In an earlier article, “Picking Passwords: Pitfalls, Practicalities and Protection”, we examined the requirements and problems of modern passwords and why they are hard for humans to remember but easy for computers to crack. We also touched on how we can manage this conundrum. In this article, we will have our cake and eat it; we will use complex, secure and unique passwords for everything. All of those passwords will confirm the specific requirements and rulesets of each service - even if that means that the criteria differs between services. And we will remember just one secure password to do this.
The conundrum is that many websites and services require the use of passwords that contain a mixture of upper and lower case, digits, and even special characters. Some require passwords to be a certain length, or not beyond a certain length. Some will allow the use of spaces whilst others will not.
Factor in that you are recommended to use a unique password for each service together with the fact that we have difficulty remembering complex strings of characters. You soon discover this makes passwords extremely difficult to remember especially when you’re supposed to use unique passwords.
The answer to this problem, for so many people, is to write down their passwords in a little black book. Unfortunately, this immediately compromises their security. What happens if you misplace that black book, it is stolen or lost in a fire?
There is a better way.
Get a Password Manager
It is possible to have the best of both worlds. It is possible to be able to use complex and unique passwords for everything without even the need to remember them. As long as you can remember one hard to crack password - and that is easy.
Each of these applications works in a largely similar way to the others, but you should examine each to determine which is best for your needs. For the purposes of this tutorial will be looking at 1Password.
If you have more than one Mac, an iPad perhaps, an iPhone and even Windows PCs then it makes sense to do a little forward planning to share and synchronize your encrypted password database across these devices.
For example, using 1Password we are able to save the database to a Dropbox folder, which allows us to share the same encrypted password information across many devices.
This means that if I visit the new website on my iMac at home and create new login details which are then save to 1Password, by the time I get to my iMac at work the information will be available there, too. It will also be available on my iPhone and my iPad, enabling me to look at that website from any of my devices.
Downloading the 1Password App
The easiest way of obtaining the 1Password App is to download it from the Mac App Store. Alternatively, if you wish to test the product for thirty days you can download a trial version from the Agilebits website.
Setting Up 1Password on Your First Mac
From the Welcome to 1Password screen, select “I am a new user”
On the Master Password screen enter your master password. This is the secure password that you will need to remember. As discussed in the earlier article, “Picking Passwords: Pitfalls, Practicalities and Protection”, you may wish to choose four words similar to the XKCD example.
If you are not sure what to enter as a password here, do take some time to read the previous article and Marius Masalar’s “In Search of the Ultimate Password”. Doing so will ensure that you have an easy-to-remember but hard-to-crack master password - the holy grail of passwords.
If you have more than one device on which you would like to use 1Password, ensure that the box marked “Sync encrypted data with Dropbox” is ticked. Doing so will create a folder within Dropbox called 1Password that will contain the application’s encrypted database. By placing it here you are using Dropbox to provide an offsite backup that also synchronizes the same database between different OS X, iOS and even Windows devices.
Tip: If you have not first set up Dropbox on your Mac, you will not be presented with the option to synchronize the encrypted database with Dropbox. Do not worry if this is the case, you can set up Dropbox and move the database there after it has been created.
Next, are shown the application login screen inviting you to enter your master password. Simply enter your easy-to-remember but hard-to-crack password to login to the application.
Setting Up 1Password on Additional Macs
If you are installing the 1Password app on a new Mac (that already has Dropbox installed and is synchronizing the one password encrypted database) when you first run it, the database will be detected automatically and you will be prompted to login to 1Password in the normal way.
If you are setting up the 1Password app on an additional Mac and require the database to be synchronized between devices, if Dropbox has not already been set up on each machine then you are recommended to setup Dropbox syncing first. This will avoid any confusion resulting from setting up 1Password on different machines and having a number of databases.
The Location of the 1Password Encrypted Database When Synchronised Using Dropbox
Manually Entering Logins in the 1Password App
It is likely that you have a few logins that you wish to record in the 1Password app soon as you have installed it. Or, you may wish to manually add a login at a later date.
