Trashed Phone - a live audit of the 1Password universe
A short story...
My iPhone 5s screen was damaged yesterday to the point that Apple had to replace it. It worked enough to be fully backed up on my home office computer this morning so data loss wasn't a big issue. However I wasn't going to be able to restore the new phone for 4 hours between picking up the new phone and getting home and I had 2 big meetings and other lesser work to do in the meantime. This is where 1Password comes in.
I use Dropbox sync for 1PW and the plan was, if such a thing came to pass, that I had long but vaguely memorable passwords for Dropbox and 1Password. Every other password is loooooooong and really complicated. I, theoretically, would use those two known passwords to get my mail and Evernote and all the other work passwords and be basically functional with little effort or downtime. I had tried this out on a brand new MacMini at work and was able to get everything working without looking anything up or using a cheat sheet.
So that worked in theory but I will say that this afternoon, hanging out in the Apple store with a new phone (not using their WIFI of course) I found it pretty hard to get going. Once I got into Dropbox via iOS Safari and was able to open 1Password in HTML, the browser version of 1PW was quite wonky.
The middle pane where you select the individual logins almost floated freely and once I selected a login for one of my mail account the text was really small and by simply touching the password field it immediately revealed it and it wasn't clear if it had selected or even copied it.
Trying to zoom into the relevant areas was a no go as that area would zoom off the screen and only the middle pane could be repositioned.
At this point I had switched directions and all I wanted to do was get my apple ID so I could download the 1PW app and then get my mail and work logins but it was pretty difficult to do even that. I eventually gave up and sent some quick texts to tell people I was going to be offline for a couple of hours at least.
Because of this experience I may rethink my security strategy and make the apple ID the slightly memorable and typeable password for if this ever happens again. The Apple ID would have also got me all my contact and calendar info as well as the apps I could have used to get through the afternoon.
I wonder if any one else has thoughts about the best way to go about this and the practical usability of the iOS Safari version of 1Password.
Other than this hiccup I have been pretty pleased with the way 1PW has changed my security set up. It's been easy to integrate and get everything working. Today has made me want to take a good look at what would have happened if I had been more than 4 hours away from restoring my phone though.
Thanks for reading this far.
SlickSlack
Comments
-
Addendum:
I discovered when I got home that the new phone was still on iOS 7.x. Not sure if that's relevant.0 -
I'm sorry for your rather unpleasant experience. I know others will add their own ideas so I'm commenting only on the thing that immediately stands out for me.
I may rethink my security strategy and make the apple ID the slightly memorable and typeable password for if this ever happens again.
If you do that I strongly recommend using a memorable Diceware password not simply a weak password. Combine that with two step verification of your Apple ID for extra security.
Stephen
0 -
Hi @SlickSlack, sorry to hear about the damaged phone. I've had similar experiences. Its a right hassle.
Because of this experience I may rethink my security strategy and make the apple ID the slightly memorable and typeable password for if this ever happens again.
Unfortunately, as much as we would all like it, 1Password doesn't mean you only have to remember one password but it does mean you only need to remember a few. My Mac login, AppleID and Dropbox passwords are all suitably secure and memorable diceware passwords for precisely the type of recovery you describe.
I echo @Stephen_C's advice about two step verification and further suggest you have multiple devices or phone numbers for receiving the two step codes.
0 -
Hi @SlickSlack
As I'm more a Wi-Fi Sync user myself, while I'm aware of 1PasswordAnywhere and have suggested it a number of times I've never tried accessing it on an iPhone.
I don't think it's unfair to say that showing 1Password some love wouldn't be a bad thing at all. I am glad to hear that despite that one annoyance you were able to get yourself up and running without too much hassle (given your use the word hiccup at least) and it's reassuring to know that even the worst case scenario might mean just a little faffing about. As you say though, the experience has brought forward an improved system that might work better for you and raised a good point for us so thank you for your thoughts and I'm glad you've found 1Password as useful as I know we all find it :smile:
0
