MC Press Online

Saturday, May 27th

Last updateThu, 25 May 2017 10am

You are here: Home ARTICLES Security Compliance/Privacy If Your Password Management Policies Are a Little Loose, Try my1login

Security / Compliance/Privacy

If Your Password Management Policies Are a Little Loose, Try my1login

Support MC Press - Visit Our Sponsors


Flexible Input, Dazzling Output with IBM i



Click for this Month's

Bookstore Special Deals

The free service stores your passwords online using AES encryption and offers features that provide essentially one-click access to multiple password-protected Web sites.


Have you ever wished that passwords were easier to remember so that you could use ones that were a little stronger? And is your three-ring binder containing your list of passwords just a little too accessible for anyone actually snooping around your office? Or maybe you keep your passwords in a secret Word document with a filename that matches your daughter's Girl Scout troop. If you're not using some kind of password vault today, you might want to reassess your procedures because there are many new choices today for either free or low-cost software and hardware vaults that keep your passwords safe through AES encryption. The question then becomes which is most convenient rather than which is the most secure, since all of them are likely more secure than what you are doing currently.


We would hope your company has an enterprise-grade password management vault to guard against one of today's biggest security risks and compliance challenges—that of protecting privileged identities. Since these identities offer access to an organization's most critical assets, they require special care. One of the most vulnerable areas today for a security lapse is the privileged but shared account that is neglected and whose passwords are rarely changed.


While you may have a Fort Knox type of system for enterprise applications, what about all the online passwords you need for everything from accessing your bank account to accessing the stimulating content of MC Press Online? Don't you feel just a little uncomfortable having your browser store these passwords?


A slick alternative was released to public beta this month in the form of my1ogin. In development for several years, my1login is an online vault for passwords or any other information that you want to store securely someplace other than your notebook or hard drive. I've actually printed out 10 pages or so of passwords I might need while on the road as I leave for the airport to travel to COMMON each year. And every so often I will print out the password list contained in a seemingly secret file on my computer to bring it home and stash it in my fire-safe just to store it off site. This is primitive I admit, and I'm deeply ashamed of my antiquated procedures.


With all the publicity about the potential vulnerabilities of the cloud, I must admit I was skeptical about storing my passwords online. But after I tinkered around with my1login for a little while, I became far more confident. My passwords are stored online, but they are stored in an encrypted format, and only I have the key. Should I lose my key, not even the administrators at my1login can access the data—or so they say. The key could be compromised, I suppose, since it's not a long string of special characters but instead a very long phrase from Bartlett's Familiar Quotations. The thing is, I need a key that I can remember.


Having an encryption key means you need three secret elements for access—the user ID, a password, and the key. Even if my data is on the Web, it's probably safer than what I've got going on my desktop computer, where the information isn't even encrypted. My1login also demands that you insert the first, third, or fifth, for instance, characters in your password from a series of three drop-down boxes as a way to discourage brute force attacks on your account. There is also an assigned anti-phishing image that appears each time you log in, while using the previously bookmarked my1login pages prevents you from landing on a spoofed site and entering your personal information. And all communications between your computer and the my1login servers are done using the Secure Sockets Layer (SSL) encryption protocol.


The fact is, a lot of people, if they don't store passwords on paper, where they can be lost, store them in spreadsheets or in their email accounts where they can be read by staff operating these services. Storing them on your hard drive means they can be erased, corrupted, or stolen.


So, assuming the information in my1login is secure, which I personally feel comfortable with, the question becomes: How convenient is it to access? This, in my opinion, is where the service really shines. If you set it up the way they instruct, it becomes one-click access to all your password-protected Web-based sites and applications. Regardless of from where you are accessing the Internet, you can sign in to all your password-protected sites and Web-based apps by just remembering your one my1login access. This makes it great for traveling and has advantages over even an encrypted flash drive, which you can lose in the security conveyor belt checkpoint at the airport.


The my1login service offers several other features that might come in handy for certain individuals. For one, it provides feeds and notifications from a selection of social networking and email sites, which eliminates having to log in and check each individually. You can set up a personalized home page, or portal, that can be configured to show information feeds that have the type of content you want to see regularly. This could be Facebook news feeds, Twitter tweets, or your email inbox.


The my1login service is free, and the company plans to make money from advertising, but there is a paid service for only $2 per month that offers a couple of additional features, including the ability to integrate any POP3- or SMTP-based email account so that you can see all your in-boxes in a single place. The Pro version also allows you to view and access your bookmarks and choose which social networking accounts to receive broadcast status updates from. It also allows you to organize your bookmarks into Personal, Work, and Other folders for easier access. Both the free and Pro versions have a password generator for creating super-strong passwords that go beyond "bullybill24."


My1login is a sophisticated and well-thought-out free service that has a number of convenience features that should make it quite popular in the age of social networking and multiple password-protected Web sites. To see a brief video on how it works or to sign up for a free account, click here.

Chris Smith

Chris Smith was the Senior News Editor at MC Press Online from 2007 to 2012 and was responsible for the news content on the company's Web site. Chris has been writing about the IBM midrange industry since 1992 when he signed on with Duke Communications as West Coast Editor of News 3X/400. With a bachelor's from the University of California at Berkeley, where he majored in English and minored in Journalism, and a master's in Journalism from the University of Colorado, Boulder, Chris later studied computer programming and AS/400 operations at Long Beach City College. An award-winning writer with two Maggie Awards, four business books, and a collection of poetry to his credit, Chris began his newspaper career as a reporter in northern California, later worked as night city editor for the Rocky Mountain News in Denver, and went on to edit a national cable television trade magazine. He was Communications Manager for McDonnell Douglas Corp. in Long Beach, Calif., before it merged with Boeing, and oversaw implementation of the company's first IBM desktop publishing system there. An editor for MC Press Online since 2007, Chris has authored some 300 articles on a broad range of topics surrounding the IBM midrange platform that have appeared in the company's eight industry-leading newsletters. He can be reached at