To do this, click on the plus icon in the section below the listed logins. This will display a template login ready for completion. You may enter as much, or as little, information here as you wish. There are spaces for the username and password which, at the very least, should be completed. If you wish to use a brand new and secure password click on the “Generate" button.
If the information is for a website, be sure to enter address of the site. Choose whether you require 1Password to autosubmit the information only if autosubmit is enabled, always or never.
1Password allows for a degree of flexibility, recognizing that the login criteria for websites often differs.
The 1Password browser extensions (for Firefox, Chrome and Safari), are really where 1Password comes into its own. Once installed, the browser extensions allow you to log into websites with ease. They will also prompt you to save logins for any new websites with which you register.
To do this, you only need know your master password. The browser extensions will log out of the 1Password encrypted database after a set period time (usually 20 minutes, but this is user-definable), or when you manually log out.
The browser extensions install a small key icon into toolbar of your chosen browser(s). Clicking on this key presents a pop-up login window for 1Password which, when logged-in, will allow access to all of your passwords.
Saving Logins Using Browser Extensions
When you visit a website for which 1Password does not already have your login criteria, logging in will prompt the 1Password browser extension to save the website login details.
This is extremely useful. As you go about your daily web business, one password will prompt you to save the login details of any websites which is not already stored. This means that it is very easy to build up a comprehensive database of login details.
Don’t worry if the 1Password browser extension is not currently logged-in or has timed out. You will be prompted to enter your master password, to save your website login detail, if required.
Logging-in Using Browser Extensions
To log into a website using the 1Password browser extension is easy. Simply visit your chosen website in the normal way, then click on the key icon in the toolbar of your browser. If required, log in using your master password.
1Password will detect which website you’re logging into by looking at the website address. You’ll see this listed at the top of the 1Password login window. If the login that the app has chosen is not correct, simply scroll down the list or use the magnifying glass icon to search for the correct login for that website.
Click on the appropriate login and your username and password details will be pre-populated in the input fields on the website. Depending upon the preferences, 1Password will also submit the login to log you into your account on your chosen website.
1Password dramatically speeds up your workflow by negating the need to remember many different login criteria. Instead, it enables you to log into websites with speed and efficiency using just your master password.
Tips and Tricks
Go & Fill
This is a feature of 1Password that uses the Helper menu bar icon, which allows you to visit and log into websites with even more speed. This is even works if you don’t have a browser running at the time you use it. It does require 1Password to be unlocked and you can do this from the Helper menubar item itself, if required.
In-Browser Password Maintenance
If you wish to edit any of your password details, it is not even necessary to open 1Password. You can maintain any of your password records by using the 1Password browser extension to edit them right inside your browser.
To do this, simply open the extension by clicking the 1Password key. Alternatively, you can press Option, Command and Backslash simultaneously on your keyboard. Then find the login you wish to edit by typing a few characters of the password record’s title or by using the search function. Click the circled greater than symbol to the right of the record’s title or press the right arrow key on the keyboard to view the login details.
Click Edit, at the top right of the window, and update the required fields. Once you’ve made your changes click the Save button at the top right of the window.
You can also delete a record from the 1Password browser extension. Do this by editing a record and scrolling down to the bottom of the extension window to see a large red Delete Login button and click that to delete the password record.
Print and Export
There may be times when you wish to back up or share a piece of information. The 1Password app allows you to do this by either printing or exporting the data to a text file or a one 1Password Interchange file. To do either of these, simply select the 1Password file menu and choose from the Export or Print functions.
Using a password management tool, such as 1Password (and others such as KeePassX or LastPass), shows how easy it is to manage numerous website logins. With just a little bit of planning, it is possible to synchronize your password database across devices, ensuring that it is always up-to-date. It is possible to manage highly complex passwords without the need to know any of them. All you need to know is your secure and easy-to-remember but hard-to-hack master password.
Password management is the daily bane of many people’s lives, though it need not be like that. With just a little bit of thought there is a better way and it is actually easier and safer to remember just one secure password rather than trying to remember many with complex combinations of digits, special characters, upper and lower case.