PDA

View Full Version : iOS Cloud Keychain vs 1Password


GoCubsGo
Jun 10, 2013, 12:46 PM
Undoubtedly, no one can know today, but in time developers will certainly be able to speak to it. As a long time user of 1Password, I question the security comparison. I think it is open for discussion even though it is likely annoying to compare something that is out there now and something we literally heard of 10 minutes ago.

1Password uses 128-bi AES encryption (http://help.agilebits.com/1Password3/security.html) whereas I believe they said Keychain will use 256-bit AES encryption. Correct me if I am wrong, please. So if you're using Safari on all iOS devices as well as your desktop/laptop etc, then wouldn't this blow 1Password out of the water?

Or is there more to it? I've paid quite a bit for 1Password on my iPad, iPhone, and OS X, so I wouldn't mind not having to pay for something if it is more secure and just as easy.

One feature I am not a fan of, at least not on the surface, is the password recommendation. Even if I have 1Password installed, I cannot use the password without unlocking 1Password. I don't think I caught, if it was said, Keychain using such security.

philipk
Jun 10, 2013, 02:49 PM
I am a 1Password user.

I hate it! However, it is better for me than any other password solution.

My biggest complaint is that it isn't integrated into iOS Safari or any other iOS app. That isn't 1Password's fault. Still it is a real pain. I also do not like the Dropbox syncing. I have had several conflicts due to this style syncing!

What has been needed for years is a solution that is built into the operating system and that syncs between devices. iOS Cloud Keychain is such a solution.

Hopefully it will be well designed.

Your last paragraph is essential. For me if it doesn't require a strong master password to use it, it is a deal breaker! The unlock code is NOT enough.

ugahairydawgs
Jun 10, 2013, 02:59 PM
Undoubtedly, no one can know today, but in time developers will certainly be able to speak to it. As a long time user of 1Password, I question the security comparison. I think it is open for discussion even though it is likely annoying to compare something that is out there now and something we literally heard of 10 minutes ago.

1Password uses 128-bi AES encryption (http://help.agilebits.com/1Password3/security.html) whereas I believe they said Keychain will use 256-bit AES encryption. Correct me if I am wrong, please. So if you're using Safari on all iOS devices as well as your desktop/laptop etc, then wouldn't this blow 1Password out of the water?

Or is there more to it? I've paid quite a bit for 1Password on my iPad, iPhone, and OS X, so I wouldn't mind not having to pay for something if it is more secure and just as easy.

One feature I am not a fan of, at least not on the surface, is the password recommendation. Even if I have 1Password installed, I cannot use the password without unlocking 1Password. I don't think I caught, if it was said, Keychain using such security.

Very little was said about usage and back end functionality of iCloud Keychain. I agree that without a passcode to unlock it seems pretty pointless.

I'm also interested to see what sort of back end utility will be available to change passwords and remove certain accounts from the keychain. Slowly but surely I'm assuming all of our questions will begin to be answered on this shortly.

GoCubsGo
Jun 10, 2013, 03:27 PM
Of course, I realize how premature this is and nearly as annoying as the "does the new MB Air get 20 hours of real-world battery life?" Though I think this feature was given just about the amount of time you would expect of such a feature, when it comes to my data, I try to care. If Keychain uses a higher level of encryption than 1Password without the need for some kind of unlock code, then it is status quo for me.

The annoyance with 1Password is something I think many can agree on. Go to Safari, load website, forgot password, home button, 1Password (for me it is in another folder), unlock, get password, home button, safari, ****er reloaded, gotta wait, now enter the password.

It is nothing and yet it is something.

I am quite glad the beta is out today despite the dev portal being hammered, as I understand.

Bear
Jun 10, 2013, 03:37 PM
...
I'm also interested to see what sort of back end utility will be available to change passwords and remove certain accounts from the keychain. Slowly but surely I'm assuming all of our questions will begin to be answered on this shortly.My guess would be that the Keychain Access utility would be expanded to cover the iCloud pieces.

...
I am quite glad the beta is out today despite the dev portal being hammered, as I understand.Hammered is somewhat of an understatement. It's like a massively distributed denial of service attack.

----------

After some thought, even with iCloud Keychain, you will still want a password application like 1Password or oneSafe.

It gives you redundancy in case you accidentally clear a password you didn't mean to.

Also, you're at a friends house and you want to get in to some site on their computer, you can use the password application to look up your user id and password.

MikhailT
Jun 10, 2013, 08:02 PM
....1Password uses 128-bi AES encryption (http://help.agilebits.com/1Password3/security.html) whereas I believe they said Keychain will use 256-bit AES encryption. Correct me if I am wrong, please. So if you're using Safari on all iOS devices as well as your desktop/laptop etc, then wouldn't this blow 1Password out of the water?

1Password 4 uses 256-bit AES now (Mac version is coming out later this year), with many more security benefits that Apple might not take advantage of.

