Mastering Password Managers

It goes without saying that everyone needs to use stronger passwords, and the best way to do that is with a password manager. The truth is, passwords that are hard to hack are very hard to remember, however you really do need long and complex passwords.

Top 3 Password Manager Apps for Android

That’s where password managers come in handy. There are all kinds of password managers out there, including some as basic as your browser’s rudimentary list of saved passwords list and some as elaborate as entire cloud systems that work across multiple devices and platforms.

All of these models have some basics in common: they store your passwords, they auto-fill details on login forms, and they keep your passwords encrypted in databases. The differences are where those databases are kept, the types of encryption and recovery options available.

Weaponized Math: Encrypted Passwords

Your browser can save passwords, but that often isn’t very secure. One of the main appeals of a password manager is that it saves all of your passwords behind one password in a single database.

Of course putting all your plain text passwords in one place isn’t much of a security measure in and of itself. Instead, your passwords must be encrypted, which secures your passwords. But since the amount of control over password databases can vary, you’ll want to figure out which model works best for you.

When boiled down, encryption is the use of math to disguise your data. The key used to transform the plaintext is randomly generated, the strength of the encryption is based on this key size in bits. In layman’s terms: the more bits, the more security. This is because the more compelx the key, the more complex the resulting output is.

Depending on the algorithm, that substitution is repeated. In certain cases, they key is transformed to further obscure the output. This process is creates what’s called a hash, which often has added salt—additional randomization added to the hashing process. This ensures the original value is completely obscured without the correct starting input, key, and salt.

There are additional factors like block size, initialization vectors, and other more advanced concepts. If you’re interested in the gory details, check out our detailed breakdown of encryption

Local Safes: Keeping Control

The best way to keep a secret is to never tell anyone. If you don’t want your passwords anywhere other than on your hard drive, a local password manager is your best option. This keeps your data on a device that you physically control, leaving your security directly in your own hands.

One of the more popular password managers is KeePass, an open source Windows solution with ports on Mac and Linux. It offers a lot of flexibility and control, including the ability to select between multiple encryption algorithms.

best password managers 2016 keepass

And if you’re looking for a complete escape from passwords, you can even use key files to unlock your passwords. (You put key files on a USB drive or other portable storage, then use the physical device as a key to authenticate with the machine.)

The downside to KeePass is the same as its strengths: you control the keys to the kingdom, so if you lose your key files or master password, you’re out of luck. In such a case, your only option would be to start over from scratch and set up every password again.

Your file is also limited to where you save it, so you’re responsible for any backups you want to maintain. If you want mobile sync, you’re going to need to do it manually (or with a separate syncing service like Dropbox) and a compatible reader on your tablet/phone. And if something goes wrong, you’re on your own.

Local managers give you a lot of security and control, but you lose a rescue plan and out-of-the-box portability.

Syncing Systems: Multiple Devices

If you’re juggling multiple devices with many passwords, keeping a master file locked on a PC somewhere is not the best solution — especially if you’re trying to log into Amazon on your phone or check your bank balance on your tablet. Don’t weaken the password just to make it more memorable!

That’s where hybrid approaches like 1Password come in, which uses Dropbox or your local network to automatically sync your password between devices. This gives you the ability to keep everything working across devices, but you are still the only one with the key to your data.

Image result for 1password logo

But you lose some of the crunchier options, such as multiple encryption algorithms and key file logins.

This fixes a lot of the downsides of the local-only option, as you can keep your phone, tablet, and computer all in sync. You’ll also need to trust Dropbox as a cloud host, though 1Password does add an extra layer of security on top with its own strong encryption, so you can rest assured of any security worries.

If you’re really worried about interceptors and other vectors of attack, you can just use your local network to synchronize your passwords across devices. You won’t have any hope of recovering a lost master password if you choose this route, but it does ensure that 1Password won’t have access either.

Cloud Services: Any Device, Anywhere

Keeping all of your passwords in the cloud requires a certain amount of trust in a company to do things the right way. My favorite choice here is LastPass.

LastPass keeps an encrypted copy of your password database in the cloud, making it available on almost every platform and browser imaginable. You will need a premium membership for several of their features, but the basics are there for free.

Image result for lastpass logo

Your devices do all of the encryption and decryption, ensuring that your master password is not on LastPass’s servers. If you don’t have access to the Web, a copy is cached locally so you can still unlock. There is an additional layer of protection in two-step verification as well.

