Are password managers safe?
by Oliver Haslam
We can’t speak for other password managers, but the short answer is: 1Password is very safe. The longer answer is that not only is 1Password safer than using no password manager at all, it’s far safer than any do-it-yourself solution – no matter how complex it may be.
While it may seem counterintuitive to keep all your eggs in one basket, using a password manager is much safer than the alternatives. To help you understand what makes a password manager like 1Password safe, let’s first look at the weak baskets you’re likely already using. We’ll start with the least secure basket: not using a password manager at all.
If you’re not using a password manager of any kind, you eventually have to resort to reusing the same password on more than one site. With all the accounts we have these days, it would be impossible to remember a unique password for each one.
Every time you reuse a password, it makes that basket that much weaker. If any site where you’ve used that password is compromised, an attacker will have access to all the others. For example, if you use the same password at your bank that you use for a fan forum for your favorite TV show, all it takes is a breach of that fan forum for your bank accounts to become exposed.
Keeping passwords saved in a plain text file on your computer is a very weak basket indeed. If that file falls into the wrong hands, an attacker will get all the keys to your digital life with no effort at all.
The same goes for keeping all those passwords written in a notebook. It may not be vulnerable to hackers, but it’s a chore to keep updated. And because it’s much harder to create regular backups of a physical notebook, if it’s ever lost or stolen, the results would be devastating.
OK, so you’ve decided to keep everything in a password-protected spreadsheet or other encrypted file on your computer. This may sound secure, but it adds a level of complexity that itself can cause issues. How are you accessing your passwords on all your other devices? What happens if you lose that encrypted file? Even if such a system adds some level of security, it’s not easy to set up and maintain. On top of that, these days it takes a team of security experts to make sure a system is actually secure against attackers.
At this point, it’s tempting to throw your hands up, keep doing what you’ve been doing, and hope for the best. But password management doesn’t have to be this hard. There is a better basket.
“The right way to build reliable systems is to put all your eggs in one basket, after making sure that you’ve built a really good basket.” — Engineer’s Proverb
Password managers like 1Password make the secure thing to do the easy thing to do. You can quickly generate unique passwords for every site and know that everything is strongly encrypted – without having to create a secure system yourself.
Of course, every web browser comes with a built-in password manager, so there’s no shortage of ways to save passwords on your devices. However, they don’t all offer the same level of security, provide the same conveniences, or protect your privacy as comprehensively.
With a password manager like 1Password, you only need to remember one secure Master Password, which gives you access to all your private data. It’s all encrypted on your device before it’s ever sent to our servers, and it remains encrypted in transit and at rest on our servers. Your Master Password is never transmitted across the Internet, which means that it never leaves your devices.
What sets 1Password apart is the use of a unique 128-bit Secret Key for every account. When you sign up for 1Password, a Secret Key is generated on your own device. It’s combined with your Master Password to encrypt your data. Just like your Master Password, your Secret Key is never sent to our servers, so hackers wouldn’t have the two keys required to access your information – even if they had access to the servers.
You can read all the details in the 1Password Security Design white paper.
All the security in the world doesn’t matter if a password manager doesn’t actually make your life easier, though. That’s why we focused on making 1Password not only the most secure but also the most convenient basket around. When you use 1Password, you’ll find that it:
And if you ever need to leave for any reason, 1Password uses open data formats, so you can import and export at any time. It’s your data, and we want to make sure you’re always the one in control of it.
All of those conveniences are built on a solid foundation of our commitment to you, your data, and your privacy. We’ve designed 1Password so that it’s not even possible to collect your most sensitive data.
Of course we can’t know your passwords, but we’ve gone much further than that. For example, the design of 1Password means that we also can’t know which sites you’re signing in to or when. That’s your business, not ours.
We understand that not everyone wants to spend as much time thinking about password managers as we do. You can get started with 1Password right away, without a steep learning curve. Videos and tutorials are available to help you get the most from 1Password, but there’s no required viewing to get started.
If you have any questions, we’re here to help. We never want you to be confused or frustrated when it comes to your security.
For all the reasons above, 1Password is loved by security experts, tech reviewers, and people just like you. They agree that it’s the most secure and convenient choice. And it’s purpose-built to protect your privacy. But don’t take our word for it. Here’s what they have to say:
“Having looked at a number of competitors, and comparing them I can say that 1Password is still the most well-rounded password manager on the market.” — The Sweet Setup
“1Password…combines an ease of use that reduces the friction of using secure passwords with the tools needed to manage them and ensure your logins always remain secure.” — MacStories
“1Password is one of the best ways to store and manage all of your passwords…” — The Verge
“1Password is just so goddamned smart about fixing a serious problem that I hate dealing with. That’s maybe the definition of an awesome app.” — Merlin Mann
“1Password…requires fewer clicks or keypresses to accomplish a task, like generating a new password or finding an existing login, than the competitors do.” — Joe Kissell, author of Mac Security Bible
If you want to take the right steps to keep your passwords safe and your information secure, try 1Password free today.