First impressions of 1Password

After several years using the same password-manager service–and then paying for its premium version–I’ve spent the last few weeks trying an alternative.

I can credit a sales pitch that included the italicized phrase “completely free” for this departure: 1Password’s offer of a free membership to journalists, in celebration of World Press Freedom Day this May 3. But I was also overdue to spend some time in a password manager besides LastPass.

So far, I’m impressed by the elegance of the interface but a little put off by how persnickety 1Password can be to set up. You don’t just create a username and password, you also have to type in a complex and random secret key to get going.

Having read this Toronto-based firm’s documentation of how this extra step helps ensure that a successful guess of your password still won’t compromise your account, I get where they’re coming from. But I’m not sure I’d recommend it to just anybody, especially not when LastPass’s free version suffices for many casual users.

Further time with 1Password’s Mac, Windows and Android apps has revealed other things I like:

This time has also surfaced one thing I don’t like: an incomplete approach to two-step verification that seems to require choosing between running an authenticator app on your smartphone or employing a weird Yubikey implementation that requires running a separate app instead of just plugging a standard USB security key. That’s no better than LastPass’s inflexible notion of two-step verification.

I’d like to see 1Password improve that and support the WebAuthn standard for security-key confirmation. But I’m prepared to give them some time, based on everything else I’ve seen so far.

Advertisements

Weekly output: Chris Vickery, post-phishing advice, hyperloop competition

It was a back-to-work week after the previous week’s time off. In addition to what you see here, I filed a USA Today column that should go up tomorrow morning and a thousand-word feature that won’t run for a few more weeks.

8/15/2017: How companies leave your data online without your knowledge, Yahoo Finance

This post was the product of my one work appointment while on vacation in the Bay Area, a conversation with data-breach detective Chris Vickery.

8/17/2017: These college students are vying to build Elon Musk’s hyperloop, Yahoo Finance

I drove up to College Park Tuesday morning to see the test hyperloop pod that this UMD team is taking to a SpaceX-hosted hyperloop competition at the end of this month, then used part of my resulting writeup to discuss the overall feasibility of the hyperloop concept for transporting people. In the process, I got to employ a quote that I’ve had sitting in Evernote since last November.

8/18/2017: You got phished. Now what?, USA Today

This ran about a week after I filed it, thanks to my original e-mail not being addressed to the right editor and the right editor a) missing my re-send of that e-mail and b) being really busy. Fortunately, phishing and e-mail security in general are both evergreen topics, so this summary of the advice I gave to a friend’s dad was at no real risk of getting scooped.

 

Weekly output: LastPass, wireless bridges

At the start of this week, I had different topics in mind for each of these two columns, and then things happened. I also made a quick run up to New York Thursday for a few tech events, then wrapped up the visit with a pilgrimage to the top of One World Trade Center. I’ll repeat the D.C.-NYC trip tomorrow but will stick around longer–CE Week runs Tuesday through Thursday.

6/16/2015: My Password-Manager Service Got Hacked. Things Could Be Much Worse., Yahoo Tech

I had filed a different column by the time my editor and I separately decided: Hey, this news about a password-manager service’s security breach is column-worthy. After this piece went up, LastPass updated its original blog post with a clearer explanation that’s worth reading.

USA Today wireless-bridge post6/21/2015: Wonky Wi-Fi on one device? Take it to the bridge, USA Today

In this case, I hadn’t filed anything–I couldn’t, because I was waiting for an answer to a reasonably simple technical query from a company that had already exhibited… let’s say, a slow PR metabolism. Fortunately, a reader had e-mailed a question that I could answer without needing any spokespeople to chime in first. It didn’t hurt that the headline came to mind almost instantly.