PDA

View Full Version : Moving to password manager - Howto ?



michelangelo
07-23-2016, 09:18 AM
Hello ! I do not have any password manager in my mac, so far. To reduce risk, I want to begin implementing a password manager on the MacBook Pro, iPad mini, iPhone and iMac. But I won't do it in one day. Too complex.

I want to use 1Password. 1Password is, I believe, recommended on this forum. My criteria for choice are: easy to use, good crypto and no password saved on any server outside my home.

STARTING POINT: What I do now is :

(1: primarily) Keep up to date in a secure place a set of master text files stating the specifics of the servers which know an incarnation of me and all relevant details, including contact email, security questions/answers, login and password.

(2: Secondarily) Let Safari manage Login and associated passwords for me, but this is not exhaustive (does not work for my bank, even for login) and can fail or forget.

FINAL POINT: Ultimately, I would like my text files to survive but to no longer contain the passwords, which would be high entropy passwords stored on 1Password.

What is the recommended process for moving from my STARTING POINT to my FINAL POINT ? TIA

cradom
07-23-2016, 01:03 PM
1. Install 1Password
2. Turn off Safari's password manager.
3. Decide where you want 1password to store the Master files. Personally I use Dropbox because several devices, but you can have it on your machine. This has the advantage of Time Machine backups.
4. Start using it. Every time you log into somewhere, it will ask to save the login. Let it. Eventually it will have all your logins.
5. This is IMPORTANT!! Remember your Master password. There is NO way to get it back. (I'm serious)

Things like security questions and such can be saved in 1Password.
If you have a Tumblr, you know about the stupid new login. 1password, no problem.
I use it on my iMac, HP (win 10), and 2 Androids. No problem.

michelangelo
07-23-2016, 05:16 PM
Thanks cradom.

Since I want changes made on the mac to appear on the iPad and changes on the iPad to appear on the mac do I need to install both on the mac and on the iPad ?

Then how would i ensure there is one and only one master file ?

TIA

cradom
07-23-2016, 05:32 PM
Yes. Then you would keep the master files in iCloud or Dropbox. There is a place when you set it up to determine where to keep the files.
That way both devices have access and can sync.

ferrarr
07-23-2016, 11:06 PM
I do believe your information is encrypted then stored on the 1password servers.

badshoehabit
07-24-2016, 07:05 AM
Make sure you store the master password. I set this up on my phone and can't remember it!

cradom
07-24-2016, 09:05 AM
I do believe your information is encrypted then stored on the 1password servers.

No, it's not. Then it could be hacked and what would be the point?
If you can show on the 1Password site where it says that, then fine. But that would be very sloppy security.

ferrarr
07-24-2016, 10:33 AM
No, it's not. Then it could be hacked and what would be the point?
If you can show on the 1Password site where it says that, then fine. But that would be very sloppy security.

I could not find it on the site, but I also could not find it on the site where it says they do not store it on their servers, which is why I made the statement. If you can show where it says they do not store it on their servers, then I will admit I was wrong.

michelangelo
07-24-2016, 11:53 AM
Sorry Ferrar. One of the key characteristics of 1Paswword is that, quite the opposite from Lastpass (which, according to rumours, has the best crypto), your herd of passwords is only saved on your own servers, not in 1Password's offline servers. Consequently, [unless you use a cloud to save your master file (iCloud or Dropbox)] you cannot set up or change a new account or password when you are away from home: 1password must be set up exclusively offline. I like this feature, others do not. You may want to look at this comparison. <http://tinyurl.com/zlbv9ut>

Thanks cradom, I will get moving.

cradom
07-25-2016, 05:42 AM
Actually, we're both right.
If you're only using the application for yourself, it doesn't get stored anywhere but where you put it.
However, if you're using that 1Families account stuff, it does get stored on a server so you can access it from the web.
I'd forgotten about 1Family because I have absolutely no use for it.

ferrarr
07-25-2016, 09:40 AM
You don't have to be sorry, I was wrong, and yes I have been using LastPass since 2012. Only the free version for my needs, but I have two individual accounts and am quite happy with it.

chscag
07-25-2016, 04:37 PM
That was a very informative comparative site that member "michelangelo" referred to. I have 1Password but over the last several versions it has become more complicated to use and they charge for each update. I'm seriously thinking about switching to "LastPass" which is not only free, but seems to be easier to use.

@Bob: Does the LastPass browser version work with both Chrome and Safari? And is the Mac app also free?

MacInWin
07-25-2016, 05:43 PM
chscag, I haven't been charged for 1Password updates. Maybe you meant upGRADES?

chscag
07-25-2016, 06:12 PM
chscag, I haven't been charged for 1Password updates. Maybe you meant upGRADES?

