Why you need a password manager (like 1Password) in 2020

Passwords are the pain of every user but almost every interaction you have with online services requires them. How often do you find you are being asked to come up with a password on the spot but yet remember them many months down the line.

Security Experts will agree that they need to be ‘strong’ and ‘unique’  and due to the ever-increasing number of data-breaches should also be changed as soon as they are potentially compromised.

As it turns out, to do this without generating a whole load of additional security risks by making notes in places you shouldn’t, can be a real challenge.

Our options when it comes to password creation tend to look something like this…

  1. Use the same password you used the other day (just this once of course!)
  2. Commit yourself to forgotten password recovery system hell by creating a unique and secure password without making a note of it.
  3. Employ the help of a tool designed to manage this whole thing for you.

Many of us give in to convenience and end up duplicating passwords, but at the risk of labouring the point, this really isn’t going to end well.

Still not convinced?

One site that highlights the dangers of duplicating passwords is ‘Have I been pwned’ which features a long list of companies who’ve suffered data breaches. It’s more a case of if, and not when – so being able to quickly limit the damage when a breach happens by changing just one password could be the thing that saves your bacon.

OK OK, I’ve got it.

So it’s agreed, we must listen to the experts – strong and unique is the way forward.

This means we’re going to need help with managing a large collection of often 100’s of passwords.

So, enter password managers – handy little utilities which take all of the legwork out of creating, storing and managing secure passwords. There are numerous great products out there that will do the job, but having researched a handful of the top ones, the one that stood out to us and the one we recommend is 1Password from Agilebits. 

So what does 1Password do?

1Password is not just an encrypted notepad with a big list of sites and passwords it’s much more useful than that.

Automatically Generate unique strong passwords

As soon as you need a new password simply click on the generate password option and copy the result. You can quickly choose a matching password policy to help generate compatible passwords for the sites you are using, but without ever having to remember the password generated

Automates the storing of login details

Whenever you either create a new login on a website or update any details the 1Password browser add-in will pop up and invite you to store those credentials so you don’t have to remember to.  used in conjunction to the password generator means you very rarely ever need to know the passwords you are using and makes it quick and easy to update account details as needed.

Auto-populate login details on sites

Visit a website that you have login credentials for and 1 Password will show you the login accounts you have saved for that sire under the browser add-on, with one click the details are auto-populated and login initiated, without anyone ever seeing the password in plain text.

Browser plugins

Plugs are available for all the main browsers so its quick and easy to get access to your passwords when you need them without having to open and unlock another application. Once logged in to the browser a plugin the session can be set to remain open to allow quick access to other login details.

Mobile apps

Having access to all your login details on the move is one of the most useful features of 1password. the Android and iOS apps make this extremely easy and if your device has a fingerprint scanner you don’t even have to remember a single password to unlock your vault and enter login details directly into websites and apps on the device.,

Watchtower reports

After importing your old browser save passwords into 1 password or after adding several manual login details its worth keeping an eye on the security reports that help highlight areas where you can further improve your security. For example, you can see duplicate sites where the same passwords are used ( never a good idea) but also alert when one of the websites you use gets compromised. this is a great way to be alerted to change those details asap.

Not just passwords

So you now have a great locked vault full of passwords, but it does not stop there. 1password is an ideal secure store for many more of your secure information such as bank card details, password and identity details, software licences, even just simple notes that you might need quick but secured access to.

Protected using a high level of encryption

1 Password uses AES-256 bit encryption and uses multiple techniques to protect your data at rest and in transit.  only you know your Master password and this alongside a security key generated on your device locks your 1Password vault from prying eyes. Not even 1Password themselves can see your information.

All you have to do is remember one strong master password

So what does it cost?

1Password is available in a variety of flavours, including a version for individuals and one for families with up to 5 users billed annually. This unlocks all features in all versions of the app, includes web access to your passwords, automatic syncing, sharing, permission control, and 1 GB of document storage.

For companies who require more advanced features such as sharing groups of login credentials between teams of users as well as a single administration console, there are three business plans available billed annually to completely bespoke packages for an enterprise.

Conclusion

1Password does a great job of easing the burden that is password management and although there’s a small amount of transition work involved to import old passwords, it didn’t take me long to reach a point where logins for the most frequently visited sites were updated

You’ll find loads of information along with a 30-day trial on the AgileBits site. so I highly recommend heading over there and taking a look for yourself.

Name and Shame – How to Identify Users with Weak Passwords in MDaemon

BackupAssist v9.0Weak passwords are the most common method by which email accounts and servers can become compromised by spammers. 

The great news is that Exchange alternative MDaemon Messaging Server, now offers an easy way to identify when somebody’s using one that isn’t secure via a simple but effective new reporting feature.

Whether you then decide to name and shame, or just to give them a friendly nudge is entirely up to your discretion! :).

Continue reading

Migrating an Archive Server (ASM) archive to MailStore

If you’ve used Achab’s Archive Server (ASM) software in the past and upgraded to MailStore, it’s highly likely you’ll be wanting to bring across that historic archived data to the new platform. There are two ways you can go about importing an external ASM archive to MailStore – either directly as files, or, via your MDaemon email server.

One of the limitations of importing directly into MailStore is that mail can’t be sorted on a per-user basis and instead the archive will have to reside under a single MailStore user account which you delegate access to via MailStore’s permissions system. It’s for this reason that we tend to recommend the second option and utilise the MDaemon server as an intermediary for MailStore to collect the old archive data from.

Continue reading

MDaemon 13 beta preview: Part 3 – Detect and stop hijacked MDaemon accounts

One of the more common customers support calls i get relates to MDaemon suddenly sending vast amounts of spam email. This floods the outbound Internet connection and everything crawls to a halt.

Secondary to this the server’s public IP address can get listed on various external SMTP blacklists which the customer then has to request removal from.

Continue reading