P@s$w0rdz: Password Managers

Intro | Pricing | Recommendations | Getting Started |
Security | Accessing Sites | Organization


PM
"Pros & Cons of Password Managers"
by wisdomplexus is licensed under CC BY-SA 2.0

Introduction

  • "One Ring to rule them all." ~Lord of the Rings
  • "Passwords are one of the primary pain points in our modern digital existence."
    ~Why You Need a Password Manager
  • From the course intro:
  • "Reduce stress and declutter your brain by remembering just 1 primary password;
    a "password manager" app can store, encrypt and fill-in all of your online logins;
    in particular, I will demonstrate 1Password (mostly on the Mac & iPad)."
  • "The menus and commands for 1Password on different platforms
    (Android, ChromeOS, iOS, Linux, Mac, Windows) and browsers
    should be almost identical in user interface and functionality."
  • "For other password managers, the concepts and features should be very similar,
    but students will have to locate the analogous menus and commands themselves."
  • Disclaimers: ever-changing versions & features,
    user interface & platform differences, pricing, ...
    -- and of course reviewers' biases, and users' preferences & working styles.
    Features vary over time between browser extensions and full apps.
  • Current versions (9/18/2023): macOS 11.7.10; iOS 15.7.9 (iPhone) -- 1Password 8.10.16;
    iOS 12.5.4 (iPad) -- 1Password 7.10.2
  • Screenshots (~2021): macOS 11.5.1; iOS 14.7.1 (iPhone), 12.5.4 (iPad) -- 1Password 7.8.6
  • Screenshots and command sequences here differ from later versions.
  • Behavior may change after PM and OS updates and for different web sites!
  • Which features? How to choose: # of positive reviews? security?
    company reputation? platforms? price? Steve's opinion?
  • Five reasons why you need a password manager
    1. Browser Integration; 2. Password Generation; 3. Phishing Protection;
    4. Cross Platform Access; 5. Surveillance Safeguard;
    plus debunking these beliefs: "I'm not a target.";
    "I already have a perfectly good system for managing passwords.";
    "If someone steals my password file, they have all my passwords.";
    "I don't trust someone else to store my passwords on their server."

Pricing

  • Pricing depends on number of users, number of devices, features, ...
  • Free. Most PMs offer free trials;
    some offer free versions, but with limited features or support
  • Purchase. Software license for each user and/or device? major upgrade more $?
    currently, most PM vendors promote subscriptions; 1Password no longer offers individual licenses.
  • Subscription. Plans usually include software licenses, updates, upgrades,
    support and cloud storage. # users? #devices?
  • Some PMs offer Business plans -- not covered here.
  • A Family plan enables users to share some password entries in a shared vault -- or directly with other users;
    remaining entries for each user are stored in a separate private vault, each with its own primary password.
    May support primary password recovery for and emergency access to other accounts.
  • If all family passwords can be shared in a single vault with the same primary password,
    and login entries for same site are differentiated with labels or tags for each user,
    sharing an individual plan may suffice (and save $1-2/mo.)

Top Recommendations

  • Most often mentioned and rated highest: 1Password (1PW), Bitwarden, Dashlane
  • Available for all major OS platforms: Android, iOS, Mac, Win, ChromeOS, Linux;
    some even support Apple watchOS, e.g., as token to unlock vault, display MFA codes, etc.
  • Supported for all major browsers: Chrome, Edge, Firefox, Opera, Safari; others?
  • Pricing below for subscriptions (monthly rate if billed annually); free trials available.
  • 1Password [developer: AgileBits]
  • Individual: 1 user, all devices; $3/mo.
  • Families: 5 users, all devices; $5/mo.
  • 25% first-year discount [last checked: 5/6/2023];
    Tidbits members get 6 months free
  • Tutorials ; Videos; Refs; Take Control of 1Password (ebook)
  • BitWarden [open source]
  • Personal: 2 users share 1 vault, unlimited devices; free
  • Premium: Personal plus other authentication/security features; $0.83/mo.
  • Family: Premium, for up to 6 users; $3.33/mo.
  • Help; Refs
  • Dashlane [developer: DashLane]
  • Individual: 1 user, 1 device, 50 passwords; free
  • Advanced: 1 user, 2 devices, unlimited passwords; $2.75/mo.
  • Premium: 1 user, all devices; $5/mo.; incl.: VPN, cloud storage
  • Family 10 users, all devices; $7.50/mo.
  • Support; Refs
  • In addition to the Top 3 (1Password, Bitwarden, Dashlane), there are many other password managers,
    some free, some with additional features/services, others more limited, less polished, security problems, e.g.:
    Dropbox Passwords; Enpass; iCloud Keychain (only Apple devices, discussed earlier);
    KeePassX ; Keeper; LastPass; NordPass; Password Boss; RoboForm; Sticky Password
  • These are discussed and reviewed in the ebook: Take Control of Your Passwords;
    see also: Refs: Product Reviews / Comparisons
  • LastPass? Some who've taken my course may wonder why I no longer recommend LastPass.
  • LastPass has had several serious data breaches, including actual password vaults.
  • Although LastPass vaults are encrypted, it's possible that they might be cracked someday
    -- providing hackers access to all of your accounts.
  • Given their track record, I lack confidence in LastPass's ability to prevent/minimize future breaches.
  • If you'd prefer to use LastPass, I recommend that:
  • you change your main ('master') password on any vaults
  • you change the passwords on any important accounts, e.g., email, financial,
    and use multi-factor authentication when available and secret answers to security questions.
  • you continue to monitor news about future security breaches
  • you consider migrating to a different password manager