You have to trust their security is as robust as promised, as LastPass makes for an obvious target for hackers. However, with a good master password and two-step verification enabled, you should be confident about the security of your password safe. And if you ever forget your password, you can recover your safe.

Literally the Least You Can Do

If you’re a Mac and/or iOS user, you already have access to a password manager built into your operating system: iCloud Keychain. This is an extension of the OS X keychain that uses iCloud to keep all of your passwords synced across devices.

Windows has a similar feature called Credential Manager, but it does not have the same cross-device syncing.

This is pretty comparable in terms of security to LastPass, but it’s limited to Apple devices. Unless you’re only running exclusively on Apple products, you’re going to be missing your passwords on some of your other devices, which can be a huge nuisance.

Yet even if you’re a big Apple fan, you still may not want to lock yourself into the platform because you never know what kind of other devices you may get in the future.

You Really Need a Password Manager

Unless you have an iron-clad memory, using different passwords across all of your accounts is going to prove difficult. Doing so with hard-to-crack passwords? Near impossible. Getting a password manager ensures that you can keep all of your accounts safe and secure using a single master password.

Find the model that works best with you and find the product that works best for your devices. Almost every manager has a free trial or free tier that you can try out. Once you’ve made your choice, go through all of your online accounts and update the passwords to be more complex.

That’s really all there is to it.

Share This:

Has Your Password Been Exposed ?

You know by now that you should be changing your passwords regularly. I have have been strongly recommending password managers for several years now. This is because every day there seems to be another cyber security crisis. If you haven’t changed your passwords recently, it’s now officially time: a massive database containing login credentials is floating around the internet.

Image result for password hack

We don’t know who’s behind the breach, but over 560 million leaked emails and passwords — 243.6 million unique email addresses — are compromised. First uncovered by the Kromtech Security Research Center, the leak has been confirmed by security researcher Troy Hunt, who created the “Have I Been Pwned” website.

What kind of information does it have?

The good news is, there hasn’t been a new hack: the trove of credentials is a collection of data from previous breaches at LinkedIn, DropBox, LastFM, MySpace, Adobe, Neopets, Tumblr and others. Some of these breaches are years old.

What makes this database troublesome from a security standpoint is how accessible it makes sensitive information. It basically compiled private data from various prior hacks to create one convenient database for hackers to illegally access.

Who is at risk?

Essentially, anyone who never updated their credentials at the time of the original breach. If you haven’t stayed on top of every hack and checked your status each and every time, then you could be at risk.

How to check if your credentials are compromised

The easiest way to see if your credentials are vulnerable is to go to Hunt’s site — Have I Been Pwned. Here, you can type in your email and find out if your email and password are safe or not.

Image result for pwned

You may have changed your password at the time of a given breach, but let’s be real: you may not remember. If you scroll below the results, the site shows you which breaches you were impacted by. To view information on sensitive breaches, subscription is required. If this is your first time on the site and you get the dreaded “Oh no—pwned!” message, then it’s best take a screenshot of the result and change your password immediately.

Why a screenshot? The site tells you how many “breached sites” it’s on (in other words, how many unique incidents took your credentials) and if there are any “pastes” — a paste is when the information is shared on a public website. Saving this information (you can also jot it down somewhere safely) can let you know in the future if you’ve been breached again if the information in the results change.

Don’t understand what’s going on? It’s okay. Just go change your email password to be safe. And be sure to create a strong password.

Share This:

Protecting Your Passwords with Ice Cream

As a reader of this fine technology blog you no doubt are taking your security seriously. One of the most important things you can do to protect your personal data is adopting a strong password plan. I have recommended LastPass many times in the past – and it remains my password manager of choice.

The problem has remained the same since the dawn of the internet. People generally do not always use effective passwords. They’ll often use things like their birthday or the name of their pet in their login information. To make matters worse, people have a tendency to use the same password for multiple accounts. This happens because birthdays and pets are easy to remember. The same goes for recycling the same password for multiple accounts. In an attempt to get users to create better passwords, some companies like Apple force them to include special characters, numbers, and an uppercase letter in the password. Browsers offer to remember your password for you and all you have to do is set a good one. Another solution is to use a password vault. A password vault is an app that stores your logins. It allows you to set complicated passwords and remember them.

