Using 1Password with Windows

As my friends will tell you, I love the password manager 1Password from AgileBits. I won’t go into why, but if you use passwords (which you do), and you don’t manage them, you need something like 1Password.

I recently set up an older MacBook Pro as a Windows machine via BootCamp to play games. I needed some passwords on the machine for various accounts I will need access to, but I did not feel comfortable syncing my entire set of passwords to the Windows machine.

I do not feel comfortable mainly because I do not fully understand how easily the machine can be compromised. I did buy Norton Internet Security for it (Thanks, Matt!), but still, 1Password has my entire life in it. I want to be prudent in protecting that information.

Dropbox is secure, but I don’t want people getting the encrypted files if I can prevent it. Also, Windows seems more likely to get a key logger, so I really did not want to deal with a hacker getting my one password that encrypts all other passwords. All of this is over paranoid, but why take the risk if there is a solution?

Fortunately, the awesome 1Password supports multiple vaults. You can create a secondary vault easily, as explained here. Thanks to the awesome support via the @1password twitter account for the link.

Creating a second vault has its own password, but it is also accessible via the primary vault’s master password. I do not plan to ever use that master password on the Windows machine.

Now I have a second vault, what next? I want access to some passwords, not all. I also do not want to manage two sets of passwords. I really just want read-only access to the passwords I need.

1Password allows you to copy entries from one vault to another. You can copy an entry by right clicking the entry, going to the Share contextual menu, selecting your secondary vault and selecting copy. If you choose copy a second time, it replaces the destination entirely. Using this feature, I can manually keep my windows vault in sync with my primary vault on the Mac. Sweet!

Now I need a way to remember which passwords I want synced to the Windows vault. Enter the awesome tags feature. I love tags. You can edit any entry in 1Password, a login, a secure note, etc, and give it tags. Tags are just words that you will use later to find. I used the tag “Windows” on all of the entries I want to sync.

Now comes the part that was not intuitive with 1password in beta, but now is awesome! – Creating a smart folder of tags. A smart folder is a folder whose contents are generated via criteria, such as ‘all entries whose tag is “Windows”‘ This folder updates itself automatically, which is awesome.

First, choose “New smart folder” from the File menu. You will be presented with a pane that includes search criteria:

Smart Folder UI with no settings

Now change the settings to find all tags that are “Windows:”

1Password smart folder dialog tag is windows

Click “Save” in the upper right corner of the pane.

Every time that you add the tag “Windows” to an item, it will show up in this folder! All that is left to do is sync. You can sync all of these items by selecting the smart folder, then clicking one of them in the list and pressing Command-A (or Select All), then right click the selected list, select Share, then your vault, then copy. 1Password will replace all entries!

Note: It would be nice if I could right click the Smart Folder to share all items, AgileBits 🙂

This method will not remove any entries that you removed the “Windows” tag from. You will have to do that manually.

Now that you have copied entires into the secondary vault, go to the Finder and open your Dropbox folder. Create a new folder for the secondary vault. Back in 1Password, switch to the secondary vault (Via the 1Password application menu) and open preferences. Select the Sync tab, and choose to sync via Folder. Select the folder you just created in your Dropbox folder.

On Windows, when you install Dropbox, choose to not select everything. This will allow you to not sync your 1Password folder, but will let you sync your folder you made for the secondary vault. Once Dropbox is installed, it will copy your newly made secondary vault to your windows machine.

To access the passwords, you can either buy 1Password for Windows, or if you just need simple access, AgileBits has includes the awesome 1Password Anywhere HTML file. Simply open your Dropbox folder, open your secondary vault folder, open the 1Password agile keychain, then open the 1Password.html file with Firefox (it won’t work with Chrome, and certainly do not use Internet Explorer)

Type in your secondary vault password and have access to all of your data. If I need to create/update logins, I will do that on the Mac, re-sync everything to the secondary vault, and access on Windows.

It seems like a lot of work, but in practice it takes 10 seconds once set up, and gives me the peace of mind knowing that most of my data is not on the Windows machine.

I’d like to repeat that this may be overkill, but because I am not a Windows expert, I do not want to make it easier than necessary for others to access my data. If I can limit the amount of data I keep on a computer that I do not use very often, I will feel better about it.

One may point out that the 1Password anywhere file is accessible via Dropbox.com also, which is true! You do not even need to install Dropbox on the computer. Simply log into Dropbox.com, and navigate to the secondary vault folder. I would not access my primary vault this way, again because of the off chance that a key logger has slipped past Norton.

Set your router’s password!

Over at CNET there is an article about malicious javascript taking advantage of the fact that routers from Linksys, D-Link, Netgear who knows who else have known, default passwords.

This hack uses your web browser to log in to your router using the default password and reprogram your router to use the hackers Domain Name Server! This means when you type in say www.citibank.com you are taken to the hacker’s server, not your banks!

(Mom, you are fine, we’ve changed your password)

I’ve often commented on the fact that while default passwords are necessary, a router should not function until the password is changed from the known default. Your web browser should take you to, minimally, a screen saying you need to change the password.

On Macs with Airport, Apple could insist this as well and then popping up a nice dialog at any internet access attempt.

Change your router password if you have not!