My bad, yes they were upgrades. Like version 3 to 4 to 5. Currently, 1Password 6 for the Mac single license is $64.99. They keep raising the prices on this app... while I understand that it does more than it used to, I'm not so sure I can continue to recommend it for the average user while other alternatives are available.

chscag
07-25-2016, 06:35 PM
Well, it looks like I will have to eat crow with my comments above about 1Password. Right after my reply posted, I received a free update notice from AgileBits for 1Password version 6 which I just downloaded and installed. It seems that the charge for upgrades applies to the version purchased in the Mac App Store while the version purchased direct from AgileBits is free. The last purchase I made was from AgileBits direct not the App Store.

Why they are providing free upgrades to those of us who purchased direct from them and not the App Store is beyond me?

ferrarr
07-25-2016, 07:24 PM
@Bob: Does the LastPass browser version work with both Chrome and Safari? And is the Mac app also free?

Yes, LastPass has an extension for Safari, Firefox, Chrome, and I believe Opera. I have it installed on my MBP with the extensions and add-ons for the big three browsers, I don't use Opera. The Mac App Store has a stand alone LastPass app, but I didn't have good results with it installed. I had two users on my MBP and if it was open for one user, when I would log in to the other user, it would open with the first users info. I stopped using the stand alone app about 8 - 10 months ago.

Plus, they have a $12.00/year subscription plan and you can then use it with their iPhone app.

https://lastpass.com/how-it-works/

bobtomay
07-26-2016, 07:25 AM
Well, it looks like I will have to eat crow with my comments above about 1Password. Right after my reply posted, I received a free update notice from AgileBits for 1Password version 6 which I just downloaded and installed. It seems that the charge for upgrades applies to the version purchased in the Mac App Store while the version purchased direct from AgileBits is free. The last purchase I made was from AgileBits direct not the App Store.

Why they are providing free upgrades to those of us who purchased direct from them and not the App Store is beyond me?

Agilebits had an article about this the first time they had a free upgrade that was not available via the App store.
In my words - It's a defect of the App store.
The App store does not provide an authentication method for 3rd party developers to give free or low cost upgrades to previous owners and at the same time charge full price for new purchasers.
Don't know if that's changed since.

Also, some apps are limited in their capabilities purchased from the App store vs the version sold directly by the developer. The limitation(s) are usually due to what Apple permits in the store.
I always check before buying anything on the App store to see if the developer has a version they sell directly and compare the benefits of each.
Don't believe I've yet to purchase an app through Apple when the developer also sells it directly.

McBie
07-26-2016, 01:39 PM
So far, all my updates to 1PassWord were free of charge and they all came through the AppStore.
Currently on 6.3.1

Cheers ... McBie

michelangelo
07-29-2016, 02:03 PM
I did it, mainly following cradom recommendations.

I purchased for my iPad's iBook "Take control of 1Password" by Joe Kissel (I like reading books).

I purchased 1Password solo from the mac App Store. Due do the "Family" settings on icloud, my wife could (but will not) use it.

I read on <blog.agilebits.com (https://blog.agilebits.com/2013/04/16/1password-hashcat-strong-master-passwords/#top)> the blog entry "Towards Better Master Passwords" and determined my master password.

I created a folder for the 1Password vault on my Dropbox folder.

I opened 1Password on the mac. Set the master password and location for the vault in Dropbox.

I downloaded 1Password from the App Store for the iPad, set it up,including connecting to the Dropbox vault, then did the same for the iPhone.

There, I differed from cradom's recommendations and opened Safari and Safari>Preferences>Passwords (two windows).

One after the other, I opened the websites having addresses on the left column of the "Passwords" window. Every time I could connect automatically through Safari and 1Password would agree to autofill the 1Password new connection element, I autofilled it. Otherwise, I created the new connection element the hard way.

Added those which Safari did not catch (like my bank).

I did not change any of my passwords yet (will do later).

It works. thanks to all.

cradom
07-29-2016, 07:18 PM
Glad you got it working.

chscag: Have you seen this? This is not the specific article I read yesterday, it's just one of several I GoogleFooed tonight as a reference.
https://www.hackread.com/lastpass-hacked-this-time-for-good/

I'm sure 1Password has it's faults too, but it's what I'm used to.

chscag
07-29-2016, 07:48 PM
Thanks Craig. But it looks like I'm sticking with 1Password since they gave me a free upgrade to version 6.

Rod Sprague
09-06-2016, 12:34 AM
Promotion?