If you have a shared computer, multiple vaults can be used to separately store information for everyone that uses it. The vault locks itself automatically after a set period of time. If you walk away form your computer and forget to lock it, the vault and the information in it will still be safe.

Storing Information

Ice Cream Password Manager lets you store more than just your login information and it’s duly sorted by the type of information it is. You can mark information that you frequently use as a ‘Favorite’ but it is otherwise sorted into categories like Login, Credit cards, bank accounts, identities, passports, etc.

These categories don’t just sort information. Each one has fields that make it easy to enter information. For example, the passport category has essential fields like issuing authority, the date it’s been issued and when it will expire, your date of birth, etc.

Similarly, the Bank accounts category has fields for entering your bank’s Swift code and your account’s IBAN number. What this essentially ensures is that you enter all relevant information that’s related to an entry. You might have to take the time out to fill it all in but once that’s done, you’re never going to have to search online or through physical papers to locate the information you need.

Desktop App And Chrome Extension

The desktop app and Chrome extension don’t need one another to function but, if you have both of them installed your information is synced. The extension makes it easier for you to add login information. Every time you log in to a new domain, the extension offers to save it.

One advantage that comes with the Chrome extension is that it has a password generator. The password generator doesn’t just give you a random password. You can specify the length and how many special characters you need in your password.

The Chrome extension syncs all the vaults you’ve created, password and all. Like the desktop app, the Chrome extension locks itself after a period of inactivity and you need to enter your vault password to access your information.

Backup

Ice Cream Password Manager lets you schedule regular backups. In fact, you can keep multiple, incremental copies of your data.

Additionally, you can sync your information with Dropbox.

Security

I mentioned early on that the Ice Cream Password Manager automatically locks itself after a period of inactivity. The app lets you choose what that period of inactivity is. You can also set it to automatically clear the clipboard one minute after you’ve copied any information from your vault.

Shortcomings

Ice Cream Password Manager is an overall well developed app. It has a couple shortcomings. (1) it doesn’t lock down characters for known fields. For example, passport numbers are only 9 characters long. Similarly, IBAN codes are 14 characters long. In both these fields, you can enter as many characters as you like. This is problematic because you might accidentally repeat a character when entering your information and never know it happened until you try and use it.

(2) Another problem is that there is NO mobile app. We often need our passwords while on the run and this is a serious flaw. However if you want a free password manager this looks like a fairly good option and hopefully a mobile app is on the way.

Ice Cream Password Manager is pretty well made. It’s stable and the information is quick to sync between desktop and browser. There’s a Firefox add-on in the works so there isn’t much left wanting. If you struggle with remembering your password, or your purposefully keep simple ones, give this app a try. It will help you set complicated passwords and remember them. It will also make sure you always have all your important information in digital form on your computer at all times.

You can learn more about Ice Cream Password Manager here.

Share This:

Worst Passwords EVER!

In its sixth annual Worst Passwords report, SplashData, a provider of various security applications and services, listed the 25 weak and easy-to-guess passwords most frequently posted on various hacker forums and websites.

Related image

Presenting the list of the top 25 bad passwords people use. I hope that known of you, my dedicated readers are relying on any of these to protect your information.

  1. 123456
  2. password
  3. 12345
  4. 12345678
  5. football
  6. qwerty
  7. 1234567890
  8. 1234567
  9. princess
  10. 1234
  11. login
  12. welcome
  13. solo
  14. abc123
  15. admin
  16. 121212
  17. flower
  18. passw0rd
  19. dragon
  20. sunshine
  21. master
  22. hottie
  23. loveme
  24. zaq1zaq1
  25. password1

The list is based on 5 million leaked passwords, and almost 4% of hacked users used “123456” as their password of choice while more than 10% used another from the list.

Most had a single word password, which is a dream come true for any hacker planning a quick and effective dictionary attack. Using this method, a hacker pretends to be the user and tries to log into their account, using a predetermined set of words or phrases from a list called “dictionary”.

Frequent usage also applies to another group of passwords on the list: sequences. “123456”, “qwerty” or “zaq1zaq1” are key sequences, which means the used symbols are near one another on the physical keyboard. This kind of passwords is another dictionary favorite, but is also susceptible to a brute force attack. This tactic is similar to a dictionary attack, since it also happens on the login screen, but instead of using ready-made lists, a hacker uses a special algorithm which attempts to enter different character combinations until a password match is found (i.e. attacker will try using “1234”, then “12345”, etc.).

