Recently some hackers got a hold of a list of usernames and passwords for a dating site. By itself, this wouldn’t have been too big of deal. However, many of the victims were using the same password on other sites. This gave the hackers access to many Facebook, MySpace, AIM and GMail accounts.
The hackers then did everything they could to embarrass the victims by posting things online. This ranged from making a minister look like he was having an affair to creating a panic that someone was going to commit suicide.
I’ve previously talked about how it is a good idea to use different passwords, if not for every site, at least for every type of site. (You don’t want to use the same password on a site run by some kid you don’t know as what you use on your banking accounts.) After this incident, I would recommend doing your best to create a unique password for every site you need to log into.
There are programs that help with this. I use 1Password because it keeps things very simple, works on multiple browsers and will automatically log in for you (once you supply the master password). I have over 300 passwords for various websites, so the money on the app is well worth it, for me. A free manual approach would be to use something like password chart.
Regardless of how you manage your passwords, make sure you aren’t betting your security on someone else to follow good security practices in the way they encrypt and store your password.
I use 1Password as well. Great product. Except for when I am using a computer that does not have 1Password. Eg. at my friends or famliy members home or at work (where Windows rules).
As for using different password for each site. That gets challenging after about 3 passwords. That’s why products like 1Password exists in the first place.
As a security analyst, I think all web sites should switch to use multi-factor authentication using tokens. A cell phone makes for an excellent token.
http://reviews.cnet.com/8301-19512_7-10208866-233.html
I’m a huge fan of 1Password It integrates so well with Safari (and other browser, but Safari’s integration is the best) and my days of remembering passwords is over. 1Password 3 is looking pretty sleek too.
@Khürt – Yes I wish 1Password had some type of integration with other operating systems. A cross platform firefox plugin would be ideal.
@David – I’m using 1Password 3 and it has some nice touches.
Thanks for including 1Password in your article, Mark, and thanks to everyone else for your kind words. Khürt, while our development focus is not currently on building a full-on cross-platform solution, 1Password will make your data more accessible on Windows, in the form of 1PasswordAnywhere:
http://www.switchersblog.com/2009/09/1password-3-feature-spotlight-1passwordanywhere.html
If you’re using 1Password 2.x right now, you can check out an early prototype of this feature by looking inside your 1Password.agilekeychain file (right-click > Show Package Contents) and opening 1Password.html in your web browser.
—
Gita Lal
AWS Customer Care
http://agile.ws/support
http://twitter.com/1Password
I’m sorry to hear you had your accounts hacked Mark. I used to rely on the same bad habit of reusing passwords too and it made it hard to sleep at night. It was one of the main reasons I wrote 1Password :)
Woops! I went up to copy Khürt’s name and accidentally clicked submit. Sorry about that.
Anyway, I wanted to answer Khürt’s question about accessing your 1Password data on other machines. In 1Password 3 we added a new feature called 1PasswordAnywhere and it’s main purpose is to address this concern. With 1PasswordAnywhere, you can upload your 1Password data file to an online service like DropBox, or take it with you on a USB-drive, and you can then access it using a modern web browser.
I don’t want to link here but you can find more details about 1PasswordAnywhere on our blog. Google for SwitchersBlog.
Cheers!
–Dave Teare
Co-author of 1Password
@Dave – Fortunately I didn’t have any of my passwords stolen. I just read about the people it happened to. I’ve been using 1Password for awhile now. :)
I read the post about 1PasswordAnywhere. It looks like a good way to make sure you have access to your passwords, but I guess I’ve been spoiled by the ease of not even needing to copy and paste. :)
Any chance for a Blackberry version and a cross platform Firefox plugin?
have you tried keepass password safe? there are several ports to linux, blackberry, iPhone, pocketPC… and works really good
http://keepass.info/download.html
We’ve been asked a lot about Blackberry support lately so I suspect someday we will cross this bridge. At the moment, however, Apple is keeping us very busy with the iPhone and OS X upgrades :)
A cross platform Firefox plugin is something we have considered, but more investigation is needed before we make any firm commitments.
Cheers!
–Dave Teare
Co-author of 1Password
We have a saying at work with our password security.
“A password is like you’re toothbrush, never lend it to anyone and change it every 6 months”.