The Necessity of using a Password Manager

1password For Macos

Have I been Pwned

If you ever need to convince somebody to use a password manager, try playing them  The Russian Passenger on Reply All.  The episode covers a service called Have I Been Pwned, which keeps a record of known data breaches that users can search to see if their credentials have ever been exposed.  Try searching the email addresses of friends, family and colleagues on the site. It won't take you long to find somebody you know.

A good password manager is easy to use, and simple to learn, and yet convincing people to use one can be difficult. My sense is that most people either don’t realise how insecure their recycled credentials are, or they think ‘that will never happen to me, I have nothing worth stealing’. I can only hope that wouldn’t apply to experienced researchers and academics, but students too need to be aware of how vulnerable university networks are. There are numerous reasons for hackers to target universities, gaining access to thousands of usernames and passwords chief among them. Because of all this, I believe it is critical for anyone working within the walls of a university – virtual or otherwise – to have a secure means for managing their credentials. To my mind, a password manager is the best solution – it is certainly the easiest.

Which Password Manager?

As for which password manager, for sheer user-friendliness, ease of use, and excellent design, I still feel that 1Password is the best choice for most people. It actually has the Pwned functionality inside the app itself.  A lot has been written lately about changes to 1Password. The concern from security experts has to do with the company’s move to a subscription service, and in turn the service itself being moved to a priority cloud based architecture. The concerns are not around the business model, but with certain technical decisions; specifically with the status of where the default user vaults are stored – i.e on the Agile Bits encrypted servers. It should go without saying that the vaults are mega-encrypted, so worthless to anyone without the user’s key, but to end the debate there drastically oversimplifies the matter.

I’m not going to dive any further into the debate itself, as I believe a lot of what is doing the rounds is either based on a combination of misunderstanding, miscommunication, and the wants and needs of edge-case users who aren’t representative of most people. Moreover, some people seem to be conflating the Mac and Windows versions, and the functionality under debate remains very much a part of 1Password. I would argue that regardless of the validity to concerns around cloud-storage, 1Password is still the best password manager for most people. In fact, some of the features that make it so are only available because of the cloud-based architecture. My take is this:

  • The vast majority of people are ludicrously vulnerable at the moment, simply because they have next to nothing in place to manage their online security. For most people, not only are obscure security threats not a huge concern, but there is much more to be gained by using a password manager than maintaining the status quo.
  • In the absence of a clever password scheme – which, let’s face it, most people will never use – even if you do generate strong passwords, you still need an absolutely unique one for every site and service you use. Most people who have taken this half measure are using paper notebooks, or some for of plain text or spreadsheet to store the credentials. Ironically, this is a half measure that will make you doubly vulnerable
  • A Password manager does all the work once you get used to using it. Not only have I found 1Password to have the best user experience in this regard, anybody I have ever got to use it in earnest has taken to it immediately. The browser extension on the Mac, and iOS Safari automatically generates and stores credentials for new registrations, and automatically populates forms and logins. It can also populate payment forms with one click, making it even more useful than Safari’s own Auto-Fill features.
  • Take travelling researchers, with the new 1Password travel mode one can remove the entire app from a device and then reinstate it once any overly officious border police have done with their perusal of any given device.
  • There are further benefits to having secure information in such a vault if you were to ever to lose your mobile device and other valuables. I use 1Password to store my bank cards and encrypted copies of documents.
  • 1Password’s subscription model is one of the more advantageous memberships of its kind. The Families plan gives you 5 licenses for US$5 a month. You can manage vaults for your less technically inclined, younger or older family members. It also means shared vaults for credentials you all need access to, Netflix anybody?
  • The concerns around the cloud-storage model are moot for anyone wanting to sync a password vault and doing it via Dropbox.
  • I could go on, but I fear I have lost enough of you already.
1password Best Password Manager
1Password is the most user-friendly password manager I have used.

Perhaps Agile Bits could have handled this situation better than they have, but to be clear, they are keeping intact the functionality that security boffins most value, i.e local vaults. Unfortunately, it seems people will seize upon anything to reinforce their own reluctance to address their security issues. So controversy like this tends to feed the fear and doubt. My concern is that people use something other than recycling passwords, becoming so blasé about resetting them that they become easy targets for phishing attacks. Attacks that nowadays can easily include the capture of two-factor authentication. A password manager mitigates most of the risks. And without labouring the point, using one will provide a huge improvement to most people’s security.

Other Options

Lastpass – I have been a user of Lastpass in the past. I have never found it to be as user-friendly as 1Password, but it has a lot of fans. The biggest selling point is its free tier, which is a good start for anyone balking at paying for security – and the upgrade price is only US$12 a year. You will need to upgrade to use things like two-factor authentication and device syncing.

Dashlane – I prefer the user interface of Dashlane to Lastpass. It has a similar ‘freemuim’ model, with similar limitations before upgrading.

