Page 1 of 1

1 Password

Posted: Sun Nov 12, 2017 9:40 am
by deltabravo
A mac guru from the east coast is recommending 1 Password for security of passwords. I am wondering who is using this and what your thoughts are. Do you put even your banking passwords in? I use Keychain somewhat, but always hesitate to put banking passwords. However, my password list (5 pages typed and also on a stick in my safe) is really a mess and many passwords are not that good. Appreciate any encouragement or otherwise. Thanks. denise

Re: 1 Password

Posted: Sun Nov 12, 2017 9:53 am
by Richard Serkes
I've used 1Password for at least 10 years now and I wouldn't want to try computing without it. Yes, I put in my banking passwords as well as all my credit card information. All of that and everything else in 1Password is encrypted. I also record my drivers license, passport information, and software serial numbers. Just about everything that 1Password will store I store. It syncs flawlessly with my iOS devices so everything is available there, also.

I've never heard of 1Password's security being breached but do an online search for yourself.

Re: 1 Password

Posted: Sun Nov 12, 2017 1:40 pm
by Stephen Hart
I also use 1Password and echo Richard's Rave.

I spent a good deal of time researching when I decided we needed to move from a text list to an actual password manager, and 1Password was the clear choice. It's updated frequently, and the developers appear to be responsive to feature requests and bug reports.

On the Mac, it's extremely useful because of the 1Password Safari plugin. So if 1Password is unlocked, when you navigate to a site that requires a password, say a banking site, 1Password knows you're there and it's a simple click on the 1Password plugin icon and a return to enter the password.

It's not perfect, of course. Sometimes 1Password is too eager to set up a new entry for you. And sometimes when it sets up a new entry, it plucks the user ID entry from the wrong field in the web page, so you may need to tinker with the entry after it's set up. 1Password will offer a variety of passwords (more below) but then I'm always worried about the password getting lost before the entry is set up. That's actually never happened to me, but I think they could make the process a little more obvious. I always check a new entry after setting it up.
Because I found too many web sites that didn't function with auto login, I set all my 1Password entries to just paste in the password and I then click the Log In button myself. A few sites show the password field well before it's functional, and you may need to be aware of that.

I don't know any way to get Safari/Keychain to stop trying to present you with a new password for a site, and you normally don't want to mix where you keep passwords.

On iOS, you have 1Password as an app, but no plugin for Safari. So you may have to copy and paste or drag and drop. That's much easier now in iOS 11.
And it's really annoying to deal with passwords on the Apple TV. For those passwords, you probably want to make them shorter and very easy to enter with the Apple TV remote.

As in all things security, your master password for 1Password should be strong. Many sites continue to insist on nonsense about passwords. Length is the key to strength, not numbers or symbols. 1Password offers word-based passwords as well as the more traditional mixed ones some sites insist on.
So choose a longish master password that's easy to memorize and type. Write it down and transmit or store a copy. You'll have to enter it every time you use 1Password in iOS and at least every couple of days on the Mac.

Re: 1 Password

Posted: Sun Nov 12, 2017 1:44 pm
by deltabravo
Thank you. I appreciate your input. The same was said by Tech Talk viewtopic.php?f=5&t=2405. I am probably more at risk with all my weak passwords and hidden list. denise

Re: 1 Password

Posted: Sun Nov 12, 2017 5:11 pm
by Stephen Hart
Pretty much none of the newsworthy security issues for individuals involve weak passwords. Most involve "social engineering," that is to say hackers and other criminals asking people for passwords and getting them.
Pretty much all of the newsworthy security issues for companies involve horribly weak security systems.
I worry more about the huge amount of phishing spam than about the possibility that someone would spend hours, days or weeks trying to brute-force one of my passwords, in the vain hope of getting anything useful.

1Password isn't expensive, it's never been shown to be weak, in itself, and is much more convenient than anything else that I've seen.