With compromised websites and merchants becoming more and more common, people with bad password practices may find themselves significantly compromised if they, for example, use the same password across numerous websites including their financial institutions.
One of the best ways to protect oneself against password disclosures is by using a password manager. My favorite is 1Password from Agilebits. For Mac and iOS users, 1Password provides a secure lockbox and password manager that is fully integrated with the most popular Mac web browsers and seamless sync across via iCloud, Dropbox or local Wi-Fi sync.
By using the included password generator, 1Password users can create incredibly secure passwords that are distinct for each website they visit. For example, a user may create a nonsense password like JJFzXAD2w8ke for their Gmail account, while an account with their bank would have an entirely different password like A84JHLzMwofq.
The benefits to this are twofold: if a password database were compromised, it is highly unlikely that the hackers could decrypt such a complicated password. Most often, passwords will be run against a database of dictionary words to find people that use passwords of their pets' names or other common items. The second benefit, is that even if a password is reached at one website – perhaps with a phishing email — that compromised password would not affect any other sites. In addition, it is easily changed.
The idea behind 1Password is to allow users to have one relatively easy to remember password that unlocks a "vault" that contains all their other passwords and other secure information. The app can also store credit card details, or any other secured notes, making life considerably easier for users to manage their data securely. The app is smart enough to enter credit cards into fields on websites when making purchases, and it also notices when you are trying to enter a password on a website that may look like authentic one but is in fact trying to steal your login.
1Password authenticates its vault with AES-256 with encrypt-then-MAC and an openly published security design to encourage testing of the program from so-called white hat hackers.
On the Mac, 1Password is most readily accessed via a menulet or the command-\ keystroke. When on a website with login boxes, for example, a simple stroke of that keystroke will automatically enter stored username and password information. Once users are used to using 1Password, using it becomes easier and faster than the old way of typing login information manually.
On the iPhone and iPad, things are a little less convenient because of the way Apple prevents apps from talking to each other. Users can copy stored passwords from the 1Password app for use in other apps, or they can use a web browser built into 1Password for visiting secure websites. The benefits of using a password manager and unique passwords for each website far outweigh the minor inconvenience of actually using the password manager.
Given the amount of time that needs to be spent changing passwords and logins following a security breach, switching to a password manager like 1Password, is a great timesaver in the long run and I highly recommend using it.
1Password is available on the Mac App Store for $50, as a universal iPhone and iPad app for $18, and for Windows via AgileBits' website for $50. There are also multiuser family licenses available for Mac and Windows, as well as a Mac and Windows system bundle, both from AgileBits directly.
Jordan Golson is an Apple Columnist for TechRepublic. He also writes about technology and automobiles for WIRED and MacRumors. He has worked for Apple Retail twice and has been writing about technology since 2007.