1Password is having a big week. The Windows version has arrived at version 1.0, and Google Chrome support has been added. In addition, there are a lot of new 1Password users this week, thanks to Agile's promotion that let users give away free licenses to friends. Not using 1Password yet? New customers can save 20% right now. You can also get a free copy of "Take Control of Passwords on Mac OS X" just by logging into Agile's Customer Center.
It seemed like a good time to share some of my favorite 1Password tips and hints.
First: Track your weak passwords. If you are like most people, you have a handful (hopefully more than one!) of passwords that you reuse at several different sites. 1Password can help by generating secure passwords for you, but at first, you might just want to tell 1Password to save your logins at all of the sites that you log into because you don't think you have time to change them all.
If so, create a Smart Folder to track weak passwords. A "Smart Folder" will act much like saved Spotlight searches in Finder, Smart Mailboxes in Mail or Smart Playlists in iTunes: define some criteria, and 1Password will show you all the entries that match.
For example, let's say that you use "billy1" as your password for a bunch of sites. Go to File » New Smart Folder, and tell 1Password to look for Passwords that contain "billy1," click the "Save" button and name the Smart Folder. When you are ready to start making secure passwords, use that folder to keep track of all of the websites where you used that same weak password.
More tips after the break...
Second: Want to know the easiest way to change your weak passwords to strong ones? Tell the websites that you forgot your password. Most of them will email you a link offering to reset your password. Use that link, and then use 1Password's Strong Password Generator to create a new password for that site. This is much easier than actually trying to figure out where each site has hidden their setting for changing your password.
Third: You'll be amazed how many sites have restrictions on password criteria, but they don't tell you until you've tried to make a password that didn't fit their criteria. Some require special characters beyond a-z/0-9, and some will only let you use a-z/0-9. Some won't allow you to create passwords beyond a certain length. It seems 20 characters is a common threshold, but some are 16 or less. At least one site would not let me set a password longer than 8 characters, and one required that the password was a 4 digit number. Here are the Strong Password Generator settings that I recommend:
- Length of 19 characters
- Under "Random" move the "Digits" slider to 5 and the "Symbols" slider to 5
- Check the box next to "Avoid ambiguous characters" (you may find that you need to manually type passwords at times, and it's a pain to have to guess if something is a "0" or an "O" etc)
Speaking of the Strong Password Generator, the "Where" field is usually, in my opinion, overly specific. This is where 1Password stores the URL for this username/password information, and by default, it will save the entire URL, but I always manually edit that field so that it includes only the domain name. Why? Because while you may be creating a password at http://twitter.com/settings/password, you will want to use that password on any page at http://twitter.com/ that offers a login field.
Fourth: There are some passwords that you may not want to be long and random. Some examples:
- iTunes: because you are going to have to enter that password on your iOS devices every time you buy or update apps
- Amazon.com: because you have to enter that whenever you want to see account information, even if you use the iOS devices
- MobileMe: The Find My iPhone app won't save your password, so any time you need to use it, you'll have to type it manually. Imagine that you're out with a friend and realize you've left your iPad somewhere. You could use her iPhone to locate your iPad using the Find My iPhone app, but only if you know your MobileMe password. Also, note that if you change your MobileMe password, you may have to resync all of your data, including your iDisk if you have it cached locally, on all of your computers and iOS devices.
- Dropbox: There are a bunch of iOS applications that sync or link to Dropbox, and just about every one of them will ask for you to enter your login information manually.
- Gmail or other webmail passwords: If you are at someone else's computer and want to check your email, it's nice to have a password you can remember.
Finally: Don't forget that, despite its name, 1Password stores more than passwords. You can also use it to store software registration information, autofill information, such as mailing addresses (you can define several, so you could have one for work and one for home, etc) and credit card information. It also allows you to make secure notes if you have other tidbits of information that you don't want floating around unencrypted on your hard drive.
As our friend Jim Dalrymple of The Loop recently discovered, once you "get" 1Password, it's a really great app. If you haven't checked it out, this is a good time to do so. 1Password is a big hit around the TUAW office as well.