Questions about establishing secure passwords

switters
switters
Community Member
edited June 2016 in Lounge

I've been using 1P for several years but not as rigorously as I should have been. I still have a lot of passwords that are combinations of letters and numbers that have personal meaning to me, and thus would be easier for password cracking programs to guess. These are mostly for things like Gmail, iCloud, iTunes store, and other services that require me to enter passwords regularly. Prior to the availability of TouchID, I resisted having to go over to 1P on my mobile devices and enter a long master password every time I needed to enter one of these passwords.

I'm just curious what AgileBits recommends for these kinds of passwords. I imagine I know the answer: use 1P go generate strong passwords for every password other than the master vault password, for maximum security. If that's the case, any tips on how to quickly access these passwords for regularly accessed services like Gmail, iCloud, iTunes store, etc.?

Second, is there a way to search a 1P vault for weak passwords? i.e. can I establish the criteria I want to define for strong passwords, and then search for all passwords that don't meet those criteria so I can change them?


1Password Version: 6.3
Extension Version: 4.5.6.90
OS Version: 10.11.5
Sync Type: Dropbox

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @switters,

    Thank you for contacting us with this very good question! It's never too late to improve the security of all your accounts. I'm going to move it to our Lounge category, I hope you don't mind :chuffed:

    If you have passwords that you still have to type sometimes (for a service that you use on public computers, for example) Diceware passwords are your best option. These passwords consist of a randomly generated sequence of words, for example I just pulled this one from our generator: calender.ear.den.underage.heckle. They are very secure too and so much easier to type when you need to!

    If that's the case, any tips on how to quickly access these passwords for regularly accessed services like Gmail, iCloud, iTunes store, etc.?

    You can add those items to your "Favourites" list. Accessing those logins would be even easier than before if you do this!

    Second, is there a way to search a 1P vault for weak passwords? i.e. can I establish the criteria I want to define for strong passwords, and then search for all passwords that don't meet those criteria so I can change them?

    Sadly we don't have a feature like that, so you'd need to check by hand through your passwords to see which ones need to be improved.

    Please let us know if you have any other questions that we can help you with :chuffed:

  • switters
    switters
    Community Member

    Thanks for your reply. Part of the issue is that 1P does not autofill passwords in certain OS X dialogs/windows, i.e. in iTunes, system dialogs, etc. that ask for the iCloud or iTunes password. Gmail is somewhat easier since most of those are web-based, so maybe I'll use your Diceware suggestion (I used it to create my master vault password).

    I think a great feature in the future would be to allow searching for passwords that don't meet certain criteria. Seems an important security step.

  • khad
    khad
    1Password Alumni

    @switters,

    I do use a wordlist password for my Apple ID. It's easier to just type it on iOS. But on my Mac, I never type it. You don't need to type passwords into other apps either. You can copy and paste from 1Password. :)

    1. Option-Command-\ to open 1Password mini
    2. Type to find
    3. Shift-Command-C to copy the password of the selected item
    4. Command-V to paste it into the password field

    Learn more.

    You can sort items by password strength. Click the column header atop the item list and select Password Strength.

  • switters
    switters
    Community Member

    @khad Thanks! That's exactly what I needed.

  • khad
    khad
    1Password Alumni

    Excellent! I'm glad that helps. Thanks for letting me know. :+1:

This discussion has been closed.