Get Detailed Instructions on How to Best Use 1Password
Save 33% and learn both password theory and practice when you buy with Joe Kissell’s companion book Take Control of 1Password for only $20!
- PDF EPUB Mobi
- Jan 28, 2018
Passwords have become a truly maddening aspect of modern life, but with this book, you can discover how the experts handle all manner of password situations, including multi-factor authentication that can protect you even if your password is hacked or stolen.
The book explains what makes a password secure and helps you create a strategy that includes using a password manager, working with oddball security questions like “What is your pet’s favorite movie?”, and making sure your passwords are always available when needed.
Joe helps you choose a password manager (or switch to a better one) in a chapter that discusses desirable features and describes a dozen different apps, with a focus on those that work in macOS, iOS, Windows, and Android. The book also looks at how you can audit your passwords to keep them in tip-top shape, use two-step verification and two-factor authentication, and deal with situations where a password manager can’t help.
The book closes with an appendix on helping a relative set up a reasonable password strategy for those whose relatives have distressing password strategies, and an extended explanation of password entropy for those who want to consider the math behind passwords.
“Awesome. You did an amazing job breaking it down. This should be mandatory reading.” –Rich Mogull, CEO at Securosis
This book shows you exactly why:
9-character passwords with upper- and lowercase letters, digits, and punctuation are not strong enough.
You cannot turn a so-so password into a great one by tacking a punctuation character and number on the end.
It is not safe to use the same password everywhere, even if it’s a great password.
A password is not immune to automated cracking because there’s a delay between login attempts.
Even if you’re an ordinary person without valuable data, your account may still be hacked, causing you problems.
You cannot manually devise “random” passwords that will defeat potential attackers.
Just because a password doesn’t appear in a dictionary, that does not necessarily mean that it’s adequate.
It is not a smart idea to change your passwords every month.
Truthfully answering security questions like “What is your mother’s maiden name?” does not keep your data more secure.
Adding a character to a 10-character password does not make it 10 percent stronger.
Easy-to-remember passwords like “correct horse battery staple” will not solve all your password problems.
All password managers are not pretty much the same.
Your passwords will not be safest if you never write them down and keep them only in your head.
But don’t worry, the book also teaches you a straightforward strategy for handling your passwords that will keep your data safe without driving you batty.
“Joe handles a confusing and scary subject more clearly and calmly than I would have thought possible. I’ll be recommending this book to just about everybody I know.” –William Porter, database developer, author, photographer
- What's New
What’s New in the Third Edition
In the nearly two years since the book’s most recent update, a lot of things have changed in the world of passwords and password managers. I’ve made hundreds of small changes throughout the book to reflect the current state of affairs, as well as the following major changes:
Updated references to lists of “worst passwords”
Added recent technologies from Apple (Touch ID on the MacBook Pro and Face ID on the iPhone X) to the “Biometrics” topic
Revised the “Authenticator Devices” topic to cover the use of an Apple Watch for authentication, and to update or remove mentions of other products as appropriate
Added a sidebar “What About the NIST Guidelines?” that discusses the 2017 revision to the U.S. government’s guidance on password requirements for federal agencies
Described a major vulnerability, publicized in December 2017, that can invisibly steal data entered by a browser’s built-in password manager
Added references to an article I wrote for Wirecutter about password managers
Extensively revised and expanded my descriptions of 1Password, Dashlane, Keeper, LastPass, and RoboForm to reflect the capabilities and prices of their latest versions; made smaller changes to the descriptions of several other password managers (including Blur, DataVault Password Manager, SplashID Safe, and Sticky Password), and removed the discussion of True Key, which no longer appears to be under serious development
Added a tip about avoiding a potential password exploit on iOS devices
Revised my list of recommended VPN providers
Expanded the topic “Prepare an Emergency Password Plan” to include the use of password managers with built-in emergency access features
Updated the “Audit Your Passwords” chapter to provide more information on tools built into certain password managers that help you evaluate your passwords’ strength and, in some cases, change them automatically
Significantly updated and expanded the discussion of Apple’s two-factor authentication, two-step verification, and app-specific passwords
Added missing links to password generators in the “Password Manager Compromises” topic
Provided working links to the zxcvbn password strength estimator
Removed the “Teach This Book” chapter and its associated downloads
- Reader Raves
“I’ve purchased several of [Joe’s] books and found them more than helpful… you have kept me from committing technocide and offing my computers and iPhone. I am going to purchase more of your books as soon as I’m finished with this email.” —Michael Israel, performance artist
“I’ve been reading your Take Control books for years, and this book is the best yet. Just the right amount of knowledge to inspire action. The way most people do this stuff is frightening. I, for one, am going to move my personal stuff to your new system.” —Matt C.
“The author provides many useful tips to assist developing passwords and password management strategies. Do you know what a VIP list is relative to password security? I didn’t, but I do now, and I’m using it! — David M. Acklam, MyMac review
- Update Plans
January 29, 2018 — The book is up to date so no updates are currently planned, but we’ll keep an eye on developments in the world of password security.
Posted by Tonya Engst
Joe and Chuck Joiner of MacVoices sit down for a wide-ranging chat about the new edition of this book and the state of passwords in this age of multi-factor authentication, password entropy, and password managers. They discuss all the myriad ways you can improve your personal online security without having to create and memorize a new password like R>preVckEf7*fh% every few weeks.
Posted by Tonya Engst (Permalink)
For anyone who is wondering, neither the Take Control Web site nor the eSellerate ecommerce site that we use for purchases were ever vulnerable to the Heartbleed bug, so you don’t need to worry about the security of your Take Control transactions or account information. There’s no reason to change your Take Control password either, although it’s always a good idea to do that if your current password is weak.
Posted by Tonya Engst (Permalink)