Note-taking Part II: Handwritten Notes

There is still a lot to say for keeping it old school with note-taking.  Handwriting after all is a key tool for comprehension and retention. Although, judging by the wall of glowing Apples one sees in lecture halls these days, that does not appear particularly persuasive with regard to note-taking. Still, this intersection between technological trend and learning technique is, I believe, just one among many things that make the iPad such an excellent device for study. While you can get pretty serious about handwriting on glass with an iPad pro and Apple Pencil, even with the standard model you can benefit from some of the great handwriting apps on iOS.

It is true that there are clear advantages to maintaining typewritten notes. Combining lecture notes, PDF annotations and other general research materials into a searchable database is hugely advantageous for both writing and revision. Luckily, none of this necessarily means handwriting should be excluded from a note-taking workflow. The only question is how integrated you want it to be. As ever, there are options.

Goodnotes

Goodnotes iOS
Goodnotes is considered the go-to app for handwriting recognition

 

For a lot of people, Goodnotes is the standout app for handwriting on the iPad, and with good reason. Although, it still holds to somewhat dated skeuomorphic design elements, that is a bit of a double-edged sword, as much of the app’s appeal lies with the convincing replication of an analogue writing workflow. Its real killer feature though, is handwriting recognition and text conversion. This means you have the choice between searchable handwritten notes, or converting your handwritten notes to text for use in the app itself, or for export if you keep your notes elsewhere. Possibly the most underrated aspect of Goodnotes is its PDF annotation, which I find to be smoother and more intuitive than any of the myriad specialty PDF apps I have owned and used. If handwritten notes and document markup are the extent of your workflow, then Goodnotes may even be all you need; especially now that it has a solid macOS companion app.

Notability

Notability’s audio capture feature makes it an ideal choice for lecture notes
Notability’s audio capture feature makes it an ideal choice for lecture notes

Notability is another sound writing app, although one that comes as something of a tradeoff. Notability does not have handwriting recognition, so handwritten notes can neither be searched, nor converted to text. Nonetheless, it does have its own marque feature with its ability to capture audio. The appealing simplicity of recording a lecture and taking notes in the same app can account for much of Notability’s popularity among students. Furthermore, Notability is a nicely designed software, and many will find its interface to be much more appealing than other similar apps. Moreover, its palm rejection is frankly much better than Goodnotes, the PDF markup tools are again very good, and its own macOS app is more fully featured and polished. The lack of handwriting recognition is a little disappointing, but you don’t have to go far to find people, students especially, who see audio recording as a more significant feature. Again, there is enough in this app that it may even be the one to rule them all for you.

Handwriting Hacks

If you're an EverNote  user, then Penultimate is a free app that will integrate your written notes with the rest of your Evernote database, including search-ability. I’m not a big fan of the app, but it works as advertised, so if you are deep in the Evernote ecosystem then you will no doubt get at least some of the requisite mileage from Penultimate. There was a time I was all in with Evernote. A combination of becoming wise to the problematic nature of proprietary databases, and my increasing discomfort with their privacy policy fumbles has driven me away. In saying all that, I’m not churlish enough for absolute dismissal of its utility. Ease of use, and impressive integration with practically everything remain its strengths. One example of its enduring usefulness is a hybrid workflow using Carbo for digitising paper notes. And, while we are on this track, both Evernote and One Note allow you to scan handwritten notes directly into the app for searchable text with OCR.

MyScript Handwriting Keyboard
The MyScript Handwriting Keyboard makes long-form note-taking an option in almost any text editor

The MyScript Handwriting Keyboard makes long-form note-taking an option in almost any text editor

Finally, if you want the cognitive benefits of deliberate long form note-taking, but you don’t care for the end result, there is something of a hack you might like to try. The MyScript Stylus Handwriting Keyboard allows direct, handwritten input into any app that you can use with a third-party keyboard. It hasn’t had any updates for a little while now, but it still works well. In fact, the handwriting recognition is impressive. You can use it as an input device with any text-editor or notes app that allows a third-party keyboard.

Honourable Mentions

  • Notes Plus is very similar to Goodnotes, with even more features. It even has audio recording. I find the interface to be a little too cluttered for my liking, and the user experience can be awkward at times. I suspect these relatively small quirks are what keeps it lagging a little behind Goodnotes in the popularity stakes, as the handwriting recognition engine is excellent.

  • Nebo is renown for handwriting recognition excellence. Underwritten by the my MyScript Ink engine, it has been winning awards and slowly gaining acclaim. The only problem is it requires an Apple Pencil to work, unless you are working on a Surface device that is, then your active pen will do fine.

Handwriting Without Apple Pencil

The 2018 iPad is a big deal for bringing Apple Pencil support to the cheaper model. There remain a lot of reasons to upgrade to one of the iPad Pro models, but Apple Pencil support is no longer one of them. However, if you're still rocking an iPad Air, or iPad Mini, you don't have to give up on handwriting altogether. A good old dumb, capacitive stylus can still work better than you might expect.

