Yes, I made a strong master password, but four hours later I can't remember it.

danielbeisenberg

Even with the hint I created. Maybe I should have put it on a post-it note.

Fortunately I had only input one sample site.

I'm not requesting any action. I have uninstalled the program and will not be using a password manager at all. I still have to check my bank and credit card statements. I can't imagine anything else of mine a hacker would be interested in.

I have posted a negative review in the Apple App store, saying, besides the above, thay yours is the most un-intuitive program I've ever seen for iOS. Also the number, variety, and seriousness of user problems posted in this forum is chilling.

Stephen_C

I have uninstalled the program and will not be using a password manager at all.

That, of course, is absolutely fine...so long as you use separate, complex passwords for each site you use. Otherwise once one of your sites is hacked (as will almost inevitably happen) all the others using the same password will be vulnerable. There are also those of us who value 1Password as a secure place to store personal information when we travel (for example, passport and travel insurance details). I appreciate you may not feel the same.

I have posted a negative review in the Apple App store

I'm sure, out of fairness, you also mentioned your very limited experience with the program. :)

Also the number, variety, and seriousness of user problems posted in this forum is chilling.

This is a very active support forum. What kind of posts did you expect to find on it?

By the way, I should make clear I'm not employed by AgileBits but am merely a volunteer who has been prompted to respond by some statements I feel are illogical or unreasonable: purely my own views, of course.

Stephen

Ben

Hi @danielbeisenberg,

I'm sorry to hear you forgot your Master Password. It sounds like you've already made up your mind, but if you change it, or for anyone else reading, we have a guide that may be helpful in choosing a password here:

Toward Better Master Passwords

Even if your decision is to not use 1Password, I'd highly encourage you to reconsider your use of a password manager in general. Stephen has made some excellent points. There are many articles on why a password manager is important in today's online environment.

I have posted a negative review in the Apple App store, saying, besides the above, thay yours is the most un-intuitive program I've ever seen for iOS.

If you have any specifics you'd like to share we'd be happy to hear them.

Did you have a chance to glance at our User Guide?

Also the number, variety, and seriousness of user problems posted in this forum is chilling.

1Password has a huge user base. The fact that many folks visit Apple's numerous Genius Bars daily is not an indication that their products are sub-par, in my estimation.

In my experience the issues that I might have with a product are not as important as how the manufacturer (or seller, depending on the situation) deal with the issue. Obviously ideally I'd rather not have any issues with a product, but what I want to know when shopping is that if I do how well will the situation be handled?

prime

Wait, you change your password, you forgot it, so you gave it a negative?

:|

These are the negatives thay people have to spend time going though. It's like on eBay, seeing the negatives how the post office took forever to deliver the package. How is that the sellers fault?
How is you forgetting a password their fault?

Now you don't have any info that a hacker would never want? How about emails, people contacts in the emails, social media, pictures, ruining your reputation because of hacking, and others. I had friends email get hacked and I get spammed. Now having a reputation ruined, that can affect a lot including getting a job. I've seen a persons Facebook get hacked and was almost fired from their job because of it.

Using the same password is the worst thing you can do. There are countless of articles out there showing why this is a bad idea, then even more about using and week passwords.

This can be a great thread and people on here can list the effects of being hacked.

danielbeisenberg

This is a reply to bwoodruff:

I already posted a comment on one thing non-intuitive about your program - the lack of immediate, obvious, access to help. (It's at https://discussions.agilebits.com/discussion/38924/help-should-be-on-the-first-screen.)

New user signs on, first time using the program. Doesn't know what the first thing to do is. Hasn't read the user guide. But there's no link to Help. You have to go to Settings to find a link for Help. That is just plain nuts and poor user interface.

