You need a password manager you can trust. We trust 1Password. Listen now and then decide for yourself if you do too.
Either way, we'd love to hear your thoughts. Come join us inside the Security Dojo!
You can sign up for notifications of new podcast episodes by clicking here.
Episode Transcript
Welcome back and thanks for tuning in. I am Nick and this is Super Simple Security
Principles, part of the IHP Academy.
This is Episode 9, Who Do We Trust (00:07):
The 1Password Edition.
In Episode 8, we talked about creating a master password. Hopefully you have
a fresh new password ready to use.
Makani, how or what's the next step for us along our journey?
The next step is to decide what password manager you want to use,
(00:31):
which means that today we get
to talk about one of my favorite security tools of all time, 1Password.
Now, it's sort of a confusing name, especially if you go try to type that in
online, but it's the number 1, not spelled out, then password.
We even have a link in the show notes just to make it easy.
(00:52):
Now, I really love 1Password. I've been using it for 12 years,
and I could talk about why I love it for way more than a single episode,
but I'm also in a big hurry to get you actually using a password manager.
So I'm going to control myself, just focus on one reason. Because I trust them
(01:15):
to keep my password safe.
And even just that question of trusting them is way too much for a single episode.
Instead, I've picked a few of the biggest reasons and ones that I hope will
be the most useful for you guys, our listeners, to understand.
Excellent. Now, a couple of disclaimers.
(01:38):
First, 1Password is not paying us or compensating us in any fashion for this episode.
Second, 1Password is not the only password manager we trust.
It is just the one we are focusing on today.
Here's what I've learned. Password managers do all the heavy lifting.
(01:59):
They made life easier for me. That said, I've used three.
Makani, I've seen how you evaluate
some of these managers. What are a few things you are looking for?
I think the first one, the first key I want to talk about to trusting any company,
not just password managers, but is understanding how they make money.
(02:21):
I think it's always a good first question to ask.
And in the case of 1Password, it's obvious and simple, which is a good sign to me.
They offer a subscription-based password manager service.
Their whole focus is continually improving their one and only product.
And this is in contrast to some security companies who offer a whole suite of
(02:45):
products, which I understand is very convenient for the user.
But I personally favor companies with a laser focus on doing one thing really well.
I have found the quality of the product to be better.
And 1Password absolutely fits this pattern.
(03:08):
Okay. Following the money is key in my mind.
Understanding how a company makes money also kind of shows how they'll treat
their clients. So show me the money, money talks.
What else should I be aware of besides money? Another universal key for trusting
is communication, specifically how much they solicit and respond to feedback from their customers.
(03:34):
Are they listening? Do they care? Do they answer my questions?
And 1Password, I have found over the 12 years I've been working with them to be really good at this.
They have a very active, open community forum.
There are a ton of conversations there.
They respond quickly, and it's visible to the whole world.
(03:55):
They even allow dissenting voices without just cutting them out of the forum.
And I have personally submitted multiple questions over the years with great results.
Dude, in my course of business, I've learned how you treat your clients and
how you treat people matter.
You know, how you're treated is important, period.
(04:18):
So for us to have good communication between a company that we're using for security, I love.
Now, this next section I also enjoy because we're going to let Mak geek out on us.
Mak, what's the dirty work you've done to know if their product is safe?
Dirty work? Yes, sir. I love that work, but I get it. I get it.
(04:44):
For some people, that's going to be dirty work.
So this one is going to be a little bit different. The first two criteria we've
talked about are kind of generic ones.
But this one is going to be very specific to digital products.
And it answers a hard question and
that is. How can you know if a digital product is
(05:05):
safe? Can this company be hacked? or
Can they spy on me intentionally? How strong is their
security really? and all these are, they're hard
questions to answer even for me as a lifelong software developer and so I want
to share one way that companies help answer that question and that is by
(05:25):
hiring security experts to perform a special kind of security audit called a pen test.
This is geek speak for penetration test. And the idea is really simple.
They try to penetrate or break into the product, just like any criminal hacker would.
(05:46):
And the strongest kind of penetration test has a special name called a white
box as opposed to black box, which is what a criminal hacker would do.
And the difference is that the company hiring the hacker,
the ethical hacker as they're called, they give them all sorts of inside information
that a criminal hacker would not have to make it as easy as possible for them
(06:11):
to actually break through their security and find those security holes.
And then after the test is completed, the ethical hackers that they hired,
they issue a full report of any little thing they found.
And I've read a number of these reports, which I don't recommend for you,
but they're very interesting because I've never actually seen one where they
(06:37):
totally broke through the security.
But nearly every one
of them has found all sorts of little tiny
cracks in the wall and it's because getting
security right is just really hard
and so for me, it's a huge sign of trust that companies are willing to take that
(06:58):
step because it costs a lot of money to hire this kind of service and 1
password thankfully does it often and there will be a link in the the show notes
to see at least a list of the recent tests.
And even though I don't expect any of you are going to go look and dive into
the technical details of those reports,
(07:18):
just seeing the list of how often they do it and what they're doing,
I think will probably give you a little bit of a warm fuzzy about them.
Dude, this is awesome. They hire people to try and hack their system.
They feed them insider information,
so they're already a step ahead of the outside through hacker.
(07:40):
And then they're going to go through and create fixes and repair things. It's awesome.
You know, I worked in the financial industry and they do financial audits.
I should have known that good security companies would do the same.
You want a password manager who has and shares security audits about the company. Exactly.
(08:03):
And that pretty much wraps up what I wanted to teach today.
So you want to give us a recap of the episode as a whole, Nick?
Let us know your thoughts.
