Date: 2016-09-03

The problem

For years, I've been the kind of person who always used the same three or four passwords for every single online service I used to have. Every time one of these services got hacked, I was supposed to change the password I was using for that service and in every other service I was using that password. Obviously, I wasn't keeping track of that, so I used to miss many of them.

Then 2-factor authentication* came to be and I started activating it for every service I considered important: Google, Amazon, Twitter, Facebook, Dropbox, Github, Gitlab... That made me feel much safer. But it had a couple of inconveniences:

1. Not every service offers 2-factor authentication and not all of them would offer the SMS one, which is the one I chose.
2. I would need my UK phone number with me all the time – this is a problem four or five times per year, when I go to Spain and Poland.

2 Factor Authentication it's an extra layer of security that relies not only on the common user/password combination, but also on something you have with you. Most of the times, it's either an app on your phone generating security codes for the extra login step or this same kind of codes, but sent to you via SMS.

Despite of that, I got used to it and it felt safe enough. At least for the last three years or so.

Then a few days ago I got another email from Dropbox, saying I need to change my password (again) because millions of account credentials have been leaked (again). That got me a bit upset, so I finally decided to start looking for a better way of dealing with passwords.

The solution

I learnt from password managers two or three years ago, when I saw a workmate using one in the office. I didn't remember the name, but I did remember how the icon looked like. It turned out to be 1Password. I checked it out and it was offering – still is – a free six month trial period, which should be more than enough time to use it extensively. So I signed up. They also have some cool information explaining how it works in the security section.

I've changed every password in every single online service I've used for the last 5 days and updated every single 2-factor auth code to use the 1Password app rather than my phone - equivalent of using Google Authenticator, for instance.

I have to say that apart from the pain of changing every password, using this tool feels great. And it definitely makes me feel safer. Now every password I'm using is different: they are long, hard to remember, don't make any sense and combine symbols and numbers. Perfect passwords!

I will complain about one thing though: using it on a phone or tablet is not a great experience. You need to switch context to grab a particular password and then come back to the login screen to enter it. And if you have 2-factor authentication activated, it will mean an extra change of context – that would be 4 changes to get through a login form. There are a couple of apps that integrate their login forms with 1Password and make the experience much better, but that's still a small number of apps.

Summary

If you are concerned about your security, get yourself a password manager or a service that will make you create secure passwords.

Resources

• 1Password: the password manager I'm using.
• TwistPass: a very cool password generator built by a workmate from Potato.
• LastPass: I've heard great things about it.
• Google site explaining 2 factor authentication