As you may have seen from some of my recent posts, I have been doing some research into ways of storing passwords securely. I was recently followed on twitter by an account called my1login whose tagline is “The only login you’ll have to remember from now on.” – that sounded intriguing, so I thought I’d find out more.
They kindly sent me a free pro account trial which I signed up for.
my1login is currently in beta, and I found a few small glitches during sign-up, but the concept seems good. The site stores bookmarks to all the sites you have an account on, along with your username and password. The information is encrypted, and my1login claim even they do not have access to the unencrypted data.
When you want to log into a site, you click the bookmark to take you to the login screen, then click the ((( my1click ))) bookmark in your browser to automatically enter your login details and log you in to the site. This worked smoothly when I tried it with a test account. This is a password safe which is accessible from any computer on the internet.
Sign up for the service was fairly pain-free. When I used the promotional link they sent me, I was offered a free trial of the pro account for one month. The screen suggested that the pro account will cost $2/month, although clicking on the ‘more info’ shows the pro account is £1.50/month (about $2.32).
After entering my email address, choosing a password and confirming my email address by clicking a link in the registration message, I was prompted to log in to the system. This was the first annoyance.
Logging in requires the use of a ‘Partial Password’ . That is, you need to enter, say, the 5th, 13th and 17th characters of your password. This would be fine if you could type them in, but you have to choose them from dropdown boxes. This means that you have to scroll down a long list of characters to enter your password. It also explains the restrictions on the characters you can use in your password.
“Password must be between 8 and 20 characters and must contain at least 1 number. Only these non alphanumeric characters are allowed: ! @ $ % ^ & * ( )”.
The first step is to create a security key phrase. This is the passphrase which is used to encrypt the password entries (256 bit AES), and there are some good examples of memorable phrases to give you an idea of what a passphrase should look like, and has an onscreen keyboard if you are worried about keyloggers. I suspect that malware would still be able to capture what you type so, as always, it’s important to keep your anti-virus up to date.
I continued on anyway to see what the interface would look like after I completed the setup, and later on, clicking help did work and gave some useful information and support contacts.
The next step is to set up the ‘my1click’ bookmarklet. Adding this to your browser is just a case of dragging the bookmarklet to your bookmarks toolbar. It would have been useful to have instructions on how to display the toolbar if you don’t already see it. (In Firefox, click the Firefox menu, choose ‘options’ and check ‘Bookmark toolbar’).
Clicking the bookmarklet will automatically enter your login details into the site you are currently visiting.
The final step is to enter your first bookmark details. This is nicely done. You enter the web address of the login page of your site, and it automatically suggests a title. For example, entering http://planetmediocrity.com resulted in a suggestion of ‘PlanetMediocrity’ for the title. A nice touch. You then enter your username and password (which is hidden as you type it). There is an option to display the password if you want to check it, and you get an indication of how strong the password is.
You can then add some notes about the login. The notes are also encrypted when you save the entry.
Another nice touch is the option of adding tags to the entry to assist with finding entries once you have a lot of them in your bookmark list.
There is an integrated password generator if you don’t want to choose a password yourself. It allows you to choose the length of the password and what characters it should contain: Upper case, Lower case, Numbers, and Symbols.
When I clicked save after creating a new bookmark, I briefly saw the encrypted values before the screen refreshed – I don’t know if that could be a security risk or not.
The bookmarks are displayed in a list and there are tabs for ‘personal’, ‘work’ and ‘other’ to help you organise them.
Clicking around, I found an option to share entries with contacts. The person you share the entry with will need to sign up for an account with my1login before they can access the password, but there is the free option if they don’t want a pro account.
There are a few interface glitches, for example the image problem with the password display shown to the left, but nothing that stops this being a very useful service.
If you already have bookmarks saved, my1login will allow you to import from Passpack, keypass, roboform and clipperz, as well as from a spreadsheet or a csv file.
There are no plugins required, so this should work with any browser. There is a workaround to allow the service to work with an iPhone or iPad and an iOS application is planed for Summer 2012. I couldn’t find any mention of an Android client or workaround.
Overall, this seems like a very useful service, the login to sites was nice and smooth for me. I am not keen on the Partial Password login to the site, but the explanation for this is to stop keylogging software from capturing your password, and to stop screen grabbing malware from capturing your full password.
My only concern, and this applies to any site of this type, is how do you know you can trust the people who run the site – you are, after all, potentially handing over all your login details to them.
You can get your own free account, with a free pro trial using this link. my1.co/Vm?S5
Update: my1login contacted me about some of the points in this review and clarified a few things. I will be updating this later to include their comments. I’m very impressed with their customer service!