Yeah. So to recap, and these are going to be Nick's words. I've used multiple password managers.
For me, 1Password is super awesome.
(08:24):
It is easy to use, and it has made life easier and safer, in my opinion.
I'm not reusing passwords.
I've been able to level up my security by using these.
And do you know what?
Finding the right fit really was important to me.
(08:46):
I tried, as I mentioned earlier, three others, and 1Password really was the
company that I loved because of the ease and everything they included. Thanks, Nick.
It's good to hear that it's working out well for you. You're enjoying it.
And I just want to add one other thought.
(09:06):
The main focus today has been teaching our listeners why we trust 1Password,
but I also have another objective in mind and one that in some ways I care about
even more because I want you to get just a little bit better at evaluating companies
like 1Password for yourself.
Excellent. It's time for our call to action.
(09:28):
How are we going to level up today, Makani?
Well, today, I want all our listeners, I want you to decide for yourself, do you trust 1Password?
We do, but what about you?
And if you do, are you ready to give it a try?
That's it. All right. So, if the answer's yes, you'll want to join us for episode
(09:51):
10, because we're going to be covering the gotchas that might trip you up as you get started.
Either way, we want to hear from you. We'd love to hear your thoughts.
We'd love to hear what you liked and what you enjoyed.
And if you are having problems and need more convincing, let us know.
Okay, that's our super simple show today. Remember, just by listening,
(10:15):
you are making an improvement to your privacy and security.
We'd love to hear from you. So come visit us at IHPacademy.com by clicking on
the link in our show notes.
Thank you for joining us. Make it a great day. Bye-bye.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
The Burden
The Burden is a documentary series that takes listeners into the hidden places where justice is done (and undone). It dives deep into the lives of heroes and villains. And it focuses a spotlight on those who triumph even when the odds are against them. Season 5 - The Burden: Death & Deceit in Alliance On April Fools Day 1999, 26-year-old Yvonne Layne was found murdered in her Alliance, Ohio home. David Thorne, her ex-boyfriend and father of one of her children, was instantly a suspect. Another young man admitted to the murder, and David breathed a sigh of relief, until the confessed murderer fingered David; “He paid me to do it.” David was sentenced to life without parole. Two decades later, Pulitzer winner and podcast host, Maggie Freleng (Bone Valley Season 3: Graves County, Wrongful Conviction, Suave) launched a “live” investigation into David's conviction alongside Jason Baldwin (himself wrongfully convicted as a member of the West Memphis Three). Maggie had come to believe that the entire investigation of David was botched by the tiny local police department, or worse, covered up the real killer. Was Maggie correct? Was David’s claim of innocence credible? In Death and Deceit in Alliance, Maggie recounts the case that launched her career, and ultimately, “broke” her.” The results will shock the listener and reduce Maggie to tears and self-doubt. This is not your typical wrongful conviction story. In fact, it turns the genre on its head. It asks the question: What if our champions are foolish? Season 4 - The Burden: Get the Money and Run “Trying to murder my father, this was the thing that put me on the path.” That’s Joe Loya and that path was bank robbery. Bank, bank, bank, bank, bank. In season 4 of The Burden: Get the Money and Run, we hear from Joe who was once the most prolific bank robber in Southern California, and beyond. He used disguises, body doubles, proxies. He leaped over counters, grabbed the money and ran. Even as the FBI was closing in. It was a showdown between a daring bank robber, and a patient FBI agent. Joe was no ordinary bank robber. He was bright, articulate, charismatic, and driven by a dark rage that he summoned up at will. In seven episodes, Joe tells all: the what, the how… and the why. Including why he tried to murder his father. Season 3 - The Burden: Avenger Miriam Lewin is one of Argentina’s leading journalists today. At 19 years old, she was kidnapped off the streets of Buenos Aires for her political activism and thrown into a concentration camp. Thousands of her fellow inmates were executed, tossed alive from a cargo plane into the ocean. Miriam, along with a handful of others, will survive the camp. Then as a journalist, she will wage a decades long campaign to bring her tormentors to justice. Avenger is about one woman’s triumphant battle against unbelievable odds to survive torture, claim justice for the crimes done against her and others like her, and change the future of her country. Season 2 - The Burden: Empire on Blood Empire on Blood is set in the Bronx, NY, in the early 90s, when two young drug dealers ruled an intersection known as “The Corner on Blood.” The boss, Calvin Buari, lived large. He and a protege swore they would build an empire on blood. Then the relationship frayed and the protege accused Calvin of a double homicide which he claimed he didn’t do. But did he? Award-winning journalist Steve Fishman spent seven years to answer that question. This is the story of one man’s last chance to overturn his life sentence. He may prevail, but someone’s gotta pay. The Burden: Empire on Blood is the director’s cut of the true crime classic which reached #1 on the charts when it was first released half a dozen years ago. Season 1 - The Burden In the 1990s, Detective Louis N. Scarcella was legendary. In a city overrun by violent crime, he cracked the toughest cases and put away the worst criminals. “The Hulk” was his nickname. Then the story changed. Scarcella ran into a group of convicted murderers who all say they are innocent. They turned themselves into jailhouse-lawyers and in prison founded a lway firm. When they realized Scarcella helped put many of them away, they set their sights on taking him down. And with the help of a NY Times reporter they have a chance. For years, Scarcella insisted he did nothing wrong. But that’s all he’d say. Until we tracked Scarcella to a sauna in a Russian bathhouse, where he started to talk..and talk and talk. “The guilty have gone free,” he whispered. And then agreed to take us into the belly of the beast. Welcome to The Burden.