I recommend again friends, take the time to select a good password manager and use distinct, unique & complex passwords for all of your online accounts. The time you spend doing this may save you much hard-ache later.  You can check out our previous articles regarding password managers here.

Share This:

OneLogin Hacked

Its the same old story all over again. Another online company has been hacked and thousands of accounts exposed. This time, ironically it was a “password manager” services company that was hacked.

Image result for onelogin hack

Password manager OneLogin suffered a massive data breach Wednesday, and the attackers may have gained access to sensitive customer data, such as login information for a variety of companies. OneLogin manages login credentials for a variety of cloud applications for more than 2,000 enterprise clients.

OneLogin has stated that its investigation is ongoing, wrote on its blog Wednesday that the attacker was able to access database tables that contain information about users, apps, and various types of keys. “While we encrypt certain sensitive data at rest, at this time we cannot rule out the possibility that the threat actor also obtained the ability to decrypt data,” the company wrote in a letter to clients.

The attack began on May 31 when a malicious actor somehow obtained access to a set of Amazon Web Services (AWS) keys and used them to access the AWS API from an intermediate host with another, smaller service provider in the U.S., according to the company.

Through the API, the attacker was then able to create several instances of the company’s IT infrastructure to probe the company’s system. The company said it was alerted to the unusual database activity seven hours later, at which point it shut down access to the affected instance and the AWS keys associated with it. The breach is thought to be enormous, as all of company’s data centers in the U.S. were hacked.

The possibility that the hacker may have obtained enough data to decrypt the encrypted credentials, meanwhile, could mean that thousands of businesses, including Yelp and Pinterest, may need to change their login information for every cloud service they use.

The details are still hazy, and OneLogin has yet to make a public announcement about exactly what data has been stolen. But in the meantime, the company has apparently contacted all of its clients to advise that they immediately reset any passwords stored on OneLogin’s servers.

This is not the first time that OneLogin has suffered a breach in recent months. The company also suffered a breach from July to August when an attacker using a OneLogin employee’s password was able hack its servers and access company analytics and logs.

Share This:

Mastering Password Managers

With this past week’s WannaCry ransomware scare I thought I would take a little time, again to write about how incredibly important password management is to the security of your data. Passwords are of course, inconvenient, time consuming and memory challenging which is why many people do not handle them seriously. However without good password management you are seriously taking a chance with your security.

I also wrote earlier this week that Microsoft is looking to kill passwords altogether for their services, however we are not exactly sure when that is going to happen and Microsoft not withstanding passwords are going to be around for quite a while yet… so you might as well master them.

Here areof my favorite password management applications, each with a free option. My favorite is LastPass, however each will do the trick if you want to lock out the cyber-criminals from getting a hold of your data.


Image result for lastpass logo png

 

There are two versions of LastPass – free and premium. Both can store an unlimited number of account logins in a secure vault protected by a master password, will complete online forms for you automatically, and can employ multi-factor authentication.

The premium edition also syncs across multiple devices, stores passwords for desktop programs, and lets you share secured folders with other people. with customizable permissions.

One of LastPass’s best features is its ability to generate strong, unguessable passwords for all your accounts, which it then stores for you. There’s no need to remember long, awkward streams of characters, or re-use the same password for multiple accounts. It’s a class act.


Image result for dashlane png

Dashlane is LastPass’s most serious rival, and like LastPass it’s absolutely superb with strong password security, exceptional ease of use and ability to store notes for future reference.

In addition to the Windows desktop password manager, there are browser plugins and mobile versions, and as with LastPass there’s a premium edition of Dashlane that adds unlimited syncing and sharing.

The premium edition of Dashlane costs US$39.99 per year, but the free version provides all the essentials: you get the core password manager, autofill and digital wallet features, all of which work flawlessly.


 

Image result for roboform logo

RoboForm claims to be the world’s best password manager, though its free version only lets you store up to 10 logins and lacks the breadth of features offered by some of its rivals. If you need to store more passwords, a premium account costs US$9.95 for the first year, though the mobile apps are free.

