UPDATE: this is a clever solution. (thanks Mark)
I recently wrote about the problem with PwdHash and have started making the move to 1Password as a result of my deliberations. I’ve discovered that 1Password has it’s own primary flaw: you need a device to access your passwords.
With PwdHash I could always generate a password via my web interface. With 1Password, I need to have my phone, iPad or laptop with me in order to access a stored password. This created an interesting chicken and egg situation as I tried to get an Android device set up to access some of my various accounts. I first had to install Dropbox and manually enter my Dropbox password from my phone before I could access 1Password from the new device.
Overall my switch to 1Password has been just OK. The Chrome extension seems to fail way too often at its primary purpose of filling password fields so I end up using copy/paste way more than I expected. I’m continuing to change my passwords over though, I’m not reversing course at this point.
This post is part of the thread: Passwords – an ongoing story on this site. View the thread timeline for more context on this post.
It comes with a web interface! Just load it up from Dropbox. Done.
@alexkingorg http://t.co/6MBQpp82NB
@alexkingorg note that this means you should memorize your Dropbox password, for reasons that should be obvious upon reflection. π
@markjaquith Hrmm, which means a less secure password for Dropbox. And a separate Dropbox account just for 1Password data is a no-go due to the nature of their mobile integrations.
@alexkingorg Have you checked out LastPass? The interface isnβt as nice as 1Password, but IMO it works better.
@alexkingorg @markjaquith Not at all. Easy to remember/type does NOT necessarily mean less secure. http://t.co/1Zmbp7Djic
@Bluesplinter @alexkingorg hilarious aside: more than once someone has set up an account for me and used THAT EXACT PASSWORD. ?_?
@markjaquith @alexkingorg Heh, of course that cuts the entropy waaay down.
Not necessarily a less secure password. Use a long passphrase. Length can make up for the smaller character set.
OnePassword isn’t perfect but it does beat LastPass. My biggest issue is that the helper app seems to forget it should auto-submit and I have to reset it every few weeks. Other than that it’s been almost flawless. As I use 2-factor with everything I can (Dropbox, GMail, etc) I don’t worry about the security any more here than I would with any other app.
i’m using LastPass, and the experience has not been much better for me. after making the mistake of having it import my Keychain passwords, it will now frequently offer me 5+ logins for a single site, making it impossible to decipher which one is correct.
i just moved to 1pass and i have the same issue. tons of copy and paste. oh well.
Daniel Dvorkin, what did you say you’re using instead of 1pass?
Hey everyone, and thanks for writing about us Alex. Full disclosure: I’m from AgileBits.
You’re right in that 1PasswordAnywhere is a great web-based solution if you need to access a password but don’t have one of your devices with you. Some people occasionally copy their 1Password data file to thumb drive that is always with them for instances like this. Personally, I don’t, because I never not have at least my iPhone with me. But a number of our customers are happy with the thumb drive Just In Case option.
As for having trouble filling in certain websites, we’re always working to make form filling better and we have a big extension update coming soon (possibly today) that should help with some sites. Truth be told, it’s a constant cat-and-mouse game though, so if you’re ever inclined, feel free to drop us a line at support @ [the company I work for] .com and let us know which site isn’t filling. We’ll get right on it.
Actually, feel free to hit us at that address if you have questions or feedback about *anything.* We love hearing from you. π
[Disclosure: I work for AgileBits, the makers of 1Password]
Two questions that have been raised in comments here, namely
1. Do I need to remember Dropbox password, too?
2. How to have a secure *memorable* password for the one (or few) I need to remember.
are both questions that we’ve written some articles about
For the latter (how to pick a strong password that you can remember and type) please see the article titled “Toward Better Master Passwords” (and it links to some follow up articles that talk about the math behind it)
http://blog.agilebit[...]r-passwords/
That article pre-dates the XKCD comic that someone mentioned, but advocates roughly the same scheme (but do read it for the rationale).
The question of whether your 1Password Master Password is really the ONE password you need to remember is tricky. If you are making backups (and if you aren’t, stop reading this right now and start making backups) and if access to those backups require a password, then you definitely need to know that password. After all, gaining access to your 1Password data may depend on gaining access to those backups.
If Dropbox is part of your backup strategy (implicitly or explicitly) then that means that its password is also something you should remember. The same may hold true for your primary email. Anyway, here is a link to an article on that topic
http://blog.agilebit[...]n-epic-hack/
And as Dave said, please feel free to ask us anything. Report sites for which form filling isn’t working.
Cheers,
-j
β-
Jeffrey Goldberg
Chief Defender Against the Dark Arts @ AgileBits
http://agilebits.com
Also a lastpass user, not very happy with it but company wise it does work. (Having multiple people on the same logins without them knowing the passwords) So far on this issue -> no perfect solution =(
cc @alexkingorg RT @akisaarinen: Make your 1password master password good, it’s relatively easy to bruteforce https://t.co/G2BbuJKlzb