Having chosen 1Password and made my initial configurations, I now use it in my daily workflow.
Initially, this change wasn’t easy. But, Cyber Risk leaders need to be good at changing their attitudes and behaviors. If nothing else, you must be able to set a good example for others.
Disclosure: I have no relationship with the maker of 1Password other than as a customer who paid entirely for his own licenses. If you decide to purchase 1Password, there is no compensation in it for me. Another good choice is LastPass, which I strongly considered.
Rather than do tutorials and read the help documents, I learned how to use 1Password by playing around with it in my web browser: Creating new accounts at a few sites. I wanted to judge how easily I could pick it up just through using it.
I tried easy things first: Migrating some existing passwords from my Chrome password cache (which I stopped using and deleted all the records). Then, I figured out how to generate new, strong passwords using 1Password.
I quickly learned I needed to install the browser extensions. This is for convenience as well as a bit more security against keystroke loggers. Without the extensions, you have to either manually type the passwords at each site (which I’m not going to do) or use your browser’s password management feature (bad idea).
Here are some other tips:
- While 1Password will offer up to 50 characters for a password, you quickly realize which sites won’t allow support more than 8 characters or strictly limits the kinds of characters you can use. I suspect these sites are either using a mainframe on their back end or have coded their own authentication. So, I use the most characters I can.
- Because I got bit a couple times in the beginning, I always copy 1Password-generated passwords into a temporary text file until I’m sure it’s safely stored in the database.
- Make sure you can find all the special characters on the soft keyboards of all your devices. Isolate any problem keys or reject them by enabling the “Avoid ambiguous characters” feature in the Strong Password Generator.
With 1Password integrated into my daily workflow, I moved on to some other new behaviors to up my online security game: Password reset security questions, two-step verification, and a couple of others. More next week.
Questions for you: Are you using 1Password? How well does it work for you?