Alright, so it’s time to log in to that site you’ve not used in a while.
Username and password? Yep, no problem…
….okay, what about B1ngoWozH1sNamo21?
It’s a familiar tale in this wonderful digital age in which we live – we’re surrounded by a bottomless pool of amazing websites and services, all climbing over one another to improve our lives, however, every one of the darned things requires a registration.
Why you need a password manager
The experts tell us that our passwords must be ‘strong’. They also tell us they must be ‘unique’. Sound advice I’m sure you’ll agree. How hard can it be to capitalise a letter and add a number here and there?
As it turns out, to do this without generating a whole load of additional security risks by making notes in places you shouldn’t, is nigh on impossible.
Our options tend to look something like this…
- Use the same password you used the other day (just this once of course!)
- Commit yourself to forgotten password recovery system hell by creating a unique and secure password without making a note of it.
- Employ the help of a tool designed to manage this whole thing for you.
Many of us give in to convenience and end up duplicating passwords, but at the risk of labouring the point, this really isn’t going to end well.
Still not convinced?
One site that highlights the dangers of duplicating passwords is ‘Have I been pwned’ which features a long list of companies who’ve suffered breaches. It’s more a case of if, and not when – so being able to quickly limit the damage when a breach happens by changing just one password could be the thing that saves your bacon.
OK OK, I’ve got it.
So it’s agreed, we must listen to the experts – strong and unique is the way forward.
This means we’re going to need help with managing our, what’s estimated to be on average, 19 passwords per person, according to the Norwegian Study for Information Security.
So, enter password managers – handy little utilities which take most of the legwork out of creating, storing and managing secure passwords.
(I should mention here that we aren’t affiliated with 1Password, we just use one in-house and believe it’s indispensable!)
What does a password manager do (apart from the obvious)?
- Automatically generates strong passwords
- Automates the storing of login details and passwords for online services
- Stores data in a highly encrypted format
- Hides passwords from view and auto-populates login details easily within the browser
- Removes the need to store strong passwords in your browser (cached)
- Makes passwords visible from multiple locations and devices
- Imports existing passwords in order to identify duplication/ weak ones
Why you need 1Password
There are numerous great products out there that will do the job, but having researched a handful of the top ones for us two years ago, and again more recently, the one we recommend is 1Password from Agilebits.
The first thing that attracted me to 1Password over alternatives was the method they use to store data. You create your password vault’ and then you decide where to store it.
If you only want to use 1Password on a single computer, that location might be a local or removable drive. The chances are you’ll want access from multiple devices, in which case you can simply upload that file to somewhere like Dropbox or Google Drive which the app will do for you.
Other password managers can provide this storage location which saves a few setup steps, but as you can imagine, this means they become targets for hackers and you’re basically at the mercy of their security procedures, something I wasn’t overly happy about.
1Password works with every device you’re likely to encounter which includes iOS and Android, as well as being one of the few products available for both the Mac and the PC.
Getting up and running is really easy, the first step being to create your ‘encrypted vault’, which requires you to come up with a strong and unique master password (yes, another one!). Developer AgileBits offer some help in choosing one on their blog, but the key thing here is that it’s the last password you’ll need to remember from this point on.
With the vault created, your next stop should be to download the browser extension. This detects the web site you’re visiting and gives you a direct link for auto-populating your stored username and password in the right places.
This really is magic – not only more secure but a real time saver too.
1Password will also automatically store any new registration details you enter into signup forms, providing you with a strong password and then saving that to your vault as shown in the pop-up below.
For the most part, you’ll never need to see the passwords you’re using – it’s pretty much all behind the scenes.
Below is a shot of the strong password generator – which lets you specify length, number of digits, symbols and letters etc.
It soon becomes second nature to choose the login from the preselected drop-down list for the domain of the site you are visiting.
You can also add the 1Password app for IOS and Android to provide similar functionality when on mobile devices, again sharing logins via the vault stored on your cloud storage platform.
The security audit
1Password imports any historic passwords saved in your browser. If your experience is anything close to mine, this will make for some uncomfortable viewing!
It’s a satisfying process to go through, however, and 1Password makes it easy, but there’s no escaping the stark reality of the results. You’ll see just how strong all of your passwords are and how many times you’ve used them on more than one occasion.
Yes, it’s the ultimate sales pitch, as the app highlights just how bad a job you did under your own steam and how different thing will be now you’ve got help!
1Password is available in a variety of flavours, including a version for individuals ($2.99 per month billed annually) and one for families with up to 5 users which is $4.99 per month billed annually. This unlocks all features in all versions of the app, includes web access to your passwords, automatic syncing, sharing, permission control, and 1 GB of document storage.
For companies who require more advanced features such as sharing between accounts and a single administration console, there are three plans available ranging from $3.99 per month billed annually to completely bespoke packages for an enterprise.
I was a little sceptical when we first started investigating password managers, convinced that they’d be a pain to use and likely to slow my workflow. Not for the first time, I couldn’t have been more wrong, and it’s now the first thing I load on any new machine or mobile device.
1Password does a great job of easing the burden that is password management and although there’s a small amount of transition work involved to update old passwords, it didn’t take me a long to reach a point where logins for the most frequently visited sites were updated.
You’ll find loads of information along with a 30-day trial on the AgileBits site. so I highly recommend heading over there and taking a look for yourself.
- 1Password – The Best Password Manager (Sweetsetup.com)
- The five best password managers of 2017 (PC Magazine UK)
- Report on the Lastpass vulnerability (The Guardian)