Heartbleed, 1Password and You

Heartbleed is a bug in OpenSSL. What this means to you is that if you’ve used HTTPS connections to access secure sites for online shopping and other activities, you might be affected.

News of this bug has spread like wildfire, and companies that have been impacted by it are doing their best to patch it. For now, it’s best to take a wait and see approach for announcements from these companies on whether or not they have addressed the issue.

Heartbleed (and other security breaches in the past) have taught me one important thing: passwords are kind of a big deal.

Picking a password to use has gotten much more involved than it has been at any earlier point in time.

Your password should be difficult to crack. So no dictionary words. No favorite pet names. No anniversary dates or kid’s names. Ideally, your password should include mixed cases, numbers, underscores, special characters and spaces and between 12 to 14 characters long.

The problem is: good, lengthy passwords are tough to remember.

The situation gets worse when you have to remember unique passwords for each site you visit. Therefore, most people don’t bother to do this. Instead, the average person will stick with one or two passwords that they use on multiple sites.

Not changing your password periodically (or worse yet, using the same password on multiple sites) can potentially lead to data compromise. It took Heartbleed for me to take password security seriously.

Like most people, I was lazy.

My passwords, I felt, were difficult to crack, yet easy for me to remember. So, like most people, I would alternate between two to four such passwords for many of the sites I visited. The problem with this approach is that potentially increases the likelihood of data breach. If my passwords were discovered by a malicious individual, each and every one of my online accounts could be easily compromised.

Two weeks ago I purchased agilebit’s 1password 4 (available for Mac, iOS, Android, and Windows), during their 50% off sale. Over the past two weeks I have been reacquainting myself with this program. In my experience, 1password version 3.x was buggy, and never quite worked the way it was supposed to – so I resisted upgrading when version 4 was released. I’m pleased to report that my experience with the latest version has been excellent so far.

There are plenty of thorough reviews and screenshots on this product, as it has been available for over a year.

For a visual sense of what 1password is, take a look at the following video:

With 1password (currently version 4.3.2), I was able to generate robust, unique passwords for each of the sites I visit. All I have to do is remember my master password – 1password remembers the rest for me. (Aside: use XKpasswd to come up with a simple to remember, but difficult to crack password.)

With the mobile app, I can take my passwords with me. Both my iOS devices and my Macs maintain the same master list of passwords thanks to Dropbox synching, so I always have the most up-to-date passwords wherever I go.

1password keeps its data in a fully encrypted file. It not only stores login credentials, but it also can be used to input secure notes, credit card information, licences, software serial numbers, and much, much more. In short, the best analogy I can give about 1password is that it serves as my digital encrypted wallet.

The desktop version of 1password includes browser extensions you can install for Safari, Firefox and Chrome. With the extension you can autofill username and password information in your browser of choice, after you have supplied your master password. 1password also installs in your menubar for quick and easy access.

The iOS version of 1password includes a built-in browser that you can use to auto-fill username and password fields. (Alas, the iOS version of 1password does NOT work with Safari – because of Apple’s restrictions.)

Both iOS and Mac versions are very easy to use and in my own testing, synching is flawless and fast between the devices. The best part about using 1password is that I now have strong passwords in place for all the major sites I visit – and I only have to remember one password.

1password’s support team is excellent. Even when I was cobbling along on version 3, their engineers worked with me to remedy the issues I was experiencing with that product.

1password for iOS retails for $17.99 (currently it’s available for $8.99) and Mac versions retail for $49.99 (currently on sale for $24.99 in the Mac App Store). I found both iOS and Mac versions to be well worth their retail price, and a steal at their sale prices. I’m very glad I upgraded.

If there’s any good thing that has come out of Heartbleed, it’s that I have finally embraced the use of 1password. I now have a robust password system that’s both secure and organized.

-Krishna

Related: For an excellent in-depth primer on using 1password (with a wealth of power user tips and tricks), be sure to listen to Mac Power Users Episode 173, featuring hosts David Sparks and Katie Floyd.

Krishna April 10, 2014 1password, Heartbleed, iOS, Mac, protection, security