ENTRIES
Welcome to Eric Cheng's online journal! You are not logged in. [ Log in ]
«  :: index ::  »

1Password: password manager for websites

:: Sunday, July 26th, 2009 @ 1:41:51 pm

:: Tags: ,

I did some research yesterday on website password managers for Mac OS X. A good place to start is Alex King’s blog; he has written two thought-provoking articles about why you shouldn’t use the same password for everything, and how software can help your password / login workflow (Passwords, More on Passwords).

Really, it should just be common sense to not use the same password for everything; after all, you have no idea how a particular website is going to store your super-secret password. What if your password is stored in plain-text on a server with a gaping security hole? What if the website likes to email you a password reminder — in plain text — every month? I’ve seen sites that do all sorts of bad things, and if you use the same password at an insecure site as you do at your bank’s website, you’re asking for trouble. And even if you use different passwords, you need a secure way to store them all. The worst I’ve seen is someone who kept all of their passwords and financial account numbers in an Excel document on their notebook computer’s desktop. I suspect that sort of thing isn’t as rare as it might seem to be.

Some people use variations of the same password for all of their websites. I typically use variations on three or four base passwords. I have to track literally dozens, if not hundreds, of website passwords, and it is simply impossible to remember so many. If I can help it, I don’t write the passwords down anywhere. Instead, I write down “helper” words that I associate with the base passwords, which I’ve memorized. So instead of writing a password as “omgLOL”, I might write “stupid teens”, which would trigger me to remember the actual password. Finally, I encrypt the data so that no one can even see my helper words.

I’ve been using one of my favorite applications, Evernote, to store all of my accounts, passwords, and more (manuals, tips, photos of restaurants, notes, etc.). Evernote syncs its database between all of my computers, evernote.com, and the Evernote iPhone app. It supports encryption, shared notebooks, OCR of text in images, and more. I love Evernote.

Still, I have to look up passwords to various websites many times each day, and Evernote doesn’t help there (other than by offering a keyboard shortcut to launch the app and search, which is great). Alex uses PwdHash, a plugin and service written by Stanford crypto guys. For each website with a password field detected, it hashes the domain name with a master password you provide. All you have to do is enter “@@masterpassword” in a password field, and it does the rest, ensuring that each site’s password is unique. However, it becomes complicated when domain names change within the same web service (e.g. mybank.com and mybankonline.com), and it also fails when services disallow specific characters or symbols in a password. If you need to look up a password manually, you can go to PwdHash.com to generate hashed password using your master password and a domain name.

PwdHash looked like an interesting option, but when I tried to go to PwdHash.com last night, the site was down. I’ve read that you can just grab the source from that page and stick it somewhere else (like on your own website), but it didn’t inspire confidence to have the site down.

1Password has gotten great reviews, especially from Windows-to-Mac switchers who were Roboform users. I’ve been trying this out, and it seems to be a great solution. It requires that I manually create passwords for each website, but it does a great job of integrating with web browsers (using browser plugins). It also features a fantastic automatic form filler, so I can enter my home address, work address, credit card numbers, etc. and just select which one to use when I encounter forms on any website. It also has an iPhone app that can be synchronized with the desktop client.

Synchronization is accomplished using various third-party file sharing services. I was already a die-hard user of DropBox, so it was easy to simply store my encrypted 1Password database on a shared DropBox folder to accomplish multi-machine sync.

A Twitter person asked why I don’t use KeePassX. It’s free, but it doesn’t look to be as fully-featured as 1Password is.

That’s it for now. I’ll report back once I’ve used 1Password for a longer period of time. Remember — change your passwords!!

| San Francisco, CA | link | trackback | Jul 26, 2009 13:41:51
  • http://agile.ws David A Teare

    Thank you for mentioning 1Password! I’m glad you are enjoying it.

    You mentioned that you needed to manually create passwords for each site. 1Password has a built-in password generator that you can use instead. It is actually rather hard to invent random passwords on each site, so I rely on the password generator all the time. In addition to being in the 1P menu, the password generator will be called automatically when you use the Fill Identity feature.

    Cheers!

    –Dave Teare Co-author of 1Password

  • http://post.jauderho.com/ Jauder Ho

    +1 for 1Password.

    It works nicely although sometimes the popups asking you if you want to save get annoying as there’s the 1Password popup plus the browser popup asking.

    If there were versions for the Palm Pre and Windows (hint hint), I would probably use it across the board.

  • Zarah

    Another awesome password manager that you can use on a Mac of PC is Mitto (http://mitto.com)</a. It has certifications from McAfee and TRUSTe, and it’s really easy to use.

