Categories
Articles

Living with a Password Manager (part 1)

Swapping between multiple devices to access the Internet can make remembering login credentials for a variety of apps and websites challenging. Can a Password Manager effectively help with easing this problem?

Most of us have one or more devices to access the Internet. This might be a computer, tablet, smartphone, streaming device or smart TV. Additionally there are usually multiple Internet-enabled apps on each of these devices with some residing on more than one device.

In addition to apps we also use a variety of web browsers to access a multitude of websites. How can all those username and password combinations be remembered? What happens if a password is changed on one device but then needs changing on all the others?

As a follow-up to our article, Remembering your passwords, in this three-part article we are going to try out a leading Password Manager and see how it stands up to these challenges that are faced.

Scenarios & Objectives

I personally use a variety of devices on a day-to-day basis. These devices include a mixture of operating systems, apps and web browsers. For the purposes of this article we will using the following device setups which we will refer to as ‘scenarios’:

  • Apple iPad – tablet running iOS 14.4.1 with Safari web browser and Facebook & Instagram apps.
  • Apple Macbook – laptop running macOS 11.2.3 (Big Sur) with Firefox & Safari web browsers.
  • Desktop PC – computer running Ubuntu 20.10 (Groovy Gorilla) with Firefox & Chromium web browser.
  • LG Nexus 5x – smartphone running Android 8.1.0 (Oreo) with Chrome web browser and Facebook & Instagram apps.
  • Windows laptop – computer running Windows 10 with Edge & Chrome web browsers.

The above scenarios will enable us to see how a Password Manager addresses the following objectives:

  1. Support for multiple operating systems.
  2. Synchronizing passwords across multiple web browsers – both the same and different ones.
  3. Handles login credentials for the same apps on different devices and operating systems.
  4. Manages password changes.
  5. Generates complex passwords that comply with the app or website rules e.g. use of special characters, min/max length, use of mixed case letters and numbers.

Signup

The Password Manager solution that we will be testing out is 1Password. The main reasons for this choice are:

  • Supports our operating systems including Linux.
  • Works with any web browser.
  • Is one of the market leaders.

On the website, under the Personal & Family tab, 1Password offer a 14 day free trial. I opted for the Personal option which costs $2.99 per month (if billed annually):

1Password sign-up options and free trial offer.

A Personal account includes:

  • 1 personal account with unlimited devices.
  • Advanced security with AES-256 bit encryption, 128+ bits of entropy, and more.
  • Alerts for compromised websites and vulnerable passwords.
  • 24/7 customer support.
  • Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.

After creating an account and verifying my email I then had to enter a Master Password consisting of at least 10 characters. Signup was being carried out on my Linux desktop using Firefox so I was prompted to use a secure generated password by the web browser which would also be saved.

Note: The Master Password provides access to all subsequently stored usernames and passwords so if your computer was hacked or left unlocked then accessed by opening Firefox, it would allow them to retrieve your login credentials! It is therefore strongly advised that you do not use the generated password and do not allow it to be saved by either your web browser or the likes of iCloud Keychain.

Following account creation my credit card details needed entering. An Emergency Kit PDF file was then generated to be downloaded and kept safe i.e. printed out and stored offline. This is for use in the event of account recovery but needs your Master Password to be carried out.

Installation

Get the apps & browser extension

Step One after signing up is to “Install 1Password everywhere you need your passwords”. This involves downloading the 1Password apps for the following:

  • Mac – Requires macOS High Sierra 10.13 or later.
    • For my Apple Macbook.
  • Windows– Requires Windows 7 or later.
    • For my Windows laptop.
  • iOS – Requires iOS 12 or later.
    • For my Apple iPad.
  • Android – Requires Android 5.0 or later.
    • For my LG Nexus 5x.
  • X – Requires Firefox 60 or later.
    • This is a Firefox browser extension.
Get the 1Password app(s).

Question: Is the Firefox extension the 1Password solution for Linux?

Sign-in to 1Password

X – Linux

First the Firefox browser extension was installed then I signed in and was prompted to watch the Get to know 1Password in your browser video on YouTube.

Clicking on the 1Password extension icon allowed me to edit my profile such as full name, address and much more which can be used to prefill online forms.

A very important feature was being able to activate 2FA (Two-Factor Authentication). This provides an additional layer of security when signing into your account on a new device. It operates by using an Authenticator app such as Google Authenticator or Microsoft Authenticator on your mobile device.

Enabling Two-Factor Authentication (2FA) for 1Password.

After clicking the ‘Set Up App’ button I was prompted with a QR Code to scan from within my Authenticator app. Next I had to enter the 6-digit code from the app into 1Password and Confirm.

There was also the option of using a Security Key device for 2FA. This is similar to a USB thumb drive and acts as a physical offline security device.

Problem: I noticed that there was no available browser extension for Chromium (the Linux version of Chrome) so this proved to be a problem for Objective #2.

Android & iOS

For setting up 1Password on my mobile devices I downloaded the relevant apps via the App Store (Apple) and Google Play (Android). Next I opened the apps, selected the ‘1Password.com’ option under the ‘Already using 1Password?’ section and scanned the QR Code from my online profile at https://my.1password.com/profile. I was then prompted to enter my Master Password and 2FA code.

1Password app on Google Play.
1Password app on the App Store.

The Nexus 5x prompted for some additional steps in which the Fingerprint Unlock and Autofill options were selected:

Additional steps for 1Password on Android.

The iPad prompted for some additional steps including being prompted to turn on ‘Unlock using Touch ID’ within the app:

Additional steps for 1Password on iOS.

Problem: What was unclear when selecting ‘1Password’ for the AutoFill was whether or not to turn off ‘iCloud Keychain’?

Mac

To commence this install I logged into 1password.com using my Secret Key and Master Password then the 2FA 6-digit code from Google Authenticator. Once in my profile I clicked the ‘Get the apps’ link then downloaded the ‘1Password for Mac’ .pkg file which was opened by the default Installer.

1Password web login on Mac using Firefox

Next I went through the installation wizard steps and scanned the QR Code on my iPad with the Macbook camera. I was then prompted for my Master Password and 2FA 6-digit code.

1Password app setup wizard on Mac.

At the end of the setup wizard the final steps were completed:

1Password app final setup steps on Mac.

Question: What is unclear when installing 1Password on a Mac is whether or not web browser extensions are still needed?

Windows

As with the Mac, I logged into 1password.com using my Secret Key and Master Password then the 2FA 6-digit code from Google Authenticator. In my profile I clicked the ‘Get the apps’ link then downloaded the ‘1Password for Windows’ .exe file which ran the installation wizard. The ‘Add your 1Password account’ form was then completed along with the 2FA 6-digit code.

1Password app on Windows.

Question: What is unclear when installing 1Password on Windows is whether or not web browser extensions are still needed?

In Part 2 of this article we will look at:

  • Importing login credentials into 1Password from our existing web browsers and operating systems.
  • Testing the usability of 1Password whilst using apps and surfing the web.
  • Investigating the highlighted problems and questions raised in this article.

Do you have any experience with using 1Password? Did you encounter the same problems we did? Please comment below to share your thoughts and experiences.

Leave a Reply