Considering Using Password Generator
I have never used the Password Generator for two reasons: I felt safer having passwords that I could store securely in code myself at home and I worried about what if 1Password lost my passwords or went out of business. I've rethought this and realize that almost no password approach that I am using or could use would be as secure or complex as the Password Generator. Currently, I try to use 10+ characters (I've been reading that that's not enough) with at least one capitalized letter, some numbers and symbols. Here are some questions:
What is the philosophy of someone who uses a lot of Password Generator passwords?
Is it if your passwords disappear for reasons that I've given above, you will simply go to your sites and claim a lost password and recreate new passwords with those websites?
Or do you make a copy of these complex passwords and store in in a secure place life your safe deposit box?
Do you typically only use the Password Generator for those few websites where you cannot afford a breach (bank, companies that have your credit card on file, etc.)?
I'd appreciate any opinions that you might have about a stronger approach than mine.
Comments
-
Hi @royofsf,
Thanks so much for the questions about Generated Passwords! it's great that you are thinking seriously about your passwords.
First of all, I just want to assure you that in the unlikely event that AgileBits (the company that makes 1Password) went out of business, you would not lose your data. You purchased software, and this software will not disappear. It would no longer receive updates, but it would continue to function just fine. And because we don't store your data here, there is no reason to worry that your data is dependent on us remaining in business.
Now, clearly, as an AgileBits employee, my philosophy is a bit biased here, but I'll do my best to answer your questions:
What is the philosophy of someone who uses a lot of Password Generator passwords?
I use Generated Passwords for two reasons:
I know that when a website is hacked, one of the most common tricks that attackers will use is inputting the same username/password combination on other sites. If I use unique and randomly generated passwords for each site, attackers won't gain any access to my information using this technique.
The Password Generator is just so much easier to use than thinking up long and secure passwords for every site that requires a Login these days.
Is it if your passwords disappear for reasons that I've given above, you will simply go to your sites and claim a lost password and recreate new passwords with those websites?
As I've mentioned above, 1Password going out of business wouldn't prevent you access to your data. Further, we've built backups into 1Password and offered several sync solutions so that you can further ensure that your data is safe and backed-up off-site (if you so prefer). There are cases where you may need to use that 'I've lost my password' option, but we do our best to ensure that this is a rare occurrence.
If you are concerned about such things though, printing your passwords and saving them in a secure place is a good back-up plan. :)
Do you typically only use the Password Generator for those few websites where you cannot afford a breach (bank, companies that have your credit card on file, etc.)?
I use a password generator for almost all my Logins, again, because I just find it simple. The exceptions are ones that I might need to type on a regular basis. Those exceptions include my iTunes account (when I want to purchase something from iTunes on my iPhone, it's much easier to simply type out my password than copying and pasting from 1Password). For passwords that I want to be able to remember (and easily type), I use Diceware. Our security expert discusses how to create Diceware passwords in this article: Towards Better Master Passwords.
I hope this helps to answer your questions, but we're here for you if you have any further concerns! :)
0