There is no shortage of password managers. Anytime you listen to a podcast or read an online blog post, you will probably be bombarded with ads for tools like Lastpass, Dashlane or 1Password. Add to that list the neverending supply of free password managers (Keepass, BitWarden, RoboForm, etc.)

Free isn’t bad

The truth is there are a lot of very good free password managers. These are great options for users that can't or don't want to spend money. I'll mention my favourite free pic later in the article.

Favourite paid password manager

Before jumping to 1Password a couple of years ago, I had been a paid Lastpass customer for about ten years. I started looking for an alternative because of irritants and an issue I experienced when I needed support, and Lastpass was unresponsive. Plus Lastpass is unrefined and a little clunky. After testing 10 of the best rated paid password managers, I chose 1Password.

Here is why I chose it and why it may be a good fit for you. It supports all the platforms I use, such as Windows, Macs, Chromebooks, iOS devices and Android devices. WatchTower is a great feature Lastpass didn't offer that ensures you aren't reusing passwords, that you are using strong passwords and that you aren't using passwords that are part of a site breach (therefore would already be on a list of passwords hackers would use first to break accounts).

Tell me more, please

1PasswordX for easier browser integration

As a ChromeOS user, 1Password was off-limits for many years because it did not have a self-contained browser extension. The original version of 1Password required that you install the full client on Mac and Windows to support their light browser plug-in. This changed with the release of a product called 1Password X. 1PasswordX works in Google Chrome, Microsoft Edge (Chromium version), Firefox and Opera (Chromium version). 1PasswordX offers all of the password management functionality without requiring any client installation so it also works on ChromeOS.

1Password uses multiple Vaults

1Password has implemented a password grouping concept called a Vault. A Vault is a container that stores all of your 1Password information. During installation, you create a default vault and everything is stored there automatically. But if you are also storing business information, you can create a separate Vault for those.

Another interesting use of Vaults is to improve travel security. We live in a world where our personal privacy is constantly under attack. Nowhere is this more true than when crossing an international border. Border agents can order you to unlock your device and your password vaults. Which would give them access to all of your sites and personal information. You can mark certain Vaults as safe for travel and store the less sensitive passwords here. If your device is inspected at a border crossing, only the vaults marked as safe for travel will appear.

Biometric support

All versions of 1Password support biometric authentication (depending on the features available on the platform of use). Since your main unlock password should be painfully long, this is a wonderful feature to enable on smartphones and tablets.

1Password for the security-conscious

Security is a balancing act competing with usability. My default, 1Password encrypted all of your information (on device) using AES256 before the blob is sent to their servers. This means that if their servers are ever compromised, your passwords are safe, as long as you are using a good strong, long password. You can and should read about their security model here.

If you want, you can be extra paranoid and configure 1Password not to sync the vaults to their servers. This means you can manually copy the encrypted vaults to your devices using whatever mechanism you want. For users that want this standalone model, 1Password does sell a standalone license for Windows and MacOS. Know that the standalone license does not include 1PasswordX. Most users should opt for the “normal” subscription model.

1Password for files

1Password (like Lastpass) gives you 1GB of encrypted cloud storage to store sensitive information you may need while out (think scans of passports, credit cards, health cards, tax papers, etc).

Support

1Password is a Canadian company with Canadian support. Believe it or not, getting in touch with a real human is very easy, not buried 32 levels deep like other products. Their online support site is clean, has well-written articles with nice screenshots and video walkthroughs. This one item sets them apart from many of their competitors.

1Password isn’t perfect

Perfection doesn’t exist in nature or the computer world. By default, the Vaults lock after 1o minutes of inactivity to protect your information. I think this is a desirable feature, but some may find it slightly annoying. You can change this setting but.. should you? I say keep it as is.

A little annoyance is acceptable in exchange for better security. Lastpass has a forever free version that meets the requirements of “normal” users. 1Password does not offer a free version (only a 30-day trial). I believe in paying for good products to encourage the developers and ensure the product survives.

What is the best free password manager?