It’s available for Windows, Mac, iOS and Android, and is a good option for anybody who wants a simple and secure way to sync passwords between desktop, laptop and mobile devices.

RoboForm doesn’t have quite the same features lists as Dashlane or LastPass, but it’s a very good tool nonetheless and the free mobile apps are excellent.


Image result for keepass logo png

It isn’t the prettiest password manager around, but KeePass Password Safe is both free and open source with strong security, multiple user support and a whole bunch of plugins to expand the app further.

The password manager is small enough to run from USB without installing on a PC, it can input from and output to a wide range of file formats and there are stacks of customization options to play with.

The fact that KeePass Password Safe is open source means anybody can inspect the code for potential weaknesses, which means that any security issues can be identified and fixed quickly. It’s a great little app, if a bit intimidating for absolute beginners.


Image result for sticky password logo

Sticky Password comes from the team behind AVG Antivirus, so you can be confident that security is its top priority.

There are two versions of Sticky Password: free and premium. The latter adds cloud syncing and backup, and costs US$29.99, £19.99 (about AU$40) a year. There’s also a lifetime license available for $149.99, £96.99 (about AU$200) – an option not offered by any other premium password manager.

The app works on PC, Mac, Android and iOS, supports fingerprint authentication on mobile, is available as a portable USB version and offers lots of synchronisation options including Wi-Fi syncing with local devices. It doesn’t support the Edge browser just yet but it will once the Anniversary Update introduces extension support.


There you go. Give these a try. Anyone of them will help you lock down your accounts, secure your data and perhaps prevent a security disaster from impacting you. The time you spend doing this will be well spent… believe me.

Share This:

It’s Time to Change Your Password… Again

Looks like it’s time to change passwords again. Security researchers have discovered a massive database of login credentials, over 560 million emails and passwords  to be exact, put together by an unknown person. All of the information is unsecured.

Image result for security passwords

The database was discovered by the Kromtech Security Research Center. Most of the information is already easily available, which allows users to see if their accounts have been compromised in previous data breaches.

That means most of the information contained on this database was compromised during other incidents at sites such as LinkedIn, LastFM, Tumblr, and Dropbox. So if you didn’t change your password recently on any of those sites it is definitely the time to do it.

No one knows who actually put the database together, but the researchers are calling them “Eddie” after a user profile name in the data.

Share This:

Microsoft’s Eyes the End of Passwords

Passwords were expected to have died a long time ago, but they have managed to hold on for over two decades, which is very surprising. Thirteen years ago Bill Gates declared that “passwords were passé”. Now Microsoft is introducing a replacement for the outmoded authentication system.

Image result for passwords

For years, organizations have sought to educate employees about the importance of secure passwords and of resisting phishing attacks which often fails.

Phishing and similar attacks using e-mail continue to rise each year. Clearly, the constant haranguing by technology professionals to employees to change their passwords and make them more complicated, as well as their pleas not to click on suspicious links/attachments, are falling on deaf ears.

Complicated Passwords – Just to Much Work?

Indeed, the only way passwords can be effective, according to NIST, the US National Institute for Standards and Technology, is by requiring users to come up with 16 character (preferably a mix of letters and digits, with some capital letters and/or alphanumeric symbols thrown in) standard passwords, allowing for as many as 64 characters, instead of the eight to 16 character range most organizations require for passwords today. We have enough trouble getting people to remember eight characters; can we really rely on peoples’ memories to remember 16, 20, or more?

This is why I have been recommending – if not pleading to my co-workers, family, friends and readers of this publication to rely on password managers like “LastPass” to help them with this.

In addition to all this, passwords have another major weakness. They are extremely inappropriate for mobile users. Already in 2015, mobile searches began outpacing desktop searches, and by the end of this year mobile e-commerce revenues are expected to match revenues from desktop/laptop engagements. By 2018 it is expected that mobile users will surpass desktop users.

For many people, using passwords on their mobile devices is just too much trouble. Numerous surveys have consistently shown that about a third of Android device users do not even bother to lock their screens with a password which is considered one of the most basic security moves.

Image result for Microsoft Authenticator

Microsoft’s New Password Solution

The replacement for passwords according to Microsoft is its new updated Microsoft Authenticator, a push authentication system that “shifts the security burden from your memory to your device.” Instead of typing in a password, “which can be forgotten, phished, or compromised,” users simply respond to a push notification when they try to access their Microsoft account. Besides being more secure than a password, push authentication “is easier than standard two-step verification” as well, says the company.

