Time to Re-visit Security in Password Managers – 1Password
Yes, this is fair and unpaid
Just so you know, our decisions are based on our experience and there was no money from relevant services or monetised links.
For a number of years we have been using a password manager called ‘LastPass’. This has been great – as it has allowed us to securely share passwords among the staff here. Even when they had a data breach, it did not affect us as we used 2 Factor Authentication and, in common with similar services, they only store encrypted data on their servers. Without the security keys we hold, the data is entirely safe. Data is only encrypted on our computers.
New Challenges
Time has moved on.
- There were a number of pain points – organisation of the passwords was increasingly difficult, as was seeing who had access to which client’s passwords.
- Just organising the credentials was difficult – resulting in duplications.
- Duplications are not too bad until you update the password and you are not sure which of the duplicates has the new password.
- Often it would not fill in the passwords onto the websites.
- very time the computer did an update the app would be missing off the web browser, etc.
So we did a review of various alternatives.
Other Pains
In our search, we were reminded of other pains.
One of the new pains is that many services require 2 factor authentication (2FA) – you know those 6 digit numbers that change every 30 seconds and we could not share those in LastPass. (It looked like it may have been possible to set up, but also looked like a real pain.) When we shared a credential in LastPass, the person logging in still had to ring up the person with the phone set up as the 2FA device.
What about if you need to share a password with someone outside your organisation for a limited time? Not formerly possible!
As you may have guessed, we finally went for 1Password. It is a bit more expensive than LastPass… but…
- 1Password allows you to store those 2FA numbers as part of the vault – so you can properly share credentials. It does this securely and almost magically.
- It allows you to securely share passwords outside your organisation, for a limited period of time.
- Import of the LastPass vault was a doddle – so all of the old passwords were brought over simply.
- It was at this point we realised how disorganised they were… secure, but disorganised. In 1Password it was so easy to re-organise them. It took minutes!
With the business package all your team mates get family vaults – so that they can store there passwords in a separate, secure vault rather than in the business account. (Actually each team member gets 5 vaults for free to share with family members. If they leave the company, they can take those vaults and start paying a subscription.)
Our passwords are secure, easily managed and all our problems are solved.
It makes logging in a pleasure! Even setting up new accounts is MUCH easier and the App seems far more robust.
Works on Windows and Macs.
So, I would recommend it. What is your experience?
Here is 1Passwords comments on how it secures passwords. Even if the company goes bust you will still be able to access your passwords!