How I Finally Put 243 Passwords in Their Place
Updated June 2016
Putting aside the obvious question – why do I have 243 958 passwords? – I’d like to introduce the tool I’ve chosen to help me keep them in line and accessible on the go.
The Basic Problem
Mobile access to passwords was never on my radar. But now that smartphones and tablets have settled comfortably into our lives, a safe and convenient solution became necessary. The basic problem:
You want to access your passwords from anywhere, but hackers and thieves want them too.
That’s why I wrote “Anyone Who Puts All Of Their Passwords Online Is Insane” two years ago, and that advice still holds today.
We maintain all our private information in the 1Password vault on our desktop computers. The vault syncs automatically to our mobile devices using an encrypted file on Dropbox. You could also use iCloud or a local WiFi network.
What’s different about this method versus the free LastPass or similar browser-based password managers is important.
You are entering information on your local device and the software encrypts it before it travels to Dropbox – at no point in time is your password ever in clear text on any network, or on any machine or device outside of your control.
To open the vault, we need our 1Password credentials AND the 1Password software, as well as the one-time configuration to the encrypted file on Dropbox.
With LastPass, a thief just needs your one master password and a browser. Bingo.
Not Just Passwords
There a specific sections for storing not just login credentials but also software license keys, secure notes, cards in your wallet, and more. I scanned my license, credit cards, insurance and membership ID’s, etc. and saved it all to my vault.
I also really like being able to organize using folders and tags. Something about 243 958 passwords.
1Password offers handy extras like a security audit to identify all weak, old, or duplicate passwords.
Never email a password again – share any 1Password item via obfuscated iMessage with people you trust. The recipient simply clicks to add it to their vault.
I will also be looking closely at the multiple vaults feature. For example, you could use a separate vault to share estate planning with your loved ones or personal info with your spouse. Handy, handy, handy.
Features We Don’t Use
Some features we still chose not to use. Convenient, but not enough to justify the security exposure.
- Password generator. If I make it up myself, I have at least a small chance that I’ll remember it with my own brain.
- Browser extensions. Auto-filling passwords using a browser extension is convenient, but two clicks to copy a password from my vault and paste it into a website is a lot more secure, and really, it’s just two clicks.
- Saving usernames / passwords in your browser. Not a 1Password feature, but still worth mentioning. Avoid this where you can, especially for sensitive sites.