Manage secure passwords for all your online endeavors

Tomorrow is National Computer Security Day, 2012. This day was first recognized in 1988 and still serves as a reminder for all computer users to be safe and smart. Computer security is a huge topic, but I’ll use this post to focus on a single topic: online passwords.

Entirely too many people use easily-guessed passwords or even the same one over and over again. Neither practice is a good idea. In this post I’ll share one app I use to generate secure passwords without requiring me to memorize a single one. I’ll also share a few tips for people to keep in mind. Let’s get started.

1Password

I’ve been using 1Password from Agile Bits for a few years. I like it so much that I recommend it to everyone who uses online passwords. There’s so much to like about this software and almost everyone can use it: Mac owners, Windows users and even iPhone, iPad and Android users can get in on the security and piece of mind that 1Password offers. It has several great features, and the first is tipped off by the name.

One Password to Rule Them All

On your computer, 1Password has two components. The first is the app itself. This is the main repository for your passwords and more. You’ll use the application to enter information, change information and review it.

The other component lives in your web browser. This simple button lets you log into sites for which you’ve saved a password and username, as well as create new ones.

Of all the magic that 1Password performs, its greatest trick is that it only requires you to remember one password. This master password offers access to all the others. Once you’ve entered it, you can log into services like Facebook, Twitter, Amazon and just about anything else you can think of with a click. As long as you can remember the master password, there’s no need to memorize any of the others.

1Password also generates secure passwords. What do I mean by that? You pet’s name is not a secure password. Neither are your kids’ initials or your spouse’s birthday. Skip the name of the town you grew up in, too. In fact, almost anything you can pronounce and/or find in a dictionary is risky. Fortunately, 1Password can generate a secure password all on its own.

For example, say you’re visiting a new site that requires a password. Once you create an account with a username and password, 1Password’s browser add-on will notice what you’ve done and offer to generate a long password with numbers, letters and symbols (you tell it how long you want it to be, too). Let it do so and save the result by typing the master password. Presto! Your new account is in place with a password that isn’t easily guessed.

Sync across devices

1Password works on your Mac or Windows machine, and mobile apps are available for the iPhone, iPad and several Android devices. What’s great is that over-the-air sync keeps them continually up-to-date. If you create a new or updated password on your Mac, for example, that change will be reflected on your iPhone or Android device.

And, finally, it should go without saying, but no one was compensated to recommend this program. I’m seriously a user who likes the product.

More Than Passwords

1Password holds more than passwords and username. The desktop application can store account information, like iTunes or Google, notes you want to keep secure software registration information and even financial records and the like. It can even store your credit card information for easy completion on retail sites. It’s all secure and very handy.

Finally, one other benefit of using iPassword is that it eliminates the tendency to use the same password over and over.

Additional Tricks

I promise a couple of additional tricks for people who don’t want to use 1Password, and here we go. To create a reasonably secure password that you’ll be able to remember, shift your hands on the keyboard. Those of us who took a typing course remember the home keys: ASDFJKL;. Simply shift your hands one key to the right and start at SDFGKL;’. Now, type a long word or phrase that you’ll remember easily. Toss in a number or two and presto. You’ve got a password that looks like gobbledygook but is easy to recall.

Finally, here’s one for iPhone owners. You might know that you can type special characters by pressing and holding on certain keys. For example, press and hold on “o” to produce “ô”, “ö” or “ò”, among others. Use one or more of those when setting up your passcode to help ensure no one will ever guess it.

There you have it! Computer security is a huge topic, and using an app like 1Password is a small but crucial step in ensuring a safer web browsing experience.

24 Comments for “Manage secure passwords for all your online endeavors”

  1. posted by Mike on

    I have been using KeePass (http://keepass.info/index.html)for several years. It is free and has many features. There is also a portable version that can be installed on a USB drive. I use Dropbox to sync the data, however, since I cannot install software on my work computer (including Dropbox) I just run it from my USB drive.

  2. posted by Dusty @ Wine Logic on

    I use roboform for the same type of thing. It is a really great thing to have.