In my experience, the results from a capacitive stylus are just as good as any of the so-called Apple Pencil alternatives. When I was using the iPad Mini 4 as my main capture device for notes, I would come across all manner of claims around magic smart, bluetooth styli that make them Apple Pencil competitors. The truth is, they pretty much never work as advertised. None that I have tried work any better than a plain, dumb capacitive stylus. Why? Well, the Apple Pencil is not a third-party hardware device, it is an integrated input interface designed as part of the iPad itself. It is part of a system that works together. That said, there is good news, all modern iPads are fast enough now that, where handwriting is concerned, a capacitive stylus will give you a convincing writing experience. I have two that I particularly like, both from Adonit

For writing, the Adonit Jot Pro

 

And for marking up PDFs, or drawing the Adonit Mark.

If you only want one, get the Jot Pro

 

 

Note-taking Part I: Typewritten Notes

This is an ongoing battle, but for some there is a strange kind of jouissance in fiddling with one’s note-taking system. To state the obvious, note-taking is one of the more crucial academic skills. So it would seem there is a certain amount of justification in trying out different solutions to see what might stick. Whether this is new territory or not, there is always the question of where to begin. To drastically oversimplify the matter, the essence of note-taking is twofold: capture and retrieval. Naturally, there is a lot more to doing it well, but if you are just looking to get started then having these two things in mind can only help.

Typewritten Notes and Markdown

If you prefer to type your notes, then there is one simple piece of advice I would happily give anyone. If you don’t already know how, spend the brief amount of time needed to learn how to write in Markdown. Markdown will allow you to embrace plain text, which will not only future proof your work but it will make it as portable as possible and give you a uniquely focused medium for all your writing [1]. In turn you will be free to try different solutions while keeping your work intact, and this barely scratches the surface of Markdown’s usefulness.

I am yet to find a satisfactory source that makes a clear and concise account of the benefits in using Markdown for academic work. That is not to say there is nothing written, rather there is nothing I have found that doesn’t either run full geek into the weeds to soon, or treat the reader like an idiot. So here I will be brief. In fact, this is it. If you are willing to take 5–10 minutes and learn how to use a couple of basic tricks [2], you can free yourself from the clutches of bloated, archaic word processors and proprietary systems – and who knows, you might even start to enjoy writing. If that sounds appealing, have a look at this short tutorial.

Armed with Markdown, you can make an informed decision about your note-taking, and even how you approach writing in general.

Notes Apps

Yes, there are well-known names in this category. But, there is more than enough written about the likes of Evernote, OneNote, and even Apple Notes. Each of them are useful in their own right, but to my mind there are more interesting apps available.

Notebooks

macOS Plain Text Notes App

One of my favourite apps at the moment is Notebooks. I’m not always a big fan of software that tries to be more than one thing, and to be fair I only use Notebooks in a very specific way for one particular thing, but if I were a smarter, more efficient user I could just cut the tape here. Notebooks is an onion of an app, there are layers upon layers of functionality across macOS and iOS – it is a media rich repository for collecting, organising, searching and syncing any kind of research material you can throw at it. The markdown support is excellent and it even has task management support, which if setup properly for research and document review is kind of ingenious. The iOS version has PDF annotation tools, audio recording and handwriting/sketch support. Give it some thought and you will realise that Notebooks could handle a great many of your study and research needs, no matter what level your are working at. While it is certainly not perfect it is definitely going to be enough for a lot of people. If you are looking for a well-deigned, self-contained solution for note-taking and organising your research, or if you are looking to replace that gaudy green elephant, Notebooks is worth more than a cursory look.

Uylsses

Ulysses Macos Plain Text Notes App
Note-taking is just one of many use cases for Ulysses

It is hard to go past Ulysses as a writing app. Whether you want to use it for note taking, essays, long-form writing, or really any kind of writing you can think of. It is another app that benefits from going all in, the more you add, the more you start to realise its potential. Where Ulysses shines is its ability to organise text, for my own purposes that makes it particularly useful for longer form writing. While I am using Scrivener to write my thesis, Ulysses would be more than up to the job for a text based thesis, such as my own. But, in keeping with the note-taking theme here, Ulysses is an excellent candidate. Admittedly, it doesn’t quite have the feature-set of Notebooks, but its careful and intuitive design on both iOS and macOS will appeal to purists. Ulysses also has hooks in automation, particularly with regards to its Workflow integration on iOS, which opens up all kinds of possibilities for note-taking on iOS.

Honourable Mentions

  • Bear is an intriguing markdown based, notes app. Attractively designed, with a unique tagging system and cross-note linking for database referencing, and feature parity on macOS. It still lacks features ideal for academic use, but it is still new, and in very active development. It has gained a loyal user base quickly, so worth keeping an eye on at least.
  • 1Writer is an iOS only app, but as if to prove a point, being plain text based you can use DropBox to sync it with any text editor you should choose on macOS. In fact, it is the preferred iOS companion app for old-schoolers still rolling with Brett Terpstra’s nvALT, which is still a useful app in itself. [3] What makes 1Writer truly unique is its Javascript automation engine . If you have a look through the Action Directory on the app’s website, you will see already includes some researched focused workflows. If you have a little scripting ability, then you can just about fill your boots.

 


  1. Not to mention, it will give you something to talk about with other nerds  ↩

  2. Yes, it’s called syntax  ↩

  3. Brett Terpstra is promising a commercial replacement to nvALT, with an app called BitWriter that is close to beta release  ↩