QA4ODFL2/Orientation/Password manager
On this Quality Assurance for Open Distance and Flexible Learning 2 (QA4ODFL2) course, we use a number of different openly licensed internet technology platforms to help you build digital skills for online learning. To improve your security online you should:
- Create unique passwords for each account you have online. That way, if an attacker gets access to one of your passwords, they will not have access to all your online accounts using the same password.
- Avoid using personal information in your passwords, like your date of birth, home address, or names of partners or pets that can be garnered from public information online.
- Create passwords that are long and strong - for example, create a password that uses at least 14 characters including a mix of numbers, letters (both upper and lowercase), and symbols.
- Store passwords in a secure place (don't store passwords in emails, unencrypted files on your computer, or sticky notes).
Remembering a unique password for every account you have online will be difficult. We therefore recommend that you use an independent online password manager - to create different strong passwords for each website account you create on this course. That way you can gain experience in using this technology (if you don't already use a password manager).
Advantages of using a password manager
A password manager is a software application that uses advanced encryption methods to securely store passwords. When using reliable online password managers, the administrators of the password manager website cannot view your passwords. Even if "crackers" get access to all the data on the site, they will not be able to decipher the encrypted passwords.
Password managers use a strong master password to access all your passwords for different websites, so you only need to remember one strong password. They can also generate strong random passwords for each online account you have.
We encourage the use of "independent online" password managers because they can typically be accessed on any device (desktop or laptop computer, or mobile device) you might use, regardless of brand/operating system, and any web browser you might use. The aim is that you never have to remember nor type in any of your passwords - they should be filled in for you (or available to 'copy and paste')
- in any browser you might want to use,
- across different devices, for example, your computer and mobile phone, and
- using optional 'two/multi-factor authentication' (2FA or MFA) to provide an extra layer of security - something you have or have access to, rather than something you know (e.g. a password) - by verifying your identity using a unique code sent via email or SMS each time you log in.
You're welcome to use your platform's or browser's password manager in addition to an independent online password manager, but beware that they can get 'out of sync' with your online password manager, creating problems around knowing which system to trust.
In this course, we recommend the use of Bitwarden, using their Basic Free Account for individuals -- because it is powered by free and open source software (FOSS). As a FOSS application, your institution or Ministry may provide access to a self-hosted version (using Vaultwarden, a community-maintained version of the Bitwarden server implementation). In the event that your Ministry or employer provides a hosted version, please follow the instructions provided for accessing this option; otherwise, use the free basic account offered through Bitwarden.
Stimulus resources
- Video: Bitwarden Password Manager Beginners' Guide
- Online instructions: Bitwarden Help Center
- Password security: Is the longest password always the best?
- Video tutorials: Bitwarden 101 Video Series
Optional activities
To get more value from using your Bitwarden account:
- Install the Bitwarden mobile application for your phone (Remember to sync (synchronise) your app with the passwords stored in your vault via the Settings --> Sync option.
- Install the Desktop application for your operating system (Windows, macOS or Linux) to provide vault functionality locally on your desktop.