Second: Want to know the easiest way to change your weak passwords to strong ones? Tell the websites that you forgot your password. Most of them will email you a link offering to reset your password. Use that link, and then use 1Password's Strong Password Generator to create a new password for that site. This is much easier than actually trying to figure out where each site has hidden their setting for changing your password.
Third: You'll be amazed how many sites have restrictions on password criteria, but they don't tell you until you've tried to make a password that didn't fit their criteria. Some require special characters beyond a-z/0-9, and some will only let you use a-z/0-9. Some won't allow you to create passwords beyond a certain length. It seems 20 characters is a common threshold, but some are 16 or less. At least one site would not let me set a password longer than 8 characters, and one required that the password was a 4 digit number. Here are the Strong Password Generator settings that I recommend:
- Length of 19 characters
- Under "Random" move the "Digits" slider to 5 and the "Symbols" slider to 5
- Check the box next to "Avoid ambiguous characters" (you may find that you need to manually type passwords at times, and it's a pain to have to guess if something is a "0" or an "O" etc)
Speaking of the Strong Password Generator, the "Where" field is usually, in my opinion, overly specific. This is where 1Password stores the URL for this username/password information, and by default, it will save the entire URL, but I always manually edit that field so that it includes only the domain name. Why? Because while you may be creating a password at http://twitter.com/settings/password, you will want to use that password on any page at http://twitter.com/ that offers a login field.
Fourth: There are some passwords that you may not want to be long and random. Some examples:
- iTunes: because you are going to have to enter that password on your iOS devices every time you buy or update apps
- Amazon.com: because you have to enter that whenever you want to see account information, even if you use the iOS devices
- MobileMe: The Find My iPhone app won't save your password, so any time you need to use it, you'll have to type it manually. Imagine that you're out with a friend and realize you've left your iPad somewhere. You could use her iPhone to locate your iPad using the Find My iPhone app, but only if you know your MobileMe password. Also, note that if you change your MobileMe password, you may have to resync all of your data, including your iDisk if you have it cached locally, on all of your computers and iOS devices.
- Dropbox: There are a bunch of iOS applications that sync or link to Dropbox, and just about every one of them will ask for you to enter your login information manually.
- Gmail or other webmail passwords: If you are at someone else's computer and want to check your email, it's nice to have a password you can remember.
Finally: Don't forget that, despite its name, 1Password stores more than passwords. You can also use it to store software registration information, autofill information, such as mailing addresses (you can define several, so you could have one for work and one for home, etc) and credit card information. It also allows you to make secure notes if you have other tidbits of information that you don't want floating around unencrypted on your hard drive.
As our friend Jim Dalrymple of The Loop recently discovered, once you "get" 1Password, it's a really great app. If you haven't checked it out, this is a good time to do so. 1Password is a big hit around the TUAW office as well.