5/11/11
11:20 am

MacMost Now 552: Why You Should Be Using 1Password

If you use a Mac to browse the Internet, you should be using 1Password. This third-party utility lets you create, save and use secure passwords on every site you log in to. You can also store bank information, notes and files inside 1Password's encrypted database. In addition, it will protect you from dangerous phishing attacks.

Video Transcript (Click to Expand)
Hi this is Gary with MacMost Now. On today's episode let me show you why you should be using 1Password. So 1Password is one of my must have Mac tools. It stores all of my online passwords in an encrypted file and allows me to use them as I go to those different websites. Let me give you the reasons why you really should have this. So once you've installed 1Password you have this 1Password button here, in other browsers you have similar things. And today I'm gonna sign into a website. I'm gonna use this sample Twitter account to sign into twitter, I'll enter my password, hit sign in, I want to tell Safari not to use auto fill here because I'm gonna use 1Password instead, and you see here I've signed in now and now it says do you want to save this twitter.com login in 1Password? So it automatically recognizes that I've entered something in that it doesn't know about and it asks if I want to save it, I don't have to actually go to 1Password and enter this in separately. I'm gonna save it as Twitter, and then want to sign back in I can go to the 1Password button, hit fill and submit Twitter, and you can see it automatically put in my user name and password in there and I've signed in. So the important thing that happened there is I was able to sign into Twitter without having to type in my user name and password because it was stored in 1Password in an encrypted file. I had previously entered in my 1Password password to give me access to all that data, so it doesn't ask me for that specific password. This allows me to create a secure password for Twitter, a different one for Facebook, a different one for any service that I sign up for online. Without 1Password I would have to retype all those passwords all the time, which means I'd probably want to keep them short and something I can remember, and perhaps reuse passwords across different accounts, which makes them all less secure. And say I want to do a new password, I can use 1Password for that as well. Use the Strong Password Generator here, and it will give me options for a strong password, I can even make it pronounceable if I wanted to, or change the number of random digits and symbols in there. Now 1Password is storing those securely in a file, an encrypted file, so unless you've entered your 1Password password to get into that, you can't get into it. Somebody else takes that file, they can't use it at all. The important thing here is that a lot of people store their passwords, so they remember them, say in a text file or some other file that's easily accessible if somebody were to steal or get access to your computer. 1Password takes care of that problem by encrypting that data. Now inside of 1Password you can see in addition to log-ins you've got a wallet and you can add something like a credit card or bank account to that wallet, and put all your credit card information in here. So it stores it in that encrypted file and allows you to enter in into a payment page on a website. The reason this is great is because you don't have to remember those credit card numbers or pull it out of your wallet. but also if a website asks you, would you like me to store your credit card number for future use you can say no thanks, knowing that you can easily enter it in again using 1Password instead of having them store it on their server, where it could be compromised. Now one of the most important things 1Password does is it protects you for phishing attacks. So for instance say you get an email for great bargains at a shopping site you go to all the time, click on the link, and it says oh enter in your password for this shopping site. Well 1Password will not let you enter in that password if it's the wrong site. For instance let's take Twitter for example. I'm here at Twitter.com on the log-in page, I go to 1Password and there's fill and submit Twitter. Now suppose I wasn't at Twitter.com. Suppose I was tricked by an email to go to Twitter.com/badhackersite.com. Now you can see how if I got this in an email and I glanced at my address bar I would see Twitter.com and think I'm at the right place. I'm in fact at this domain with this being the sub domain. So I'm being tricked into going to the wrong website. They may have even designed the site to look exactly like the shopping site I want to go to. But now if I were to click on 1Password it would not come up with anything because it doesn't have a stored password for badhackersite.com, so it prevents me from entering my Twitter password into a site that's not Twitter.com. I also like that in addition to credit cards, banking information, log-ins, other accounts, you can also enter in identities, so you can enter in your address and information like that so when you're asked to fill in a form and you don't want to enter all that stuff in again you can simply have 1Password fill it all in. Also important is Secure Notes so you enter data that doesn't have any other category for it to fit into, like for instance maybe the combination to a padlock or to a safe or which number security box you have at the bank. You can put that all there freeform notes. You can even attach small files and it will all be encrypted. Now 1Password isn't the only program that works like this.There are also other ones. Lastpass for instance is very popular as well. So I urge everyone to get better online security by using 1Password or a program like it. Till next time this is Gary with MacMost Now.

