I use 1Password to keep my online security game strong.Cyber Risk leaders need to set a good example for others, so you should use a password manager, too. Let me show you how I got started.
Disclosure: I have no relationship with the maker of 1Password other than as a customer who paid entirely for his own licenses. If you decide to purchase 1Password, there is no compensation in it for me. Another good choice is LastPass, which I strongly considered, am willing to use, and has been battle-tested.
After spending some time playing around with 1Password, I committed to this approach:
1. I use one unique password for each web site.
2. Each of my passwords is long and complex with a good mix of upper/lower case letters, numbers, and symbols. Like this:
3. Typing passwords like these several times each day isn’t practical, so I use the automated password entry feature via the web browser plug-in.
4. I installed the app on my iPhone and all of my computers so my passwords are available everywhere I work.
5. I make my current password database available on all my devices by using the built-in file sync feature of Dropbox.
6. Finally, although this isn’t a password manager function, I’ve add two-factor authentication using Google Authenticator at those web sites that offer it.
Playing with 1Password was easy because of their 30-day trial. Then I bought the 1Password Mac + Windows Bundle. I also bought 1Password for iOS through the App Store. (There are Android and Windows versions, too, but I haven’t used them.)
After installing 1Password, the first step is to set a master password. Over the course of a day I thought about what my master password should be. Since I would be typing it a lot, I wanted to choose something secure but wouldn’t be too tough to enter on my iPhone keyboard. Ultimately, I took a passphrase approach and created an obscure sentence that nicely balances strength against the efficiency of typing it.
I feel comfortable using Dropbox for syncing my password database. Why? Because the database is strongly encrypted and all the encryption functions are done on my local computer. So, even if Dropbox is hacked (again) my passwords will remain safe. Alternately, you can use iCloud or local WiFi for file syncing.
Next week, I’ll tell you how I use 1Password in my daily workflow. Later, I’ll tell you more about Google Authenticator.
Are you using a password manager? Why not?