  • http://www.moncler-jackets-outlet.com moncler women

    A closely taste of various characteristic snack. Experience the excitement of tasty and spicy, relax and enjoy the fresh of delicious.Here's sites presen various clothing fit for couple dating, friends dinner and banquet. http://www.sin-game.com/

ARCHIVES
Journal Home
Where is Eric? (password)
Stuff for Sale
February 2014 (2)
December 2013 (1)
October 2013 (1)
June 2013 (3)
May 2013 (2)
April 2013 (3)
March 2013 (1)
February 2013 (2)
January 2013 (3)
November 2012 (2)
October 2012 (3)
September 2012 (8)
August 2012 (8)
July 2012 (8)
June 2012 (8)
May 2012 (5)
April 2012 (8)
March 2012 (15)
February 2012 (7)
January 2012 (6)
December 2011 (8)
November 2011 (10)
October 2011 (12)
September 2011 (8)
August 2011 (14)
July 2011 (9)
June 2011 (9)
May 2011 (11)
April 2011 (11)
March 2011 (12)
February 2011 (23)
January 2011 (22)
December 2010 (16)
November 2010 (17)
October 2010 (26)
September 2010 (24)
August 2010 (24)
July 2010 (30)
June 2010 (26)
May 2010 (21)
April 2010 (26)
March 2010 (19)
February 2010 (17)
January 2010 (29)
December 2009 (21)
November 2009 (23)
October 2009 (32)
September 2009 (19)
August 2009 (34)
July 2009 (21)
June 2009 (30)
May 2009 (23)
April 2009 (18)
March 2009 (6)
February 2009 (25)
January 2009 (5)
December 2008 (6)
November 2008 (22)
October 2008 (27)
September 2008 (25)
August 2008 (34)
July 2008 (34)
June 2008 (32)
May 2008 (26)
April 2008 (15)
March 2008 (19)
February 2008 (31)
January 2008 (43)
December 2007 (33)
November 2007 (29)
October 2007 (29)
September 2007 (9)
August 2007 (19)
July 2007 (10)
June 2007 (17)
May 2007 (26)
April 2007 (38)
March 2007 (39)
February 2007 (13)
January 2007 (35)
December 2006 (35)
November 2006 (14)
October 2006 (6)
September 2006 (20)
August 2006 (24)
July 2006 (32)
June 2006 (17)
May 2006 (23)
April 2006 (16)
March 2006 (16)
February 2006 (26)
January 2006 (33)
December 2005 (17)
November 2005 (21)
October 2005 (18)
September 2005 (17)
August 2005 (5)
July 2005 (15)
June 2005 (20)
May 2005 (25)
April 2005 (7)
March 2005 (22)
February 2005 (20)
January 2005 (38)
December 2004 (6)
November 2004 (24)
October 2004 (16)
September 2004 (22)
August 2004 (12)
July 2004 (17)
June 2004 (15)
May 2004 (11)
April 2004 (35)
March 2004 (40)
February 2004 (29)
January 2004 (36)
December 2003 (20)
November 2003 (18)
October 2003 (10)
September 2003 (18)
August 2003 (10)
July 2003 (34)
June 2003 (12)
May 2003 (49)
April 2003 (42)
March 2003 (42)
February 2003 (15)
January 2003 (7)
December 2002 (17)
November 2002 (19)
October 2002 (24)
September 2002 (22)
August 2002 (20)
July 2002 (21)
June 2002 (14)
May 2002 (15)
April 2002 (11)
March 2002 (13)
February 2002 (20)
January 2002 (17)
December 2001 (16)
Even Older Journal
Travel Journals

CATEGORIES / TAGS
(25) (2) (1) (3) (1) (1) (1) (6) (2) (3) (11) (8) (3) (1) (1) (4) (2) (4) (2) (1) (6) (1) (1) (1) (6) (2) (1) (1) (1) (3) (1) (5) (1) (1) (23) (1) (1) (1) (1) (1) (14) (1) (10) (1) (1) (2) (1) (1) (1) (27) (6) (3) (2) (4) (4) (1) (1) (41) (11) (12) (4) (38) (1) (3) (2) (4) (1) (1) (1) (1) (2) (1) (1) (1) (1) (1) (10) (25) (8) (3) (2) (3) (2) (1) (5) (1) (1) (2) (1) (1) (14) (1) (5) (1) (1) (5) (43) (1) (1) (1) (3) (24) (1) (1) (1) (1) (5) (1) (4) (1) (1) (10) (1) (3) (1) (1) (1) (1) (6) (5) (1) (1) (1) (3) (1) (3) (1) (1) (1) (69) (4) (3) (7) (3) (1) (16) (6) (1) (29) (1) (7) (1) (4) (4) (4) (1) (1) (1) (1) (1) (1) (1) (10) (4) (4) (2) (1) (89) (14) (1) (2) (79) (2) (2) (1) (1) (1) (1) (1) (1) (3) (2) (3) (1) (1) (24) (3) (5) (4) (1) (2) (1)
MOST POPULAR
Most Popular Posts of All Time


Eric Cheng's RSS Journal Journal RSS
Eric Cheng's RSS Journal Comments RSS

proudly powered by wordpress
script exec time: 0.55s
i hate computers.