Comments: 34 Responses to “MacMost Now 552: Why You Should Be Using 1Password”

    Brian
    5/11/11 @ 6:47 pm

    I don’t care how safe something like 1Password may be, I just don’t feel safe. I’d rather just manually enter my information. Just feels more right…

      5/11/11 @ 6:52 pm

      So you have different strong passwords for all of your accounts, and you’ve memorized them all, and you have some other way of protecting against phishing? Unless you answered yes to all three, then you should be more concerned about your online account security.

        Carol Preston
        5/13/11 @ 11:17 am

        I am a new 1password user. I’d like to change my master PW to “unlock the vault.” I feel the one I chose isn’t long or complex enough. Is there a way to do that without starting over? You can email me if you prefer.

          5/13/11 @ 11:28 am

          Easy to do. Just run 1Password. Go into Preferences, then Security. Then press the Change Master Password button.

      Joe Debono
      5/11/11 @ 6:52 pm

      Mate, you obviously don’t have more than one or two logins, I have 449 at last count. Try remembering let alone manually entering a 16 character password!

      Mike Pictor
      5/12/11 @ 7:53 am

      Really?

      What’s safer, typing in manually a password that you’re capable of memorizing, which is probably used on more than one site, or using a complex, random password 10, 20, or more characters long, a combination of numbers, letters, and punctuation, and is different for every single website you are trying to access, all of which you can enter into the login page on your own computer (where the 1Password db is located) with 2 keystrokes.

      Kathleen Riley
      5/12/11 @ 9:13 pm

      Why do we go to so much trouble making secure passwords with a capital letter, a punctuation mark, and a number if one password will do the trick. Passwords are about more than just logging in. There’s a reason for the feeling we have.

    Anthony Burokas
    5/11/11 @ 9:16 pm

    We’re concerned that accounts can be hacked, and WordPress, the state of Texas, Sony Online and others HAVE been hacked. So why would I want to put ALL my secure information into one repository? Sure, I may have a lot of post-it notes, and it’s a hassle, but I don’t have to worry about 1Password getting hacked and me losing ALL the marbles.

    Looking at the demo here, it seems to my untrained eye that 1Password has hooks to gather my passwords from the secure database and provide them to the browser, a browser hack (say another innocuous plug-in, or an image buffer overload that was how the pwn-it-to-win-it winners won) could possibly access them as easily as if I had the browser itself secure them. The difference between the two methods wasn’t elaborated on here.

    Also, would I trust a small, stand-alone app with my credit card and identity info, instead of an online shopping site? Wouldn’t it make more sense that a large shopping site has a greater interest, and greater re$ources, to making sure that their system is secure, as opposed to a small stand alone app?

    I admit, it looks convenient. But that’s just causing me to raise my shields. If it looks too good to be true… it’s just my humble opinion.

      5/11/11 @ 9:36 pm

      But 1Password uses standard, proven encryption. And it is just on your hard drive. So someone would have to gain access to your computer first, then they would need your master password to decrypt the file.
      1Password doesn’t have your data. You do. That’s the difference.
      All of the “hooks” to gather your passwords and use them are through you. It doesn’t do it without your permission.
      Post-it notes? Even if no one ever gets those, the passwords would have to be simpler, I assume, so you can type them in without annoyance. Not 16-character passwords with letters, numbers and symbols generated randomly. As someone who has thought a lot about security, I can tell you that 1Password is a better way to go. And I know people that have thought a lot more about security than I have. And they use 1Password or a similar solution.

      Terrie Noll
      5/14/11 @ 10:47 am

      “Wouldn’t it make more sense that a large shopping site has a greater interest, and greater re$ources, to making sure that their system is secure, as opposed to a small stand alone app?”

      It would make more sense, but research has shown that many sites are in the dark ages concerning security. That’s why they get hacked for millions of credit card numbers etc.

      Terrie

    Fotis
    5/11/11 @ 11:20 pm

    What about Keychain access compared to 1p? Why not use this already-in-your-mac similar solution?

    Chris
    5/12/11 @ 12:11 am

    Thank you, Fotis. That was my question as well. Gary?

    Bob
    5/12/11 @ 12:30 pm

    What do you do when using a different computer?

      5/12/11 @ 12:41 pm

      You can get 1Password on both and sync between them using Dropbox. That’s a built-in function of 1Password.

    BJW
    5/12/11 @ 1:12 pm

    What’s the cost?

      5/12/11 @ 1:53 pm

      Check out their site for current prices.

