1Password 6: Tom's Mac Software Pick

This App Makes Using Very Strong Passwords a Simple Process

1Password 6
Courtesy of AgileBits

1Password has long been one of the premier password managers for the Mac. Over time, AgileBits, the developer of 1Password, has expanded its password keeper to iOS, Windows, and Android devices. Now with 1Password 6, the app expands beyond devices and into teams of users, letting you share passwords with a group of users, just the thing for your new project team, or family members who need to access shared password-protected resources.

Pro

  • Strong password generator.
  • Multiple password vaults.
  • Shared password vaults.
  • iCloud syncing.
  • Watchtower monitors logins for security issues.
  • Security audit can check your current passwords for weakness.
  • Sync between multiple devices.

Con

  • Word-based password generator (Diceware) uses special characters only as word separators.
  • Some sync options only work with iOS and Android devices.

1Password has been my favorite password manager since its very early days. The convenience of having an app keep your passwords secure, and quickly provide them to you when needed, can’t be overstated

Installation of 1Password 6

1Password downloads as an application ready to run; simply move the app to your Applications folder, and you're ready to go. Launching 1Password for the first time brings up the welcome screen, where you can choose to create your first password vault, or sign into a shared team vault. More about team vaults a bit later.

For now, as a first-time user, it's a good idea to create your own password vault.

1Password works with a single master password that is used to unlock your password vault, allowing you to access all of your saved passwords. This single master password is the key to the password kingdom. It should be something you'll remember, as well as something difficult for someone else to figure out; no simple references, such as a childhood pet or your favorite football team.

If you need help, you can use 1Password's password generator to create a strong password for you. When I tried the password generator, it suggested “swagger brooklet javelin dona.” This password is an example of the built-in Diceware password generator that picks words from lists of words dependent on the throw of a six-sided die, or in this case, a random number generator restricted to the numbers 1 through 6.

Diceware passwords of seven or more words are considered extremely strong, and are easier to remember than random character-generated passwords. But be extremely careful in your master password choice; forgetting the password will keep all your saved passwords locked away, even from you. I decided on a four-word password, as it was easy enough for me to remember, but not likely to be guessed, or broken in any reasonable amount of time.

Once you've created your master password, 1Password prompts you to set a lockout time, that is, how long before 1Password locks the stored password from access. This time should be long enough that you're not inconvenienced by always having to reenter the master password, but short enough that if you step away from your Mac, 1Password will lock down your passwords so prying eyes can’t see them.

1Password Mini

The mini version of 1Password provides most of the features of 1Password, and is always available from the menu bar. 1Password mini is very convenient. I recommend giving it a try; you can always disable it later if you choose.

1Password Browser Extension

I’ll be honest; the 1Password browser extension was the reason I purchased 1Password many years ago. 1Password lets you have unique strong passwords for all of the web-based services you use.

With the browser extension, 1Password can work from within your browser, saving site passwords as well as supplying account login information whenever it's needed, all at the click of a button in the browser's toolbar.

No more having to open an app and look up an account login name and password; in fact, you don’t even have to remember the login data; 1Password takes care of that for you.

An added benefit of using the browser extension is that it can help prevent certain types of social engineering used to trick you into divulging information to fake web sites that look legitimate. Because 1Password ties login data to the original web site you were visiting when you created your login credentials, fake web sites won’t pass muster and 1Password won't divulge the information.

Syncing 1Password Data

1Password has always had some means of syncing password information between multiple 1Password clients. With the release of 1Password 6, syncing has become much simpler, with support for using iCloud to sync between Macs and iOS devices. You can also make use of Dropbox to sync information. But if you don't want to have your password data somewhere in the cloud, you can also sync locally on your own network.

Wi-Fi 1Password Server

Wi-Fi syncing is performed by having 1Password enable a special server that runs on your Mac and uses your Wi-Fi connection to sync data with iOS or Android devices on the local network. Unfortunately, Wi-Fi syncing only works between your Mac and a supported mobile device. You can’t use Wi-Fi syncing to allow all your Macs to sync together.

Watchtower

While you're busy keeping your login data safe within 1Password, Watchtower monitors the web sites you log into for security vulnerabilities. When Watchtower finds a site that is vulnerable, it alerts you to the issues with the site. These alerts don't mean your logins have been compromised, only that the site has security vulnerabilities that could be exploited by someone. At a minimum, you may want to change the passwords often for sites so noted, or find an alternative service.

Security Audits

1Password’s security audit will go through your stored account information and look for weak passwords, duplicates, and old passwords that have never been changed. It’s a good idea to run the security checks at regular intervals to keep your passwords secure.

1Password Teams

Teams, which is currently in beta, provides a web-based administration system to share vaults between team members and authorized devices. While it's in beta, Teams is free, but AgileBits will eventually offer Teams as a monthly subscription service.

I didn’t spend much time with the beta of Teams, primarily because I'm not currently managing a large-scale project that needs this type of service, but if you are, you can check out Teams for free during the beta period.

Final Thoughts

1Password has been the leader in Mac and iOS password management for some time. With the release of 1Password 6, AgileBits has provided new features and capabilities that make managing passwords even easier. While keeping the core features that attracted many devoted followers to this app, AgileBits managed to expand its capabilities in directions that serve to highlight the company's commitment to security, and still provide an easy-to-use password management system that actually looks out for you.

If you don’t use a password manager, you should, and the first one you should try, without question, is 1Password.

1Password 6 is $49.99; the limited-time introductory price is $24.99. A demo is available.

See other software choices from Tom's Mac Software Picks.