  3. posted by Kat on

    I am curious about this app, but would like to know how it is any safer than using the same password for all of your password needs. If this is carried on your phone, or dwells on your home computer, someone who compromises the one password would then have access to your Facebook, Paypal, Online Banking, email, Amazon account – everything. My email was recently compromised by what I believe was a simulated yahoo online pop-up that harvested my email password. Fortunately I was able to change my password after only one or two spam mails were sent out – I was very lucky the spammers who bought my harvested password did not lock me out of that account, and also lucky I did not use the same password for my banking or other accounts. I can imagine that it would be easy to simulate a pop-up for this master password, and then have access to all your accounts… Is there an explanation of how the program protects from that?

  4. posted by Doubter on

    one important fact that you forget in all of your euphoria: many people have to access websites from computers or devices that are not their own – and hence no 1Password installed. Most basic example would be visiting relatives and using their home computer. So you definitely need a portable solution like the one Mike suggests. But since more and more companies close down the USB ports on their computers, I am much more in favour of the alternatives that you suggest at the end of your post…

    And by the way, a good product review should always highlight the downsides as well!

  5. Profile photo of Erin Doland

    posted by Erin Doland on

    @Doubter — You should never be logging onto sites on computers that aren’t your own. The computer could have keystroke saving software or other spyware programs on it. Additionally, the web browsers could have cookies enabled that save all of your data and automatically import it the next time someone comes to that same site. Some sites, even if you log off them, if you simply hit the back arrow in the browser will let a user right back into your account. If you wish to be secure online, you shouldn’t be using computers that aren’t yours. And, if you are forced to use a computer that isn’t yours in an emergency, you should never be using a site that requires you to log into it. Even then, you should also delete all cookies, temporary files, and browser history before leaving the computer. The reason David didn’t address using other computers in his article is because that is extremely unsafe and an easy way to have your accounts hacked.

  6. posted by egirlrocks on

    Remember a line from your favorite childhood song or theme song from a fave TV show growing up? Use the first letters of the first 8 words of that line. If there are duplications, replace the second letter with a number. For example, “let me tell you all a story about a man named Jed” becomes “Lmtya2s34mnj”, or you can shorten it to 8 characters. Simple as that. Chances are no one will ever guess your password.

  7. posted by Gypsy Packer on

    If hackers want you, they will get you. Stiff passwords should be installed on routers as well as your online accounts. Even so, a serious black-hat can take you down, even if he has to use a fake Microsoft update download (I’ve had this one) to do damage.

  8. posted by neuromusic on

    @egirlrocks — yes, the problem though is when you’ve used that password on 35+ websites, including your bank, then one of those sites that uses poorer security gets hacked and the bad guys have your email address, username, and password which they can then start trying to use at random banks.

  9. posted by Roxanne on

    I use LastPass for the same thing, and it’s fantastic. If you’re on a computer that isn’t yours, you can just log in via the LastPass website and access your “vault” of passwords and copy/paste as needed.

  10. Profile photo of

    posted by monica on

    Good tips. I’m guilty of the one password for most sites. I have two that I use often, some sites, one, some sites the other, other sites both together. Otherwise I’ll never remember.

  11. posted by tba on

    I have my doubts about this kind of services, too. If you log in to a website or app to have access to all sites immediately, do you have to re-enter your master password after you’ve deleted your cookies? Web services like google+, gmail or facebook story any information about what you do in your webbrowser once you’ve logged into their sites, even after logging off again. For instance, once you’ve used facebook, facebook saves the urls of all pages you visit afterwards. The only way to avoid that they store all this information is to delete cookies after logging off. I do this all the time, basically logging into one site, doing what I have to do, log off, clear cookies, move on to next site.
    How do LastPass, 1Password and others perform after cookies have been deleted?

    I also second neuromusic’s doubts about having one password only. I guess it’s better to have different passwords for the really important sites and maybe one for the once that are not that important for you.

  12. posted by purpleBee on

    I am guilty of using the same password on some sites as I don’t mind if the password is stolen. But then I refuse to use internet banking until my computer security is as good as a bank”s secyrity (probably the year 3012), I don’t use facebook or any other social media sites.

