With our release of the all-new 1Password 4 for Mac this month, the venerable Joe Kissell also wrote a whole book for the Take Control series called Take Control of 1Password (on sale for just $10!). It’s a great look into getting setup with 1Password 4 for Mac and even iOS and Android, as well as all the real-world ways 1Password can be useful for passwords and beyond.
Since Joe went so in-depth into getting the most out of 1Password, I figured we should go in-depth on Joe, the Take Control series, and his thoughts on 1Password and the future of security. I reached out for an interview, and he had some great responses.
AgileBits: First off, thanks for writing a whole book about 1Password, that’s pretty great of you. For our customers who aren’t familiar with the Take Control books, can you give a rundown on what the series is about?
Take Control is a series of ebooks that help ordinary, nontechnical people understand and make the best use of technology. The idea is that you have a professionally written and edited explanation of some technical topic that’s much more detailed than a magazine article could be (say, 100–150 pages instead of 2–6) but far more manageable than a 500+ page printed book. And, since they’re ebooks, we can treat them much like software: we offer minor updates for free and discounted upgrades on major new editions. You click a link to check for updates, download the new version, and that’s that. So the content can stay up to date as the technology changes, and you don’t end up with this huge chunk of paper that’s outdated before you even read it the first time. And all this comes at a modest price—most of our books are around $10–15.
The majority of our books focus on Apple (Mac and iOS) technologies. But we’re increasingly covering topics that apply across platforms, such as online privacy, Dropbox, and (of course) 1Password. We’ve even had a few books in the series that weren’t about computers at all, including one I wrote about how to prepare Thanksgiving dinner!
This month is actually the 10th anniversary of Take Control Books. Ten years ago this spring, I got a call from Adam Engst, who is well-known in the Apple community as the publisher of TidBITS and the author of numerous books. I’d known Adam for a long time—I’d written some TidBITS articles and Adam had written a foreword to one of my books and so on. He said he had an idea for an experiment in electronic publishing, and wanted to know if I’d be interested in joining a small group of other authors and editors in trying out this new model. I said sure, and the first book I wrote in the series was “Take Control of Upgrading to Panther,” which came out the same day Panther (Mac OS X 10.3) did, in October 2003. It sold a bazillion copies, and the rest is history. (And, this month, in keeping with tradition, we shipped “Take Control of Upgrading to Mavericks“!
What about your Take Control of 1Password book, in particular? Is there an overall approach or theme you had in mind while writing it?
Earlier this year I wrote a general-purpose book on password security, “Take Control of Your Passwords“. That book was all about understanding password security generally—why you need to have excellent, strong, unique passwords; what makes one password better than another; and what strategies you can use to keep from being overwhelmed by passwords. Of course, using a password manager like 1Password is one aspect of that, although I take pains to say it’s not a complete solution in and of itself.
In the 1Password book, I wanted to say, OK, if you’ve chosen 1Password (which happens to be my favorite password manager) for that aspect of your password strategy, then here are all the details about doing the stuff you care about doing with it. It’s no good to just say, “Go out and buy this app” if a reader isn’t sure what to do with it, how to use it most effectively, how to solve problems, and so on. So that’s what I was trying to do with this book.
For whom did you write this book? Was there a type of user or skill level in mind?
Well, I was thinking of people like my wife (hi, honey!), who may have had 1Password for a long time but never quite grokked it. People who aren’t technophobic but also don’t wear propeller beanies, if you know what I mean. Ordinary folk who just want to get things done and appreciate a bit of patient, systematic hand-holding but don’t want to be talked down to.
It’s not that 1Password has such a steep learning curve, but you kind of have to get on board conceptually with its way of handling things. And I think the best way to do that is to walk through all the steps of creating, storing, and using passwords a few times, with the sites you use most frequently, so it’s not just a vague idea about what should happen but the actual experience of making it happen. I try to walk users through both the theory and the practice so that, hopefully, after a few tries the process clicks and they go, “Aha! Now I see how much better this is than the old way.”
So, as with all my books, I’m writing for an intelligent reader who just isn’t an expert in this particular thing. And I try to focus more on real-world tasks than on features. In other words, I don’t think that by simply cataloguing what every button and menu command does, I’d be teaching someone how to use the product. Instead, I frame it as, “You probably need to accomplish x, y, and z with this app. How do you go about doing that?”
Besides stronger passwords, do you have another favorite use or some tricks for getting more out of 1Password?
I keep all my software licenses in 1Password. At the moment, I have—let’s see—373 of them! I find, especially at times like these when a new OS version is coming out, that I’m reinstalling apps quite a bit and I have to say, I’ve kind of fallen in love with 1Password mini for quickly retrieving license codes. I launch an app and it asks for the code, and now I just press Command-Option-\, type a few letters of the app’s name to find it, arrow over and down to the password field, and press Return to copy the code. Click back in the app, paste, and I’m done. So much simpler than it used to be!
