App of the Week: 1Password

So far today, I've logged into a dozen or so accounts on the Internet. I've logged in from my iPhone, my iPad, and my Macs. I've done some shopping, commented on some blog posts, reviewed RSS feeds, and more. Every one of the accounts has a complex password made up of a random set of numbers, letters, and punctuation. As an expert in cybersecurity, it'd be pretty embarrassing to have my accounts cracked. So, I'm careful. And the most useful tool in my arsenal is 1Password. When you do log into your accounts, how do you do it? Do you use one password for multiple accounts? Are your passwords easy for you to remember? How can you be sure they won't be easily guessed?

While there are a number of strategies for coming up with strong passwords, like this one from xkcd:

there are alternatives in the form of applications like 1Password that simplify the entire process, and given the large set of accounts we all typically have, I highly recommend it.

1Password is one of a set of applications called "password vaults" or "password managers." These applications provide a number of functions related to passwords and related sensitive information like credit cards, including encryption, generation, storage, and retrieval. From my perspective, having a password manager is a critical step in protecting yourself online.

1Password Workflow

1Password provides a broader range of functions than I use every day, and some that I don't use at all, but it is an application that I use multiple times every day on each of my devices. Here's the general workflow:

  • When I visit a new web site and create an account, I use the 1Password icon in my browser to generate a new password. 1Password prompts me for my 1Password master password to unlock the application, then allows me to generate a password with whatever characteristics I prefer. I typically use passwords that are as long as the site will accept, and as complex as it will accept, including upper- and lower-case letters, symbols, and numerals. 1Password will automatically fill in the password as I'm creating the account. 
  • When I submit the new account information, 1Password remembers the new account, including the username and password. It prompts me to store that information into the 1Password database. 
  • The next time I visit the site, I use the 1Password icon to fill my username and password.

The result of this workflow is the following:

  1. I only have to remember one password (hence the name!): the password to unlock 1Password.
  2. The password for the sites are on all of my devices, synced all the time.
  3. All of the passwords are use are long random strings of characters that are for all practical purposes impossible to guess or brute-force crack.

1Password offers a number of methods to keep your database synced across all of your devices, including Dropbox and iCloud. They also offer applications on iOS, OS X, and Windows.

I count 1Password as one of my essential applications, and you should, too.