Having cho­sen 1Password and made my ini­tial con­fig­u­ra­tions, I now use it in my dai­ly work­flow.

Ini­tial­ly, this change wasn’t easy. But, Cyber Risk lead­ers need to be good at chang­ing their atti­tudes and behav­iors. If noth­ing else, you must be able to set a good exam­ple for oth­ers.

Dis­clo­sure: I have no rela­tion­ship with the mak­er of 1Password oth­er than as a cus­tomer who paid entire­ly for his own licens­es. If you decide to pur­chase 1Password, there is no com­pen­sa­tion in it for me. Anoth­er good choice is Last­Pass, which I strong­ly con­sid­ered.

Rather than do tuto­ri­als and read the help doc­u­ments, I learned how to use 1Password by play­ing around with it in my web brows­er: Cre­at­ing new accounts at a few sites. I want­ed to judge how eas­i­ly I could pick it up just through using it.

I tried easy things first: Migrat­ing some exist­ing pass­words from my Chrome pass­word cache (which I stopped using and delet­ed all the records). Then, I fig­ured out how to gen­er­ate new, strong pass­words using 1Password.

I quick­ly learned I need­ed to install the brows­er exten­sions. This is for con­ve­nience as well as a bit more secu­ri­ty against key­stroke log­gers. With­out the exten­sions, you have to either man­u­al­ly type the pass­words at each site (which I’m not going to do) or use your browser’s pass­word man­age­ment fea­ture (bad idea).

Here are some oth­er tips:

1. While 1Password will offer up to 50 char­ac­ters for a pass­word, you quick­ly real­ize which sites won’t allow sup­port more than 8 char­ac­ters or strict­ly lim­its the kinds of char­ac­ters you can use. I sus­pect these sites are either using a main­frame on their back end or have cod­ed their own authen­ti­ca­tion. So, I use the most char­ac­ters I can.
2. Because I got bit a cou­ple times in the begin­ning, I always copy 1Pass­word-gen­er­at­ed pass­words into a tem­po­rary text file until I’m sure it’s safe­ly stored in the data­base.
3. Make sure you can find all the spe­cial char­ac­ters on the soft key­boards of all your devices. Iso­late any prob­lem keys or reject them by enabling the “Avoid ambigu­ous char­ac­ters” fea­ture in the Strong Pass­word Gen­er­a­tor.

With 1Password inte­grat­ed into my dai­ly work­flow, I moved on to some oth­er new behav­iors to up my online secu­ri­ty game: Pass­word reset secu­ri­ty ques­tions, two-step ver­i­fi­ca­tion, and a cou­ple of oth­ers. More next week.

Ques­tions for you: Are you using 1Password? How well does it work for you?