Tuesday, 15 September 2009

The Evils of 1Password

Yesterday I downloaded a rather highly-thought of program known as '1Password'. Its job is to store all of my passwords for logins, and then either keep them safe or replace them with complex and impossible to work out ones such as 'Hjs7bGy6s7GI'. This is all good, unless the program decides it hates you, and then it changes the passwords willy-nillily to what it finds amusing. It then laughs in your face as you fail to log in to your accounts all over the internet, and then guffaws and 'ROFLs' at you when you can't crack it's codes that it uses as passwords.
I learned not to trust it the hard way: Being locked out of my Google Account. It was the first password I changed, and turned out to be the most kerfuffley slice of time I have ever wasted. Once you cannot login to your GMail account, Google says: 'Neh. We own the Internet, and that password is in charge of your Youtube, Dropbox, iGoogle, Blogger, Bank Accounts...' So I was locked out of all of my most used applications and logins.
The solution: Try to log into iGoogle. When that fails, click on the password recovery page. Then, answer a few questions, and an email will be sent to your second email address. Luckily for me, I forgot the password to that one, too. So, I used my very, very old Hotmail account, from 2004, to log into my emails. In there, I had another email from Windows Live saying that there had been a new account created in 2007. I went to there, logged in, hoping to find the Google email. No. I found another email from Windows Live, saying that a third email account had been made in 2007 on an '@live.co.uk' thing. I logged into there, taking me to another email, only this time from Google, but from late 2007. This had been made for my first 'test' GMail account, which had a ridiculous name which I couldn't really put on any sensible documents. After logging in there, one final email that was unread from Google, supplying me with a link to reset my original password.
What a farse.
There are three morals to this story...
1. Don't use 1Password.
2. Remember what your secondary email address was.
3. Use the old fashioned, good old mind for passwords and the like.

^^Stay away from this logo^^

1 comment:

dteare said...

I am sorry to hear you had so much trouble with your GMail password!

You already fixed the problem, but I wanted to mention that 1Password keeps a list of all generated passwords just incase something like this ever happens. You can see all the passwords you ever generated in the Password History section of the main 1Password application.

Most often this is not required, but it is a safety net that can help if you do not re-save the Login after updating the password.

--Dave Teare
Co-author of 1Password