Have You Ever Forgotten A Password?

Well, have you?

Like every­one else, I had a sys­tem. I had two pass­words (for my per­sonal stuff… more at work), and there were just a cou­ple of vari­a­tions on the theme to allow for site-specific require­ments (like sites that required a cap­i­tal let­ter in there, or some­thing). I had two pass­words — one for very secure infor­ma­tion (like bank accounts and email), the other for every­thing else (like social media sites).

Then, the Gawker secu­rity breach occurred com­pro­mis­ing my “every­thing else” pass­word. Fol­low­ing a mad dash to change pass­words every­where, I’m offi­cially over­whelmed. Since then I’ve clicked on “I’ve for­got­ten my pass­word” more than ever before com­bined! Can you feel me?

I’ve remem­ber to change some, but not all. Vari­a­tions on a theme mean that I have to check through as many as four pass­words on each site. And, more sites seem to enable log­ging in with a user­name or email, but not all will say which you’ve used. And, they won’t tell you if it’s your pass­word or user­name that’s incor­rect. Com­bine that with the logins via face­book or twit­ter cre­den­tials, and I’m ready to write my pas­words on a piece of paper and keep it in my wallet!

By the way, DON’T DO THAT. The secu­rity threat is real.

I’m not a secu­rity expert. But there are some sim­ple things you can do to keep your­self more secure.

For exam­ple, when log­ging into sites from pub­lic wifi net­works, always use the https pre­fix (not http). Since the Gawker breach, many sites have updated their login process to encrypt the con­nec­tion so your pass­words aren’t sent “in the clear” (so that any­one with a simple/free snif­fer look­ing at net­work traf­fic can see them).

Back to topic…

There is a class of soft­ware meant to help peo­ple securely track pass­words. Sim­ply put: they store/remember all your pass­words in a “pass­word vault”. Then, you just have to remem­ber your one pass­word to the pass­word vault.

Of course, it’s never that simple.

It’s got to be easy to use. It’s got to work the way you do.

In short, I’ve come up with three questions/requirements that I’m look­ing for:

  1. Has to sup­port Mac and the browsers I use: Chrome, Fire­fox & Safari.
  2. I want to be able to login from my com­puter, my iPad, or a stranger’s device (like at an inter­net café).
  3. Needs to eas­ily sup­port man­ag­ing mul­ti­ple accounts for the same site, for exam­ple Chase requires that I have two accounts, one for my busi­ness and one per­sonal and I need to remem­ber both sets of logins separately.

Pri­mar­ily though, it has to be seam­less and easy.

I’ve come across two com­pa­nies that peo­ple have recommended:

In short, both look like good solu­tions. 1Password is a lit­tle more pol­ished accord­ing to one friend who’s used both. I’ve found that Last­Pass has bet­ter online infor­ma­tion about the prod­uct (and it’s much eas­ier to find). 1Password says they’ve posted their videos on App­To­r­ial. Can’t find any­thing there! If this is a sign of how they think of usabil­ity, I’m scared of their product.

I finally man­aged to find a tuto­r­ial on how they work when you’re not at your own computer/device. I’d share the link but they don’t have sta­tic links to con­tent for shar­ing!!! You guessed it — strike 2! The solu­tion is a bit com­pli­cated, but well doc­u­mented. I think I could man­age with it, though it depends one other sacrifices.

And, 1Password doesn’t even have a list of browsers sup­ported. In fact, there’s no link to details prod­uct infor­ma­tion any­where other than their users guide (and if you click on the page about macs, links on that page take you to Win­dows prod­uct information).

The one thing I like about 1Password is that how they man­age mul­ti­ple iden­ti­ties for the same site is very obvi­ous in their tuto­r­ial videos, and I’m still not sure how Last­Pass does that.

Last­pass also has inte­gra­tion with a hard­ware key. While not orig­i­nally a require­ment, a secu­rity expert friend of mine con­sid­ers it such. And, since I’m look­ing to fully upgrade my approach to secu­rity, it’s a con­sid­er­a­tion. Last­Pass has a short video of how that works and why it’s important.

What it seems to come down to for now is how they work when not at your own com­puter, and how they work with mul­ti­ple iden­ti­ties for the same site.

1Password makes it really easy to man­age mul­ti­ple iden­ti­ties, but not to work from another com­puter. Last­Pass makes it easy to work from another com­puter, but not sure how they man­age iden­ti­ties yet.

Pric­ing. It’s $40 for a license to 1Password for the Mac, another $15 for the iOS devices (By the way, hate it when ven­dors don’t adver­tise their iOS prices on their web­site). Last­Pass has a free ver­sion, though it’s $1 a month for mobile use and other advanced fea­tures (includ­ing using the YubiKey). And, should I choose to do so, $25 for the YubiKey.