Posts tagged 1password

Gawker Hacker

December 13, 2010
in

Yet another reason to use a password manager.

Unbelievable, coming from a network of nerds and geeks who have posted articles in the past about password management. And here the CEO uses short, easily guessable and repeated passwords for everything from the company’s Google Apps account to his personal Twitter account.

Ironically, any of the commenters that login via Facebook Connect were not affected!

Just one more reminder to change your passwords every few months and make them as secure as possible!

The Benefits of Using a Password Manager

March 5, 2010
in

Last month, I saw this post on LifeHacker and like the lazy blogger I am, didn’t get around until now to comment on it. The short of it is that because some Twitter users used the same password for multiple sites, an unscrupulous individual was able to use those usernames/passwords collected from a fake BitTorrent web site and use them on Twitter to see if they worked. Unsurprisingly, many username/password combinations worked.

The full explanation from the Twitter Blog:

It appears that for a number of years, a person has been creating torrent sites that require a login and password as well as creating forums set up for torrent site usage and then selling these purportedly well-crafted sites and forums to other people innocently looking to start a download site of their very own. However, these sites came with a little extra – security exploits and backdoors throughout the system. This person then waited for the forums and sites to get popular and then used those exploits to get access to the username, email address, and password of every person who had signed up. Additional exploits to gain admin root on forums that weren’t created by this person also appear to have been utilized; in some instances, the exploit involved redirecting attempts to access the forums to another site that would request log-in information. This information was then used to attempt to gain access to third party sites like Twitter.

It’s absolutely critical that people use at least different passwords for each site they visit, especially if the credibility of the site is in question (i.e. if the site was for warez or even for torrents as in this example.) A better practice is to have strong, different password for each site. Sometimes this is hard because each site has a different “rule set” for their passwords. Some site may require at least 2 symbols and 1 capital letter or some variation and things can get complicated and confusing very quickly.

I’m sure you’re thinking, “but Rachel, how am I supposed to remember all those stupid passwords? I’m not a computer!”

And then I say, “no problem, bucko, that’s where password managers come in!”

In an earlier post this week I was detailing a bug I had with 1Password. Well, that’s a password manager!

What’s a password manager?

A password manager is an application or service that uses a master password to encrypt a database of username/password combinations for web sites, services or other applications. On a Mac, it’s like Apple’s Keychain. You type in your password whenever you log in to your Mac and magically all the passwords you saved in that Kkey chain are available to your applications so you don’t need to type them in all the time.

My favorite password manager is 1Password but practically all password managers have similar functionality. Password managers have multiple purposes but I think the best are:

  1. Ability to create a strong password for different sites. Most password managers have the function to generate a password for you so you don’t have to come up with a strong password on your own.
  2. Create a password and then never enter it in manually again. Plugins for web browsers like Firefox and Safari make it so easy to click a button, enter your master password, and bang! You’re logged in. You’ll never have to remember an obscure password again. Of course, if you’re nowhere near your password manager and need that obscure password to log on to a site while at a public computer you’re a little screwed unless you have your password database automatically set up to sync with a service like Dropbox (and then you’re all set!)
  3. A central, encrypted place for all your passwords. “Back in the day…” I remember I used to keep all my usernames/passwords on pieces of paper and up until recently my mother was keeping them on index cards on a Rolodex. If you’re a sloppy pig and don’t know how to organize that stuff, you may end up misplacing that password and then you’re screwed. With

How To Make 1Password Work with a Proxy

March 4, 2010
in

I’m a huge fan and proponent of password management software and especially 1Password by AgileWebSolutions. Yes, its paid software and there are alternatives but I use a Mac and I like eye candy (plus I got it for free from a MacHeist a while back, so nyah.)

When I started working at my new job, I wanted to import all of my logins in case I needed them at work. I quickly found that working at a credit card company meant there were a lot of limitations to what you were and were not allowed to do. One of these things was that I couldn’t log in to Dropbox (where I keep my encrypted 1Password key chain for syncing across machines) and the second was that you needed to go through a proxy server in order to access anything on the internet.

The Dropbox I could live without, I would just have to manually sync my key chain every once in a while for passwords I might reset. The proxy thing was a problem though.

Every time I opened Firefox or Safari meant I had to authenticate against the proxy server.  In Firefox this was especially a problem because every time I opened Firefox with tabs already open from a previous session, Firefox would prompt for my proxy password for each tab that was open to an external web site. This meant almost a “ba-jillion” window prompts.

1Password keeps track of passwords based on the domain, but because it was a proxy password, depending on what page it was trying to load, the “domain” 1Password would “pick up” was usually the wrong one. Obviously, I didn’t want to have to enter my proxy password manually every time (why would I have the password manager in the first place then?!)

The work around for this is to open up 1Password, create the entry for your proxy server username/password and where it says “Display: Always” there is an additional entry at the end of the drop-down that says “Show in Every HTTP Auth Prompt.” That’s the golden ticket!

Now, when you open Firefox, (warning: it still opens up a million authentication windows but you only have to fill out one) in the 1Password drop down to fill out the prompt you will see your proxy option. You may have to refresh the pages if it didn’t pop up the auth prompts in order but that was an acceptable price to pay for me to have both 1Password and Firefox.

A “gotcha” to watch out for is in Safari. I noticed that if I reset my browser settings (like, everything blown away, settings, cookies, etc) it lost the proxy server authentication. What you have to do is disable 1Password as a plugin in Safari and restart Safari. A single prompt should pop up asking you for your proxy username and password and will ask you if you want to save it to your key chain. Click the box and submit. When you enable 1Password as a plugin again you should be golden and won’t have to input your proxy password ever again.

I hope this helps someone out there that had the same problem! Took me a good week or so to get everything running smoothly.

Go to Top