You can read more in their security stuff for 1Password 4 here, http://learn.agilebits.com/1Password4/Security/security-index.html

Since Mavricks isn't out, hopefully, AgileBits will get 1Password 4 out first.

Also, many folks might not trust Apple anymore with the latest PRISM news.

AgileBits can't comply with PRISM requests since they don't have access to your data.

Or is there more to it? I've paid quite a bit for 1Password on my iPad, iPhone, and OS X, so I wouldn't mind not having to pay for something if it is more secure and just as easy.

Well, 1Password is more than a password manager for me, it also store rest of my stuff like serials, notes, file attachments, multiple browser supports, multiple platform support, and so on.

iCloud Keychain locks you into Safari, you can't reuse it in other apps. How do you get a password to unlock in AirPort app for an example, on either OS X and iOS?

Also, what happens if iCloud data got lost? How do you back up or restore? I assume through Time Machine but it's going to be difficult to figure out whereas 1Password, you have a file you can just restore through.

One feature I am not a fan of, at least not on the surface, is the password recommendation. Even if I have 1Password installed, I cannot use the password without unlocking 1Password. I don't think I caught, if it was said, Keychain using such security.

No, it is likely the same way as it is now. It won't ask for a separate password, it'll uses your iCloud account built into the OS X to store those data on their server (which would be encrypted with their own encryption key using your AppleID account to allow access to the said key).

It is very likely that if your laptop is stolen while the laptop is logged in, your data in Keychain can be retrieved easily.

The annoyance with 1Password is something I think many can agree on. Go to Safari, load website, forgot password, home button, 1Password (for me it is in another folder), unlock, get password, home button, safari, ****er reloaded, gotta wait, now enter the password.

Do you mean on the iOS device? I don't even use Mobile Safari anymore, 1Password 4's browser does most of my browsing nowadays, so I'm not as annoyed as I was back when 1Password 3 had that annoying one-tab browser, forcing me to constantly switch between Mobile Safari and 1Password.

spacehog371
Jun 10, 2013, 08:27 PM
I am anxious to hear if Apple holds the keys for the keychain, or if they don't keep a copy of it. Really not sure I want them to have access to all of my logins, so I'm hoping they don't hold the keys.

Ritte
Jun 11, 2013, 07:52 AM
I use 1password for work and private, for my macs, iPhone and iPad. I like 1password and it works for me. Sure, using the 1password browser on the iPhone isn't the best experience.

I got excited about iCloud keychain but I can't find it in the Maverick. It seems to be the regular keychain?

maflynn
Jun 11, 2013, 07:56 AM
1Password definitely needs to step up their game, though I think many of its loyal users will be just that loyal.

I think it 1Password has going for it, is that you can keep your database local, not keep it on the cloud somewhere.

Another plus for 1Password is its cross platform support,.

I don't have Mavericks to judge but I think the seamless integration of the cloud keychain may make using it lot easier.

Brammy
Jun 11, 2013, 08:02 AM
I use 1password for work and private, for my macs, iPhone and iPad. I like 1password and it works for me. Sure, using the 1password browser on the iPhone isn't the best experience.

I got excited about iCloud keychain but I can't find it in the Maverick. It seems to be the regular keychain?

I think so. But I also can't get it to remember any passwords, either.

legioxi
Jun 11, 2013, 09:18 AM
OS X 9's keychain would be awesome... if it wasn't cloud based. PRISM and all.

Small White Car
Jun 11, 2013, 10:15 AM
OS X 9's keychain would be awesome... if it wasn't cloud based. PRISM and all.

Since the government has shown their adeptness at getting directly into your accounts without passwords, what makes you think they'd need, or even want, to steal your passwords?

diepalme
Jun 11, 2013, 10:37 AM
OS X 9's keychain would be awesome... if it wasn't cloud based. PRISM and all.

The passwords in your keychain are all encrypted (triple DES, I think.). So as long as you chose an adequately safe password you can store it online and still sleep easy. Triple DES is not all that modern but still way better than plaintext I guess..

Unhyper
Jun 11, 2013, 10:58 AM
I can't speak to the security algorithms or any of that because I simply don't care about it.

I have previously purchased and used 1Password on my MBP (10.9) and iPhone (iOS 7). I'm going to be using the iCloud Keychain from now on. I just need something that will automatically sync all the login info between the Safaris on my phone and my Mac. The Keychain does this.

I just got logged into a website on my phone, saved the password when prompted about it, put the phone down and got on my Mac, and the login info had already synced. This is all I need, and without the hassle that comes with 1Password.

1Password will still be more full-featured with all the shipping addresses and profiles and whatnots, or simply for the tin foil crowd.

Michaelgtrusa
Jun 11, 2013, 11:06 AM
How would you compare it ti Onesafe?

