15.3 – Implementing 1Password as your secure Password Magager-2015-02-28

Using complex passwords to prevent hackers from accessing your critical banking, brokerage or vendor accounts is of paramount importance. Yet, very few people do! The main reason is that they are difficult to remember and a pain in the next to enter manually if you don’t use an efficient and secure on-line Password Manager. This Blog will explain why I selected 1Password as my Password Manager and how to implement it.

Why do you need strong passwords?

Please read What 10 million passwords reveal about the people who choose them and you will realize how human beings are predictable. Most people will realize that many of the passwords they use are also used by many people and therefore are well known to hackers. Reading this article should convince you about the need for a product like 1Password.

What should a good Password Manager do for you:

  1. It should automatically fill-in the required Internet login info (Username & Password) when you want to access a secured web site.
  2. It should automatically fill-in the required form info when you have to fill-in personal info on an on-line form.
  3. It should offer templates and means to file diverse types of personal confidential info.
  4. It MUST file all this info securely using the most powerful encryption techniques and software available.
  5. It should file this critical info in a way that minimizes hackers’ access and potential attacks

Minimizing exposure to hackers

As I have said many times on this Web site, nothing is absolutely sure and secure in this world. Even, pirates’ treasures get found centuries after they have been buried in places where no one knew where they were hidden. On the other hand, this does not mean that nothing can be done to minimize your potential exposure. Here are the few criteria’s that I use to minimize my exposure:

1 – I do business mostly with large reputed companies that have resources and a lot to lose if their Web site was ever broken into. The reason is that such companies will invest massive resources to protect your info and that of all their clients. It is not a guaranty, but it is the best assurance you can get. Furthermore, such companies would also have the means to compensate you if they were found negligent. Such companies include, in my opinion: Microsoft, Apple, Google, Dropbox, AVG…

In the case of 1Password, it is a relatively small specialized one product company that has been around for many years without incident. Being basically a one product company, their existence would be seriously compromised if an incident exposing critical clients’ info was to happen to them. Sensitive to this exposure, 1Password has designed its product so that NONE of your personal info goes on their Web site. Your 1Password files are stored on your own computer or device in a secure encrypted format. This way, you have full control over your own critical info. This was also the case with eWalletGO that I was using before.

2 – In addition to making sure that your critical info is stored encrypted on your own computer, make sure that it is backed up encrypted and shared amongst all your devices via a large reputed Cloud service such as Dropbox. Personally, I try to avoid small Password Manager software companies that store your critical info on their servers. This is not to say that they don’t do their utmost to secure your info, but I personally feel that there is more exposure with this approach. This is a key reason why I chose 1Password. With 1Password, my critical info is stored encrypted locally on my computer and is stored encrypted on Dropbox, if I want to have it synchronized and available to all my devices.

Dropbox is one of the above mentioned market leader resourceful Cloud company that should provide a high level of security. Within Dropbox, your small file containing your encrypted critical info will be lost amongst trillions of other files stored on this general Cloud services provider. This, in my opinion, makes finding your own personal little file quite improbable, even if there was a break-in.

This is not the case with Password Managers that stores your critical info on their own servers that are dedicated to storing all of their clients’ password files. Such an approach makes me very uncomfortable and, in my opinion, would tend to attract hackers to such sites. This is why I am not interested in considering some popular Password Managers such as: LastPass, Keeper, and others.

NOTE: My recommendation regarding the Password Manager that I now recommend was updated in November 2015. Read article: 15.4–Implementing eWallet as your secure Password Magager-2015-11-05

From eWalletGO to 1Password

If you have read articles 15.1, 8.3, 11.6, 6.3, 12.3, and 12.1, you know by now that I have been using eWalletGO for several years. Why did I change?

  1. eWalletGO is an excellent low cost Password Storage App. It meets the above important criteria’s of storing my critical info encrypted locally on my computer with encrypted backup on Dropbox.
  2. The main eWalletGO drawback is that it does not fill-in your login info when you access a Web site. You have to enter it manually or copy & paste it from eWalletGO. Since, I have over 200 different passwords to protect this was becoming cumbersome.

NOTE: If you only have a few secured Web sites to access and you don’t mind entering the Web sites’ User Name and Password manually, then eWalletGO may suit your needs perfectly. Otherwise, you should consider 1Password.

Why 1Password?

