The Best Way To Keep Passwords Secret And Accounts Secure
Rick van Galen, Senior Security Engineer at 1Password, explains how password managers are the easiest and most effective tools to keep your accounts secure.
Password managers are a great way to ensure your password hygiene is as good as it can be. Not only do they act as a secure store for your passwords – meaning that you can use complex, hard to crack, passwords without having to remember them – but they will also autofill credentials to trusted sites, generate new passwords, and warn you of compromised or vulnerable credentials.
Founded in 2005, 1Password is a leader in password management. Their solution is used by more than 100,000 businesses and millions of users world-wide and has been highly praised for its ease of use and effectiveness.
We spoke with Rick van Galen, a Senior Security Engineer at 1Password, to discuss the benefits of using a password manager, the uptick in passwordless logins, and how to keep your credentials safe. This interview has been edited for clarity and length.
Can you give us an overview of the 1Password platform, what you deliver, and who your customers are?
1Password safeguards people’s most important data no matter where they use it – be it at work or at home. Our human-centric solution is re-shaping the future of authentication, enabling anyone to navigate the digital world without fear or friction, and in less time – with security and privacy as a given.
1Password is trusted by over 100,000 businesses – including IBM, Slack, Snowflake, Shopify, and Under Armour – and protects the most sensitive information of millions of individuals and families across the globe.
Why is 1Password a better, more secure, and user-friendly way of storing passwords than just using notes, or writing them down on paper?
Writing your passwords down on a post-it note or piece of paper isn’t necessarily insecure, provided that no one else has access to the place or object where you’ve stored them. With that said, physical methods make it difficult to use strong, unique passwords, which is why it’s not the best way to keep your data and accounts safe.
The simplest way to generate, remember, and use strong passwords is with a password manager, like 1Password. Among the top reasons for why you should consider using one are:
- It’ll generate strong passwords for you, so you don’t have to take on the burden of trying to create unique passwords. Having credentials that are really difficult for a criminal to guess or crack with a brute force attack is critical.
- It’ll autofill your passwords for you. 1Password lets you sign in to the websites and apps you use daily and fill in your forms securely with a single click. Beyond that, password managers can store and autofill more than just passwords – including credit and debit card numbers, addresses, passport information, and even passkeys.
- If you lose a device, it doesn’t mean you’ve lost all of your passwords. You can always set up and sign in to 1Password on another device and regain access to your information – you unfortunately can’t say the same of a misplaced notebook.
- 1Password’s built-in Watchtower will tell you if and when any of your passwords need changing – by highlighting weak and reused passwords, then alerting you if any of your credentials appear in a known data breach.
- It’s safe and secure to use. 1Password’s security model is carefully designed to not rely on any single point of failure. To decrypt your data, a criminal would need your account password, an additional encryption ingredient known as the Secret Key, and the encrypted vault data itself.
The password management space is a very competitive landscape. How does 1Password differentiate itself from the rest of the market?
We have over 17 years of security and privacy leadership, award-winning customer service, and never had a security breach.
Some other differentiators we’re proud of include transparency, privacy of data, and the industry-leading support we offer.
We always have been, and always will be, transparent with our customers – information about our security architecture and relevant company processes are openly documented on our website.
When it comes to data privacy, 1Password customers are protected by our zero-knowledge security model. What that means is that 1Password can’t access private data stored in customers’ vaults. Instead, user data is stored locally on customers’ systems. Even if 1Password was breached, attackers wouldn’t be able to access any critical data because 1Password simply doesn’t have access to it. We also use an additional 128-bit Secret Key on top of best-in-class encryption to keep our customers’ personal and sensitive data secure.
Finally, we’re a customer-focused and consumer feedback-driven organization, and continue to push the envelope on high customer satisfaction. As a result, we consistently top leading technology and business publications’ password manager rankings.
Do you find there are any particular password challenges facing organizations in the enterprise market?
Secure organizations sometimes unintentionally impose a password management problem on their employees – they require them to use secure, randomly generated passwords for different services, and they don’t always provide a user-friendly way to solve that problem. 1Password does help solve that password management problem – for many consumer and enterprise users worldwide – regardless of whether people are on their own device or on a company-owned device. And in addition to that, 1Password can even help encourage the adoption of multi-factor (MFA) authentication, passwordless, and help manage SSH and API keys to further secure the enterprise.
The password landscape is evolving rapidly – in recent months, Apple has announced that their technology will be going passwordless and Windows Hello, Microsoft’s passwordless feature, was introduced last year. How do you think these changes will impact the future of the password management category and what will the experience be like for the end-user? Is passwordless more secure?
Passwords have been “dying” for decades now, but the reality is that it’s much more nuanced than that. As we move towards a passwordless future, 1Password is uniquely positioned to help people navigate the mix of existing and emerging authentication methods, and to make sure people have a choice in how they manage their online identities and logins – both at work and at home, and across platforms.
We’ll see passwordless through Passkeys achieve critical mass in 2023, especially with the FIDO Alliance and big tech’s continued support.
As for your question around if passwordless authentication is secure – yes! Passkeys are safer than using a traditional username and password, especially when the average person doesn’t have good password hygiene habits. Passkeys will reduce users’ chances of being hacked due to its proven resistance to threats of phishing, credential stuffing, and other remote attacks. Another advantage of Passkeys is that they also remove the inconvenience of additional two-factor (or multi-factor) authentication methods, which hackers can easily intercept.
What is your final piece of advice for organizations looking to improve the security of their users’ accounts?
Implementing a user-friendly password manager within your organization is essential. The security of password managers is well established, but they can only add that security to your organization if users wantto use it.
Do your research on the password managers available and find one that your employees will want to use. This is essential in order to raise the security bar for your organization. This is the way to avoid password reuse, easy-to-remember passwords, and sticky notes at the office.
You can learn more about 1Password here: 1Password