Initial Customer Portal Setup
Passwords and Secrets - Best Practices Guide
Creating and Managing Passwords and Secrets
What is a secret? A secret is any value that is meant to be secured and not seen by others. Passwords are an example of a secret, but so are API Keys, Private Encryption keys, and other items such as Database connection strings.
Let’s Talk Password Managers
Remembering passwords can be pretty difficult, especially considering my Password Manager has over 120 entries. It’s not realistic to expect myself or anyone to remember that many unique passwords. You are using unique passwords right? I find it’s much easier to remember one really complex password :). There is a wide range of options on the market but not all of them were created equally. For example, LastPass has had multiple cybersecurity incidents since 2020 losing customer data stored in unencrypted text fields. Password Managers built into Chrome, Edge, Firefox, Safari, and well any web browser can be easily and silently exfiltrated with javascript.
Bitwarden - Cloud-based with multi-platform support. Can be self-hosted and currently no known vulnerabilities.
ProtonPass - Cloud-based with multi-platform support. Open source code base. Currently no known vulnerabilities.
1password - Cloud-based with multi-platform support. Currently no known vulnerabilities.
KeepassXC - Local application. Open source. Windows, MacOS, Linux support.
Keepass - Local application. Open source. Windows support only. No native MFA support.
Recommended Practices
- Secure your Password Manager with 2x individual Yubikeys.
- Secure one of the Yubikeys in a safe or offsite.
- Add all known online identities and accounts into the Password Manager.
- Use the Password Manager to create strong passphrases for all online identities and accounts.
- Enable Multi-Factor Authentication on all accounts.
- Use the TOTP Authenticator inside your Password Manager.
- Add TOTP Secret Key into the Notes section of the entry as a fail safe in your Password Manager.
- Add Backup or Recovery codes into the Notes section of the entry in your Password Manager.
- Rotate Passwords & Secrets yearly.
AllRoadsLead2Denver2024$ is a better password than 9%P@*Jd1acft. Its easier to read and type!
Avoids common patterns, dictionary words, and predictable substitutions.
-
Password is a bad password, but so is
P@ssw0rdbecause it is a common substitution. Making it suseptible to guessing, brute-force, and dictionary attacks. -
Ensure all accounts have a uniqiue password.
-
Avoid Cellular-based Multi-Factor Authentication! They are succeptible to spoofing.
References
NIST Special Publication 800-63C – Digital Identity Guidelines
have i been pwned? - Check if your email has been exposed in an online data breach.
2025
Helpdesk Abuse Identified
Helpdesk Form Abuse Incident Report
Microsoft O365 vs Google Workspace for North Dakota Small Businesses
Learn about the differences between Microsoft Office365 and Google Workspace. Aimed at Small Business Owners.
2025 Holiday Plans
BlueBotPC’s 2025 Planned Holiday Business Hours
2024
DNS Records required for custom Domain Email
Learn how to setup DNS to enable email for your domain!
Passwords and Secrets - Best Practices Guide
BlueBotPC’s official guide to Passwords and Secrets Management.
2024 Holiday Hours
BlueBotPC 2024 Holiday Business Hours
Where to Purchase a Domain in 2024
BlueBotPCs preffered Domain Registrars in 2024!
CVE-2024-3094 XZ Vulnerability Report
BlueBotPCs responding to the XZ vulnerability.
6 Software Tools for IT Techs in 2024
6 Software Tools BlueBotPC uses everyday!
Home Network Troubleshooting
Home Networking 101 - A Basic Network Troubleshooting Guide
New Discord!
Announcing Official Discord Server
Non-Bot Pledge
Nonbot. Our Commitment to Human-made Content
2023
2023 Holiday Hours
BlueBotPC 2023 Holiday Business Hours
2023 New Datacenters!
New Data Centers in Chicago and Washington DC