Friends (Still) Don’t Let Friends Reuse Passwords

A good friend once said that friends don’t let friends reuse passwords. This sage advice is as true now as it was then. Perhaps even more so.

This week we were once again reminded why reusing passwords is a very bad idea. Yahoo! just announced that its entire database of users was breached way back in 2014, resulting in over 500 million logins being sold on the black market.

These login details contain enough information for an attacker to discover your Yahoo! password, and if you’re using this same password on other web sites, they will be able to log in as you on those sites as well.

Depending on how many Yahoo! services you depend on (such as Flickr), you may or may not be alarmed, but if you reused your password on other websites, you really should be.

Password reuse is scary

I’ve had a Yahoo! account for longer than I care to admit. I believe I created mine in 1999. Times were simpler back then and I didn’t have anything that needed to be protected – or so I thought.

I didn’t take my security that seriously at the time so I did what I always did for all my accounts and signed up using the one single password that I used everywhere: 909at89.

After a while, I stopped using Yahoo but I continued reusing my password wherever I went. Years later my Yahoo! account was broken into and I got lucky – the thief only cared about sending spam and never bothered to change my password to lock me out. 1Password was a daily part of my life by that time so I updated my Yahoo! password to NigEAKnb6cfaEpqKxWDGJPVi7Ld and moved on.

My Yahoo! account was now safe but my silly old password still survived on many other websites. I even used my ridiculously weak password for the company web server that was setup before 1Password even existed.

Even though I had already changed my Yahoo! password, the thief could have easily taken over my other accounts. If I was “famous”, things could have turned out much differently.

Protecting Yourself

If you have a Yahoo! account it’s time to fire up the Strong Password Generator and change your password to one that’s unique to Yahoo! and Yahoo! alone.

Generate strong password for Yahoo!

This a good first step and it’s only the beginning. The next step is to find all the other sites where that password was used and update them as well. You can use 1Password to search for your original password and update every site that matches.

You can also use Security Audit to find other reused passwords. And while you’re there you might as well check the Weak Passwords section to see which sites have lame passwords. You might be surprised at what you find ?

Protecting Your Team and Business

The scariest part of password reuse is it becomes second nature and before long reused passwords start appearing in unexpected places. The website you thought was protected ends up being an open door.

This is exactly what happened to me before 1Password existed and I shudder at what could have happened if I didn’t change my ways. I would feel terrible if anything ever happened to my colleagues as the result of me reusing passwords. Part of my responsibility of being on any team is using strong passwords like these:

 A strong, unique password 

As 1Password user, you already know that having unique passwords like this for every site is super simple – it’s literally easier to be secure with 1Password than being insecure without it.

When you’re on a team it’s not enough just for you to follow safe password practices. Your teammates might be reusing passwords because they believe it’s easier, putting the entire team in danger.

If your team is reusing passwords, emailing them to each other, or collecting them in an Excel spreadsheet, you’re likely to be in the news in the future – and not for the right reasons! ?

This is why we created 1Password Teams – to help you and your entire team make doing the right thing the easy thing. With 1Password Teams, everyone in your team can be the strongest link.

As luck would have it, our Teams special launch special is still available: until October 15th you and your entire team will get all the features of our Pro plan for the very low price of the Standard plan. If your team isn’t using 1Password already, be a hero and sign your team up.

The internet has come a long way in the last 20 years and we all need to evolve our security practices to stay safe, both in our personal and professional lives. Bad habits that we learned years ago simply have no place today.

All this talk of password reuse and reminiscing has me feeling nostalgic. It’s time I reach out to my dear old friend and thank him for inspiring today’s post. ❤️

Hello, macOS Sierra!

Once a year, we are graced with the release of a new operating system for our Macs. It’s an exciting time for users as much as developers. This year, there were quite a few changes to Apple’s desktop OS, and the most noticeable one at first glance is the name: It’s now macOS. I’ve been using Macs since I convinced my parents to help me get one for college in 2008, and nothing has been the same. I’ll miss OS X, but I’m excited to spend at least 8 years with macOS.

The first release under this new name is a step in the right direction. I always love attention to detail, and the web team at Apple put a lot into the new macOS page. There’s really nothing like a bit of transform3d with a mountain range I grew up in.

Copy something and paste it on another device

I asked the team what their favorite features in macOS Sierra were, and Universal Clipboard was at the top of their list. Over the years, apps that provide a clipboard across multiple devices have come and gone. It’s great to see Apple implement their own solution right in the OS. With Sierra and iOS 10, copying something on your Mac will also add it to your iPad and iPhone’s clipboards so you can paste it on those devices, and vice versa.

universal_clipboard_large_2x

This can be handy for bits of information, and also for passwords. If you copy a password from 1Password on your Mac, it will be available to paste on your iPhone almost immediately, which makes signing in to the App Store or iTunes spontaneously using your strong password even faster. Now the password can be pasted on your iPhone without opening 1Password on your iPhone.

Since Universal Clipboard requires both devices to use the same iCloud account, security of the clipboard contents comes to mind. Andrew Cunningham and Lee Hutchinson over at Ars Technica wrote an in-depth review of macOS Sierra and its new features and they explain, “Though both of your devices need to be signed in to the same iCloud account to trust each other, your data never appears to touch Apple’s servers—like Handoff, all communication is local.” It doesn’t require an active internet connection to work, but it does require that both Wi-Fi and Bluetooth are enabled on each device.

