From time to time folks ask me about 1Password. I've been using it for quite some time so I decided put some notes and tips down for those who are new to 1Password or thinking about acquiring a password manager.
You can't have just one copy of the client.
When you purchase 1Password you might do so for one computer, but there's a question to consider. What happens if you are not on this computer?
After using it for a while you will note that a phone/tablet version will be really helpful. It happens that several times you will need another way to get your information. Here a couple examples:
- Reconfiguring a machine that doesn't have 1Password just yet.
- Log in into services from another computer (or your phone/tablet).
You might know about 1Password Anywhere which allows you to use a browser to see your data, but frankly in my experience I seldon had a use case for it, having a phone/tablet client is more useful for me.
Do not use Single Sign-On (Facebook/Github/Google or others) if possible
Several new services provide you a chance to use their own authentication system or others like Google/Facebook/Github/Twitter. If are into security you know that implementing your own security is usually a bad idea, on the other hand as a user, associating your accounts and concentrating to one is also not a good idea. Since if one get compromised all get compromised at the same time.
When using 1Password you can easily generate new passwords, having different ones is best. Having said that, it is your call to use or not authentication from other services. I prefer not to use them when it is possible.
Save software licenses into 1Password
1Password is capable to store lots of different types of information not just passwords. One of the most beneficial things I did is to start to save all my software licenses into 1Password. It saves you a considerable amount of time if you ever have to setup a new machine.
Some vendors send you a file instead of a code, you can just attach the file into your software license entry, way better than searching my email for some licenses.
Use it for secure information that is not for the internet
I do use 1Password to store information that is not for the Web. Bag lock codes, temporary codes, temporary pins, ids of support calls, you name it, if ought to be safe I add a note in 1Password.
My dog is called 'Hha+9rxD6;.9%8KqhkosNg'
Lots of services will allow you to provide answers to secure questions as a way to retrieve your password and/or account. Truth is, if someone is trying to hack your account chances are that they will first try to social engineer your information to answer such questions.
One thing you can do is just generate random responses for such questions and store them together with your password, making it impossible someone to guess the answers for your secure questions.
Do have a password managing system
Note that I didn't write 'password manager' but a managing system. Frankly you can store all your passwords in an encrypted file on you computer, but do use one. Breaks to services are now quite frequent, social engineering is been facilitaded by the amount of data we have around and changing 10 services passwords when one gets hacked is not productive. Are you tracking the news for breaks that happened to all services you have an account? Probably no.
It's a fact that there's so much you can do to protect yourself from people trying to have access to your information but having weak passwords, easily guessable information is not an option anymore. As you lock your front door without much thinking you should create this habit for your online presence too, at least to avoid being an easy target.