If implemented correctly, this system is a lot more secure than the one that prevails now, where users login with their password, since there are now two or more factors that are being used to authenticate the user, rather than just a single factor which is the “something a user knows” (their password).

Microsoft as well as Apple & Google (both have similar projects) have set an industry trend in mobile authentication to replace passwords. Will users finally let go of passwords? I actually believe they are – it just can’t be too complicated or time consuming if their is to be industry changing adoption.

Share This:

Yahoo! Hacked… Again

Share This:

Yahoo has been hacked… again. News that the company was breached back in 2013, and the personal information of more than one billion of its users was stolen, should serve as a reminder that everyone’s email and personal information is vulnerable to hacking.

yahoo-data-breach

Safeguards you can take include creating strong passwords and changing them regularly. If you do not manage your passwords properly, you could be putting your personal or financial information and our identity at risk.

Protecting Yourself with Strong Password Management

The more complicated and lengthy a password is, the harder it will be for hackers to guess.

Don’t include your kids’ names, birthdays or references to any other personal details. Hackers routinely troll Facebook and Twitter for clues to passwords like these. Obvious and default passwords such as “Password123” are also bad, as are words commonly found in dictionaries, as these are used in programs hackers have to automate guesses.

Long and random combinations of letters, numbers and other characters work best.

Your password reset questions should be as unique as possible too, and don’t be tempted to recycle those either. This was some of the information stolen in the Yahoo hack. And with the help of social media, it’s not hard for hackers to find those little personal tidbits like what your mother’s maiden name is, or the name of your hometown.

Reusing Old Passwords?

No. Avoid using the same password for multiple sites, so that a break of your school’s PTA site wouldn’t lead hackers to your online banking account.

You can make things easier on yourself by using a password-manager service such as LastPass. Password managers can remember complex passwords for you — but you have to trust them.

Changing Your Passwords

While some security experts argue that it’s more important to pick a complicated password than to change them frequently, if you haven’t changed your Yahoo password since 2013 do it now.

And even if you have changed your Yahoo password in the last three years, you might want to do it anyway. Breaches are often worse than they first appear. LinkedIn disclosed earlier this year that a 2012 breach affected 117 million accounts — not the 6.5 million previously thought.

Multi-Factor Identification

Multi-factor identification — which asks users to enter a second form of identification, such as a code texted to their phone — will provide additional protections. It’s now commonplace for many email and social media accounts.

Even if hackers manage to get your password they still need your phone with the texted code.

Closing Old Accounts

Delete or deactivate accounts you no longer use. Has your Yahoo email account been filled with spam since before the invention of smartphones? Maybe it’s time to say goodbye.

You can learn more about LastPass here.

Share This:

Another Reason to Consider LastPass

Security. I talk about it here. Managing your passwords. Mission Critical. I revisit this topic regularly because it is so important. One of my favorite solutions for getting control of your online security is LastPass.  Today LastPass just got a little cheaper.

LastPass announced today that you will no longer need a paid Premium account to access the service on multiple devices. This feature is now free for everyone.

“Starting today, you can use LastPass on any device, anywhere, for free,” LastPass’s Joe Siegrist writes in the LastPass blog. “No matter where you need your passwords—on your desktop, laptop, tablet, or phone—you can rely on LastPass to sync them for you, for free. Anything you save to LastPass on one device is instantly available to you on any other device you use.”

This is great news for anyone who relies on the security and availability of LastPass—which both generates and stores complex passwords for multiple services—but can’t afford the Premium service. Granted, Premium is a reasonable $12 per year.

If you’re already using the free LastPass service, which previously limited the number of devices you could use, you’re all set: You can now use the service across an unlimited number of devices. If you were previously paying for LastPass Premium to use this feature, you just need to wait until your Premium subscription expires; at that time, your account will automatically convert to a free account.

That said, LastPass Premium still provides enough functionality to more than warrant its cost. Features include:

  • Family password sharing with up to five users
  • Ad-free experience
  • Yubikey and Sesame 2FA options
  • Priority tech support
  • LastPass for applications
  • Desktop fingerprint identification
  • 1 GB of encrypted file storage

You can find out more at the LastPass web site.

Share This:

1 2 3 4