  1. One and foremost for me: contrary to many other popular Password Managers, 1Password stores your critical password and personal info encrypted locally on your computer. If you choose to have this info synchronized and shared amongst all your devices (tablet, smartphone…) it will also store your critical info encrypted on Dropbox.
  2. This Canadian company is very candid and provides all the information about their product. This the first time that I see such disclosure and candor from a technology company. This shows that the company has nothing to hide which is very reassuring for me.
  3. They have very good product documentation and a product Blog site to help you learn their product and resolve issues.
  4. The product has been on the market for many years and they constantly improve it to maintain it up to date.
  5. They support various platforms: Mac, iPhone & iPad, Windows, Android.
  6. They integrate to various Web browsers with extensions: Explorer, Chrome, Firefox, Safari. 

1Password key features

  1. It supports various platforms:MaciOS, iPhone & iPad, Windows, and Android smartphones and tablets. This means that one product will suit the needs for most mixed technology environments. For example:
    1. you have a Windows PC and use an iPhone smartphone,
    2. you have a Windows PC and use an Android smartphone,
    3. you have a Windows PC, a Mac computer, and use an iPhone smartphone,
  2. It integrates to various Web browsers using extensions: Explorer, Chrome, Firefox, Safari.
  3. It encrypts all your info and securely stores it locally on your computer and makes it available and synchronized to all your other devices via Dropbox.
  4. It provides templates for the following info types:
    1. Login: to automatically fill-in your login info directly into login screens.
    2. Wallet: to fill-in credit card or PayPal info when requested.
    3. Accounts: to store your critical account info.
    4. Software: to store your software licenses info.
    5. Secure Notes: to securely store any info that you want to encrypt to protect it.
    6. Identities: to fill forms with your personal info such as: Name, address, date of birth,…
  5. It offers a Favorite folder for you to quickly access your high use records.
  6. It allows you to create custom Categories to classify for easy retrieval of all your critical confidential info.
  7. It shows the quality of all your stored passwords to highlight the ones that you should change to make them less vulnerable.
  8. It will also help you identify, under “View”, the weak passwords, the duplicate password to help you identify your vulnerable passwords.
  9. It will, on request, generate very strong passwords for you at the click of the mouse.

Nice to have features

  1. Wi-Fi Sync: if you do not want to store your info on Dropbox and want to keep it on your computer and other personal devices, you can manually use this feature to synchronize your 1Password info on all your devices.
  2. Download icons: this will add a company icon to each of your login records to make them more recognizable and attractive.

1Password is not FREE. The Windows license is U$49.99. Personally, I think it’s worth the price.

Master Password

Deciding on a Master Password – The MOST IMPORTANT step to securely protect your critical personal info

VERY IMPORTANT – The overall security of the info you store on 1Password relies entirely on your Master Password. This is the password that you enter to sign into 1Password. The reason it is of capital importance is that it is the unique encrypting key used by the 1Password software to uniquely encrypt your personal info inputted and used within 1Password.

The way encryption software works is that it uses your encryption key (your Master Password) to uniquely encode your information differently than it would encode information with another encryption key. This is the key to the secure encoding of your critical info so that it becomes impossible to read, unless your Master Password is used to de-encrypt it. Please understand this concept, it is critical.

Therefore, if this unique encryption key is powerful and very difficult to figure out, then your info will be secure. If someone, a hacker for example, can figure it out, by testing your or relative’s names, address, birth date, dog name and the like, then they can gain access to your info. If your Master Password is made up of random letters, numbers, and special characters, then it will become almost impossible for a hacker to figure it out and your info will be very secure. THIS IS WHY THE SELECTION OF YOUR MASTER PASSWORD IS IMPERATIVE. You MUST do this before installing and signing-up for 1Password.

VERY IMPORTANT: You must memorize your Master Password. You should remember that you will use it every day. On purpose, Agilebits.com does not have access to your Master Password and does not store it, for your own security. If you forget it, you will lose access to 1Password and all your personal info. So make sure to not forget it! This is paramount to ensure the security of your personal info!

To help you creating a strong password, you can read Creating a strong password.

Installing 1Password

  1. Go to the com Web site and download 1Password for Microsoft Windows or Apple MAC iOS. You can use it for one month FREE. The iOS and Android smartphone and tablet versions are FREE. You download them later from the Apple store or the Google Play store.
  2. Open the The first time you run 1Password Web page and follow the instruction.
  3. Then you will need to enter you Master Password that you have carefully selected to be strong and secure, as indicated above. This will activate your version of 1Password.
  4. The Internet Explorer 1Password extension is installed by default. If you use a different browser like Chrome, you must then install its browser extension. To do so, follow the instructions in Setting up browsers.

