While the threat of malware targeting computers and mobile devices and spending on security measures to counter them accelerates, one aspect of computer security, the use of weak and overused passwords, remains as firmly entrenched as ever. In a 2010 post (Passéwords) I criticized the lack of decent alternatives to passwords. Four months later, I the password manager, LastPass, a program I continued to use until about six months ago when I switched to Agile Solution’s 1Password.
My switch to 1Password not the result of dissatisfaction with LastPass but the result of my needing to support a family member who needed a password manager in a really friendly UI, which in my view gave the edge to 1Password. I did not want to support two password managers, and thus the switch. Here’s my experience with 1Password to date.
- 1Password has a means for importing passwords from a variety of sources but alas, LastPass is not among them. You can, however, export LastPass as a CSV file and import these files into 1Password, but my results work not encouraging and I simply ended up creating new entries. Perhaps this was not such a bad thing as I used the opportunity to delete accounts of sites I no longer frequented and to change the passwords of those that I do.
- The stand-alone 1Password application (Macintosh) has worked flawlessly: it has never crashed or lost any data. You can add web sites, generate secure passwords, create profiles for your commonly used data in forms (name, address, and so on), create secure notes and add credit card information (don’t use these myself), catalog software licenses and other data, and tag entries.
- 1Password offers a built-in means to store all of your passwords in a Dropbox account (also iCloud; Google Drive and SkyDrive under development) allowing you to sync passwords across multiple computers and supported mobile devices.
- Browser extension are available cross-platform for Safari, Chrome, Firefox, and IE. This makes using 1Password enormously helpful with websites. It gives you the same benefits as the fill-blown app: enter user-names and passwords, add new sites, generate unique and secure passwords, and fill-in forms.
- iOS support (and presumably Android, I don’t hava device to confirm this) for 1Password is not available as a browser plug-in. Instead, you open the 1Password app, navigate to your saved site, and launch the site from within the application, using it’s built-in browser. I find this less than optimal, but perhaps I simply need to learn new habits of browsing. Should you want to open the same 1Password page in another browser you will need to use copy and paste.
- Though they are frequently asked about it, Agile’s 1Password does not offer multi-factor authentication. It seems to boil down to a rather nerdish disagreement about whether or not multi-factor is inherently more secure and worth the trade0ffs for user convenience. For those who may be interested in looking in the weeds, there’s a particularly good exchange about the pros and cons of multi-factor authentication in this blog posting on Agile’s Web site.
- Disappointingly, 1Password can’t interact directly with either Macintosh or Windows system to manage local application passwords, such as those for iTunes or secure documents. 1Password can store any sort of password but can automatically enter passwords only for web sites. Bummer.
Given the inherent poor security of practices of most users I highly recommend that they use a password manager. Schools with 1-1 programs of any sort should include the use of password managers in all of their professional development programs and student boot-camps. If your school is multi-platform, including iOS and Android Devices, 1Password is a great choice. Site license are available, but discount pricing modest. If you’re on a budget, like most schools are, LastPass or similar programs that offer free (but less flexible) options may be the way to go. I am hesitant to recommend a product that does not have a paid version as paying customers can and do demand the highest quality from developers, especially in the area of security.
It would be great if Apple was to build-in this kind of functionality into iOS and Mac OS, but don’t hold your breath. Apple is a consumer company and provides lip-service only to enterprise customers.
There are several open-source password management programs, including KeePass, Clipperz, and Password Gorilla, but I have not used them. Experimentation with open-source security is something I’m a bit leery about trying on my own, but readers may be more adventurous or better qualified to give this a go.
Using a password manager? Please pass along your experiences!