1Password has been a part of my cybersecurity armoury for many years. Like Todoist, it is one service I have no qualms about paying for year after year. Password managers have always been a must-have, not least because of my memory and my wife saying I’d forget my balls if they were not in a sac. Seriously, I started off with LastPass back in the dim and distant past but that because flakey and I looked at Dashlane but it seemed too aggressive and in your face. Having tried 1Password for a trial 14 days, out came the debit card and I was off.
The whole point of a password manager is security, and 1Password has it by the bucketload. It all starts by generating a secret key which is 34 letters and numbers, separated by dashes. Because you need to memorize your Master Password, it can only be so strong – about 40 bits of entropy on average. Your Secret Key doesn’t need to be memorized, so it can be much stronger. It has 128 bits of entropy, making it infeasible to guess no matter how much money or computing power an attacker has available.
A 1Password account is protected by multiple layers of security. The Master Password and Secret Key encrypt data end-to-end, and Secure Remote Password (SRP) prevents anyone from stealing your credentials or reading any non-secret information sent to the server.
When you sign in to your 1Password account, your information is protected by Transport Layer Security (TLS). With SRP, an additional session encryption key protects your information even if someone manages to decrypt TLS. This includes non-secrets like your name and email address.
The encryption key is different for each session, so an attacker who records one authentication session won’t be able to play that back in an attempt to authenticate. Pretty bombproof, I would say.
When creating a site link you have the option of allowing 1Pasword to create a complex one for you or creating your own which is stored in the service’s “card” that you create. These data packages are stored in vaults and you can have as many as you like such as personal, work, social club, financial, etc.
As the name suggests, the service was created for creating and storing passwords, but there is much more to it than that. You can have details stored for bank accounts, credit cards, driving licences, passports and even secure notes where you may want to store information that doesn’t fall into a particular category. One of the plus points is that 1Password allows you to create your own data card according to what information you want to store. So if for a site login you are given the usual username and password, you can create extra fields to store other information such as dates subscriptions are due, addresses, emails, birthdays etc. It is that flexible.
1Password has browser extensions that simply logging into sites. Arrive at one that needs a username and password, 1Password recognises the associated URL and auto-fills the necessary fields for access.
The service caters for pretty much every OS out there including Mac, IoS, Windows, Android, Linux and ChromeOS.