mac appGetting Started: Some Initial Steps

  • Select a password manager to try out
    -- at a minimum, make sure it's available for all your devices and preferred browsers;
    price: usually 30-day free trial; discounts often available: special, or for annual plan
  • 1Password (1PW): Support; Refs
  • Take Control of 1Password (ebook)
  • Tutorials: general, Android, ChromeOS / Linux, iOS, Mac*, Windows
  • *install from 1Password's own "Password Store": Get the 1Password apps
    or Apple's Mac "App Store" [on right]?
    same version, but 1Password Store version may offer prompter upgrades,
    more flexibility for subscription upgrades/downgrades? it's possible to change versions later:
    How to install the 1Password app from 1Password.com after installing it from the Mac App Store
  • Videos: general; ChromeOS / Linux; Mac
  • 1PW videos from enthusiastic users: Getting Started 5:18;
    Beginners Guide To 1Password 27:20;
    Why 1Password is the best proprietary password manager 27:19
  • Refs: Other Product Reviews / Comparisons
  • appDownload and install PM app from App Store for your first device's OS ,
    or the vendor's site: e.g., 1Password, BitWarden, Dashlane
    [info above for 1Password; on right: after installation, macOS Launchpad: 1Password app icon]
  • Which device to start with?
  • A desktop or laptop is easiest for adding/updating accounts initially,
    especially with its display and physical keyboard.
  • A tablet would be next choice;
    less integration in iOS/iPadOS 14 (or earlier) due to system constraints
    -- means more switching between PM and browser.
  • A smartphone will work but it will take longer to enter passwords,
    due to its smaller onscreen keyboard and display -- especially if < iOS 15.
  • Finally, whichever device you start with, you can install PM
    on another device later and sync passwords between them.
  • saf enableIf you're not using Safari or have a 2nd browser,
    install browser extension for Chrome, Edge, Firefox
  • Either Get started with 1Password in your browser or
    1Password (app) > Install Browser Extensions
    displays page to download official extension from the browser's "extension store"
  • 1Password 8 implements the Safari extension via a separate app:
    "1Password for Safari" in Apple's App Store
  • A browser extension is more convenient than the full app for most common functions.
  • ff enableThe extension and app share access to the same vaults,
    so you can create or update a login entry from either.
  • Make sure the extension is enabled in your browser, e.g.,
  • Safari > Preferences > Extensions [top right]
  • 1Password: Safari in iOS & iPadOS 15
  • ext iconFirefox > Tools > Add-ons and Themes > Extensions [above right]
  • Chrome > More (3 dots) > More tools > Extensions
  • If 1Password browser extension successfully installed,
    ext icona small icon appears in browser tool bar area,
    e.g., Safari [above right], Firefox [on right]
  • Some possible installation-related issues:
  • Updating 1Password itself -- while it's still open, i.e., "Quit 1Password Completely"
  • Incomplete install
  • Browser extension can't connect to the app
  • You may need to reboot.
  • To avoid multiple apps intefering with each other when saving your logins:
  • Disable any other password manager, you were using,
    i.e., in browser settings where you just enabled 1Password (above)
  • If any browser was saving passwords ('autofill'),
    export existing login entries from browser, remove entries,
    and disable autofill, see earlier Browser: Autofill section;
    also: 1Password: Turn off the built-in password manager in your browser
  • setupIndividual or Family plan -- do you need to keep passwords separate?
  • Simplest to start with Individual plan (1 user); you can upgrade to Family later if desired.
  • Setup an account -- usually cloud subscription
