![]() UsabilityĮxcept security, a good password manager should be easy to use. Their bug bounty program also gave me confidence they care about security. 1Password for instance has a very detailed security whitepaper. ![]() ![]() So if you enable it as well, you have a solid protection in my opinion.Īlso something worth looking at is if the vendor is transparent about the implemented security measures. Sean Wright investigated these claims and indeed both the master password and secret key is not sent to 1Password and 1Password does not have access to a user's data without this secret key.ġPassword - like most password managers - offers 2FA. On a unknown device you must enter the secret key at login. Combined with the master password it encrypts your data and it also serves as a sort of second factor. This is what 1Password has to say about the secret key. One of the main reasons I've chosen 1Password is because they protect your account with both a master password and a 128 bit secret key, which are both not stored on 1Password's servers and thus can't be stolen when 1Password would be hacked. These are high value targets and they need better protection. Just enable it, and even in case of a data breach chances are quite small that criminals get access to your account.īut this is just not enough for protecting an account that gives access to all your online secrets and thus to your entire digital life. You could say it doesn't matter if the password manager offers two-factor authentication. Because if they suffer a data breach the data protected by that account are at risk. One of the important criteria for me is that this master password isn't stored on the servers of the vendor. You need to choose a strong master password to protect your password manager account. All password managers I know work in a similar way. It's needless to say but when you choose a password manager it's important that you feel confident about the security of the tool. Also note that I only compared some commercial password managers, there are many open source alternatives you can look at. To be 100% clear, I'm not incentivized by 1Password in any way. I use 1Password because it fits my requirements, but that doesn't mean it's necessarily the best choice for you. I hope it gives other people some insights as well. I decided to do a short write-up to explain how I selected a password manager. Regularly people ask me which password manager to use.
0 Comments
Leave a Reply. |