For years I had been using similar passwords on sites that required registration. I had four sets of passwords:
- Unique strong passwords for financial related accounts.
- Common strong password for accounts I care about.
- Common simple password for general accounts.
- Short insecure password for accounts I could really care less for but had to create an account for.
The approach was slightly better than having single single (weak) password that most people used but was still by no means the best strategy. I decided it was time to review the passwords for my accounts and make things a little bit more secure.
I had picked up AgileBit’s 1Password for iOS earlier in the year during a sale and thought I would use it to manage my passwords properly. 1Password is a password manager to create and store strong passwords for your logins. The idea is that it generates and manages all the complex passwords for your accounts in a “vault”, and you access the “vault” with your own password (ideally strong and one you can remember).
In addition to making it easy to generate and store passwords, 1Password makes it easy to access your data with browser extensions (available for all the major browsers). When you arrive at a website login page you can simply click on the 1Password browser extension, you are prompted for your master password, 1Password automatically looks up your username and password for the given site according to the login URL and automatically fills in your data into the login form.
1Password keeps your data secured using AES-256 encryption. You have the option to store your vault locally, or on your choice of cloud service like DropBox or iCloud so that your vault can be synchronized across all your devices. If you are not comfortable with your vault being somewhere on the Internet you can manually sync your devices using wifi at home.
Unfortunately before iOS 8 I found 1Password to be clunky to use on iOS devices because you either had to copy and paste your passwords out of the 1Password app and into the browser or you had to access the web from the Password app browser control for it to fill in your passwords for you. iOS 8 now gives apps the ability to provide extensions which other apps can invoke to provide additional third party functionality. What this does for 1Password is give other apps, such as Safari, the ability to request login information without leaving the app when the user needs it.
In the case of Safari, pressing on the Action Sheet button brings up a number of options that you can perform against the current webpage. If the current webpage contains a login form you would login with 1Password by doing the following:
- Press on the Action Sheet button
- Select the 1Password option
- Authenticate with your master password (or Touch ID if you have an iPhone 5S/6/6 Plus or iPad Air 2)
- Select the appropriate login which would then tell 1Password to automatically fill in the login form.
While this was four steps, it certainly beats typing in your username or email and 16 character or longer strong password. The integration with Touch ID is so well done it can almost be considered magical.
With stories of websites getting hacked becoming more and more regular there is no better time than now to ensure that the passwords you use for each site is unique and strong to mitigate the risks of being online.