I tested about ten free password managers while investigating what product I should be using daily. And after reading privacy policies, reading the security model documentation, I tested about ten free password managers while investigating what product I should be using on a daily basis. And after reading privacy policies, reading security whitepapers and testing the products, the winner is…. Bitwarden.

There are three features 1Password offers that differentiate it from Bitwarden. If you don’t need these features, then BitWarden may be a better option for you. The three features are:

WatchTower’s password checkup features
physical hardware security key support (e.g. Yubico)
1GB of encrypted storage

BitwarDen has the essential features every password manager should offer, such as the ability to manually synchronize your data on as many devices as you want, the ability to store an unlimited number of passwords. The free version of BitWarden allows you to share select passwords with one other person (e.g. spouse or partner).

Bitwarden supports a wide range of devices such as Windows, macOS and Linux. It supports all major browsers with a plug-in (Chrome, Firefox, Opera, Microsoft Edge, Safari, Brace). On mobile, it supports both IOS and Android. If you are an uber-geek, BitWarden supports Command Line Interface to its vaults (CLI).

BitWarden uses similar vault security as 1Password but… it does not submit itself to independent security auditing as 1Password does.

BitWarden apps and plug-ins aren’t as polished as 1Password but they are highly functional.

Anytime we talk about free products, I am reminded of the saying “If you aren’t paying for the product, you are the product”. I read the BitWarden privacy policy, Nothing glaringly bad popped out. They don’t sell or share your data for commercial purposes. Although they do have the right to share some anonymized data.

You will get ads for their premium version in their free products, which is understandable. Remember that if you decide to pay, take a look at 1Password first.

Quickly uninstall apps from windows, even the sneaky ones

April 20, 2020GeneralEdward Kiledjian

When you first started using your computer, it was silky smooth and fast. Now it is a sluggish mess.
Especially now that many of you are stuck at home, you may be trying new apps that turn out to be a disappointment.

How do you make sure you remove all the files when you uninstall that application?
Why doesn't the app you just installed have an uninstall option in add/remove applications?

The free app I am going to talk about will help with all of the above and more. It is called BCUninstaller.

What is BCUninstaller?

BCUninstaller stands for Bulk Crap Uninstaller and is a well designed tool to help remove any application, leftover files and more simply and quickly.

Many apps don’t have easy to find uninstaller options in the Windows Add/Remove Application applet but most leave behind a ton of garbage files. BCUninstaller uses its own appliction detection engine and has options to clean up “leftoer files”.

Here is a great video that shows how it works

Installing BCUninstaller is as simple as downloading the installer (from here) and then following the standard installation options.

Once the application installs, it will scan your computer and find all the installed applications. If you want to uninstall something, search for it using the search feature and then click on the uninstall button at the top.

It can detect these types of applications:

Normal registered applications (same as Programs and Features and many other uninstallers)
Hidden/protected registered applications
Applications with damaged or missing uninstallers
Portable applications (looks in common locations and on portable drives, configurable)
Chocolatey packages
Oculus games/apps
Steam games/apps
Windows Features
Windows Store apps (Universal Windows Platform apps)
Windows Updates Applications from all of these sources are treated the same - you can filter, export and automatically uninstall them in the same way.

To clean leftover files, click the Tools tab, then choose Clean up Program file folder and choose which discovered files you want to delete.

Use Google Chrome's built-in antivirus to scan windows

April 19, 2020GeneralEdward Kiledjian

As millions around the world work from home, corporate security teams have ramped up their protection protocols because the threat actors are very active. Many threat actors have also lost their “day jobs” and are relying on their nefarious cyber activities to pay the bills/

From an antivirus perspective, most users will be properly protected by the free Windows Defender included with all versions of Windows 10 . You may have clicked on a questionable link or opened a questionable attachment and you scan your computer using Windows Defender. Sometimes you may want a “second opinion” and the question is which online scanner should you use?

How about none of them. Why not rely on the free antivirus included in Google Chrome. What, you say. Google Chrome? Chrome the browser? Why yes.

Open the Google Chrome browser

In the address bar, enter chrome://settings/cleanup

You click on Find and let it run.

So what is it looking for?

