Today's Obsession: 1Password

At The Atlantic, Megan McCardle, resident business and economics editor, takes a look at something nobody really seems to talk about very much, but affects all of us: password policies. She accuses network administrators of being detached from the rest of the world in their policymaking, which I’d agree with. Rather than developing more fluid security management, the trend has moved exactly the opposite direction, where security has become more onerous for the user—the person who knows the least about security. She calls this a terrible cost and value proposition. Read the comments; they hold a lot of amusing anecdotes, personal experiences, and gripes from everyday (albeit, considering this is The Atlantic, probably intelligent) users.

I personally get around this by using 1Password, which kind of allays some of these problems—I let the application do all the heavy lifting for me. I’ve talked about it before, back in (!!) 2007, but it’s changed quite a bit since then.

1Password is, at its core, a password storage vault. It’s a self-standing application which holds your passwords, secure notes, credit card numbers, frequently-used identities, and software serials (and versioning, which i find absolutely invaluable—i don’t know how many times I’ve had to find a password for an old Mac OS 9 app) in a highly secured environment. More deeply, you can quickly use the application—via a strong password generator, which is accessible through a contextual menu whenever you’re presented with a form—to generate gibberish passwords which are then remembered and stored with almost no interaction from you. There’s also an iPhone app to keep your passwords close at hand, which I find myself using frequently.

1Password is available from $39.95 from Agile Web Solutions. There are two versions of the iPhone and iPad app downloadable from $9.99 from the App Store. Editions also available for Windows, of course.

3 thoughts on “Today's Obsession: 1Password

  1. Patric King Post author

    forgot to answer the second part of your question: passwords that are needed to boot. the application uses apple’s keychain format as well as its own proprietary (also faster, and less buggy) format. you could conceivably create either a second keychain for those specific passwords, or simply use the keychain format.

    (obviously i’m assuming you’re on a mac. i haven’t used this on windows.)

  2. David Cardillo

    ah, but does it generate, store, and still find a way to effectively use Active Directory logon passwords?

    I’ve got my own, easy to remember password scheme, which allows different, highly secure passwords at different web sites, for example, but is still easy for me to keep in the imperfect “vault” of my head. But then not only do I not have to change virtually any of these passwords – ever – I don’t need any of them to merely boot my system.

    How does it handle a password that I need to change every 60 days (yes, 60) that I need just to turn the computer on before apps like these have a chance to load?

    btw, I’ve railed against every IT infrastructure I’ve run across that insists users change their login passwords frequently. Because no one can keep track of a series of passwords that meet certain requirements for length and complexity, most people just write them down on sticky notes tacked to their monitors. It’s like taping the keys to your car to the windshield.