Your account has been hacked.
That unfortunate news makes its way to my inbox on a near-weekly basis.
Most recently Kickstarter’s databases were infiltrated and usernames, emails and passwords were lifted.
I normally respond with a sigh and quickly swap my password. It’s frustrating that digital theft is a daily reality, but for many (perhaps most) people, one stolen password from a website you rarely use means bad guys probably have access to your email inbox, Facebook, Twitter and maybe even your banking passwords because you use the same password on every site.
Tisk tisk.
I was in the same boat. I had a few main passwords I used for everything, and if I wanted to make it super secure I’d toss a few capital letters into my normal string of letters and numbers.
Trying to pilfer my info wasn’t quite like trying to ravage through Gringotts.
We live in an increasingly complex world. Everything has a password (and for the developers who are masochists, we have a username that isn’t just our email). I’ve heard countless comments about passwords in recent weeks:
“I have to change my password every 90 days and it can’t be one of my last 4 passwords used. I can’t come up with any more passwords that I can remember.”
“I just use the same password for everything.”
“My mom has a word document with her passwords in it on her desktop.”
The ultimate goal of passwords is to strike a balance between security and convenience. Simple passwords mean effortless access to your account (for you and for hackers.) Complex logins brings increased protection but a mini-stroke every time you try to rack your brain for your password.
So how do you balance a secure password, a memorable login and multiply it over 100+ websites (between apps, utility bills, financial logins, social networks, etc.) without going to a Montessori school?
A password manager. Specifically, 1Password.
How Password Managers Work
If I had to pick one piece of software that the average Internet-connected human needs more than anything else and probably doesn’t know exists (including me, until recently), I’d put my money on a password manager.
Password managers store your login information (usernames and passwords) in a secure program that can be accessed by a single password (i.e. 1Password) that you commit to memory.
Here’s how it works.
You dream up the most complex password that you can remember utilizing letters (mixed case), numbers and symbols. Make that your master password (one password to rule them all). That password gives you access to your whole list of logins and passwords for every site and app you use, hidden inside your digitally encrypted safety deposit box.
Security, convenient access (but not too easy) and just one thing to remember.
What the Best Password Managers Do
Unlike humans, not all password managers are created equal. My personal preference is 1Password, because it crushes this must have list with unique features and unparalleled convenience.
1. Save your logins automatically
The hardest part of using a password manager is getting started. You have to go through every website and app you use and save your information into the manager.
Here’s what’s awesome about 1Password. If you already have your login information saved into your browser, you can have 1Password save that information for you once you visit the site. Start by going through your top 10 – 20 most visited sites to start and save that information into 1Password.
2. Utilize shortcuts for plopping in passwords
What makes 1Password different than a simple list in a Word document? First, it’s about 8,000x more secure. And second, once you’ve logged in to your password manager, you should be able to browse the internet and use a simple keystroke to fill in login information on websites. It saves you time, brain capacity and increases your security like swapping your body guard from Clay Aiken to the Rock.
In 1Password on your desktop, you just use command + \ on the website you want to login on, and your username and password is plugged in and submitted for you. Viola!
3. Generate secure passwords for you
This is step two of the password management process.
First, get all of your passwords saved to 1Password. Then, update those passwords from things like monkey123 to something more secure and ridiculous like ^54jRs)&fjdlf;a573D*.
That password is impossible to remember. And that’s the beauty of it–you don’t have to remember it! Let 1Password use its giant brian on your behalf. Again, start with your most used (and most important) logins–like your email, bank and key social network accounts.
4. Grant access anywhere
If 1Password was only on my laptop, that’d be a major hassle for me when I want to login to something from my phone or on a friend’s device. But with the iPhone and iPad app, I have my passwords wherever I go. 1Password mobile also has a built in browser you can use instead of Safari, and then you are just one click away from putting in your password on each website you visit.
5. Ignore websites that hate on password managers.
Apple recently integrated password generation and storage into OS X and iOS. Unfortunately, websites have the option to block Apple’s system from storing passwords. Wah wahhhhhh.
Fortunately for us, 1Password is a rebel and won’t listen to the Man, so you can save passwords for any and every website without so much as a dirty look.
6. Analyze your security
1Password has a great feature on the desktop app called Security Audit. It shows you all the websites where you use the same password so you can go through and systematically change and update your passwords to something more secure. Glorious analysis!
7. Back up your passwords.
If I lost my 1Password database, I’d be like an arachnophobe in an unfinished basement–uncomfortable to say the least. Fortunately, 1Password backs everything up to Dropbox automatically so I never have to worry about that fear becoming a reality.
8. Customize how your passwords are created.
Different websites have different restrictions on the types of passwords you’re allowed to use. Must have a special character. No special characters. 3 capital letters. At least 2 numbers. 1Password has a password recipe that you can change and tweak to your hearts content. And if you want to memorize a password, they have the “make it pronounceable option” which makes that possible.
But It’s So Expensive!
I haven’t used all the solutions, but in the tech community 1Password comes well-recommended. It’s also the most expensive. Some password managers are free, but they lack the majority of the features mentioned above.
You need to ask yourself: how much am I willing to pay to avoid the frustration of a stolen identity, hacked bank account, or spammed social network? How much am I willing to pay for security and convenience spun into a beautifully woven tapestry?
Also, 1Password is discounted almost every other month, so if you can continue to ride the wave of password danger for a little longer, there’s a good chance a discount could come within the next month or so. I recommend using the website and app called App Shopper to follow 1Password and have alerts sent to you when it goes on sale and then swoop in to snatch that glorious beast as soon as you can.
Buy a desktop copy of 1Password for Mac or Windows (I recommend the App Store version on the Mac so you can use iCloud syncing and/or Dropbox) or the iOS version (which is a universal app, meaning the iPad and iPhone versions are bundled together). Normally the desktop version is around $50 (I got mine on sale for $20 last summer) and the iOS version is $18 (I got it for $8).
Do you really only know one password?
Almost. I memorized my Apple ID password (because I download a lot of apps) and I should have my Dropbox password and email password memorized in case I get locked out of my 1Password account for some reason. That way I can access the database or reset any other passwords I need to via my email. So in reality for me, 1Password is more like four passwords (that I let 1Password generate). I also share all of my logins with Niki so she has access to them as well, and the likelihood of every single one of our devices getting destroyed or stolen at the same time are slim to say the least.