Another thing I suggest in my book is to include not only textual data, such as your credit card, driver’s license, and passport numbers, but scanned images of the items themselves, as attachments. If you ever lose one of these items, a scanned copy can be very helpful in getting it replaced (and also provides some supporting evidence that you are who you say you are).
What do you think are some of the challenges for the security software space in general?
Wow, where to even begin? Well, I’ll focus on a couple of issues. First is the actual security part—making products and services robustly hack-resistant. Some of the folks who want to break into people’s accounts and steal their data, money, or identity are extremely smart and, shall we say, dedicated. Staying ahead of them requires even more smarts and dedication. I’ve seen some pretty scary security products—I’m thinking of a couple of password managers in particular—where it’s evident that the developers didn’t have a deep understanding of things like entropy, encryption algorithms, and exploits, but just threw something together that seemed to basically work. Most users won’t know the difference—until they get hacked.
So I love reading the security posts on the AgileBits blog by Jeff Goldberg and Roustem, because they demonstrate an extensive, thorough knowledge of cryptography that shows you guys really do know the score.
The other side of that is usability. You could ask users to enter a password, type a code from an SMS message, and do a fingerprint scan every time they go to a new Web site, and that might be super secure, but it’s an unreasonable amount of effort for what you’re trying to accomplish. Tools like password managers have to not only be easy to use but to respect varied workflows. If a tool requires you to throw out all your habits to adapt to the one way it knows how to do things, or if it imposes unreasonable restrictions (like forcing you to use just one browser), it’s not being kind to users.
Now, it does make me a bit sad that 1Password has had to remove or alter certain useful features over the years in order to remain compatible with all browsers and platforms. I understand why that is—you have to work within what browser developers, and especially Apple, permit you to do, and those restrictions have gotten tighter. But man, I miss the time when I could visit a new Web site that asked me to generate a password and then, with a single click, create, fill in, submit, and memorize that password. Those were the days! And I’ve been lobbying for an option to fill in and submit a default set of credentials automatically when you load a page, no clicks or keystrokes required. I would love to see 1Password take that next step in usability.
You have a section called ‘Glimpse the future of 1Password.’ Care to offer a glimpse of that glimpse for your potential readers?
Part of the reason for that section was to reassure users who upgrade to version 4 and have a moment of “Hey, wait a minute! What happened to (my favorite feature)?!” During the version 4 beta testing, AgileBits staffers were constantly reminding everyone that, because it was a total rewrite as well as a redesign, a few of the elements people were used to in version 3 aren’t quite there yet, but will be soon—and there are big new features in the works too. I think one of the most important changes in version 4 is that 1Password was rethought in such a way that adding new features will be easier, and significant updates should be more frequent.
So, based on my discussions with AgileBits staff and what I read on the beta discussion boards, I expect to see things like more view options (not just the single-column list) and editing directly in 1Password mini, without having to open the full app. And I know that some bugs—er, design challenges—such as getting 1Password mini to work correctly on multiple displays are being addressed too.
One of the other things I mention there is that the Windows and Android versions of 1Password, which haven’t seen a lot of love lately, are actively being worked on to bring them to feature parity with the Mac and iOS versions.
Do you remember when you first found 1Password? Who or what got you into it?
I looked through my email archives, and the first mention of 1Passwd—it didn’t have the “or” in the name back then—was in July 2006, about a month after its version 1.0 release. I got a copy of version 1.3 to review for TidBITS, although for reasons I can no longer recall, that review didn’t appear until nearly a year later: 1Passwd Eases Password Pain in June 2007. My very first impression was one of puzzlement: I couldn’t figure out why someone would need an extra program to do something that any Web browser can do on its own. But the proverbial lightbulb went on as soon as I started using 1Passwd, and as early as October 2006, when Macworld was asking contributors for nominees for that year’s Editors’ Choice awards, I wrote to my editor, “I’m really jazzed about 1Passwd, which has quickly become indispensable for me.”
So, I’m proud to say I’ve been a user almost since the very beginning of the product. That year, 2006, was also when I wrote my first Take Control book about passwords (which was replaced with a much more modern title earlier this year). I’ve written an awful lot about passwords in the intervening years, and 1Password has been a faithful companion the whole time.
Thanks a lot Joe!
As you can see, Joe knows his stuff and we’re honored that he’s been with us since way back when the “1Password” name was missing a vowel. The Take Control series really is wonderful, so check out Take Control of 1Password and their other books to learn how to get more out of your apps.