This weekend I read a linked post on The Brooks Review which really irritated me.
The linked post was about the popular 1Password tool.
Sure, I’ve heard of 1Password and KeePassX before.
Many of my friends and coworkers use these throw in of password managers.
Prior to this weekend, I had made a concious decision NOT to use this key in of software.
This master password is actually used to encrypt all of your password data using 128-bit keys.
My other security-related concern is the notion of storing the password database in Dropbox.
This is an optional step you might take which makes using 1Password across multiple devices significantly more convenient.
However, the tradeoff is that your passwords are now stored out in the cloud.
This is not always the safest approach.
If you decide to go this route, double-check you have a good, unique password for Dropbox!
The other issues I have with 1Password are mostly from an annoyance standpoint.
1Password encourages you to generate a unique (and very complicated) password for each website you visit.
This is one of the best aspects of a password manager.
The issue with this is that you will no longer have any idea what your passwords are.
A typical password will look something like this: HBcTH2}pbnx0cBItEaMO.
There’s no chance you are going to remember something like this.
The only problem is, this means changing your password on many, many websites.
when you’ve got migrated your website passwords over to 1Password, it is a brilliant tool.
It also provides good tools for organizing your sites into folders and tags.
Using these extensions, you could pretty much avoid copying and pasting your crazy password into login forms.
The extensions are capable of doing the heavy lifting for you.
For example, my credit card and banking websites would share my most secure password.
I’ve decided to continue using 1Password for the majority of my passwords.
There are some valid security concerns, but I think it comes down to balancing risk.
If this happened to one of my 1Password sites, this would be a non-issue.
It seems less likely that my machine will become physically compromised.
