Yesterday I attended a meeting with other like-minded individuals and this merry band of people got to discussing password management. There are a lot of different (and all equally valid) ways of managing your passwords and as I listened to some of these people describe their solutions it struck me, again, just how good I really do have it. I have to admit that once I switched over to 1Password and integrated it with Dropbox I’ve been spoiled rotten. The solution is such a perfect match that I stopped thinking about password management altogether, freeing me to concentrate on other things.
Then I heard about some of the things that my work peers have elected to do. One of them manages it with a password-protected Excel Spreadsheet and then uses Sysinternal’s SDELETE program to securely delete the file after he’s done using it. I sat there, stunned as I followed his description of the procedure that he has to follow and grinning-on-the-inside as others around the table brought up a series of criticisms of his procedure and pointing out pitfalls and the like. I sat back marvelling at 1Password, how I didn’t have to worry about any of this, and I discovered in that moment a hidden value to 1Password that just reinforces the perception of value that product has for me – I don’t have to think about this stuff anymore! It saves me time, brainpower, and attention-span. Just for that I couldn’t imagine not having 1Password in my digital life.
All along this meeting I heard comments peppered throughout that all had to do with a paranoid fear of security loss by taking advantage of cloud services. This isn’t the first time I’ve come across this, it was the central axis that featured prominently in my Webmail Plus v. Google argument that I so spectacularly lost so many moons ago. People fear the cloud. They fear what these companies will do with the data once it’s entrusted to their care. This has always mystified me and left me speechless. Now, don’t get me wrong here, I’m not saying that it’s wise to simply put 50,000 Social Security Numbers in a plaintext file and send them right up to Dropbox, hell, I wouldn’t do that with Amazon S3 service or any other provider for that matter. But what I would do, and perhaps this is what boggles my mind, that people don’t already do this, is encrypt the data using AES. With the data in this format, even if the file security is compromised, without the password, what they have is just as good as noise.
This is where 1Password is great, the central database file is encrypted using AES, so I can put it up on Dropbox and then access it from every device I use that can reach the Dropbox service! This has saved me innumerable hours and a world full of worry. Even if one site is compromised I don’t have to worry because each site has its own unique 16 character random password assigned to it and managed through 1Password. I don’t even care if a site forces me to regularly change my password, because every new password will be a random 16 character entry from the password generator that is already in 1Password. I can’t express how much time, energy, and attention-span I’ve been able to save with using this product. When something like 1Password is built, and built well, I can’t help but rave about it. Everyone should be using this software, it would make everyone so much more secure.