Implementing 1Password

Once 1Password is properly installed on your PC, you must fill-in your personal info and classify it properly. Here are some important suggestions:

  1. Before going further, please read: Get started!
  2. Try first to save a few login passwords. To do so, follow the instructions in Saving a Login.
  3. Test your first password logins. To do so, follow the instructions in Using a saved Login. If it does not work read Troubleshooting 1Password
  4. Before you go further, you should decide on a list of categories to properly file each record (each Login, each credit card, each bank account, each vendor web site, etc…).
    1. You must access the 1Password program to create and edit Categories.
    2. To access the 1Password program, click the 1Password browser extension (Keyhole icon – at the end of the browser Web address line), a window should open. Click “Open 1Password” and the 1Password program should pop-up.
    3. The 1Password program allows you to have main categories with more than one level of sub-categories.
    4. To input the categories and sub-categories into 1Password, highlight the upper category, the top category being “All” and click “+Add” at the bottom of the screen. A New Folder should appear. Right click on it to change its name and then ENTER.
    5. Build your entire category structure this way. If you make a mistake or want to change something you can delete a category by highlighting it and clicking “-Delete” at the bottom.
    6. Examples of Categories are: Autos, Banking, Brokers, Comp-Hardware, Comp-Software, Credit Cards, Identities, Logins, Medical, Phones, Suppliers, Travel …
  5. The first thing to do now is to categorize the logins you’ve entered. You should find then under the “Unassigned” category. Just click and hold on one, drag it where you want and release it. Do the same with all the “Unassigned”.
  6. Then, it is strongly suggested that you login into each of your Web sites and wait for 1Password to prompt you to save the login info for that Web site. If 1Password doesn’t prompt you to save that particular web site login info, enter it manually later.
  7. Once you have entered all your Web sites logins, you will need to go edit & complete each Web site info using the 1Password program.
  8. If a password is not strong enough, try changing that password. To do so, follow the instructions in Changing a saved password.
  9. Continue entering your personal info. To do so, follow the instructions in Adding an Identity and a Credit Card.
  10. Once in the program, click Logins in the right menu and the list of logins should appear.
  11. Double click on an item, then enter and/or edit to complete the info.
  12. You can then enter the rest of the info you want to store in a secure fashion. Read Using 1Password to do so.

Troubleshooting 1Password

Since 1Password is not integrated into the Web browsers, it has to provide its services through browser extensions. The computer and browser settings may influence the behavior of such a product and prevent it from doing its job. Therefore, you may encounter initial snags if your computer and browser settings are not as they should be to allow 1Password to function properly.

This happened to me when I initially tried to use 1Password after installing it. It would not fill-in the login info, as it was supposed to do, using the Ctrl+\. So I went on-line to access the 1Password 4 for Windows Knowledgebase  on the Agilebits.com Web site. I initially checked the Windows settings to ensure they were set properly. Then, under “The browser extensions” / “Ctrl+\ not working”:

  1. In the Windows Control Panel: click Network and Internet, then Internet Options.
  2. Choose the Advancedtab in Internet Properties.
  3. Scroll down. Under Browsing, make sure the Enable third-party browser extensions*option is enabled.
  4. Still, under Internet Properties, choose the Programs tab.
  5. Click Manage add-ons, then Enable AgileBits Inc. 1Password.
  6. After doing the above, re-tested the Ctrl+\ in 1Password to see if it is working properly.

If you encounter any other snags access and read the 1Password 4 for Windows Knowledgebase  documentation and you will most probably be able to resolve the issue. If not, email Agilebits.com support.

1Password on Android

If you have 1Password on Windows it is a lot easier to build your 1Password file by following the instructions above. Since this is what I did, I will refer you to the 1Password for Android User Manuel if you plan on inputting your password info on your Android device.

Using 1Password on Android

Once you have inputted and categorized your passwords into 1Password, whether on Windows or Android, and that you are using Dropbox to share these passwords amongst your different devices, here’s how to login into a Web site using 1Password on your Android devices:

  1. Open 1Password and unlock it with your Master Password.
  2. Navigate your Categories or Logins to find the Web site you want to sign on.
  3. Click to pick the site you want. Then,
  4. Click on the Web site login URL. 1Password should activate and log you into this Web site. It’s that simple!
  5. NOTE: sometimes 1Password will open the Web site login page and fill-in the Username & Password, you may have to click the enter button to login.

What I have found is that once 1Password is properly implemented on Windows, there is little to add, if any, for using it under Android. Also, since you generally access fewer secured Web sites on Android, it does limit your need to use 1Password on Android. This is why I did not feel the need to buy the Premium functions under Android. I can do all I need within the paid Windows version.

My experience to date

After completing my 1Password password file and using the product for a while, I can honestly say that I am pleased with the product. I admit that there is a learning curve that can be curtailed if you take the time to read the 1Password user manual which is not very long and is well written. If you then follow the advices above, you should be operational quite shortly. I hope this article has been valuable to you in implementing 1Password.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s