Password managers such as 1Password provide numerous benefits and features while reducing risks, simplifying a lot of processes, and improving our online experience. Moreover, they make us less vulnerable to cyberattacks while improving operational efficiency and collaboration. Key benefits include secure password storage, access, and sharing; ease of use on various browsers, devices, and operating systems; enforcing best practices such as using complex unique passwords that you don’t have to remember; multifactor authentication options; strong password generation and more.
- Secure passwords storage and access;
- Generating strong, unique secure passwords;
- Sharing passwords with team/family members;
- Sharing password between browsers and devices;
- Storing other types of sensitive information;
There are a few good password management solutions available on the market at the moment: https://1password.com/, https://lastpass.com/, https://www.dashlane.com/, https://bitwarden.com/, https://www.keepersecurity.com/, and a few others.
Obviously, you can use whichever is better suited to your needs (or you may be already using one), but make sure you do your due diligence and research thoroughly before making your choice.
In addition, you would also need to make sure you follow best practices and recommendations for setup and configuration and use all recommended security measures. This would include multi-factor authentication, password rotation, least privilege principle while sharing with others, etc.
Password manager vs OS/browser password storage
It’s important to note that password managers such as 1Password have a few advantages comparing to other solutions such as Chrome passwords storage or Keychain on Mac:
- Works on all devices/browsers/OS;
- Allows storing different types of sensitive information e.g. notes, documents, wireless routers, software licenses and more;
- Uses multi-factor authentication;
- Seamless and more secure autofill and strong password generation on all devices/browsers/OS;
- Has automatic security monitoring features;
- Has secure sharing options;
- Travel mode (removes all your sensitive data, passwords, and login credentials from your devices when you travel);
- No unintentional iCloud, browser, and device syncing;
- Access control and devices whitelisting;
- And, most importantly, much more secure access to the passwords storage;
1Password setup and How-Tos
You can find good introductory resources here
Detailed tutorials and various How-to’s can be found here
The steps will the following:
- Set up your account:
- If creating a brand new personal account – sign up for the account. You can choose your option here https://1password.com/teams/pricing/ ;
- If joining a company/team account – accept the invite you receive via email and follow the steps there; Don’t store your personal information in your company account!
- Get the apps (see options below);
- Enable 2-factor authentication on your account – follow the steps described here (see steps below);
- Add your passwords to 1Password, organize them in vaults, set up shared access (put shared credentials in shared vaults), save new passwords to 1Password, start using it;
- Recommended: replace your old/simple/reused passwords to the new strong/complex auto-generated ones, which you won’t have to remember, using generation feature;
Apps, devices, and browsers:
There are many ways you can use 1Password e.g. various applications and extensions for different devices, applications, and browsers. The most common ways are:
- Online access via https://1password.com/ website. Sign in to your account and view/add/edit your passwords there
- Desktop applications for Windows and Mac – listed here https://support.1password.com/get-the-apps/
- Mobile applications for IOS and Andriod – listed here https://support.1password.com/get-the-apps/
- Browser extensions – see here https://support.1password.com/1password-extension/
1Password benefits and features: password management, grouping, sharing
- Password and other information, documents and credentials are grouped and stored in collections called vaults;
- Vaults can be private and shared;
- Put passwords you want to share with others into shared vaults ;
- You can move and copy passwords between vaults (not that copies are not synchronized);
- User accounts are organized in groups, which allow setting permissions on the group level;
- 1Password provides a Guest feature to share passwords with people outside of the organization;
- And most importantly, make sure you have a trusted person who can reset your access if you lose access to your account, otherwise, you may not be able to recover. See recommendations here https://support.1password.com/forgot-master-password/;
Additional layer of security: two-factor authentication (2FA)
2FA is one of the key benefits/features provided by 1Password and other solutions you most definitely want to utilize. We strongly recommend enabling 2-factor authentication on your account as it will add an additional layer of protection. When turned on, a special one-time access code will be required to sign in to your account on a new device or on a device/browser you explicitly require a 2-factor sign-in on. This security measure will be used in addition to your Master Password and Secret Key and will prevent your account from being hacked event if someone gets your 1Password account credentials.
To set up 2-factor authentication you’d need to install an authenticator app on your phone, enable 2FA on your 1Password account and add your 1Password account to the ass using a QR code. Please follow the steps described here https://support.1password.com/two-factor-authentication/.
Reminder – password best practices
- Long passwords are stronger – try to make your passwords at least 12-16 characters long
- Make them unique / don’t reuse your credentials – double-check your passwords and make sure you create a new and unique password for each account
- Avoid using your PII in your passwords – make sure your passwords don’t contain your phone number, address, name, social security number, etc.
- Use multi-factor authentication
- Remember to rotate your passwords once every few months
- Don’t let your browser or device/OS remember your passwords – this is convenient, but it’s not the safest practice
- Never reveal your passwords to others.
- Don’t email/slack/text your passwords to others when you need to share them
- Don’t write your passwords on sticky notes on in unencrypted files
You can find more articles on security here