I sometimes forget how many logins I maintain, and how many different sites I log into (or am still logged in on) on a daily basis. Some time ago I tried to make a list of all the different sites and apps that have data about me, and wrote down the addresses, usernames, and passwords I use on them. It was an astoundingly long list. I think the worst part was that on the majority of pages, I used 2-3 different passwords. I’ve become a victim of security fatigue. In this article I will show you how you can effectively be overcoming security fatigue and manage your passwords safely with 1Password.
What is Security Fatigue
Security fatigue refers to the feeling of being overwhelmed by the complexity, frequency, and effort required to maintain good security practices. As a result, people often take shortcuts or neglect certain security measures altogether, like reusing passwords across multiple sites or skipping the use of VPNs (which you should use), despite knowing the risks. This can lead to less secure behaviors simply because the effort to maintain security feels too demanding or inconvenient.
One of such security fatigue issues is re-using your passwords. Nowadays, it’s easy to find reports on leaked password databases, or social engineering techniques to trick people into giving away their credentials. So the probability is high that your email address and potentially your (hashed) passwords are part of that. Once one of your passwords is in the wild (possibly coupled to your email address, which you also use everywhere), hackers may have access to multiple logins already. There are tools to help reduce security fatigue though. In this article, I will discuss one of them: The popular password manager 1Password.
Introduction to Password Managers
Password managers emerged sometime in the 1990s and early 2000s. This was no coincidence, as the online world grew significantly more complex during that time. New online services came up and people had to manage an increasing number of password. One of the first password managers was Password Safe by Bruce Schneier in 1997, which already allowed to keep password in an encrypted container, guarded by a master password. Not much has changed in regard of that approach. Modern password management services usually also allow you to store an encrypted version of your local storage in the cloud to maintain backups and sync between devices.
Popular Features of Password Managers
Common features of these helpful tools include the storage of different kinds of credentials, and in some cases autofill of login data on websites. Most of them do this through a dedicated browser plugin. Various online services now also offer breach detection, where they regularly scan known database repositories of leaked and hacked credentials and match your stored login data to these. If a breach is detected, you are notified and advised to change the affected login credentials.
Most password managers can suggest passwords for newly created logins, too. The point of using a password manager in the first place is that you want to use sufficiently diverse and complex passwords to make breaches less likely. If you were to use the same password everywhere, using a password manager doesn’t add to your safety against hacking attacks at all.
Kinds of Password Managers: Some Examples
Password managers come in different flavors. There are paid, professional grade services that offer tooling and manage all password data for you. Then there are free and open source tools, catering to a more tech-involved audience. Popular free and open source tools include Padloc, Passbolt, and Keepass. Some examples of paid services are LastPass, Dashlane, and 1Password. The latter is what I will be focusing on in this article: Manage Your Passwords Safely with 1Password.
Introduction to the 1Password Password Manager
1Password is a well established password manager used by a large global audience. It offers a variety of convenience features and platform support. 1Password is available for Windows, mac OS, Linux, iOS, and Android. They also offer a client interface in the web browser, a command line interface, and browser extensions for various mainstream browser apps. Overcoming security fatigue with 1Password is easy – its convenience makes it almost transparent in daily interactions.
Its database model stores your passwords locally on your device, but also syncs them into your cloud account. The company claims that everything is safe, encrypted, and properly audited and explains why your data is safe in the cloud.
On their explanatory article about their security model, 1Password is touted to end-to-end encrypt data in transit and during storage (on-server and on-device, using AES-GCM-256 for encryption and PBKDF2-HMAC-SHA256 for key derivation). Let’s look at some of the major features 1Password offers.
Major Features in 1Password
As noted above, there are some features all major password managers offer. This includes proper end-to-end encryption, oftentimes auto locking the manager application, and suggesting new, secure passwords. 1Password has some unique selling points that make it worth a second look though:
- Watchtower vulnerabilities alerts: This service aims to inform you when a website has been hacked that you use. It doesn’t need to know which websites you use, as your local app installation gets regular updates of hacked websites and then locally checks which login data of these you have in store. Should one of your logins match a website on the list, you get a notification about it.
- Code signature validation: Before executing any client or extension code in your web browser, 1Password checks if the application it’s running in is a verified tool. This minimizes chances of your passwords being stolen by malicious browser software.
- Family plans: Oftentimes you want to share certain passwords with your loved ones (the WiFi password, the security number of your shared bank account, or the private safe combination). Other passwords you might not want to share, like your personal email password, or possibly your SSH private keys. 1Password allows you to share specific items with your family on the respective plan.
Another neat feature is that you can add all your authenticator one time passwords to 1Password:
You just scan the QR code you get from sites to set up one time passwords like you usually would. The 1Password app is then able to generate, and also autofill these OTPs (if you have the browser extension installed).
User Interface
1Password offers a sleek, streamlined interface. Its login screen is protecting your data from being accessed to get started with. Here you enter your master password to unlock the application (it will decrypt your database in-memory). This is Windows Hello compatible (you can tell from the little smiley face), so your biometric login methods (and your pin) work here if enabled.
The master key you choose during initial setup of 1Password is the single one element protecting your credentials in your local storage. Your cloud data is protected by an additional setup key that you need to enter when you set up 1Password on a new device and want to sync with the cloud service.
The main window offers easy to access sections:
On the left side, you get to access tags, favorites, and different “Vaults“. Vaults are basically folders for different password contexts. In the above, I created one for “Personal” with all individual information, and one for “Home” that you might want to share with household members. You can also attach tags to credentials, which you can use here to filter items. On the right side, there is a list of all items in the selected vault. Next to that, there is a view with the currently selected item.
Adding new Credential Items
When adding an item, 1Password comes with a variety of templates to help you set the right kind of data:
This makes it easy to find all the information you need at a glance. After setting up an item, the app helps you choose a password that is suitable for safety and for specific login requirements:
1Password will also tell you the quality of your password (from “Terrible” to “Excellent“, color coded from red to green).
Watchtower
As noted above, the password manager offers a “Watchtower” feature. This tool regularly checks for hacked websites. It then locally verifies whether any of your login data is attached to a lately hacked website. You will get a notification about that. Watchtower also gives you useful information about your password markup in general and calculates a security score:
This gives you an idea of how well you maintain good personal security practices. It also gives you convenient access to any items to fix. Increasing this score helps you staying safe in a world of leaked passwords.
Conclusion
Overall, the 1Password manager has a lot of very useful and well implemented features. I’ve been a satisfied user for many years. The app greatly helps me in maintaining my many different logins, private SSH keys, and identitiy documents. There are alternatives as noted above, but if you think about getting a (new) password manager, give 1Password a try. Their plans are priced very competetively, from just around $3 per month. Overcoming security fatigue with 1Password will definitely help you stay safer in an online world today. To make sure your online presence stays safe from direct threats, also consider switching to VPN!
If you have thoughts about this article or password managers in general, comment below to get the convesation started!