April 5, 2024 • 10 mins
You need a password manager you can trust. We trust 1Password. Listen now and then decide for yourself if you do too.
Either way, we'd love to hear your thoughts. Come join us inside the Security Dojo!
You can sign up for notifications of new podcast episodes by clicking here.
1Password.com home page 1Password community forum 1Password security audits
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:00):
Welcome back and thanks for tuning in. I am Nick and this is Super Simple Security
Principles, part of the IHP Academy.
This is Episode 9, Who Do We Trust (00:07):
The 1Password Edition.
In Episode 8, we talked about creating a master password. Hopefully you have
a fresh new password ready to use.
Makani, how or what's the next step for us along our journey?
The next step is to decide what password manager you want to use,
(00:31):
which means that today we get
to talk about one of my favorite security tools of all time, 1Password.
Now, it's sort of a confusing name, especially if you go try to type that in
online, but it's the number 1, not spelled out, then password.
We even have a link in the show notes just to make it easy.
(00:52):
Now, I really love 1Password. I've been using it for 12 years,
and I could talk about why I love it for way more than a single episode,
but I'm also in a big hurry to get you actually using a password manager.
So I'm going to control myself, just focus on one reason. Because I trust them
(01:15):
to keep my password safe.
And even just that question of trusting them is way too much for a single episode.
Instead, I've picked a few of the biggest reasons and ones that I hope will
be the most useful for you guys, our listeners, to understand.
Excellent. Now, a couple of disclaimers.
(01:38):
First, 1Password is not paying us or compensating us in any fashion for this episode.
Second, 1Password is not the only password manager we trust.
It is just the one we are focusing on today.
Here's what I've learned. Password managers do all the heavy lifting.
(01:59):
They made life easier for me. That said, I've used three.
Makani, I've seen how you evaluate
some of these managers. What are a few things you are looking for?
I think the first one, the first key I want to talk about to trusting any company,
not just password managers, but is understanding how they make money.
(02:21):
I think it's always a good first question to ask.
And in the case of 1Password, it's obvious and simple, which is a good sign to me.
They offer a subscription-based password manager service.
Their whole focus is continually improving their one and only product.
And this is in contrast to some security companies who offer a whole suite of
(02:45):
products, which I understand is very convenient for the user.
But I personally favor companies with a laser focus on doing one thing really well.
I have found the quality of the product to be better.
And 1Password absolutely fits this pattern.
(03:08):
Okay. Following the money is key in my mind.
Understanding how a company makes money also kind of shows how they'll treat
their clients. So show me the money, money talks.
What else should I be aware of besides money? Another universal key for trusting
is communication, specifically how much they solicit and respond to feedback from their customers.
(03:34):
Are they listening? Do they care? Do they answer my questions?
And 1Password, I have found over the 12 years I've been working with them to be really good at this.
They have a very active, open community forum.
There are a ton of conversations there.
They respond quickly, and it's visible to the whole world.
(03:55):
They even allow dissenting voices without just cutting them out of the forum.
And I have personally submitted multiple questions over the years with great results.
Dude, in my course of business, I've learned how you treat your clients and
how you treat people matter.
You know, how you're treated is important, period.
(04:18):
So for us to have good communication between a company that we're using for security, I love.
Now, this next section I also enjoy because we're going to let Mak geek out on us.
Mak, what's the dirty work you've done to know if their product is safe?
Dirty work? Yes, sir. I love that work, but I get it. I get it.
(04:44):
For some people, that's going to be dirty work.
So this one is going to be a little bit different. The first two criteria we've
talked about are kind of generic ones.
But this one is going to be very specific to digital products.
And it answers a hard question and
that is. How can you know if a digital product is
(05:05):
safe? Can this company be hacked? or
Can they spy on me intentionally? How strong is their
security really? and all these are, they're hard
questions to answer even for me as a lifelong software developer and so I want
to share one way that companies help answer that question and that is by
(05:25):
hiring security experts to perform a special kind of security audit called a pen test.
This is geek speak for penetration test. And the idea is really simple.
They try to penetrate or break into the product, just like any criminal hacker would.
(05:46):
And the strongest kind of penetration test has a special name called a white
box as opposed to black box, which is what a criminal hacker would do.
And the difference is that the company hiring the hacker,
the ethical hacker as they're called, they give them all sorts of inside information
that a criminal hacker would not have to make it as easy as possible for them
(06:11):
to actually break through their security and find those security holes.
And then after the test is completed, the ethical hackers that they hired,
they issue a full report of any little thing they found.
And I've read a number of these reports, which I don't recommend for you,
but they're very interesting because I've never actually seen one where they
(06:37):
totally broke through the security.
