Updating Bad Passwords With 1Password
Today I decided to finally tackle some of these entries in my 1password Watchtower.
I'm sure you know what 1password is. It is a password managing app. One of those that will generate insanely long passwords (50-100 char) for any site you want and save them for you, along with 2fa passwords and passcodes. There is a nice extension for every browser (even Safari) that will pop up and fill in all the passwords for you (even the 2fa) as soon as you visit a site, making the entire process painless.
It also stores IDs, credit cards, secure notes, and many more. It's all around a great digital safe app. It was probably the very first successful password manager app. I bought the very first version of the app 15 or so years ago and now am an annual subscriber and I couldn't be happier. Hearing that number, you might imagine I have a lot of cruft in my 1password database. We'll get to that.
The Watchtower is a section of the app where they alert the user to things that need to be looked at. If there was a major hack reported in the news, for instance, the Watchtower will alert us to change our password at that site. The Watchtower also has alerts for weak passwords, repeated passwords, sites that offer 2fa that we aren't using yet, and sites that offer passcodes that we aren't using yet.
The 1password team updates the watchtower daily so at least the security alert section of it is constantly increasing (which always reminds me how absolutely terrible security is at almost all websites).
Anyway, with some 15+ years of passwords crammed in this app, you might imagine my watchtower is just overflowing with things I need to address. I do always address the hacks & security alerts instantly, going and changing my passwords as soon as the alerts come up, but the things like repeated or weak passwords and sites offering 2fa and passcodes I tend to skip. This past Halloween I resolved to start going through the list and updating everything, doing just a few per night.
Now today, things are much improved!
Those 6 vulnerable passwords are unfortunately at Japanese sites that don't allow us to have a long password (all are 4-6 chars), don't allow us to choose the password (I was assigned strings of numbers for each one), and don't even allow me to change my password. If you think the Western internet is lax on security, you don't want to look at the Japanese internet.... Luckily that is changing, but not fast enough.
You can see I still have some way to go, but I'm getting there! I feel like those Reused passwords and Weak passwords are the major ones. Unsecured websites are ones that are saved in 1password as http:// instead of https://, but since I don't use 1password as a bookmark loader, I don't think this is an issue (besides, every major browser now automatically upgrades sites to https if they support it), and while 2fa and passcodes are certainly good to use, I feel like I can take more time getting to those.
Maybe I'll be finished by the end of Jan? Well, as finished as possible.
Anyway, if you don't have a password manager, I fully recommend one. Trying to remember passwords is a fools errand—even if you can create and memorize a great 20+ char password, can you do that for every single website you use? Do yourself a favor and get a password manager. I recommend 1password, of course, but any is better than none. Apple even has one built in these days if you use a Mac. I still use 1password because I think it offers enough features over the native Apple option to justify the cost.
Anyway, get one!
❦
 |
David is an American photographer and translator lost in Japan, trying to capture the beauty of this country one photo at a time and searching for the perfect haiku. He blogs here and at laspina.org. Write him on Twitter or Mastodon. |
Sounds great, a reliable tool for storing passwords, but doesn’t the fact that all passwords are stored in one place make it easier to hack? I mean, hypothetically, if someone hacks this app, they would gain access to all the sites, right?
Yeah, if that happened it would of course be a disaster. The 1password team has many posts on their website looking into details that are frankly over my head that prove how unlikely that is to happen. Since this is the company's only product, they make quite the effort into making it the best possible.
Here is their site if you want to explore.
I started paying for Bitwarden a while ago after using LastPass for a while. I've been really happy with it. I can't imagine trying to keep all my passwords straight these days!
No kidding. It's going to get even worse I think as sites start to update protection against theoretical quantum computing. How long will passwords have to be in that case? We definitely need an app to remember it all for us.
Always a smart move to keep those passwords strong. Too bad some of those Japanese companies haven't updated to allow stronger passwords yet. Hopefully they'll get up to date in the future. I probably should go through my passwords again too, thanks for the reminder!