As our lives become increasingly reliant on the internet we need to remember more and more passwords and usernames and as the frequency of on-line criminal activity increases so does the need to have passwords and user names, especially passwords, that are hard to guess and that are not repeated from one place to another. Adding to the complication is the fact that sites have different requirements in terms of length and content – must be minimum 8 digits long, must contain capital & lower case, must contain numbers and letters, symbols. The problem is how to remember them all or if you can’t then how to record them somewhere so you can look them up when needed.
Remembering them all is easy if you don’t worry about security. For example, I could use as my main password sophia and supplement this depending on the needs of the site to be sophia12, Sophia, Sophia12, $ophiA1234, etc… The trouble is that if anyone guesses or finds out one of them then it would take them all of 2 minutes to work out the rest and what starts as a problem with something unimportant like Facebook becomes an empty bank account.
Until a few months ago my security was fairly lax but, thank God, I was lucky and nothing nasty happened. It was worrying me though because I knew it wasn’t good enough plus the sheer quantity of things I needed to remember was getting hard to manage anyway. I used to keep all the data written in a text / Word document which was housed on Evernote. This allowed me to access it both at home and via my iPhone / iPad and it had a certain level of security as Evernote needed a code to open and then the file was encrypted with a password. My passwords were not all the same but the majority of them were variations on about three or four themes. I read a few comments about password managers and decided now was a good time to improve both security and usability.
I had read more good comments about 1Password than anything else but the cost was putting me off – $49.99 for the Mac plus another $17.99 for the iPhone app seemed like too much. Second most comments were about LastPass and this was free for the Mac and only $12 a year to add the app so I decided to try that first.
The initial test went swimmingly so I put everything on LastPass and used it to generate new passwords for all important sites. Then came the day one of my bank accounts asked me to change the password, no problem I thought and pressed away at the “generate password” button, then inserted it into the form and finished my business. When I went back to the account a while later it told me the password was wrong and despite trying everything I could think of, old password, newly recorded password, history of passwords generated…nothing was working and the bank account was frozen!! Eeek. To fix this required a personal visit to the bank, with passport, where they gave me a one-time password for me to open things up. Pain in the arse.
I have no idea what happened. I thought I was following correct process, generate a password, fill the fields, off we go, but something went wrong and suddenly these password managers were looking like more of a liability than an asset. I should add that LastPass had been slightly irritating before this point. It looked like if you were using Chrome on a Windows machine it would be extremely happy but using Safari on a Mac was not as smooth as it should be. It just seemed like good amateur level stuff, which I suppose is reflected in the price.
Having lost faith in LastPass but having seen enough to know idea of a password manager was a good one, I decided to swallow the cost and try 1Password.
Unfortunately, LastPass had one parting blow in its inability to export a file that could be imported by 1Password or to be fair perhaps the other way around but whoever is at fault it meant I had to manually reenter all the data into 1Password – that’s 72 items, log in details, card details, secure notes, etc.
1Password seems like it is better built than LastPass and is certainly happier working with Safari and my Mac. So far I have not had a problem when using it to change passwords. There was one occasion where the new password did not get properly recorded in the log-in details but it was easily fixed because it also showed me passwords that had been generated for this site and the correct one was one of those. If there is one thing about using these managers that you should be extremely careful about it is changing passwords on the fly. Take care, go slowly, record the new password somewhere and test the site again shortly after doing it.
So how do these things work?
You can record all kinds of information but the three I’m using regularly are:
- Log In details – username and password for any site. When you open the web page 1Password will recognise the address, lets say Facebook, and if you click the icon in the browser menu you get a drop down menu the top option being Facebook. Click on that and it will insert you username and password and launch the site. LastPass used to do this automatically, some of the time. Might be that 1Password can do this as well but I have not bothered finding out how.
- Secure notes – just plain old text notes, anything you want.
- Card details – credit cards, etc.
You can also enter things like Identities, Driver Licences, Passports and so forth.
They also have the ability to generate strong passwords of any length and complexity you want so now all my passwords are not Sophia123 but are things like gRT4*bw77*WJ4np2Y5^%HH3.
These strong passwords are impossible to remember but you don’t have to. The password manager has a master password to open up the vault and that’s the only one you need to remember.
I do not have a back up anywhere on a piece of paper tucked under the sofa. I do not use the cloud for synching between phone and Mac – done locally wirelessly – so my security is now down to the simple question of how secure is 1Password. There’s some stuff to read on that here.
When you run 1Password for the first time, you create a Master Password that is used to encrypt your data. No one will be able to view your passwords or other confidential information without knowing the password. All you need to do to stay secure is to pick one strong password and commit it to memory. Since it is only a single password, you can make it long and unpredictable.
….your data is encrypted using AES, the same state-of-the-art encryption algorithm used as the national standard in the United States. 1Password uses 128-bit keys for encryption, which means that it would take millions of years for a criminal to decrypt your data using a brute force attack.
One final point that I have just reminded myself of is the matter of automatic logging off from the password manager. This was one of the annoyances with LastPass because it was never very reliable at doing this. At the beginning it wouldn’t log off at all but finally I was pointed to the right download, which helped but not entirely. I couldn’t see the point of all this security if the damn thing was always open on my home Mac! Suffice to say, 1Password is far better at this and always logs off when you think it should, requiring reentry of the master password.