  • Create and save primary password -- at least an initial one;
    you can replace it with a stronger one later.
  • Save "private key" (extra security) if provided
    -- store in PM, and create emergency kit [on right], e.g., for SD box.
    emer1PW Emergency Kit is also useful for setting up 1PW on other devices.
  • 1PW video: Sign-up for 1Password
  • 1PW videos: To migrate existing 1Password entries from an app
    to a subscription (1password.com) account: iOS; Mac; Windows
  • Optional: if you had been using another password manager,
    or used your browser to save and autofill logins -- and you had exported them,
    you can save setup time by importing these entries into your new PM.
  • 1Password: import from other PMs or spreadsheet
  • 1pw import1Password > File > Import: (format) [on right]
    remember later to delete or encrypt any files with passwords remaining outside the PM!
  • You can also import .csv (comma separated values) on 1password.com web site (where you setup account)
  • Specify whether file contains Logins, Credit Cards or Secure Notes;
    e.g., for logins, indicate which columns contained title, username, password, URL, notes (if any)
  • Pick some less important sites to start with / practice on.
  • When you login to a site for the first time,
    if 1Password does not yet have your username and password,
    you need to enter these from memory or from a scrap of paper or...
  • 1Password should display a prompt offering to Create New or Update Existing login entry.
  • createIf no prompt appears, e.g., some sites not recognized or in older iOS,
    manually create entry: 1PW (app) > File > New Login:
    Title; username, password, website (home or login URL)
  • If login or password update failed, click "Not Now" and try again
  • Click "Update Existing" to list existing logins for that site;
    if you changed the password successfully, select an existing login entry from the list to update;
    if none listed or it's a new account, add a title and click Create New.
  • With subsequent logins to that account, 1Password should autofill.
  • Other ways to see which login entries (accounts) have already been added:
  • the popup menu lists accounts when you click on a password or username field in a login form for a site
  • browser extension lists entries for the current domain, or enter a name, e.g., "OLLI" in the search box
  • sitemapAs you change a password on a site,
    PM should offer to update existing vault entry;
    section:P@s$w0rdz: Updating: How (includes manual updates)
  • 1PW video: Change your passwords and make them stronger
  • Explore features; re-read more sections here;
    app iosvendor sites: FAQs, tutorials, videos, support articles/forums
  • Add / update more sites...; section: P@s$w0rdz: Updating: Strategy
  • Stronger primary password?
    [below right: Mac: 1Password > Preferences > Accounts > Change Master Password] ???
  • Install PM on another device? [on right: 1Password in iOS App Store]
  • Configure PM on new device
    [below right: Mac: 1Password > Preferences > Accounts > Set up other devices];
    1PW Emergency Kit (form) [earlier image] is useful both as backup and for setting up other devices.
  • Give yourself a pat on the back, sleep better at night,
    and enjoy your PM whenever you login to or manage a site.
  • acctHow to Get Your Family to Actually Use a Password Manager
    start small with secure sharing of popular accounts, such as streaming services or news subscriptions;
    set up a shared document with crucial info for your executor/heirs;
    extra protection (MFA) for your email, financial info, health info;
    subscription family password manager vs. individual plan vs. more technical hands-on solutions;
    leverage finances, budgeting, and other life skills; incentives? be persistent; Wired; 10/5/2021

