The Only Internet Password Protection You Need
by
With “Twitter hacking” in the news recently, it’s a good time to reflect on a key question regarding our own computer security: How comfortable are you with your current Internet password protection strategy? Does it cause you undue stress to even think about how vulnerable you are to hackers who may steal your passwords and break into every aspect of your life?
Us too. Then we found 1Password.
.
The Dangers of Common Internet Password Storage Methods
Compiling all passwords in a single file
How many of the websites we visit require password protection? Technically speaking, probably somewhere between “a lot” and “a ton”. To increase security we’re instructed to use a different password for each login, which makes the task of remembering all of them virtually impossible.
As a result, many of us maintain huge Word files with all of the usernames and passwords listed for easy access – cleverly named something other than ‘passwords’ to fool any hackers or thieves. But what if we lost our computer or it was stolen from lab? How long would it take someone to do a search of your computer for files containing “Citibank” or “Wells Fargo” before they cracked our ingenious renaming code. Not long.
Relying on our browser to recall passwords
Realizing the mega-file is a bad idea, it’s tempting to rely on our browser to store and auto-fill our login information as needed. Afterall, it is convenient. Well, for Firefox users, finding those passwords is as simple as going to Preferences > Security > Saved Passwords. Bingo, there they are for the world to see. Someone could just walk past your desk while you’re setting up an experiment in another room and write down whatever they wanted- no hacking necessary.
.
The Risk of Logging In On a Public Network
Regardless of how we manage our passwords, jumping on public WiFi networks opens us up to “sniffing”. Unlike “phishing”, in which predators email unsuspecting victims to request their personal information (often masquerading as their bank or credit card company), sniffing is a process by which hackers can “sniff” out – or intercept – your wireless traffic when on an unsecured network, picking up your usernames and passwords as they’re transmitted. Goodbye bank account. Goodbye identity.
.
The Only Internet Password Protection You Need
Luckily, we’re not the only ones worried about Internet password protection. We were recently introduced to a software solution called 1Password that stores, manages, and transmits all passwords in an encrypted manner so whether logging in at home or at a café, your information will be safe. Beyond your computer, 1Password also syncs with your mobile devices to protect you on the go.
The 1Password interface. Easily manage your logins, accounts, wallet and much more.
.
1Password is a virtual safe that stores all of your information and is opened with a single master password that you simply remember in your head – no paper trail necessary. Here’s how it works:
- Enter usernames and passwords into the safe. They can also be imported from our browser in a matter of seconds. 1Password also handles credit card numbers, email accounts, software licenses, secure notes, websites and any other information you’d like to keep private. Once the information is entered, simply lock the safe by clicking an icon and you’re all set. Password protection complete.
- Delete stored passwords in browser. Now that we’ve setup the new system, it’s time to clear the passwords and stop the browser from remembering them. Stored passwords can usually be found in the Preferences > Security menu of your browser.
- Let 1Password safely login to your website for you. Should a password be required on any webpage, the 1Password toolbar will recognize it and prompt us to enter our master password.
- Enter master password to login. 1Password will automatically pull the correct login info from the safe and submit it for us.
- Sleep better at night. Finally.
.
Getting Started with 1Password Password Protection
1Password offers individual and family licenses for very reasonable prices. Academics can take advantage of a 20% discount by visiting their educational site. Check out their site for additional deals and products.
.
Full disclosure: I recently purchased a 1Password license and aside from helping others with password protection, we receive no financial benefit from any purchases made as a result of this article.
.
Looking for other software that can help further reduce your stress level? You’ll love the Wunderlist task management solution.
.
.
Biel_ze_Bubba
wrote on June 18, 2011 at 4:47 am
This sounds great, but you might not be the only one to enjoy the convenience of a single password:
If someone "sniffs" your master password, do they then have access to all of your accounts?
I'd avoid using such a service when on a public wifi network, especially those that are well-known and heavily-used (a certain coffee shop chain comes to mind…)
alan@benchfly
wrote on June 20, 2011 at 9:57 pm
Agreed that it's always safe to err on the side of caution. We reached out to the good folks who created 1Password to get their take on the security issues and here was their feedback:
The question of the security of a single password being used to access the rest of your data, making it the "keys to the kingdom" so to speak, is a valid question to raise. 1Password doesn't store your selected master password in a unencrypted form anywhere on your system, when you enter your master password we attempt to decrypt the encryption key generated when your data file is first created which is based on the master password using 1024 bits of random data as part of the generation sequence.
If someone where to get hold of your 1Password data file they would need to either know your master password, which is why we'd recommend a secure, unique password that isn't used anywhere else, or attempt to break the encryption your 1Password data which would take somewhere in the region of 149 trillion years.
We have a couple of documents about the security of 1Password and the corresponding data file here:
http://help.agilebits.com/1Password3/security.htm… http://help.agilebits.com/1Password3/cloud_storag…
The latter is particularly interesting for users who use the free Dropbox service to store their 1Password data.
Biel_ze_Bubba
wrote on June 21, 2011 at 4:24 am
If someone were to get hold of your 1Password data file they would need to either know your master password …
There's our answer.
Anyone who uses public WiFi should NOT be using 1Password, because logging onto ANY passworded web site, no matter how innocuous, involves broadcasting your master password across the room, out onto the street, and into nearby businesses. Now, let's fill the room with strangers, busily doing who-knows-what with their laptop computers. Are you nervous yet?
If you're determined to use a master password on public WiFi, and you dont' mind a bit of extra cost and inconvenience, you can get around this problem by using a VPN service. (Once you log in to a VPN service, your WiFi signals are encrypted; ideally decryption takes place in an "exit country" with strong privacy laws.) You must have complete trust in your VPN service provider, so choose carefully.
Google "VPN services", or start here: http://lifehacker.com/5759186/five-best-vpn-servi…