The digital reset that I recently went through had me logging into many sites that I had not been to in quite some time. The number of Password Resets that I had to do was not only alarming, it was down right scary. In this era of cloud security breaches and the use of “password and 123456” as the most common passwords out there it is no wonder that IT Leaders everywhere cringe a little bit when they think about the end user and how to build a better mouse trap.
I was surprised to learn that my own bank has a limit of only 6 characters that is right no more, no less and no special characters allowed when logging into my banking system…that goes well outside my own naming convention that has 12 to 14 characters with Special Characters like $ and & interspersed in the key phrase that I typically use to log on to the services that keep my online life going.
So if as end users, we are the collective weak point in the security of the applications that make our lives operate, how can we make it easier to remember the ever increasing number of passwords, and the varying complexity of those passwords that are required?
I now use 1Password from Agilebits to help me reduce the need to remember the hundreds of sites and services that require me to login. At $49.99 the utility is a bit more than I like to spend for any software at any time, generally opting for an Free and Open Source alternative, but as I find myself across multiple platforms now and using my mobile devices (Tablet, Phone and Chromebook) as well as finalizing a transition back to Microsoft Windows as my Primary Computer in my home office…I figured my own security was worth the investment (at least for now).
Using the system is not exactly what I would call intuitive, but 1Password does go through a nice setup that starts with the creation of a Secure “Key Vault” that will then store all of the relevant passwords that you generate, input and compile.
The next step is the installation of the browser extension. While I have 4 other Browsers installed, I typically only use Google Chrome (except for when testing this site) so I only installed the extension in this browser for now.
When you login to a Site (and this will not open up if you have saved your login credentials so log out and log back in) it then lets you get on with your day…easy peezy, lemon squeezy.
For a personal use, this makes life so much easier but the real question that I have as I look at this setup, is it really an alternative to Two Factor Authentication (ie services like Authy or Google Authenticator)…well I don’t think so, at least not if you are looking to secure more than your Personal Logins.
In a Business Environment, Security and Process Management need to work hand in hand. If your organization is already using a Single Sign On option, or have implemented Two Factor Authentication than this is just one more layer of IT Complexity, but the kicker is…IT Professionals do not control the actions of their staff when they go home or go on the road with their mobile devices, personal laptops and home computers and the ability to work from home has long been a real benefit to employees looking to find a work / life balance so putting a requirement of a Password Management Utility that will work across multiple devices and multiple Operating Systems (Mac, Windows, Android and iOS options available), then providing access to this should not only be a recommendation…but potentially a life saver for IT Infrastructure Manager looking to make life easier.