Most of us have one or more devices to access the Internet. This might be a computer, tablet, smartphone, streaming device or smart TV. Additionally there are usually multiple Internet-enabled apps on each of these devices with some residing on more than one device.
In addition to apps we also use a variety of web browsers to access a multitude of websites. How can all those username and password combinations be remembered? What happens if a password is changed on one device but then needs changing on all the others?
As a follow-up to our article, Remembering your passwords, in this three-part article we are going to try out a leading Password Manager and see how it stands up to these challenges that are faced.
Scenarios & Objectives
I personally use a variety of devices on a day-to-day basis. These devices include a mixture of operating systems, apps and web browsers. For the purposes of this article we will using the following device setups which we will refer to as ‘scenarios’:
- Apple iPad – tablet running iOS 14.4.1 with Safari web browser and Facebook & Instagram apps.
- Apple Macbook – laptop running macOS 11.2.3 (Big Sur) with Firefox & Safari web browsers.
- Desktop PC – computer running Ubuntu 20.10 (Groovy Gorilla) with Firefox & Chromium web browser.
- LG Nexus 5x – smartphone running Android 8.1.0 (Oreo) with Chrome web browser and Facebook & Instagram apps.
- Windows laptop – computer running Windows 10 with Edge & Chrome web browsers.
The above scenarios will enable us to see how a Password Manager addresses the following objectives:
- Support for multiple operating systems.
- Synchronizing passwords across multiple web browsers – both the same and different ones.
- Handles login credentials for the same apps on different devices and operating systems.
- Manages password changes.
- Generates complex passwords that comply with the app or website rules e.g. use of special characters, min/max length, use of mixed case letters and numbers.
The Password Manager solution that we will be testing out is 1Password. The main reasons for this choice are:
- Supports our operating systems including Linux.
- Works with any web browser.
- Is one of the market leaders.
On the website, under the Personal & Family tab, 1Password offer a 14 day free trial. I opted for the Personal option which costs $2.99 per month (if billed annually):
A Personal account includes:
- 1 personal account with unlimited devices.
- Advanced security with AES-256 bit encryption, 128+ bits of entropy, and more.
- Alerts for compromised websites and vulnerable passwords.
- 24/7 customer support.
- Available on Mac, iOS, Windows, Android, Chrome OS, and Linux.
After creating an account and verifying my email I then had to enter a Master Password consisting of at least 10 characters. Signup was being carried out on my Linux desktop using Firefox so I was prompted to use a secure generated password by the web browser which would also be saved.
Note: The Master Password provides access to all subsequently stored usernames and passwords so if your computer was hacked or left unlocked then accessed by opening Firefox, it would allow them to retrieve your login credentials! It is therefore strongly advised that you do not use the generated password and do not allow it to be saved by either your web browser or the likes of iCloud Keychain.
Following account creation my credit card details needed entering. An Emergency Kit PDF file was then generated to be downloaded and kept safe i.e. printed out and stored offline. This is for use in the event of account recovery but needs your Master Password to be carried out.
Get the apps & browser extension
Step One after signing up is to “Install 1Password everywhere you need your passwords”. This involves downloading the 1Password apps for the following:
- Mac – Requires macOS High Sierra 10.13 or later.
- For my Apple Macbook.
- Windows– Requires Windows 7 or later.
- For my Windows laptop.
- iOS – Requires iOS 12 or later.
- For my Apple iPad.
- Android – Requires Android 5.0 or later.
- For my LG Nexus 5x.
- X – Requires Firefox 60 or later.
- This is a Firefox browser extension.
Question: Is the Firefox extension the 1Password solution for Linux?
Sign-in to 1Password
X – Linux
First the Firefox browser extension was installed then I signed in and was prompted to watch the Get to know 1Password in your browser video on YouTube.
Clicking on the 1Password extension icon allowed me to edit my profile such as full name, address and much more which can be used to prefill online forms.
A very important feature was being able to activate 2FA (Two-Factor Authentication). This provides an additional layer of security when signing into your account on a new device. It operates by using an Authenticator app such as Google Authenticator or Microsoft Authenticator on your mobile device.
After clicking the ‘Set Up App’ button I was prompted with a QR Code to scan from within my Authenticator app. Next I had to enter the 6-digit code from the app into 1Password and Confirm.
There was also the option of using a Security Key device for 2FA. This is similar to a USB thumb drive and acts as a physical offline security device.
Problem: I noticed that there was no available browser extension for Chromium (the Linux version of Chrome) so this proved to be a problem for Objective #2.
Android & iOS
For setting up 1Password on my mobile devices I downloaded the relevant apps via the App Store (Apple) and Google Play (Android). Next I opened the apps, selected the ‘1Password.com’ option under the ‘Already using 1Password?’ section and scanned the QR Code from my online profile at https://my.1password.com/profile. I was then prompted to enter my Master Password and 2FA code.
The Nexus 5x prompted for some additional steps in which the Fingerprint Unlock and Autofill options were selected:
The iPad prompted for some additional steps including being prompted to turn on ‘Unlock using Touch ID’ within the app:
Problem: What was unclear when selecting ‘1Password’ for the AutoFill was whether or not to turn off ‘iCloud Keychain’?
To commence this install I logged into 1password.com using my Secret Key and Master Password then the 2FA 6-digit code from Google Authenticator. Once in my profile I clicked the ‘Get the apps’ link then downloaded the ‘1Password for Mac’ .pkg file which was opened by the default Installer.
Next I went through the installation wizard steps and scanned the QR Code on my iPad with the Macbook camera. I was then prompted for my Master Password and 2FA 6-digit code.
At the end of the setup wizard the final steps were completed:
Question: What is unclear when installing 1Password on a Mac is whether or not web browser extensions are still needed?
As with the Mac, I logged into 1password.com using my Secret Key and Master Password then the 2FA 6-digit code from Google Authenticator. In my profile I clicked the ‘Get the apps’ link then downloaded the ‘1Password for Windows’ .exe file which ran the installation wizard. The ‘Add your 1Password account’ form was then completed along with the 2FA 6-digit code.
Question: What is unclear when installing 1Password on Windows is whether or not web browser extensions are still needed?
In Part 2 of this article we will look at:
- Importing login credentials into 1Password from our existing web browsers and operating systems.
- Testing the usability of 1Password whilst using apps and surfing the web.
- Investigating the highlighted problems and questions raised in this article.
Do you have any experience with using 1Password? Did you encounter the same problems we did? Please comment below to share your thoughts and experiences.