The free service stores your passwords online using AES encryption and offers features that provide essentially one-click access to multiple password-protected Web sites.
Have you ever wished that passwords were easier to remember so that you could use ones that were a little stronger? And is your three-ring binder containing your list of passwords just a little too accessible for anyone actually snooping around your office? Or maybe you keep your passwords in a secret Word document with a filename that matches your daughter's Girl Scout troop. If you're not using some kind of password vault today, you might want to reassess your procedures because there are many new choices today for either free or low-cost software and hardware vaults that keep your passwords safe through AES encryption. The question then becomes which is most convenient rather than which is the most secure, since all of them are likely more secure than what you are doing currently.
We would hope your company has an enterprise-grade password management vault to guard against one of today's biggest security risks and compliance challenges—that of protecting privileged identities. Since these identities offer access to an organization's most critical assets, they require special care. One of the most vulnerable areas today for a security lapse is the privileged but shared account that is neglected and whose passwords are rarely changed.
While you may have a Fort Knox type of system for enterprise applications, what about all the online passwords you need for everything from accessing your bank account to accessing the stimulating content of MC Press Online? Don't you feel just a little uncomfortable having your browser store these passwords?
A slick alternative was released to public beta this month in the form of my1ogin. In development for several years, my1login is an online vault for passwords or any other information that you want to store securely someplace other than your notebook or hard drive. I've actually printed out 10 pages or so of passwords I might need while on the road as I leave for the airport to travel to COMMON each year. And every so often I will print out the password list contained in a seemingly secret file on my computer to bring it home and stash it in my fire-safe just to store it off site. This is primitive I admit, and I'm deeply ashamed of my antiquated procedures.
With all the publicity about the potential vulnerabilities of the cloud, I must admit I was skeptical about storing my passwords online. But after I tinkered around with my1login for a little while, I became far more confident. My passwords are stored online, but they are stored in an encrypted format, and only I have the key. Should I lose my key, not even the administrators at my1login can access the data—or so they say. The key could be compromised, I suppose, since it's not a long string of special characters but instead a very long phrase from Bartlett's Familiar Quotations. The thing is, I need a key that I can remember.
Having an encryption key means you need three secret elements for access—the user ID, a password, and the key. Even if my data is on the Web, it's probably safer than what I've got going on my desktop computer, where the information isn't even encrypted. My1login also demands that you insert the first, third, or fifth, for instance, characters in your password from a series of three drop-down boxes as a way to discourage brute force attacks on your account. There is also an assigned anti-phishing image that appears each time you log in, while using the previously bookmarked my1login pages prevents you from landing on a spoofed site and entering your personal information. And all communications between your computer and the my1login servers are done using the Secure Sockets Layer (SSL) encryption protocol.
The fact is, a lot of people, if they don't store passwords on paper, where they can be lost, store them in spreadsheets or in their email accounts where they can be read by staff operating these services. Storing them on your hard drive means they can be erased, corrupted, or stolen.
So, assuming the information in my1login is secure, which I personally feel comfortable with, the question becomes: How convenient is it to access? This, in my opinion, is where the service really shines. If you set it up the way they instruct, it becomes one-click access to all your password-protected Web-based sites and applications. Regardless of from where you are accessing the Internet, you can sign in to all your password-protected sites and Web-based apps by just remembering your one my1login access. This makes it great for traveling and has advantages over even an encrypted flash drive, which you can lose in the security conveyor belt checkpoint at the airport.
The my1login service offers several other features that might come in handy for certain individuals. For one, it provides feeds and notifications from a selection of social networking and email sites, which eliminates having to log in and check each individually. You can set up a personalized home page, or portal, that can be configured to show information feeds that have the type of content you want to see regularly. This could be Facebook news feeds, Twitter tweets, or your email inbox.
The my1login service is free, and the company plans to make money from advertising, but there is a paid service for only $2 per month that offers a couple of additional features, including the ability to integrate any POP3- or SMTP-based email account so that you can see all your in-boxes in a single place. The Pro version also allows you to view and access your bookmarks and choose which social networking accounts to receive broadcast status updates from. It also allows you to organize your bookmarks into Personal, Work, and Other folders for easier access. Both the free and Pro versions have a password generator for creating super-strong passwords that go beyond "bullybill24."
My1login is a sophisticated and well-thought-out free service that has a number of convenience features that should make it quite popular in the age of social networking and multiple password-protected Web sites.