There is quite a bit more but I'm not going to reinstall the program just to write you what I feel is wrong with it, not for free. (See the posting "New message center is going to drive me crazy" of 4/30/15 for other very frustrated users.) In my opinion, you need to hire a consultant on user interface. There are people who do this for a living. This Agilebits message center isn't very user-friendly, either. (Why do I have to go to the upper-left corner, click on the Menu icon, which at least I know what it is, then select "See recent messages" to see the latest messages?)

Yes I did indeed look at your user guide. I read "Toward Better Master Passwords". I followed your instructions, or at least I think I did. The problem is my memory. That's why people write passwords on post-it notes.

I'm going to continue doing exactly what every article says not to do: I use the same password everywhere. For at least five years. I only change a password if a site requires me to -- most don't -- so I do have some alternates, they're up to about 8. So if I forget the password, I can go through all 8 - I have trouble remembering the last two - and I'll always find the one. I put them in a sealed envelope and gave them to my sister if I die or am incapacitated.

I've been waiting for disaster to strike, but it never has. What is some hacker going to be interested in, other than my money? Impersonating me on Wikipedia? Sending out phony emails from my account? Look at my record at the one of my doctors (an orthopedist) who has online records patients can log in to? My main bank has two-factor authentication. Passwords will not stop me from having to promptly check bank and credit card statements, which I always get on paper.

I read the two articles you linked to above about why to have strong passwords. One was on the security of password manangers, not on why one should have one. The other one doesn't give any reasons, just says you could get hacked. Really neither says much about why you need a password manager in the first place. What could happen if I do get hacked? Where are the horror stories? If I had a business and someone embarassed my customers, that would be a real problem, or if I were a doctor protecting patient records, But I'm retired. I don't use Twitter or Facebook. I don't have a job to lose.

What really worries me, that no one talks about, because there's no way to make a salable product protecting you from the problem, is computer repairpeople. After a bad experience, I will not let anyone work on any of my devices unless I am in the room watching what he or she does.

Obviously, from the IStore comments, you have a lot of happy users. Great. And you have a hell of a challenge supporting cross-platform on such a complicated issue. But I'm an unhappy user. Why isn't there an article on how to create a password you won't forget? Mine was a familiar phrase plus three special characters, and I cannot come up with the precise configuration I used.

danielbeisenberg

This is a reply to Prime:

"Wait, you change your password, you forgot it, so you gave it a negative?"

You bet I do, and I think that's fair, though that's far from my only issue with the program. (It wasn't a changed password, it was the original password.)

Where is the help file on how to avoid forgetting your password, and how you're screwed if you do? Should you give it to a relative? Post it on the refrigerator? I'm the only user with a fallible memory?

"There are countless of articles out there showing why this is a bad idea, then even more about using and week passwords." (Proofread!) I went looking for them, and didn't find them. I put "why you shouldn't use the same password everywhere" into both Google and Bing, and also "hacker compromised password" and "consequences of bad password security".

I found lots of articles on password files (of businesses) compromised, but I didn't find the stories on the negative consequences to individuals. Tell me where these articles are, if they exist, and I'll read them. I found one article, only one, about how a journalist had his Ipad and Iphone remotely wiped: http://www.forbes.com/sites/adriankingsleyhughes/2012/08/04/the-dangerous-side-of-apples-icloud/ And there's another article about how Wikileaks broke a password to get an encrypted document, “NATO in Afghanistan: Master Narrative” (https://www.guernicamag.com/daily/wikileaks_pentagon_pulls_strat/).

I did find an article on how 185,000 decrypted passwords were posted to Pirate Bay. And what are the pirates doing with them? Tweeting about açai berries! (http://www.slate.com/articles/technology/technology/2010/12/was_your_gawker_password_hacked.html).

I did stumble across an interesting article on why routinely changing your passwords is unnecessary: http://www.howtogeek.com/187645/htg-explains-should-you-regularly-change-your-passwords/

And I did find how to set up two-stage authentication on Google, which I did.

