Over two years ago I wrote about The Password Conundrum. Unfortunately, things are getting worse, not better. The 2014 Data Breach Report includes weak passwords and the reuse of the same password for multiple purposes as among the reasons both companies and individuals get hacked.
Unless you have the memory of police detective Carrie Wells on the CBS TV Show “Unforgettable” or use some form of procedural memory mechanism, you need to write all of your passwords somewhere. Since you constantly refer to it, this list has to be close to you, especially when you travel. An alternative is to use one of the many password management programs that are out there. I recently reviewed two of these programs that take significantly different paths. I like each of them, and you will be well served by the programs and just as important the companies behind them.
I only deeply reviewed these two packages, so other packages may be suitable for you as well. At a minimum, the questions I asked and the reasons for selecting these two may help you make your own decision.
1Password from Agilebits makes it easy to manage all of you passwords across a variety of platforms (Macintosh, Windows, Android, and iOS). It will generate very strong unique passwords for each of your accounts. It can also securely store other critical and private information such as bank account and passport numbers, and those “sticky notes” of private information you stash around the office or home, and then never find when you need them. The information is stored on and automatically synchronized across all of your devices so everything is always with you. All you need to remember is the one password to get you into 1Password. If you forget it, Agilebits support will not ask you for something hundreds of people know like your favorite high school teacher or where you were married; they ask for information about the specific credit card you used when you purchased 1Password.
Your passwords and other information are never stored at Agilebits nor accessible by Agilebits support personnel. Agilebits is a Canadian company so it is significantly more difficult for the US National Security Agency to compel them to give any information such as your 1Password password.
Agilebits takes security seriously and have implemented 1Password to the current highest standards of encryption and best practices about what data they keep about you and the way it is stored and accessible. The weakest link in the whole process is the syncing of your data among your devices, which requires that the data pass through the Cloud. That data is, of course, strongly encrypted and these risks are insignificant. To protect against password guessing tools that can typically try hundreds of thousands of passwords a second, 1Password uses PBKDF2 to significantly slow down the password authentication process. You will not notice the additional fraction of a second as you enter your password, but it slows down the guessing process so that a guessing program may only be able to guess dozens of passwords a second making the process take a very long time (measured in centuries) to have a slim chance of guessing your password.
1Password allows you to create multiple vaults that can be shared with other individuals with automatic syncing.
1Password has a free option for iOS and Android. For the pro option with additional features, the license fee is less than US$10. A Macintosh or PC license runs about US$35. Agilebits licensing policy is very liberal: one Mac license can be shared across multiple Mac computers used by up to four family members, one Windows license works similarly for multiple Windows computers. One iOS or Android license can be shared across all of your iOS or Android devices.
SecureSafe from DSwiss AG also makes it easy to manage all of your passwords across a variety of platforms with a browser, with apps for Android and iOS. Unlike 1Password, the information is not stored on your device – it is kept, literally, in a former military bunker in Switzerland. It uses several redundant data centers in Switzerland, each of which is compliant with the security standards of the Swiss banking commission. You can securely access your passwords from any device anywhere with an Internet connection. The interface either through a browser or the specific applications is easy to use. It also will generate very strong unique passwords for each of your accounts. It can securely store documents as well.
SecureSafe provides two mechanisms for two-factor authentication. Two-factor authentication means that you need two things to get into your SecureSafe account: something you know and something you have. The something you know is your SecureSafe account password. The something you have is either a fingerprint or your cell phone. You can register a phone number, and when you try to sign in, DSwiss will within a couple of seconds send you a text message with a four character code. Enter that code in the logon screen and you are in.
If you forget your password and contact SecureSafe support, they can’t help you. They do not have the ability to recover your password or your data. However, when you set up the account, you receive an email with a 36-character recovery code that enables you to recover your account.
Secure Safe works well for the individual, but is also designed to support teams. It enables secure document storage and collaboration, and the easy management of access as people join and leave a team or as their role changes.
SecureSafe also provides inheritance, the ability for you to designate someone to receive some or all of the passwords and files in your account in the event of your death or incapacity. You designate someone as the activator, perhaps your lawyer. At the appropriate time, the activator uses a activation code. After a time frame you specified, SecureSafe sends information to each of your beneficiaries that describes how to access your information. At the time of activation, you will receive notification so you have time to cancel the activation if necessary.
DSwiss offers a free subscription to SecureSafe that supports up to 50 passwords, 100MB of storage, and one beneficiary. To use two-factor authentication or extend these limits they have three monthly rates starting at US$1.70 per month, although long-term contracts offer up to a 25% discount. All subscription rates are independent of the number of devices you have.
The last word:
I have been using SecureSafe for the past two months. I choose it over 1Password for four reasons:
- Complete device independence.
- Availability of two-factor authentication.
- My data stored securely in Switzerland by a Swiss company.
- The inheritance feature.
Of those, only the last was really critical in making my decision. I have long been concerned with Death in the Cloud. Can your loved ones or anyone cleaning up after you find where everything is on-line? I store my “Just in Case” document in SecureSafe so that my beneficiaries will have everything they need to find and access all of our financial and business accounts.
You choice could certainly be different.
Keep your sense of humor.