source:  cnet.com

Commentary: Don’t be me.

Deep breath. I did something really stupid with some of the most important data in my life. And I don’t know how I did it.

I took today’s basic security advice: use a password manager and then have it create different passwords for each site. I chose the 1Password password manager and after installing it, upgraded to a subscription so I could access my passwords across multiple devices.

Then came the weekend that I tried logging into the app and found my password wasn’t working.

I typed it in a few times. Slowly. Then with cut and paste. Nothing registered. It had been working smoothly with my iPhone’s Face ID to unlock access to my passwords, but that stopped working after a phone reboot. And I realized suddenly that the master password being asked for wasn’t the same as the password I had been using previously, before I added the subscription. Bewildering? Yes. My fault? Absolutely. Can I explain how I entered this fugue state of password confusion? Not at all

At some point I fumbled my passwords. I have mismanaged my supposedly careful management of my passwords. I feel like I’m in an utter nightmare.

This could happen to you. I hope it doesn’t.

My problem is partly a consequence of today’s need for an endless supply of secure passwords. Ideally, you should be creating so many unique, complicated passwords that a password manager is the only safe direction. But then, of course, you need a password for that password manager. Once your passwords become sufficiently complicated, you won’t really know what the passwords are unless you’re writing them down. Which I was. In a password manager.

And here I am. Stuck.

I’m not the only person suffering from password problems. For a broader look at the situation, check CNET’s coverage this week about password problems — including more about why experts recommend the very password managers that got me in trouble, the reasons two-factor authentication isn’t as secure as you might hope and modernized advice for picking passwords.

No options

1Password customer service asked me if I had my “emergency kit,” a record of my master password and secret key, a code the company gives you when you sign up for a subscription. You aren’t supposed to share this information with anyone, and 1Password doesn’t have it.

1Password employs these precautions for security. To be clear, I’m meant to safely print or store my 1Password secret key — a code used to set up 1Password on new devices — and master password somewhere where I can access them. “The master password would have been chosen by you, when you were creating your account,” 1Password’s customer support reminded me in an email. When I contacted a company spokesperson, I got the same message.

Read more: The best password managers of 2020

Over the weekend, it gradually dawned on me that I didn’t have this information, either. I followed 1Password’s advice on how to maybe fix my problems… but none of it worked.

Did I lose that emergency kit? Did I never download it? What is wrong with me? How did this happen? I wish I could tell you. It’s stunning that I simply don’t know. Maybe it’s because I was panicking when I signed up for the subscription in the first place, late last year. Maybe I skipped a download button. I can’t say. And that’s the most disturbing part. I feel like an absolute idiot. Also, I’m filled with existential dread now. Many passwords are locked up in there, but I don’t remember which. Why didn’t I keep a backup record on paper?

I discovered some of my passwords via a separate cloud-synced 1Password vault I’d forgotten that I had. I recovered those when I tried installing the app on another device. But I didn’t recover passwords I’d added after updating to the 1Password subscription. 1Password’s customer service was able to tell me I had added nine new passwords, but couldn’t tell me which accounts they were for.

If you lose the password to your password manager, the password manager customer service can’t do anything for you. My only recourse is to wipe everything and start over.

I hyperventilated all day. Then, I went to get my hair cut.

Take it from me… actually, don’t

I asked my barber if he used a password manager. He doesn’t. I asked if he used two-factor authentication. He doesn’t. I was going to offer him advice… but, well, look at me. Locked out of my passwords. I locked away my keys and threw away the key.

Face ID did nothing for me, because 1Password requires you to reauthenticate with your master password when you reboot your iPhone. No other options were left. I began to realize I should have been writing down backup passwords all along. I started doing that, frantically, with the ones I still knew.

I wish there were some magical way I could recover my 1Password password. Through my biometrics. Through a special emergency physical key fob. By presenting myself at a 1Password office and taking a blood test and somehow proving I deserved a second chance. But because of the way strong encryption works, nobody has a backup route into my password archive.

If there’s one silver lining to my scatter-brained situation, it’s that I’ve squirreled away some passwords on other managers and in a couple of password-protected documents over the years, like a weird password hoarder. That’s made my password manager disaster less nauseating.

But please, don’t lose the password to your password manager. Set it up when you aren’t distracted and, if you’re using 1Password, make sure you save that emergency kit with the master password and security key.

Don’t be me

I feel shredded now. Maybe you’re smarter than me. But passwords managing passwords, while a necessary evil, means brain-frying complexity. I can’t imagine a real-world vault where you’d keep your most important things but then make access contingent on one single key that no one else is allowed to have. But hey, here we are.

Before this, I loved using password managers. They’re great. They help keep things organized. They remind you to use complex passwords. They can autofill account passwords on websites and in apps. I’ll keep using a password manager, because I can’t see any better solution to the password nightmare we’ve all gotten tangled up in. 

Strings of characters extended to infinity and an unending fear of how to protect them feels like a world of madness as it is. Password managers are a life raft. An imperfect life raft, but they’re all I’ve got.

They’re great. Until you lose your password manager password.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>