private sharedSecurity

  • One of the major reasons you'd want a password manager.
  • Your very strong, memorable password -- known only by you (not even by PM vendor)
    encrypts (AES-256) all passwords (and other info) in a secure vault on your device and/or cloud.
  • Local vault still accessible, even without internet connection.
  • Sync/backup vaults securely between devices,
    usually via 1Password cloud account -- safe, since vault still encrypted;
    older versions of 1Password may still support sync via other cloud services,
    e.g., Dropbox, iCloud, ... or manually (no cloud): WLAN (Wi-Fi)
  • 1PW tutorial: Sharing vaults with your family
  • Move/copy items between different vaults: 1PW video; 1PW tutorial
  • Backup of vault probably not necessary if using cloud sync;
    however, backup at least the primary password & device passwords
    that you're remembering, e.g., safety deposit box, trusted friend in their PM.
  • 1pw exportIt is possible to export entries from 1Password if you decide to use a different password manager.
  • 1Password > (pick vault) > File > Export >
    Selected/All Items: (format)
    [right]
  • Some may want to Print entries on paper or save as a .pdf, perhaps as another form of backup?
  • Take special care with sensitive info that's now outside the secure PM
    -- in spreadsheet, paper or .pdf form -- by deleting after temporary use, encrypting it or storing somewhere else secure.
  • What if you do forget your primary password?
  • Several password managers (Bitwarden, Dashlane, Keeper, RoboForm) have an emergency access feature;
    beforehand, you designate one or more emergency contacts; later, they can gain access to your account;
    1Password is working on this feature.
  • 1Password Families currently supports sharing of your key passwords with other trusted persons.
    You can also print out and store an emergency kit.
  • Travel Mode: Remove (hide) sensitive data from your devices when you cross borders;
    restore access with a click when you arrive.
  • lockHow often do you want to enter your primary password?
  • Convenience vs. security tradeoff: when leaving device or travelling,
    lock vault manually, or automatically via timer preference or device sleep.
  • macOS: 1PW (app): Preferences > Security: Lock on sleep;
    Lock after computer is idle for __ minutes; etc.
    (on right)
  • To lock 1Password manually:
  • macOS: 1Password (app) > Lock
  • Win: 1Password (1PW7) | Account Name > Lock
  • touchPINTo unlock 1Password (besides entering primary password):
    Apple Watch, Touch ID, Windows Hello
  • For iOS, depending on your device model,
    you can enable PIN, TouchID, or FaceID
    for convenience.
  • You can force primary password prompt
    with incorrect PIN/scan, or Lock Now
    -- especially important to do for 4-digit (weak!!) PIN
    before walking away from device.
  • iOS (iPhone7): 1PW: Settings > Security:
    Lock Now; Lock on Exit;
    Auto-Lock __ Minutes; TouchID
    (on far right)
  • iOS (Pad Air): 1PW: Settings > Security:
    Lock Now; Loc on Exit;
    Auto-Lock __ Minutes; PIN Code
    (above right)
  • video: Use Touch ID to unlock 1Password on your iPhone or iPad
  • 1pw watchtowerGenerate & Store very strong, random passwords of different types:
    numbers (PIN), phrases, complex character sequences -- section Generating Passwords
  • Generate & Store unique usernames, e.g., anonymous, linked email addresses
    1PW video: Create Masked Email -- section User Names
  • Generate & Store Time-Based/Temporary One Time Password (TOTP) codes
    -- a more secure alternative to SMS texting; see MFA section
  • Check for vulnerable, weak, compromised passwords; see Updating Passwords
  • Even more secure: 1Password accounts (and Dashlane) support Multi-Factor Authentication.
  • If you already have a separate private key, it might not be necessary. It's more complex to set up and use;
    the extra code needed might not be accessible from that device's own PM (since you need to login first -- with a code!).
  • You could use another authenticator app, e.g., Authy, another device,
    or a special USB key, e.g., YubiKey to generate the TOTP code.

