A recent article in PCWorld has me thinking about my password security. http://www.pcworld.com/article/2010864/passwords-reused-by-6...I have 1Password for my Macs and iPhone, but haven't taken the time to set it up. Now is the time.Does anyone use the random password generation feature? Are there any caveats to this (is there a need to keep track of them somewhere, etc.)? Tips and tricks appreciated.Bill
Bill I use 1PW on my Mac, iPhone, iPad and my wife's PC plus her iOS devices. The syncing through DropBox is great and I highly recommend the defaults.You may or may not want to use the DropBox's Two Factor security. (I do.) If you do, read the instructions very, very carefully. When they give you a 6 character (Google) and 16 (DropBox) character long security items -- trust me you will need them. Store them carefully. I figured they were for fools who could not remember passwords -- I learned when I got my new iPhone, the security systems are keyed to specific hardware. My setup method works fine, but other options exist. I have shut off Text Messages at AT&T - so I could not use Text Message as a factor. I installed Google's Authenticator app on my iPhone. One needs setup the Google system first. The second thing to setup is DropBox. I am not familiar with anything in DropBox named "Random Password Generator" -- I do use the password generation wizard in 1PW. You can pick password length, and whether numerals or symbols are included - although they are do not describe things that way. They have options like "pronounceable" and "unambiguous characters". There is one practice I strongly recommend that does not get much mention unless you read the manual or the forums. Periodically I "export" to a PIF file. That will give you an encrypted file with all your logins and passwords. Should the worst happen, with this file you can recover. I would not put the PIF file in LockBox since 1PW already stores stuff there. Rather I keep my PIF backups on met Mac which has multiple TimeMachine and SuperDuper backups.Early on I had a couple of issues with this program and was seriously impressed with the professionalism of Agile Bits at dealing with some very specific issues - a combination of software and a single financial services website. In short I trust and respect these people. GordonAtlanta
How I do it...and maybe others, more or less paranoid, might find issue.One 'core' password...happens to be my daughters name. 7 lettersFor low level secure sites that don't use billing information I add a single digit somewhere in the name. For medium level sites that have CC info and other billing data I use two digits, spaced in different places along the name. For high level secure sites: name plus three digits plus three additional letters. Basically that gives me only three passwords and theoretically someone could break in to one and possibly use it but I find that idea vanishingly small. Just my 2 cents.
Bill,I use mine much the same as Gordon however,I do periodically "print" the 1PW file and keep it in a "top secret" place. I'm one of those people who needs to see it in writing as well as on the iMac. There is also an option in preferences which you can select to "view" or "hide" the passwords in the 1PW files. I like the view option it helps me remember altho obviously not as secure.Also have 1 PW installed on my iPhone and the sync (1PW with Dropbox) enables the syncing on the iPhone also. Have not been too sure about this, however, I believe it works o.k.I usually select my own passwords but have been known to allow !PW to generate a few....it would be impossible to remember these though, that's why the hard copy and the "view" option for me, at least.As for the support, Agile Bits forums are valuable tools for discussions and questions and are very prompt with responses and assistance. Probably one of the best "support' groups out there....Just yell if more questions many on this board use 1PW so I'm sure you'll get plenty of help.
The big problem with random passwords is when you don't have access to the tool maintaining the passwords (i.e. they are virtually impossible to remember so either software has to store them or you have to write them down).Rich
The big problem with random passwords is when you don't have access to the tool maintaining the passwords (i.e. they are virtually impossible to remember so either software has to store them or you have to write them down).The alternative (easy to crack passwords) is worse. The problem is that many programs/sites won't let you use passwords that are easy to remember, but hard to crack. That is, they won't allow passwords long enough to use effective "pass phrases". A semi-random string of words is almost impossible to crack, but not hard to remember if you use appropriate mnemonics. So you use a good pass-phrase to control access to the password store, and short but hard to remember passwords for the actual sites.I know with 1Password and DropBox, I can get access to the password store on any computer with internet access, even if I don't have the tool, if I'm really stuck. And if I don't have that access, I can't imagine any scenario that I would actually need the passwords.joe
These are all excellent suggestions, thank you very much.How does Keychain play into all of this? Do I simply create a stronger password as system administrator? Currently I use a fairly easy to type password as I need it every time the computer goes to sleep or to get past the screensaver. Bill
Since I got 1Password, I pretty much stopped using keychain for websites.Note that 1Password integrates with browsers, but not other apps like Mail. So I still use keychain to store my mail passwords.(I find it strange to say that I "use" keychain, because I don't really interact with it at all. But I know that when I set up my email accounts, I clicked a checkbox to store my passwords in my keychain.)Also, I use the 1Password random password generator for every website I visit. I have my defaults set to choose 19-character passwords that mix digits and letters. It lets you generate up to 50-character passwords, but very few websites allow passwords that long. It also lets you include symbols, but lots of websites don't like passwords with non alphanumeric characters.(And what's even worse, I've found some websites that let me enter a password with symbols, but then won't let me log in with that password!)
Best Of |
Favorites & Replies |
Start a New Board |
My Fool |