While I'm on it, the things about hundreds of thousands and millions of passwords stolen, which get so much publicity, are needlessly creating fear. No one can use a hundred thousand passwords for any purpose.

prime

So you set up 2 step verification on gmail, good for you. You're missing the whole point and you're not going to listen anyways. Sorry for the wrong week/weak... It was autocorrect on my iPad and I got a phone call as I finishing and just hit post. When I came back, I saw it and wasn't able to change it. I apologize answering my phone was more important.

I find it funny you made the mistake and blame someone else. This is so sad that so many people now a days can't take responsibility for their own actions and have to blame someone else.

So all the leaked passwords are used to create fear... OK. I personally had my eBay account hacked into then my email account at the time. It does happen, but what do I know. I been on other forums that the site was hacked and people who used the same password for that site that they use for others had issues. But this is all to spread fear.

Articles probably don't show up because it happens so much on an individual. I had it happen, so I should make the nightly news about it? I seen it happen to friends too, and I have help them recover their accounts. When my eBay account was hacked, I should call CNN right away!

ag_kevin

Hi @danielbeisenberg ,

First of all, I want to say that we are sorry you are having trouble with your first experience using 1Password. It is certainly not our intention to make anything confusing or to alienate any user. You have provided good feedback, and we will use that to do better. One thing that is always difficult is to strike a balance with presenting help to the user, and "getting out of the way" for those that are experienced. But we certainly have room for improvement and I have already raised an issue with our development team to improve it, especially for first-time users.

Regarding forgetting your master password, one of the ways we keep your information secure is by doing everything we can to ensure there is no way for anyone to get into your vault without knowing the master password. We can only offer tips to choose your master password; but beyond that, unfortunately there's nothing we can do. If you will have trouble remembering your password, you could write down the master password and keep it in a safe, safety deposit box, or other secure location. Personally, there are three passwords I recommend writing down. Your AppleID username and password, your 1Password Master Password, and the username and password of a sync service, if you sync your 1Password data with other device (e.g. Dropbox).

Whether or not you wish to try our product again, or a competitor's product, we recommend using different passwords for different sites. Even keeping them in a notebook and storing it in a safe place is better than using the same password everywhere. To answer your question on why anyone would want your passwords; well, people don't want your accounts specifically, but they want lots of accounts. The obvious reason is credit card info, but other reasons are to gain control of your email accounts to send spam or other illicit email, access to your computer (to get your computer to send email, spread viruses, etc. for them, making them traceable back to you, and not them). Some hackers will also use your email or social networking account to pose as you, sending messages to your friends, claiming to be stuck somewhere and need a wire transfer. The reasons are too numerous to list here, but they will use whatever means they can for financial gain, and we'd rather it not be from you or your friends and family. Having separate passwords limits their reach if they get a hold of one of them, and also alleviates the work you would need to do in order to re-secure your accounts.

I do hope this has addressed your concerns, and if you feel you want to provide more feedback, we certainly welcome it.

Thank you for trying 1Password.

ref: OPI-2581

peterskennedymd

@danielbeisenberg Your comments are good, but don't help the basic issue for those of us who blew our Master Password. I don't think I ever recorded one; I was simply looking for a password stor-er as a backup to Dashlane, which has its limitations. Do we re-register, uninstall, other??? Or do we uninstall?
Peter Kennedy, M.S. M.D. [email deleted]

Stephen_C

@peterskennedymd I have deleted your email address. This is a public forum and publication of it here may prove an irresistible temptation to spammers.

Do we re-register, uninstall, other???

This knowledge base article will help you with tips that may assist in recalling your master password:

My Master Password is not being accepted. What should I do?

If you really can't recall the master password you need to look at this knowledge base article:

How do I start over with an empty vault?

Both of those should give you all the help you need but please post back if anything is still unclear or if you have more problems.

Edit: first link corrected to the right one for 1P for iOS.

Stephen

Ben

Thanks for the assist, Stephen!