We often recommend using the password manager 1Password, but we’ve gotten a few questions asking why we’re so adamant about this. Lots of people think that all they need to do to keep their online accounts secure is create a single password with some numbers, often switching a lowercase L with a 1 and a capital E with a 3. And that’s for accounts people care about—for those that they don’t see as important, they’re likely to use a simple password like their child’s or pet’s name. Plus, most people don’t think they have much to protect or that they would be targeted by hackers, so they reuse the same password across multiple sites.
Guess what? Such an approach is extremely dangerous on today’s Internet. First off, no one is explicitly targeted. The bad guys get passwords by stealing them by the millions from Web sites with lax security. Then they use sophisticated hardware that can try over 350 billion passwords per second to decrypt as many of the stolen passwords as possible. All passwords under 13 characters can be cracked easily by such hardware.
Next, imagine you have a password on a shopping site whose passwords are stolen. The attackers can log in to that site, change your shipping address, and order items with your stored credit card. But they won’t stop there. They’ll use automated software to try that username and password combination on lots of other high-profile sites: Google, Apple, Amazon, eBay, Facebook, many banks, and so on. If they can get in anywhere, they’ll take over the account and exploit it in any way they can, which could involve stealing money, ordering goods, or using it to reset passwords and lock you out of other accounts. It can get ugly fast.
Use 1Password to generate, store, and enter strong passwords, one for each site, and you’ll never have any of these problems. A sufficiently strong password (16 characters minimum, but we recommend 20 when possible) will withstand cracking efforts for centuries, and if you have a different password for every site, even one password being compromised won’t expose any of your other accounts to abuse.
Here then are five reasons for using a password manager:
- Generate strong passwords: A password should be random, or it should be a long collection of words (think 30+ characters). 1Password can generate such passwords for you, so it’s easy to make a new one for each Web site.
- Store passwords securely: If you’re going to put all your eggs in one basket, you want that basket to be well protected. 1Password employs its own strong encryption and various other techniques to ensure that your passwords and other data are safe.
- Enter passwords for you: No one can remember and type long, random passwords, but having a password manager enter the password for you is even easier than typing a weak password. Log in faster than ever before!
- Audit existing accounts: 1Password checks the credentials you use for existing accounts, and they can tell you which passwords are weak and which have been reused.
- Access passwords on all your devices: It’s even harder to type passwords on an iPhone or iPad, but 1Password has apps for mobile devices that sync with your password vaults so all your passwords are available whenever you need them.
There are many different password managers, but we recommend 1Password. If you use only Safari on the Mac and in iOS, Apple’s built-in iCloud Keychain feature may be sufficient, but 1Password will have many more options and we feel it is also easier to use.
1Password costs $3 per month for an individual or $5 per month for a family, with team and business accounts as well. 1Password also offers add-ons for non-Apple browsers like Chrome and Firefox.
If you need help setting 1Password up, particularly in the context of a small business, get in touch with us. And if you’d like us to write more articles about security and privacy, just drop us a note and we’ll see what we can do.