![]() ![]() ![]() With 1Password, you basically authorize each particular device you want to use with 1Password by providing your secret key. It's more or less a one-time thing on each new device. From my perspective, the great thing about the secret key is that you don't have to keep providing it. I'm confident that the encryption provided by (say) Bitwarden or NordPass is adequate to my needs and probably to yours. Now the secret key is used in encrypting your passwords, and if I understand this correctly, 1Password's encryption is heavier-duty than what's used by other apps because of the secret key. With 1Password, this isn't an option: Your secret key is absolutely required, in addition to your email and master password. With Bitwarden, LastPass, NordPass et al., it's not recommended but it is possible to set up your account so that all you need to provide to get in is your email address (which is generally not a secret) and your master password. (Nobody seems to count your login email as a factor.) If you prefer, you could say that the secret key is the first factor, and your master password is the second one. But the secret key is a certainly a factor in your access to your account: If you don't have it, you can't access your account. It's true that 1Password's secret key doesn't meet the technical definition of 2FA. 1Password's rep here, u/Zatara214, spends his days reminding people □ that 1Password's secret key is NOT a form of 2FA and he has already done so in this thread. Note that I say "alternative to 2FA", rather than "an alternative form of 2FA". These two are the only apps that rely upon a locally-stored "secret key" as well as your master password. All of the current password managers allow you to set up 2FA, which is fine: Just be aware that 2FA brings with it some risks.ġPassword and RememBear (which apparently is now out to pasture, sadly) provide an alternative to 2FA. And no matter which you pick, you don't want to rely on your master password alone. Keep in mind that, no matter what you use, you'll need to protect your account with a very Long Strong & Unique (LSU) master password. So in my judgment, it's not unreasonable to pick the one you like, for whatever reason (including price). And I'm back now to using 1Password as my primary, because of the secret key.Īs far as I can tell, all of these apps do an excellent job of keeping your passwords secure through strong, solid encryption. ![]() I've since become rather fond of NordPass, for its UI. Five years ago I switched to PCs and although I kept up my account with 1Password, I stopped using it while I tried others: LastPass (meh), Dashlane (nope), Keeper (not bad), Myki (innovative and sadly unsuccessful), RememBear (loved it), until a couple of years ago I found Bitwarden and it became my #1. Where I'm coming from: I started with 1Password (almost) ten years ago, when it was closely identified with MacOS and I was still using Macs. Short of reading the white paper (which isn't exactly a page-turner), I'd recommend having a look at our abbreviated guide to 1Password's security model and judging whether or not you like it for yourself. Some people will prefer that convenience, and that's fine. The Secret Key is a good example of that, as most password managers (that I've seen) lean more towards convenience and therefore lack a secondary encryption secret like it. I'd imagine that Bitwarden's looks very different from ours, as they've likely made plenty of choices that we chose to go in a different direction on. Ours is detailed in 1Password's Security Design white paper. Every product, be it a password manager or otherwise, maintains its own purposeful security design. ![]() From a realistic standpoint, no, they don't. The difficult part of this post comes down to whether all password managers meet the same level of security. This way, regular people don't have to deal with them. On the contrary, 1Password has undergone many third-party security assessments and maintains a public Bugcrowd program for the purpose of discovering and fixing issues. To be clear right off the bat, 1Password doesn't contain any security "quirks." If it did, they'd be very publicly discussed, and our team would be working to resolve them as quickly as possible. This post is sort of a difficult one to answer. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |