I actually started following my own advice a couple of years ago and started creating random passwords for each site that I use that requires a login. Yep, no more “Password123!” for me, it’s all random. But that poses another problem. How do I store these things in a way that is secure and readily available since I don’t have an eidedic memory?
Enter Apple’s Keychain! Hooray! I’m now able to store these things relatively securely and make them quickly available for me if I need to log in somewhere. In some cases, I memorize the passwords if I have to use them frequently, but in most cases, I just grab it from Keychain. Every time someone asks me to create a new account, I simply open Keychain, enter in some basic data, have it generate a password (and sometimes dumb that down for sites with stupid password restrictions), and I’m off to the races. One quick note, doing it this way caused a major limitation for me in migrating; more on that soon.
This has a major limitation though: I have more than one device that I access sites from which means I am constantly syncing up versions of my passwords. Ugh, what a mess. Furthering the problem, there is no iOS version of Keychain, so I have to find other ways to get passwords on to those devices for quick access. NOT ideal.
Research time! I started looking around for password managers that would seamlessly integrate with multiple devices. I wasn’t crazy about using a cloud service for syncing as my entire life was dependent on their security. I am sure that Box, DropBox, Google, and iCloud are all super secure, but I’d rather take that variable out of the picture. I found a dozen or so that looked decent, but one (rather expensive) tool started coming up time and time again: 1Password. They have a free trial you can get from their website, so I started playing around with it to see how it would work.
First step, import old passwords. And this is where things completely fell apart. There is no really easy way to get passwords out of Keychain. 1Password has a process that you can try, but it only works on Safari Web passwords. Meaning, if I had not been saving site passwords in Safari, I wouldn’t be able to import them. Part of the reason is that in order for 1Password to properly work, it needs to know more about the site than just a name and user/pass combo. It needs things like the login URL so that it knows when and where to match that password with its built-in browser plugins (which are pretty sweet). So I backed myself into a technological corner by not integrating with the web browser. Temporarily that is.
I’m pretty much sold on 1Password. It has the ability to sync over WiFi (only natively for iOS devices, but they list other methods including WiFi here) so I don’t have to rely on a cloud service, and my initial tests show that usability is fantastic. I’ll be able to get things converted over slowly, but as I use them. So my most popular sites will go very quickly, with the rest migrating over time as I enter them. I don’t mind supporting these guys, but really think Apple needs to consider this type of functionality (to the degree that 1Password does it) for Mountain Lion and iOS 6.
By the way, there are many other options out there. The guys at 1Password were absolutely fantastic to work with. It’s very rare that you can have a discussion down to the line of code in someone else’s Ruby import script with email support. I’ve made my choice, but how do you handle yours? Drop them in the comments below!
Possibly Related Posts:
- Ten Things Companies Get Wrong About CIAM
- Protect Yourself and Freeze Your Credit
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Introducing Where To Now