    Phil
    5/12/11 @ 2:44 pm

    $60 dollars and another $14 to use it on your iOS devices? Doesn’t that sound rather excessive? Am I missing something?

      Nanci
      5/13/11 @ 5:10 am

      Their website states it is $39.99 not $60. That’s 10 cups of Lattes at Starbucks…how much is peace of mind worth?

    Softqual
    5/13/11 @ 7:40 am

    I wish the folks who develop this Mac product would figure out how to support importing from a Norton 360 Identity Safe backup file. Then I could move all my work to my Macs, but going to every site and copying the info manually from my Windows system to my Macs is just a huge amount of work. (And I need the Windows system and MSOffice for client work, so I cannot just bite the bullet once and stop using Windows.)

    Elidad
    5/14/11 @ 5:15 am

    1Password sounds all very well, but how do I get on when I access various WEB sites using 3 different vehicles, my Desktop PC, my Laptop PC and my i-Phone. All depending on where I am and what my circumstances are. Then of course, if my Passwords are all stored in one application and my Laptop goes down for some reason, when I am out and about, giving me cause to access a WEB site using someone else’s PC, then how do I get on for recall of a needed password?

      5/14/11 @ 8:30 am

      You can sync between machines using Dropbox. You can also sync with your iPhone using the app. Then, if you find yourself in that situation, you can look up the password on your iPhone.

    Dale
    5/14/11 @ 7:09 am

    I have been using 1password for 3 or 4 years it is by far the best solution for passwords it has saved me a lot of time and I feel so much safer than tring to remember passwords or reusing passwords. Gary touched on all the the uses I get out of it plus I don’t need to carrier all that info with me which has come in handy at times.

    Keep up the great work on MacMost Now.

    Dale from Denver

    Vini
    5/15/11 @ 11:22 am

    I’ve been using RoboForm for the past 4 years. It syncs among different computers and is compatible between windows and mac.
    Anyone else has used it? Any thoughts on this applications?
    Vini

    mustlovesubies
    5/15/11 @ 2:39 pm

    Since I am the only one using my laptop and I have a password to unlock it, do I realy need a master password for 1password?

      5/15/11 @ 3:13 pm

      Absolutely. You have to have a master password because the 1Password database needs to be encrypted. A key is needed for encryption, and that’s what your password is for. This makes your passwords secure even if someone gets your Mac and reads the raw contents of the drive.

        mustlovesubies
        5/15/11 @ 5:58 pm

        Thanks Gary and glad you are making MacMost Now on TiVo.

    Flo
    6/28/11 @ 2:59 pm

    So when I’ve moved all my passwords to 1P can I just remove them from the Mac OS X Keychain or do I just leave them there?
    I mean Mail uses the Keychain so could I just tell Mail to get the password from the agile keychain or do I have to use both utility apps?

      6/28/11 @ 3:03 pm

      Use both. 1Password works with Safari, not applications like Mail.

    Aaron
    1/30/12 @ 9:27 pm

    May I ask why you use 1Password instead of LastPass? I’ve been using LastPass & KeePassX for awhile now and been wondering why people use 1Password when LastPass is free? Thanks.

      1/30/12 @ 9:46 pm

      It is difficult to compare them because no one uses both, right? I use 1Password and it works great for me. You can compare the features if you like — I’m sure they are listed at the sites. But I can only recommend 1Password as it is the one I use.

    Larry Pollock
    8/9/12 @ 12:13 pm

    Super Gary. Just shared this with hundreds of my Affiliates. Hope they take it to heart and get this software. I can’t imagine life online without it.

    Mr Anthony Cotton
    10/18/12 @ 12:59 pm

    I have just started to use Google to save my passwords,and sign in to sites because i used to write them down in a book. The reason i done this was because when i came to sign into sites they said password,and username don`t match.This really annoys me,because i know the password is right,and then i have to go through the procedure of getting a new password. No problems with Google so far. The other problem is the letter L,and i, i got a key code and the first letter was I,and the second letter was l. How can you tell the difference Example- 6xTYIDAlT7EE first one is the letter i,and the second is L. This has got me baffled Gary.

    Mr Anthony Cotton
    10/18/12 @ 1:10 pm

    I have just looked very carefully at the letter`s i have typed out above,and i can see there is a slight difference to the letter`s I Ii l L I l sorry Gary i am just seeing if they looked like the same. Before i submit this post they look the same,but after i can see the capitol I is different. Gary

Comments Closed.