the password manager website cannot view your passwords. Even if "crackers" get access to all the data on the site, they will not be able to decipher the encrypted passwords.

Password managers use a strong master password to access all your passwords for different websites, so you only need to remember one strong password. They can also generate strong random passwords for each online account you have.

We encourage the use of "independent online" password managers because they can typically be accessed on any device (desktop or laptop computer, or mobile device) you might use, regardless of brand/operating system, and any web browser you might use. The aim is that you never have to remember nor type in any of your passwords - they should be filled in for you (or available to 'copy and paste')

• in any browser you might want to use,
• across different devices, for example, your computer and mobile phone, and
• using optional 'two/multi-factor authentication' (2FA or MFA) to provide an extra layer of security - something you have or have access to, rather than something you know (e.g. a password) - by verifying your identity using a unique code sent via email or SMS each time you log in.

You're welcome to use your platform's or browser's password manager in addition to an independent online password manager, but beware that they can get 'out of sync' with your online password manager, creating problems around knowing which system to trust.

In this course, we recommend the use of Bitwarden, using their Basic Free Account for individuals -- because it is powered by free and open source software (FOSS). As a FOSS application, your institution or Ministry may provide access to a self-hosted version (using Vaultwarden, a community-maintained version of the Bitwarden server implementation). In the event that your Ministry or employer provides a hosted version, please follow the instructions provided for accessing this option; otherwise, use the free basic account offered through Bitwarden.

Mini-challenge summary

Summary:	Learn how to use a stand-alone password manager to modify and store unique passwords for each online account
	30 to 45 minutes depending on prior experience with online services
	Not directly linked to a course challenge, but provides pre-requisite digital skills for managing passwords

This mini challenge is divided into two parts:

1. Save and modify an existing password using the Bitwarden web-service
2. Create entries for all the online accounts recommended in the rest of this learning pathway, with unique strong passwords using a browser plug-in for Bitwarden.

Stimulus resources

• Video: Bitwarden Password Manager Beginners' Guide
• Online instructions: Bitwarden Help Center
• Password security: Is the longest password always the best?
• Video tutorials: Bitwarden 101 Video Series

Part 1: Save and modify a password for an existing online account

Purpose: To familiarise yourself with basic functionality of the Bitwarden online vault

1. Create a vault account on Bitwarden (Please create a strong complex master password for accessing your vault. This is the only one you need to remember.)
2. Carry out the instructions provided in the Bitwarden help documentation on getting started with the web vault to:
   • Create a folder
   • Add and save a log-in for an existing online account using your current password
   • Change your password for this online account using Bitwarden's feature to generate a strong alternate password
   • Save your new password in Bitwarden
   • Optional - add two factor authentication to your Bitwarden vault (You are not required to sign up for a premium Bitwarden subscription. The Basic Free Account will be adequate for the purposes of this course.)
   • Log out of the online service you used to generate a new password
   • From your Bitwarden vault, locate the record for your online account. Use the copy icon to copy the new password and log in to your online account to verify that you have saved your Bitwarden password record correctly.

Part 2: Install the Bitwarden browser extension for your preferred browsers and test automated features

Purpose: Install the Bitwarden browser extension to integrate password management directly into your preferred browsers

1. Carry out the instructions provided in the Bitwarden help documentation on getting started with browser extensions to:
   • Download a Bitwarden browser extension from your browser's marketplace or app store, or from the Bitwarden Downloads page
   • Log in to your vault using the browser extension
   • Using your Bitwarden browser extension, practise:
     1. Adding a new log-in (for example, for one of the website accounts recommended in this learning pathway)
     2. Practise using the auto-fill log-in for a password record saved in your Bitwarden vault.

Optional activities

To get more value from using your Bitwarden account:

1. Install the Bitwarden mobile application for your phone (Remember to sync (synchronise) your app with the passwords stored in your vault via the Settings --> Sync option.
2. Install the Desktop application for your operating system (Windows, macOS or Linux) to provide vault functionality locally on your desktop.