Your password is probably not secure.
As Bruce Schneier says, “Pretty much anything that can be remembered can be cracked.” That post is almost 5 years old but the advice it contains still holds up.
Even if your password is secure—let’s say you have a randomly-generated 20-character password committed to memory—do you trust all the websites on which you use that password? If a website that knows your password gets hacked, will hackers who now have your secure password be able to use it to buy things on e-commerce sites? Access your bank account? Log in to your insurance provider’s website?
You’ve probably heard the advice to change your password regularly to help foil hackers. Unfortunately, that’s not particularly good advice and, in fact, could cause you to choose weaker passwords. No, the best defense is to create a unique, long, randomly-generated password … for each website on which you have an account.
To make that happen, you could keep a notebook with all of your passwords. But it’s a lot quicker (and less maddening) to use a password manager.
What’s a Password Manager?
A password manager is a piece of software that helps you create, store, and use secure passwords. It’s like a cheat sheet with all of your passwords, keeping them safe and secure until you need to use one. Password managers typically work in conjunction with your web browser to log into websites, whether on your desktop/laptop or on your mobile device.
There are several password managers out there (see the end of this post for links) but we at Agathon—and I personally—love 1Password.
Since I started using 1Password, I’ve stopped remembering my passwords. When I create an account on a site, or change my password on an existing account, I let 1Password generate a password for me, like this one I just asked it to make:
e.#hGJXf3YnAxMmbsYMFgsqRt9xWJP. I then let 1Password store it for me, and the next time I visit that site, or use the app attached to that account, I let 1Password fill it in for me (because no, I’m not interested in typing that out by hand).
You Need 1Password
“Why should I use 1Password when Chrome will remember all my passwords for me?” is perhaps what you are thinking right now. That’s a fair question. There are plenty of reasons to love 1Password (more than can fit here) but I’ll mention three that are very handy and go beyond what your browser alone can provide.
It’s worth mentioning that while 1Password does cost money, this is not a sponsored post, nor are there any affiliate links in this post. We just … love 1Password!
Browser and App Autofilling
1Password works on your computer, tablet, or phone to integrate with your web browser as well as with apps. It will sync your passwords on all your devices, letting you use them in whichever browser you like, on whichever device you like. For instance, you may use Safari on your phone but Chrome on your laptop. 1Password will connect to both of them and let you use your (secure, unique, randomly-generated) password to login to Amazon on either device.
(Safely) Sharing Passwords
1Password lets you securely share passwords with one or more coworkers (or family members) without having to share everything. At Agathon, our finance team has access to one vault of passwords, and our systems team has access to another vault. If we need to update the password on, say, our invoice management software, 1Password will make sure that everyone who should have it automatically gets the new password.
Even if you aren’t working on a large team, 1Password can help. You might use it to share access to a few key websites with a virtual assistant while keeping other passwords in a vault that only you have access to. My wife and I use 1Password to share access to our bank account and credit card websites. You might use 1Password to help parents or kids who may need someone else to have access to their accounts.
This is where a password manager can go beyond just storing and sharing passwords. 1Password’s Watchtower feature can alert you to websites that have been compromised, along with identifying vulnerable and duplicate passwords. It’s a quick way to spot and fix security issues.
Beyond just passwords, 1Password can handle a lot more:
- Credit cards: 1Password can store and automatically fill credit card information for online purchases. In my experience this does tend to need a little more manual intervention because of how complicated credit card fields are.
- Passports: I keep a record of my family’s passport numbers in 1Password, which comes in handy when traveling.
- Bank security questions: Deal with “monstrously stupid” bank security questions by randomly-generating answers and storing them in 1Password.
- Two-factor auth: 1Password has great support for making two-factor auth (2fa) fairly seamless.
But is it secure?
This is an important question. What’s to prevent someone who manages to find your password vaults from having access to all of your accounts? 1Password works by keeping (and syncing) an encrypted copy of your data that can only be unlocked using a “master passphrase” that you need to commit to memory. Without that passphrase, the encrypted data is useless. Your passphrase can (and should) be the one thing that you remember and may even be a full sentence with capitalization, spaces, and punctuation. There’s a lot more detail on their website.
1Password has Family and Business options for a monthly fee. While I do really think those plans are worthwhile, if you’re using a Mac you can download a standalone version and buy a one-off license instead You won’t get the benefit of upgrades to new major version, and the mobile application will be a separate purchase, but the option is there if you need it.
1Password isn’t the only option!
As I mentioned, 1Password is not the only choice out there. A few of our team members have used (and liked) LastPass, and we’ve heard good things about Dashlane as well. A quick Google search for “best password manager” will result in more reviews and comparisons than you probably have time to read.
Whichever one you choose, a password manager can make your online life a bit safer and a bit easier as well.
Do you use a password manager?
What’d I miss? How do you keep your online identity secure? Is there anything you know now you wish you knew five years ago?