I use 1Password to keep my online secu­ri­ty game strong.Cyber Risk lead­ers need to set a good exam­ple for oth­ers, so you should use a pass­word man­ag­er, too. Let me show you how I got start­ed.

Dis­clo­sure: I have no rela­tion­ship with the mak­er of 1Password oth­er than as a cus­tomer who paid entire­ly for his own licens­es. If you decide to pur­chase 1Password, there is no com­pen­sa­tion in it for me. Anoth­er good choice is Last­Pass, which I strong­ly con­sid­ered, am will­ing to use, and has been bat­tle-test­ed.

After spend­ing some time play­ing around with 1Password, I com­mit­ted to this approach:

1. I use one unique pass­word for each web site.

2. Each of my pass­words is long and com­plex with a good mix of upper/lower case let­ters, num­bers, and sym­bols. Like this:

U$8k4C*43;zB!^x

3. Typ­ing pass­words like these sev­er­al times each day isn’t prac­ti­cal, so I use the auto­mat­ed pass­word entry fea­ture via the web brows­er plug-in.

4. I installed the app on my iPhone and all of my com­put­ers so my pass­words are avail­able every­where I work.

5. I make my cur­rent pass­word data­base avail­able on all my devices by using the built-in file sync fea­ture of Drop­box.

6. Final­ly, although this isn’t a pass­word man­ag­er func­tion, I’ve add two-fac­tor authen­ti­ca­tion using Google Authen­ti­ca­tor at those web sites that offer it.

Play­ing with 1Password was easy because of their 30-day tri­al. Then I bought the 1Password Mac + Win­dows Bun­dle. I also bought 1Password for iOS through the App Store. (There are Android and Win­dows ver­sions, too, but I haven’t used them.)

After installing 1Password, the first step is to set a mas­ter pass­word. Over the course of a day I thought about what my mas­ter pass­word should be. Since I would be typ­ing it a lot, I want­ed to choose some­thing secure but would­n’t be too tough to enter on my iPhone key­board. Ulti­mate­ly, I took a passphrase approach and cre­at­ed an obscure sen­tence that nice­ly bal­ances strength against the effi­cien­cy of typ­ing it.

I feel com­fort­able using Drop­box for sync­ing my pass­word data­base. Why? Because the data­base is strong­ly encrypt­ed and all the encryp­tion func­tions are done on my local com­put­er. So, even if Drop­box is hacked (again) my pass­words will remain safe. Alter­nate­ly, you can use iCloud or local WiFi for file sync­ing.

Next week, I’ll tell you how I use 1Password in my dai­ly work­flow. Lat­er, I’ll tell you more about Google Authen­ti­ca­tor.

Are you using a pass­word man­ag­er? Why not?