select siteopen 1pwAccessing Sites

  • Saved login credentials may be accessible via several different interfaces.
  • 1. Within a page's login form, click on username or password field.
    PM offers list of credentials matching that site;
    you may need to open PM first with your primary password.
    on right: form popups in Mac Safari.
  • 2. Browser extension (via icon in browser toolbar)
    or system extension (via icon in system's menu bar).
    safari extThis 'mini-app' provides most of the features you need.
    -- on right: Mac mini-app via Safari toolbar.
    Before iOS/iPadOS 15, extensions behaved differently from desktop.
  • video: Use the 1Password extension to save and fill passwords
    on your Mac or Windows PC
  • 3. Regular app, with possibly different user interface and additional features,
    e.g., creating secure non-login items; autofill in selected apps (not just browsers); sorting;
    persistent local storage; Watchtower access; syncing locked/unlocked state between browsers
  • olli loginNavigate to correct site; automatically fill-in userid and password for most sites
    -- via browser extension or app;
  • Some situations may require a manual copy/paste step, e.g.:
  • entering password into an app (not browser), e.g., Dropbox, Skype, Zoom
  • a page containing multiple forms can conflate username & fields
    for both new accounts and existing users, and confuse PM;
  • a form on a page may require other fields,
    e.g., zipcode or secret answer to a security question
  • financial institutions may have multi-page logins, with user name on first page, then password, security questions and/or MFA code on subsequent pages
    -- with maybe a CAPTCHA puzzle thrown in.
  • some sites may unfortunately prevent paste/autofill
    -- requiring keyboard or menu
  • often you can resolve confusion by manually editing the PM's site item
    to replace an obsolete login or initial account registration page
  • You do need to click Login or Submit manually to complete a site's login process.
    1Password no longer has an option to "auto-submit" after auto-filling credentials
    to avoid security problems, e.g., hackers harvesting credentials from fake login pages.
    If your PM has an auto-submit feature, disable it.
  • olli changeIf site mismatches domain for account,
    e.g., URL typos or possible phishing links, 1PW provides an alert and does not autofill.
  • Log into PM once, then access many sites easily,
    e.g., downloading monthly statements
  • Login to a site or update password on a site -- PM creates a new, or updates an existing, vault entry
  • 1PW video: Change your passwords and make them stronger
  • Same login entry works for subdomains, e.g., example.com, xxx.example.com
  • Login entry can store multiple URLs using same unique credentials,
    e.g., appleid.apple.com, icloud.com
  • Multiple accounts for same site would be separate entries,
    stored in shared vault or different family member's vault,
    differentiated by name label, e.g., OLLI Joe, OLLI Jill
  • You could also associate a local "file URL" with a login entry,
    i.e., where on your computer you store monthly downloaded .pdf statements
    from that bank, utility, credit card company, etc.
  • Setup local file URL in 1Password on Mac
  • Finder: (select folder) > File > Get Info > (select ‘Where’ field contents) > Copy
    or ctrl-click folder in Path Bar (Finder window bottom) > Copy folder as Pathname
  • 1Password > (login entry); Edit
  • locate last (template) "website" field, say, website 2: https://example.com/
  • replace "website 2" (title) with "Local Archive"
  • replace https://example.com/ (value) with folder path, i.e., Paste;
    value would look like: /Users/account/Documents/Finance/Bank1/Statements
  • add file:// at the beginning; value would then look like:
    file:///Users/account/Documents/Finance/Bank1/Statements
  • Save login entry
  • Use local file URL
  • Login to site and download statement file
  • 1Password: (login entry) > Local Archive (field) > Open and Fill no Fill occurs
  • New Finder window opens, directly showing the destination path and folder
  • Drag downloaded file to that folder.

kbdiOS/iPadOS

1pw categoriesOrganize Logins, Other Info

  • Organize / access sites via menu, search, category / tag or favorites
  • 1PW video: Organize with favorites and tags on your Mac
  • To reduce confusion / improve security,
    remove regular browser bookmarks/favorites for any sites requiring login
  • Store other confidential info, e.g.,
  • video: Use 1Password to save and fill credit cards and addresses on your Mac
  • videos: How 1Password can replace your wallet; Create passport entry
  • 'normal' & 'virtual' credit cards
  • 1PW flags cards nearing expiration
  • 1pw tagsTag accounts that use that credit card, e.g., "VI-BofA" for autopay and recurring subscriptions
    to make it easier to find and update those accounts with new credit card details.
  • virtual: create/login privacy.com account, linked to a debit card or bank account
  • create virtual card for specific account, e.g., merchant; one-off & recurring payments;
  • optional: link virtual card directly to 1Password (1PW);
    '1Password X' browser extension required for Chrome, Firefox, and Edge;
    if 1PW integration not yet available (mobile or desktop apps; Safari browser),
    manually copy/paste virtual card from privacy.com into 1PW (or other PM)
  • How to Pay Using Virtual Credit Cards in 1Password LH; 9/24/2020
  • Identities, i.e., contact info (name, address); drivers licenses, passports
  • In Login entry's Note or additional fields: secret answers; site password rules; backup/recovery codes, etc.
  • In secure Note entry: device password, product model/serial numbers; hard drive encryption key, etc.
  • If you forgot your device password, you could access the note from 1Password on a different device,
    or from your emergency info (backed up securely elsewhere) where you recorded the primary password for password manager, etc.
  • Include important files -- each 1Password user has 1Gb of cloud storage on 1password.com
  • If your document (or set of documents) would use too much storage,
    encrypt the document (using Office, 7-Zip, etc.),
    store it locally on your device and/or in another cloud account,
    and save a local or cloud link in a secure Note along w/ the document password.
  • Software installation keys
  • Codes for garage, alarm; etc.
  • Use a password manager as a "digital will": 1Password