    And I do use other people’s comouters as it saves me the ckutter of carrying an internet enamled laptop. Being a bit of a luddite I have only a basic cell phone which makes phone calls, sends texts and costs me $50 a year to run.

  13. posted by Carla on

    I just want to point out that what determines the security of a password is primarily length. Whether it’s the name of your pet or a string of random characters, if your password is only 8 characters, it can be broken with a brute force approach in short time (3 hours according to http://www.howsecureismypassword.net/)

    The focus should be on something you can remember but is quite long. Another tip for remembering different passwords on different sites is to use a strong base password then add the 2nd-4th characters of the name of the site to the end.

  14. posted by ninakk on

    I prefer my head. A password system is a life saver.

  15. Profile photo of

    posted by xhan on

    the online solutions are ok for the odd forum password but like mike I’m a fan of keepass.

    Its brilliant. You can even make it so you can’t open it unless you have a specific file and password.

    Its open source too and its all on your machine – there’s been a lot of security scares with these password companies recently and I’d rather not take the risk – no matter how lovely their UI is :P

  16. posted by anonymous on

    Obligatory xkcd reference

    http://xkcd.com/936/

  17. posted by Jay on

    Good tips.

    But 1Password would not work for my colleagues or myself. At work, people access various websites with passwords during lunch or breaks. We are not allowed to download software on our machines, and we are not allowed to use the USB ports.

  18. posted by ahuvah on

    I would suggest you take this to another level. I use mypermissions app to see what my networks are doing with my information and what access they are giving to others that I have not personally authorized. Frightening to see, really. And no, I do not work for them. I just hate knowing that FB et al feel comfortable using my information how they see fit.

    http://mypermissions.org/

  19. posted by Mackenzie on

    Another KeePass fan chiming in here. I use it on Kubuntu, OSX, Windows 8, and Android, sync’d using Dropbox. Since an attacker would need to A) get through my Dropbox password then B) get through my even longer KeePass encryption password…I figure it’s pretty safe.

  20. posted by clothespin on

    I go old school… Each site has it’s own post it note with the password on it. Put on notebook paper inside clear plastic sleeves (keeps from falling off) and inside a notebook by the computer. To change the password, I just replace the post it.

    This way, no one can hack my passwords on line. Yes, a theif could find it in my house but the odds of that happening are much less than something happening on line. Plus, this is a lot cheaper.

    One critical thought though – make sure to tell a family member how to access your accounts should the worst happen. The need to be able to shut down your facebook and email and…

  21. posted by alfred on

    I usually always save my password on my email. all this years I think this is the easiest way.

  22. posted by Ramesh on

    While 1Password is definitely a great product, I use Lastpass myself.

    The biggest reasons why I picked Lastpass, despite 1Password’s great interface, the availability of a hardware based two factor authentication mechanism such as Yubikey, as a means of protecting my master password.

    The sync via Dropbox, while convenient, shifts the responsibility for your data to a third party, whereas Lastpass by virtue of using their own servers have a better way of controlling it, and you have to argue that security is their “job” they get it right.

    One last thing… like some have pointed out, installing additional software on enterprise machines and sticking in USB keys are shunned in most work places. Lastpass, like Keepass, provides a myriad of ways to access your data – bookmarklets, extensions, plug-ins etc.

  23. posted by UshaM on

    I have a small 5×7 inch note book with 20-30 pages. I have alphabetized the pages. I write down the websites alphabetically along with username and passwords. I usually remember passwords for sites I use often and that are important.

  24. posted by cpragman on

    If you have an Apple computer, then Apple provides the Keychain app that essentially duplicates the 1Password features described in the article.
    Personally, I intentionally avoid accessing financial websites (paypal, amazon, banks, brokerages, e-bay, etc.) on any computer except the one(s) I own. I also don’t access those sites from my mobile devices. Therefore, no passwords to remember except my e-mail, dropbox, and throwaway passwords used for website forums.

Comments are closed.