Best practices
can some of you share your best practices for handling emails and passwords?
Im trying to figure out the best way to go, but always I end up with more questions.
for example, should I use my icloud account for email only, and use my gmail account for all the other services like dropbox, evernote, twitter, etc.
I have an @me.com email account, wich is also my apple ID. I was thinking that I should not use that one for dropbox or anything else because if someone gets into my dropbox they will know my apple ID.
Also I wanted to activate 2 step verification for dropbox, but then I thought, what if my phone gets stolen, I wont be able to access dropbox wich means I wont be able to recover my 1Password data, wich means I wont have my Apple ID password to activate a new iphone.
God, once you start looking into this security stuff, it gets more and more complicated.
Comments
-
I am so glad you are thinking strongly about the security of your data - thats what we like to see! You're right, security stuff can be a bit overwhelming! After working here for a year, I'm still learning new stuff every day. The important thing to do here is to take things slowly. We've got a ton of great security resources available if you'd like to read up on 1Password's security:
- Cloud data security
- Our data format's design
- Our blog has many more articles that go into the nitty gritty math behind what makes 1Password so secure.
Also I wanted to activate 2 step verification for dropbox, but then I thought, what if my phone gets stolen, I wont be able to access dropbox wich means I wont be able to recover my 1Password data, wich means I wont have my Apple ID password to activate a new iPhone.
There are two things to consider here. Regarding 2-step verification, our security guru has some thoughts on the matter which I'll highlight here:
…two factor authentication systems are designed, in part, to address the password problem. The password problem is that because most people reuse passwords from one site to another and their passwords are weak, passwords are easily compromised. With what we know about how most people use passwords, those passwords don’t provide very reliable authentication.
1Password is designed to solve the password problem by making it easy for people to have strong, unique passwords. So what we have is a different way of solving the same fundamental problem. If you use 1Password and our Strong Password Generator, then there is little added security gain by using two factor authentication.
Beyond that, if you are concerned about a situation like this where you might need direct access to your 1Password data in Dropbox without having your own computers and devices, it might be a good idea to remember a bit more than just one password. 1PasswordAnywhere is a service available to users who store their data in Dropbox. You can access your data directly from the Dropbox website, but this does require, of course, that you know your Dropbox password. In addition to this password, I have memorized my iCloud password as well, because Apple seems to request it often, and it's just simpler to type it in rather than going to 1Password and copying and pasting. For these passwords that I might need to remember and type on a regular basis, I use Diceware. It is explained wonderfully in this article: Towards Better Master Passwords, but the short version is this - you can randomly select 4 or 5 words (using dice and a word list) to create a password that is secure, and easy to remember and type.
I hope this helps, but we're always here if you have more questions. :)
0 -
thanks, it is great to know all of this, ;)
0 -
Thanks for asking the question - I think I learned a few new things while researching the answer. ;)
0