But nearly every one
of them has found all sorts of little tiny
cracks in the wall and it's because getting
security right is just really hard
and so for me, it's a huge sign of trust that companies are willing to take that
(06:58):
step because it costs a lot of money to hire this kind of service and 1
password thankfully does it often and there will be a link in the the show notes
to see at least a list of the recent tests.
And even though I don't expect any of you are going to go look and dive into
the technical details of those reports,
(07:18):
just seeing the list of how often they do it and what they're doing,
I think will probably give you a little bit of a warm fuzzy about them.
Dude, this is awesome. They hire people to try and hack their system.
They feed them insider information,
so they're already a step ahead of the outside through hacker.
(07:40):
And then they're going to go through and create fixes and repair things. It's awesome.
You know, I worked in the financial industry and they do financial audits.
I should have known that good security companies would do the same.
You want a password manager who has and shares security audits about the company. Exactly.
(08:03):
And that pretty much wraps up what I wanted to teach today.
So you want to give us a recap of the episode as a whole, Nick?
Let us know your thoughts.
Yeah. So to recap, and these are going to be Nick's words. I've used multiple password managers.
For me, 1Password is super awesome.
(08:24):
It is easy to use, and it has made life easier and safer, in my opinion.
I'm not reusing passwords.
I've been able to level up my security by using these.
And do you know what?
Finding the right fit really was important to me.
(08:46):
I tried, as I mentioned earlier, three others, and 1Password really was the
company that I loved because of the ease and everything they included. Thanks, Nick.
It's good to hear that it's working out well for you. You're enjoying it.
And I just want to add one other thought.
(09:06):
The main focus today has been teaching our listeners why we trust 1Password,
but I also have another objective in mind and one that in some ways I care about
even more because I want you to get just a little bit better at evaluating companies
like 1Password for yourself.
Excellent. It's time for our call to action.
(09:28):
How are we going to level up today, Makani?
Well, today, I want all our listeners, I want you to decide for yourself, do you trust 1Password?
We do, but what about you?
And if you do, are you ready to give it a try?
That's it. All right. So, if the answer's yes, you'll want to join us for episode
(09:51):
10, because we're going to be covering the gotchas that might trip you up as you get started.
Either way, we want to hear from you. We'd love to hear your thoughts.
We'd love to hear what you liked and what you enjoyed.
And if you are having problems and need more convincing, let us know.
Okay, that's our super simple show today. Remember, just by listening,
(10:15):
you are making an improvement to your privacy and security.
We'd love to hear from you. So come visit us at IHPacademy.com by clicking on
the link in our show notes.
Thank you for joining us. Make it a great day. Bye-bye.
Welcome back and thanks for tuning in. I am Nick and this is Super Simple Security
Principles, part of the IHP Academy.
This is Episode 9, Who Do We Trust (00:07):
The 1Password Edition.
In Episode 8, we talked about creating a master password. Hopefully you have
a fresh new password ready to use.
Makani, how or what's the next step for us along our journey?
The next step is to decide what password manager you want to use,
(00:31):
which means that today we get
to talk about one of my favorite security tools of all time, 1Password.
Now, it's sort of a confusing name, especially if you go try to type that in
online, but it's the number 1, not spelled out, then password.
We even have a link in the show notes just to make it easy.
(00:52):
Now, I really love 1Password. I've been using it for 12 years,
and I could talk about why I love it for way more than a single episode,
but I'm also in a big hurry to get you actually using a password manager.
So I'm going to control myself, just focus on one reason. Because I trust them
(01:15):
to keep my password safe.
And even just that question of trusting them is way too much for a single episode.
Instead, I've picked a few of the biggest reasons and ones that I hope will
be the most useful for you guys, our listeners, to understand.
Excellent. Now, a couple of disclaimers.
(01:38):
First, 1Password is not paying us or compensating us in any fashion for this episode.
Second, 1Password is not the only password manager we trust.
It is just the one we are focusing on today.
Here's what I've learned. Password managers do all the heavy lifting.
(01:59):
They made life easier for me. That said, I've used three.
Makani, I've seen how you evaluate
some of these managers. What are a few things you are looking for?
I think the first one, the first key I want to talk about to trusting any company,
not just password managers, but is understanding how they make money.
(02:21):
I think it's always a good first question to ask.
And in the case of 1Password, it's obvious and simple, which is a good sign to me.
They offer a subscription-based password manager service.
Their whole focus is continually improving their one and only product.
And this is in contrast to some security companies who offer a whole suite of
(02:45):
products, which I understand is very convenient for the user.
But I personally favor companies with a laser focus on doing one thing really well.
I have found the quality of the product to be better.
And 1Password absolutely fits this pattern.
(03:08):
Okay. Following the money is key in my mind.
Understanding how a company makes money also kind of shows how they'll treat
their clients. So show me the money, money talks.
What else should I be aware of besides money? Another universal key for trusting
is communication, specifically how much they solicit and respond to feedback from their customers.
