Securing your passwords and more (1Password & Dropbox)

As the Internet has evolved we have been presented by more and more services each of which require us to have a login. Having to remember all those username and passwords is a pain, so many of us (me included) started to use the same login each time. This is a very bad idea as if one of the services is compromised then they are all compromised. As an example; if you were to have used the same login details for the Playstation network as your Amazon account then when the Playstation network was compromised last year they would have been able to login to your Amazon account (not good).

The recommended “best practice” is, therefore, to have unique usernames and passwords for every site that you visit. However trying to remember that many different username/password combinations would be almost impossible so you are going to have to record them in some manner to recall later. There are two options here; 1. A physical piece of paper with them written on or 2. A piece of software which holds these usernames and passwords in. Now if you lose either the piece of paper or the software you want to make sure no-one else can read it. To do that you need to encrypt it, which is slightly easier in software than on a piece of paper!

Let’s assume then, for the purposes of this article, that you are going to use software to record your passwords. You need those passwords on all of your devices so that no matter where you are you can access it but you also need to be sure that if you lose a device then your data remains secure. Enter 1Password and Dropbox.

1Password

1Password made by AgileBits is a piece of software that creates an encrypted password store on your local disk which you unlock each time with a single password. Thus you have 1 password to remember in order to access all your other passwords!

When you run the program you are presented with a login prompt to unlock the contents of your store (or vault as they call it).

It’s important to note that the password vault is only stored on your local device and is not held online or anywhere on AgileBits servers. Later we see how to synchronise that data between devices in such a way that makes it available offline as well as online.

Having logged into the 1Password software you can record the username, password, the location you are logging into and other important data into a single form. That form is then encrypted inside your vault and can only be read once you have logged into the App (as above).

A great feature here is the “generate password” function which allows you to generate a random password with letters, numbers and symbols. That password is then saved within your vault and you can copy/paste it directly into the website - much more secure than using your mother’s maiden name!

Having added credentials for sites into 1Password you end up with a Vault full of your logins, credit card details, secure banking details and anything else you need protected in a place which is easily accessible but heavily encrypted.

I really like this software and have been using it for a while to hold 100+ login details and find it invaluable. I don’t remember any passwords as they are all 10+ random digit passwords and so if some site says they have been hacked then I know it’s just the loss of a password which I never knew in the first place!

There are many other security features which I am glossing over here but you can look, and try, for yourself and see what you think. But now we need look at synchronising our 1Password vault onto multiple devices.

Dropbox

Many of you will be aware of Dropbox and what it is; in short it is an application which can synchronise data to any device onto which it is installed and you are logged in.

What you have to imagine here is that you have a small storage area on the Dropbox company servers and that your data is uploaded from your device to that server in near real time. By installing the Dropbox software onto each of our devices we can synchronise data, in this case our 1Password vault, between them and access that data on or offline as we choose.

Getting started

You have to create an account with Dropbox in for it to synchronise between your devices (each device needs to be logged in with the same account) so some quick words about that. We are not going to use Dropbox to synch any data in the clear. We are only going to be synchronising the encrypted data that forms the 1Password vault. It is, therefore, not necessary for us to be overly concerned about the security of the Dropbox password as its loss means that all someone has is our encrypted password files. The “strength in depth” side of me says that the initial loss of the Dropbox password is the first line of defense gone however I am aware that you are now having to remember 2 passwords; 1 for 1Password and 1 for Dropbox and you are not likely to use the Dropbox one often so let’s make it easy.

The Dropbox app can be downloaded from the App Store, their website or Google Play depending on what you are using.

Configure

Once you have installed Dropbox it will ask you where you want your Dropbox directory. I am going to assume, on a PC, you have made it something like;  “C:\Users_YourName_\Dropbox\” so we need to tell 1Password to store it’s vault there. By going into “File->Preferences” within 1Password it will ask where to put the 1Password data and you can then select the same folder you used for Dropbox. It will create a folder in Dropbox called “1Password.agilekeychain” but that’s OK as that’s the vault itself - have a look inside!!!

From there we can simply install Dropbox and 1Password on a mobile device and, when 1Password starts, it will ask where you want to store data. So first login to Dropbox with the same username and password you setup earlier. That will then sync and bring down the 1Password vault you setup earlier.

Start 1Password and when it asks you what to sync with select “Dropbox” (see image).

Login with the same 1Password login that you created at the beginning.

Remember that the 1Password login and the Dropbox login do not have to be the same and, in fact, should not be.  

Done

It’s easy, it’s straight forward and it’s secure. It will make your online security life much easier so I suggest you give it a go and see how you like it :)