Daring Fireball: 1Password: The Infinite Loop of Security

The 2024 Verizon Data Breach Investigations Report (DBIR) found that “the human element” (accidental breaches caused by human error, or victimization in phishing attacks and the like) was the number one cause of breaches. The same was true last year, and the year before that, and the year before that.

it’ll never happen to me…

I used the same weak ass password for hundreds of accounts. I ignorantly took the position of “I don’t have anything worth hacking so using the same password everywhere is fine.”

I sure fucked around and found out on that one.

A couple years ago I found myself in the middle of a shitstorm of hacked accounts after I fell for a phishing thing. I immediately switched from Windows 11 to Linux and spent almost two full days updating hundreds of logins with unique, random 20+ character passwords using 1Password. The damage was already done though. Or at least it was off to a pretty good head start.

I lost an entire Facebook account, my PayPal and Cashapp were compromised and I’m pretty sure they straight up cloned my browser because I was getting login attempts across a lot of different accounts for DAYS after that. Even things that had 2FA enabled. I have no idea how that’s even possible but they got in there.

I don’t like to advocate for specific brands here but 1Password has been a godsend. It’s worth the small yearly fee. Even if you don’t go with them, you need a password manager. Every time I’ve been fucked over with phishing or hacked accounts it was my fault; human error or maybe even just arrogance and being too loosey goosey with online security.