(03:34):
Are they listening? Do they care? Do they answer my questions?
And 1Password, I have found over the 12 years I've been working with them to be really good at this.
They have a very active, open community forum.
There are a ton of conversations there.
They respond quickly, and it's visible to the whole world.
(03:55):
They even allow dissenting voices without just cutting them out of the forum.
And I have personally submitted multiple questions over the years with great results.
Dude, in my course of business, I've learned how you treat your clients and
how you treat people matter.
You know, how you're treated is important, period.
(04:18):
So for us to have good communication between a company that we're using for security, I love.
Now, this next section I also enjoy because we're going to let Mak geek out on us.
Mak, what's the dirty work you've done to know if their product is safe?
Dirty work? Yes, sir. I love that work, but I get it. I get it.
(04:44):
For some people, that's going to be dirty work.
So this one is going to be a little bit different. The first two criteria we've
talked about are kind of generic ones.
But this one is going to be very specific to digital products.
And it answers a hard question and
that is. How can you know if a digital product is
(05:05):
safe? Can this company be hacked? or
Can they spy on me intentionally? How strong is their
security really? and all these are, they're hard
questions to answer even for me as a lifelong software developer and so I want
to share one way that companies help answer that question and that is by
(05:25):
hiring security experts to perform a special kind of security audit called a pen test.
This is geek speak for penetration test. And the idea is really simple.
They try to penetrate or break into the product, just like any criminal hacker would.
(05:46):
And the strongest kind of penetration test has a special name called a white
box as opposed to black box, which is what a criminal hacker would do.
And the difference is that the company hiring the hacker,
the ethical hacker as they're called, they give them all sorts of inside information
that a criminal hacker would not have to make it as easy as possible for them
(06:11):
to actually break through their security and find those security holes.
And then after the test is completed, the ethical hackers that they hired,
they issue a full report of any little thing they found.
And I've read a number of these reports, which I don't recommend for you,
but they're very interesting because I've never actually seen one where they
(06:37):
totally broke through the security.
But nearly every one
of them has found all sorts of little tiny
cracks in the wall and it's because getting
security right is just really hard
and so for me, it's a huge sign of trust that companies are willing to take that
(06:58):
step because it costs a lot of money to hire this kind of service and 1
password thankfully does it often and there will be a link in the the show notes
to see at least a list of the recent tests.
And even though I don't expect any of you are going to go look and dive into
the technical details of those reports,
(07:18):
just seeing the list of how often they do it and what they're doing,
I think will probably give you a little bit of a warm fuzzy about them.
Dude, this is awesome. They hire people to try and hack their system.
They feed them insider information,
so they're already a step ahead of the outside through hacker.
(07:40):
And then they're going to go through and create fixes and repair things. It's awesome.
You know, I worked in the financial industry and they do financial audits.
I should have known that good security companies would do the same.
You want a password manager who has and shares security audits about the company. Exactly.
(08:03):
And that pretty much wraps up what I wanted to teach today.
So you want to give us a recap of the episode as a whole, Nick?
Let us know your thoughts.
Yeah. So to recap, and these are going to be Nick's words. I've used multiple password managers.
For me, 1Password is super awesome.
(08:24):
It is easy to use, and it has made life easier and safer, in my opinion.
I'm not reusing passwords.
I've been able to level up my security by using these.
And do you know what?
Finding the right fit really was important to me.
(08:46):
I tried, as I mentioned earlier, three others, and 1Password really was the
company that I loved because of the ease and everything they included. Thanks, Nick.
It's good to hear that it's working out well for you. You're enjoying it.
And I just want to add one other thought.
(09:06):
The main focus today has been teaching our listeners why we trust 1Password,
but I also have another objective in mind and one that in some ways I care about
even more because I want you to get just a little bit better at evaluating companies
like 1Password for yourself.
Excellent. It's time for our call to action.
(09:28):
How are we going to level up today, Makani?
Well, today, I want all our listeners, I want you to decide for yourself, do you trust 1Password?
We do, but what about you?
And if you do, are you ready to give it a try?
That's it. All right. So, if the answer's yes, you'll want to join us for episode
(09:51):
10, because we're going to be covering the gotchas that might trip you up as you get started.
Either way, we want to hear from you. We'd love to hear your thoughts.
We'd love to hear what you liked and what you enjoyed.
And if you are having problems and need more convincing, let us know.
Okay, that's our super simple show today. Remember, just by listening,
(10:15):
you are making an improvement to your privacy and security.
We'd love to hear from you. So come visit us at IHPacademy.com by clicking on
the link in our show notes.
Thank you for joining us. Make it a great day. Bye-bye.
Popular Podcasts
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations.
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Nikki Glaser Podcast
Every week comedian and infamous roaster Nikki Glaser provides a fun, fast-paced, and brutally honest look into current pop-culture and her own personal life.