LulzSec made me switch to 1Password (and you should too)

I’ve been using 1Password from Agile Bits on my Mac(s) for a couple of weeks now. I was spurred on by the recent password exposures across numerous sites (my passwords were thankfully safe, but some of the sites in question were ones I frequent) and even though I don’t use the same password everywhere I was getting concerned about security, and also getting sick of remembering passwords.

Why did I chose 1Password?

  • I am a heavy Apple user and don’t mind the lack of Linux support.
  • I already had 1Password on iOS which I had picked up during a promotion but never used.
  • I liked the DropBox support and the new 1Password Anywhere feature which allows me to access my secured information without installing 1Password.
  • I wanted something I needed to pay for; I find paying for things makes me far more likely to use them (I recently bought a Moleskine and use it every day).

How have I got on?

At first I found it cumbersome to click on the 1Password button in my browser, or worse still unlock 1Password and hunt for the details I needed, but it has slowly become second nature and as I log in to new services I am using the excellent password generator to generate new passwords for my accounts. The Dropbox integration is great; and because I know I will always have the data with me I am also using 1Password to store sensitive information that I might need while out and about or for future reference, for example bank account details and software licenses.

However problems with this method of password storage/retrieval start occurring when you take into account iPhone and iPad use, and using other computers (and this is not the fault of 1Password).

Firstly, both the iPhone and iPad apps are good, but it is a lot of steps to log in to a service in Safari when the password is in 1Password. 1Password does have an integrated browser for one-click login but it’s not the same as using Safari. This is not the fault of Agile Bits – what they really need is extensions for Safari in iOS, but I doubt that will happen.

Secondly, using other computers (temporarily that is, otherwise you could just install 1Password!) is a nightmare. If I am using someone else’s computer and need to log in to a service I have to:

  1. Log in to Dropbox (which means my Dropbox password can’t really be stored in 1Password otherwise I will have to look it up on my phone every time!)
  2. Go to the 1Password keychain file.
  3. Log in to 1Password.
  4. Find the password I need.
  5. Click ‘Reveal’ to show the password (why no ‘Copy’ like in the app?).
  6. Select the password and copy it.
  7. Paste it in to the site I want to log in to.
  8. Log out of Dropbox.

Alternatively, I can look it up on my phone and type it in by hand. But if you have decent passwords these are going to be >15 characters and contain a mixture of symbols and what-not, so typing it out is going to be slow!

Again, this is not 1Password’s fault; the Dropbox integration and 1Password Anywhere are both very impressive features and streamline this workflow almost as much as can be done. It is just a disadvantage of using a password storage system like this.

Do I recommend 1Password?

For the peace of mind, yes. Ensure you have a good master password, back up your 1Password file regularly, and sleep happier at night knowing a LulzSec ‘release’ isn’t going to compromise all your online accounts. The same goes for other services like KeepassX and LastPass (who have a premium cloud storage feature that might help mitigate the problems mentioned above). However I am happy with my choice of 1Password because it is so polished and well integrated with devices and browsers, and therefore I think it’s one of the best choices for securing your accounts.

This entry was posted in Blog. Bookmark the permalink.
  • Pingback: Who cares about password security? NatWest don’t | Jalada()

  • Anonymous

    No linux support is pretty much a deal breaker. Too bad since it supports about everything else.

    • Yeah it is a shame. You can at least use 1Password Anywhere to access your data if you create it on say…your iPhone. But that’s a bit of a pain compared to decent browser support.

  • Anonymous

    LastPass > *
    The data is encrypted locally before going on the “cloud”.No need to thank me. Enjoy.

    • That’s what they said about Dropbox.

      • Anonymous

        nope.exe
        Get your facts right, mate ! 
        Just make sure to use a really strong password for LastPass and you are pretty safe. I am guessing you heard about the attack against LastPass last month. They fixed the flaw in a very short time and notified all users properly.

        • Yeah I heard about it. I’m merely expressing my cynicism about shoving everything in the wonder that is ‘the cloud’. But who I am to talk, I sync 1Password over Dropbox which is basically the same thing.

          I’m sure LastPass is brilliant and I’m sure they talk security very seriously! 🙂

          What I was exactly referring to (which I’m sure you heard about) was that Dropbox always insisted that your data is encrypted and employees can’t get to it, but then it was discovered that actually a ‘handful’ of employees can get to your data. Which defeats the point.

  • Wow. Thank you so much for pointing out the Dropbox web-based 1Password. I had no idea.