Which passwords should NOT be impossible to remember?
Hi all, just getting started with 1password.
Some passwords I obviously need to remember without relying on 1password, for example: for my computer, and for 1password.
Most passwords can be random jumbles stored in 1password.
But it seems at least SOME passwords should NOT be random jumbles -- and I'm curious to hear "best practices" for this -- if there's a FAQ, please let me know. For example...
1) The email I use for recovery -- it seems I need to know that password "outside" 1password -- is that correct?
2) AppleID -- it seems this one could be a hassle if it's just a random jumble -- is that correct?
3) Dropbox -- it seems I need to know that too, if I need to recover my sync'd 1Password.agilekeychain -- however, if I can use email to recover/reset my Dropbox password, then perhaps it's fine to leave this one as a jumble.
Anyhow I'm wondering in general: which passwords should NOT be big random jumbles? Do I have the 3 above correct? Have I left anything out?
Thanks kindly!
Comments
-
You have chosen the same three I have to be sure I can remember.
0 -
Hi @turnstyle,
Those are the passwords I've memorized as well. I can't think of any others that should be memorized, although that really depends on your specific situation, and if you have any passwords you would need to know without being able to check 1Password.
If you have more questions, we're here for you!
0 -
Out of curiosity -- if you do know your email recovery password -- and assuming you use that email for Dropbox -- then what is the utility for also knowing the Dropbox password?
0 -
Hi @turnstyle,
This is a great discussion! And it turns out, our security guru has weighed in on the subject too. Have a read-through our blog post here:
More than one password: lessons from an epic hack.
To answer your question about Dropbox directly, I like to keep this password memorized because then I have quick and easy access to my 1Password database through 1PasswordAnywhere, which is really handy in case anything goes wrong. :)
0 -
Thanks I actually think it was that "epic hack" post that led me to realize I couldn't let 1password be responsible for everything.
Regarding your comment about 1passwordanywhere (ps: I think that link isn't right?) -- assuming you still had access to your recovery email, you could still use it to change your Dropbox password, and then have access through 1passwordanywhere -- right?
Meaning, all you really seem to need in addition to 1password itself is the recovery email -- no?
I do see that you have to "do something" to gain access to Dropbox -- but it's just an email password reset.
I hope I don't sound like I'm quibbling -- I just want to be sure I have this right!
0 -
Sorry to bump, just want to be sure I have this right.
If I know my email recovery password without the use of 1password, do I actually still need to know the Dropbox password also without the use of 1password?
For example, is there something about 1passwordanywhere that means I have to know the Dropbox password, and that using the recovery email isn't sufficient to regain access to Dropbox?
Or is it just that there would be an extra step to using 1passwordanywhere -- that I would first have to do an email password reset for Dropbox, and then I can use 1passwordanywhere?
thx...
0 -
To a large degree, in my opinion, this is a matter of personal preference, and the only right answer is the one you're most comfortable with. If you're confident that you can conduct your business adequately in the face of lost access to 1Password, without memorizing the password for Dropbox, then the right answer for you is that you don't need to memorize that one. This would be true for any other password as well.
If you want to be able to use 1PasswordAnywhere without access to your 1Password database, you must know how to log in to Dropbox. If you're happy with making a request to reset the Dropbox password to regain access every time you need to get in, then that's good enough for you. I don't use 1PasswordAnywhere these days, but when I did, I wanted routine access from computers I normally didn't use, not just access after catastrophes. Those computers didn't have my 1Password data installed. That meant I needed to know my Dropbox password. I didn't want to have to reset my Dropbox password on a routine basis.
That's my opinion. Yours may differ. But in the end, you have to do what makes you most comfortable about your own security.
0 -
Ah, I see -- for some people 1PasswordAnywhere may be part of a regular workflow -- and you need to use your Dropbox password to access 1PasswordAnywhere.
So, if 1PasswordAnywhere is part of your regular workflow, then you would want to know your Dropbox password.
But if you don't expect to use 1PasswordAnywhere -- perhaps you would only use it in some sort of failure situation (I don't quite know what 1PasswordAnywhere is used for, I gather for access to passwords though just a web connection) -- so in that sort of situation, it isn't so important to know the Dropbox password, because in that case I could reset via email, and then use 1PasswordAnywhere.
Is that about right? And thanks...
0 -
1PasswordAnywhere is, indeed, a way to access your data on a read-only basis via any web browser.
Again, in my opinion, if your approach is right for you, then it's right. I don't find any logical missteps in it. It isn't right for me, though. But I only speak for myself.
0 -
Thank you -- this last info really cleared it up for me -- and I now understand how 1PasswordAnywhere fits in well enough to make an informed decision.
Thanks again to all...
0 -
@turnstyle, I'm glad this information has been helpful for you! We're here for you if you need anything else. :)
0