Hijacked settings detection - It will detect if a browser extension ha changed your settings without your consent.
Chrome Cleanup - Sometimes you download and install the software you need and install unwanted secondary software unwittingly. Often times this is how some of the download sites monetize their service. Chrome will detect many of these unwanted installations and remove them.
ESET Antivirus - Google can change the AV engine anytime but right now they have partnered with ESET.

Obviously, this isn’t a complete antivirus and should be relied on as your primary protection mechanism but it is nice to know there is a second opinion waiting for you if you ever need it.

What is a Progressive Web App

October 15, 2018GeneralEdward Kiledjian

Over the last 18 months, I have seen more and more sites prompting me to "Add to Home Screen" from websites I have been browsing. Then you add this site, it installs itself in the background and is now accessible like a native app from your smartphone.

What I have just described is the wondrous workings of a fairly new technology called Progressive Web Apps. This technology (called PWA) works even when you are offline and behaves like a "normal" smartphone app.

What are progressive web apps?

PWAs were created by Alex Russell and Frances Berriman. The technology driving Progressive Web Apps isn’t new. What was required was a new recipe to make Progressive Web Apps behave like native apps. This means that a progressive web app will work (as long as the platform supports it) on an iphone or Androis smartphone, a chromebook or ipad, on Windows or Mac.

True cross platform applications without needed to join an app store with super restrictive controls (I’m looking at you Apple).

Why Progressive Web apps

Like many of you, I live in a world with abundantly fast internet. This simply isn’t the reality everywhere. Even in my own backyard of Ontario (Canada), there are communities where internet is delivered via very slow ADSL,

PWAs, once installed, cache the content locally which means they will respond quickly even for those on slow internet connections.

Statistics show that users still prefer native apps to web pages. There are a tone of reasons for this from convenience (single click from your home screen), ability to get push notifications, etc. The web simply doesn’t offer the same bells and whistles.

PWAs offer most (if not all) native functions. They startup with a single click from the home screen and can hook into most native features. PWAs can even offer notifications (like a native app) and therefore remind the user to open and engage with the app.

What is required to build a progressive web app?

This is not a technical instructional article but you need 4 elements to build a Progressive Web App:

Google Firebase Web App Manifest Generator

Web App Manifest - It is a JSON file with meta data about the web app, It contains information such as the icon, background color, app name, etc.
Service Workers - Even driven agents that work in the background. They perform tasks like updating the web app or its content.
Icon - You need an icon to represent the Progressive Web App on the home screen
HTTPS - The app and its content must be securely delivered over a TLS session.

Progressive Web app examples

You will find new PWAs every day but here are a couple of cool ones to get you started:

WebFlap - A Flappy bird game clone
AliExpress - Everyone’s favorite China cheap item import site
Financial Times - A respected global newspaper
QR Code Scanner - A PWA that scans barcodes
SnapDrop - A PWA that enables you to transfer files from one device to another
Notes - A super simple note taking app
Currency Calc - An easy to use currency conversion tool

Changing Google.com country domain no longer works

October 29, 2017GeneralEdward Kiledjian

Google power users knew that changing the Google country top-level domain (ccTLD) would allow you to find results optimized for another country or language (e.g. searching Google.ch instead of Google.com to get more swiss biased results).

There are a tone of reasons why I used this little trick:

Accessing Google.com results when terminating a VPN in another country
Travelling to a European country that skews results (right to be forgotten) and wanting "real" information returned
and much more

In a blog post, Google announced that results will now be customized based on the user's location (without regard for the country ccTLD input in the URL). So if I am in France and try to access American results by using the Google.com site, I will still get french results.

Google explains that 1/5 searches are location dependent (therefore detecting and using the user's actual location makes sense). If I am traveling to Paris and search for pâtisserie, the logic motivation is that I am searching for a pâtisserie in Paris, not Toronto (my home city).

You can still search for results in another location but the process is much more complicated now (you can still go into settings and select the correct country service you want to receive.)

“It’s important to note that while this update will change the way Google Search and Maps services are labeled, it won’t affect the way these products work, nor will it change how we handle obligations under national law. ”

— Google blog post

Source: Google Blog

Ed's favourite things - Best Password Manager