Sunday, March 27, 2011

1Password Review

This is a review of a password-management program that I wrote for the April issue of PMUG Mouse Tracks. If you hate dealing with passwords as much as I do, you will want to learn and use this program.



by Michael Pearce

I got hooked on this program after the publisher presented at PMUG last year. It finally motivated me to quit using the strategy of using the same password for all junk sites, and a more complex one for banking and commerce.

Everyone does this. Nobody likes to deal with passwords, and most people forget to write down their important ones, letting the web browser store and fill them for you. This is why so many get hacked; and figuring out what you use for one web site lets the maliciously-minded explore other sites with the same one. Each site stores another piece of your identity so it can be possible to discover your home address, phone number, mother's maiden name, first pet's name, work place and everything else needed to attack your bank's site, or crack your Amazon or iTunes account.

1Password eliminates this problem entirely by generating, filling and storing a different complex password for every web site you subscribe to. You need only create and memorize a single passphrase to access the application and it does the rest. For this, the most secure route is to create an pass-sentence of 3 or 4 words, no spaces, with the first letter of each capitalized. No dictionary attack is going to figure that out.

The program will not only store all your website logins, but it will also store your credit card info and fill it out for you on any web form. It has a Secure Notes section where you can write out all that information in English so you can look it up directly whenever you need to. Notes can also store all your serial numbers in case you need to reinstall an application and re-enter your number. All this is encrypted so no one, even if they steal your laptop or break into your house, can get into the 1Password database without your secret passphrase.

If you have an iPhone you can also get a version for it, and coupled with the Dropbox application, store a copy of your database on the phone and on the Dropbox web site.

I have never needed to access that remotely stored info, and don't use the phone for web very often, but many do and they will find this added security very handy. The only difficult part will be using the iPhone's pathetic keyboard screen for typing your passphrase. You might be able to use Smile Software's TextExpander to do that for you, but that could increase your risk a tad.

The Strong Password Generator, an option in the 1P button in your web browser, is simplicity itself. Pick the number of desired characters and the complexity and it creates one for you, saves it under the name you choose along with your login name for the desired web site. Afterwards, when you go to the site's login window, just click the button and choose Fill and Submit Login and it does the work for you. When the browser asks you if you want to save the info for you, click Never for This Site and it won't ask again.

After you have finished creating new passwords for all your logins, go into the browser preferences (Safari: Autofill) then click Usernames and Passwords' Edit button. Click Remove All and you are done. If you then uncheck the box next to Usernames and Passwords it will stop asking, even when you visit new sites for the first time.

This button is added to your Safari window. A similar one is added to Firefox.

This menu appears with appropriate items for the web page you want to log into.

First thing you see when you start 1Password.

One of the options when open: This is where your login information for all your websites is stored. You can update this at will, or when on the site (for instance, when you change your password.)

This window generates a new password that is random and virtually uncrackable. You have several options that can be imposed on it, depending on site requirements.

1 comment:

Houxie said...

I've read several reviews of 1password and none of them discuss
if this site is secure and safe. Maybe it's easy to hack. I'd be afraid of using it
would still rather write down the passwords.