Ever since I was a victim of digital identity theft in college, I've kept a keen eye on data security.  I use long passwords that mix case, numbers, and punctuation.  I impose ridiculous must-change-passwords-every-6-months rules on myself.  And I never, ever write my passwords down for others to see.  But still, I feel like things could be more secure.

[caption id="attachment_5502" align="alignright" width="300"]1Password conveniently keeps multiple devices in-sync. 1Password conveniently keeps multiple devices in-sync.[/caption]

As the number of online services I use continues to grow, the number of passwords I need to remember is quickly becoming unmanageable.  A few months ago, I actually found myself breaking a personal rule and reusing a password.  To help me keep from making this a habit, and out of a sincere concern for my security, a friend recommended I switch over to using 1Password instead.

For those who don't know, 1Password is a fantastic little application that will:

  • Create arbitrarily strong, random passwords for you with one click
  • Store login information for as many sites as you use in an encrypted keychain
  • Sync data to the cloud via Dropbox so you can share logins between devices

I purchased the full version after about a week of use and nearly all of my logins are now incredibly more secure than they were a few months ago.

Unfortunately, they're now so secure that I can't even access things at times.  This has convinced me that, while 1Password is a huge step forward in password management, it's also a huge step back.

On the Road

When I went on my trip to Haiti, I left my expensive smartphone at home and opted instead for a $20 disposable pay-as-you-go global handset.  It was great for quick calls and SMS notes to loved ones.  Towards the end of the trip, I discovered that the phone had a Facebook app built-in to the system.  I wanted to "friend" everyone from my team on the trip so we wouldn't lose touch when I got home.

Unfortunately, my Facebook password is in 1Password, and I had no access to it without my Droid or laptop.

I figured I could just reset my Facebook password, change it to something simpler, and re-secure things when I got back home.  I hit the reset link and went to go check my email.

Only my email password was also in 1Password, so I had no access to Gmail from the road either.  No way to check my password reset messages or regain access to my other too-secure accounts.  I resorted to taking my friends' phone numbers and putting them in my disposable phone, promising to follow up when I got home and back to real technology.

When I did get home, the first thing I did was free my primary Gmail account from 1Password.  Imagine if my laptop and phone both became inoperable - I would have had no was to regain access to my accounts!

Too-Helpful Security

[caption id="attachment_5501" align="alignright" width="300"]iTunes requires you to re-enter your AppleID and password frequently. iTunes requires you to re-enter your AppleID and password frequently.[/caption]

I might not be an Apple fanboy, but I still love my iPod for when I go running.  I subscribe to a handful of podcasts, and I usually download digital editions to iTunes when I buy DVDs.  iTunes itself is super concerned about security - so much that it makes me re-enter my password for just about every transaction.

This wasn't an issue until I switched from a 10-character pneumonic to 30-characters of gibberish.  Coping and pasting from the 1Password desktop app to iTunes is annoying, but not too difficult.  Doing things from within my iPod, though, is painful.

My process for purchasing music via my iPod is now:

  1. Find song I want to purchase
  2. Click to purchase
  3. Unlock my Android phone
  4. Unlock 1Password
  5. Find my Apple ID
  6. Enter the insanely long and difficult password one character at a time into my iPod

One Password to Rule them All

The idea behind 1Password is pretty great.  Pare down the number of passwords you need to remember to 1, keep it secure, and use it to unlock a chain of arbitrarily strong passwords that you can use on every other service.  This makes my online identity much more secure and is a huge improvement over the old system of rote memorization I used to keeping things protected.

However, 1Password is (in many of my use cases, anyway) too secure.  My data is so well-protected that just about no one - including myself at times - can get in.  When data is so secure that the owner can't access it, there is no value to the security.  This too-rigid level of protection is actually a huge step backwards from my older system because I'm now trying to implement workarounds to keep my accounts unlocked so I can avoid tangling with 1Password's somewhat inconvenient entry systems.