Pretty great, eh? Learn how to copy and paste between devices with Universal Clipboard.

Unlock your Mac with Apple Watch

watch-unlock

If you have an Apple Watch, you’re probably wearing it while you read this. Your iPhone can unlock your Watch, but what if your Watch could unlock your Mac? In macOS Sierra, it can. I spend a bit of time in cafes with my MacBook, and because I’m wearing a Watch I follow its orders and stand when I’m told. Since my MacBook is on battery power, it falls asleep and locks. Now my Watch can unlock my Mac automatically when I’m near it and wake it up. Who knew time-of-flight positioning was a byword for magic?

And many other things

If you use Siri often, you’ll be happy to see it on your Mac as well. There’s now a Siri icon in the menu bar and Dock, and clicking it activates the unique personal assistant. It can find files, help you spell things, find out the weather, help manage your calendar, and all sorts of other things.

Apple has a dedicated page to all the new features in macOS Sierra, and as I mentioned earlier, it’s awesome: http://www.apple.com/macos/sierra/

1Password + macOS Sierra = happyDance

app-store-sierra

Oh yeah, 1Password loves the new update too. Near the same time macOS Sierra was released, we also published an update to 1Password for Mac, and it’s fully compatible — if you notice any peculiar behavior, let us know.

It’s been a busy summer for me so I didn’t get a chance to try out the betas over the past few months. Yesterday was my first day with macOS Sierra and I’m excited to explore a bit and find some of the hidden features all the reviews I read missed!

If you haven’t upgraded already, now’s a great time! After upgrading be sure to check out the New to Mac welcome pages Apple created. Whether you’re new to Mac or have used it for a while, I think you’ll appreciate the spectacular introduction to its core features. And best of all, 1Password makes a cameo appearance in the App Store section! We’re very honored to be included here as well as selected by Apple in their Our Favorite Mac Apps section of the App Store.

I hope you all enjoy the new macOS! Let us know what your favorite features are in the comments. :)

Pro Features for 1Password Teams: Many Bells and Much Whistles

TL;DR: We’ve added some incredible new Pro features to 1Password Teams and we’re extending our Early adopter special that gives you all these Pro features at the Standard price! Sign up today or continue reading for more details.


We’ve been continually working on 1Password Teams since we introduced it last November and over the (Canadian) summer we finished putting the final touches on some awesome new Pro features.

I’d love to share these with you now while the weather is still nice. ?

Let’s start with our new advanced organizational features that give you even more control and customization for your team. From there we can jump to the new activity tracking feature and then we’ll button things up with some exciting pricing news.

Organize Your Team With Custom Groups

Since the beginning 1Password Teams has allowed you to assign teammates to be part of the Administrators, Owners, or Team Members groups.

This is great and provides enough organization for many teams, but larger teams need even more power and flexibility so we added the ability to create your own custom groups.

Using the Admin Console you can now organize your team into groups however you like. Once organized, you can easily share information securely with those who need it, allowing you to quickly control who has access to key information.

Organizing with Custom Groups

To create a new group, simply go to the Groups section of your Admin Console and click the blue plus button. You’re free to create as many groups as your heart desires ❤️

Grant Authority Using Custom Roles

The Owner, Administrator, and Team Member groups provide a great starting point for controlling who on your team can access the Admin Console, manage people, control access, recover accounts, and more.

But companies with advanced business needs will require more flexibility than these predefined roles allow.

That’s no problem whatsoever as it’s now super easy to designate which permissions each of your groups have. By picking and choosing from 9 predefined permissions, you can tailor the perfect role to suit your specific business needs.

For example, let’s say we wanted to allow managers to create vaults, manage their employees, and restore access to those who forget their Master Password. To do that, we could create a custom Managers group and assign their permissions as follows:

Granting authority using custom roles

As great as this is for managers, the real joy comes from knowing they no longer need to bug you every time someone joins their team ?

Using Activity Log to Review & Track Events

In short, you can now easily see who has changed what where and when. That’s a bit of a tongue twister, so let me try saying it again with a few more words ?

With our new Activity Log, you can now see a detailed history of changes made to your Vaults, Groups, and Team Members.

When a member of your team adds an item, creates a group, grants access to a vault, or makes other changes, each action is recorded and can be seen in the Activity Log.

This is super handy when you want to see what a particular user has been up to or review what changes have been made to a vault. All you need to do is go to the detail page for a particular person or vault and review the Activity Log to see what changes have been made and when.

For example, this screenshot shows the Activity Log for the Production Servers vault. You can see that I gave Jeff access and he then proceeded to update items in the vault and granted access to the Sysadmins group.

Activity Log

It’s great being able to see this history on each details page as it allows you to zero in, but you can also drink from the firehose ? by going to the Activity Log in the Admin Console where you can see the full list of all changes within your team.

Extending Earl’s Early Deal!

When we released 1Password Teams we launched with Earl’s early deal, giving away all the features of the Pro plan for the low, low price of the Standard plan.

With all these new bells and whistles I thought it would be awesome to extend Earl’s special launch special until October 15th so everyone could enjoy these new features.

Sign up your Team now and lock in Earl’s special deal

And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add after October 15th will still get the same awesome deal.

Enjoy! ❤️