Bear
Jun 11, 2013, 11:16 AM
How would you compare it ti Onesafe?I have passwords in oneSafe (could be any other password app like 1Password as well) that have nothing to do with my Mac or web browsing.

It includes passwords for equipment elsewhere. A reminder for combination locks. No matter how well the iOS Keychain works (and I suspect it will work very well before Mavericks is released) there will always be room for the password apps.

At the very least a password app is a good backup in case something happens to your keychain and for some reason you can't recover the missing passwords from your backup.

Unhyper
Jun 11, 2013, 11:21 AM
At the very least a password app is a good backup in case something happens to your keychain and for some reason you can't recover the missing passwords from your backup.That is a very, very good point. At least with the 1Password Dropbox implementation, you could always have a digital "hard copy" of your data. With the iCloud Keychain, if something happens to your iCloud account, or should you want to close it, I'm not sure how you could go about exporting those passwords unless you do it from Safari... Certainly something to consider. I can see why someone might not want to entirely relinquish that control.

Bear
Jun 11, 2013, 11:27 AM
That is a very, very good point. At least with the 1Password Dropbox implementation, you could always have a digital "hard copy" of your data. With the iCloud Keychain, if something happens to your iCloud account, or should you want to close it, I'm not sure how you could go about exporting those passwords unless you do it from Safari... Certainly something to consider. I can see why someone might not want to entirely relinquish that control.My question is if the Keychain Access utility has been updated to handle the iCloud Keychain? If so, that's probably where you would go to check passwords and usernames.

And as for a "hard copy", I do use the backup function regularly in oneSafe to keep another copy of my data. For the few seconds it takes, better safe than sorry.

AbSoluTc
Jun 11, 2013, 01:22 PM
Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.

As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.

So yeah, two different types of utilities here.

canyonblue737
Jun 12, 2013, 10:16 AM
iCloud Keychain locks you into Safari, you can't reuse it in other apps. How do you get a password to unlock in AirPort app for an example, on either OS X and iOS?

Also, what happens if iCloud data got lost? How do you back up or restore? I assume through Time Machine but it's going to be difficult to figure out whereas 1Password, you have a file you can just restore through.

Couple of points...

1. It is entirely possible and LIKELY that iCloud Keychain stored passwords will not only be available in Safari BUT in any Apple app (such as your example of AirPort app) and perhaps even 3rd party app store apps via an API.

2. Apple has stated that the password data will reside not only in iCloud but on the devices too, just like 1Password does with its syncing.

The real question in my mind is if Apple will have a good UI for manually editing or copying / pasting passwords in the event the auto-population of forms isn't work and secondly that there is still a forced "master password entry" ala 1Password even if the computer or iOS device is unlocked. Both are important and no word yet on how it works...

Weaselboy
Jun 12, 2013, 12:56 PM
Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.

As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.

So yeah, two different types of utilities here.

The current Keychain app does everything you listed above in your first paragraph. It is not just for web page passwords. From what we have seen, I think it is safe to assume the current functionality will be carried over to iCloud Keychain.

The added features of the new iCloud Keychain such as credit card entry on web forms and easy PW generation, plus sync to iOS, is going to IMO relegate 1Password to only a relatively small number of power users.

I think 1Password just got "Sherlocked."

flynz4
Jun 12, 2013, 05:24 PM
Maybe it's just me and how I use 1Password but these are really two different utilities. iCloud Keychain is used to store items you use online. 1Password I use to store those things as well as logins for routers, wifi, webpages, computers, any online credential, credit cards, cards, software license keys and the like. I need a secure place for that.

As far as I know, iCloud Keychain is for Safari only and for webpage login/transactions only. If that's all you need, great. For me, I want more. 1Password works for me. I have it on Mac, Windows, iOS and the like. Synced to my DropBox.

So yeah, two different types of utilities here.

Same here. I suspect that I will continue to use 1Password.

I *MIGHT* choose to also let keychain to keep website passwords for the sole purpose of making IOS surfing easier. If so, then I would continue to keep 1P as my "master database"... meaning that if I need to change/modify a password... that I would do it in 1P first... and then let keychain update.

I REALLY wish Apple would have let password apps to integrate with mobile safari. This is one area where apple "sandboxing" gets in my way.

I do use just about all the features of 1Password... and I'll be shocked if keychain even comes close. I use identities, credit cards, software serial numbers, etc all the time. 1P is really a great application.

/Jim

mrapplegate
Jun 12, 2013, 05:30 PM
If Apple keeps adding features to iCloud Keychain, like the ability to vary the characters in the password, they might be a competitor to 1Password. As it stands now all it does generate a 12 character password with syncing. Even that does not work currently.

Unhyper
Jun 15, 2013, 01:12 AM
My question is if the Keychain Access utility has been updated to handle the iCloud Keychain? If so, that's probably where you would go to check passwords and usernames.Yeah, Keychain Access on 10.9 has an iCloud section for passwords and usernames stored via iCloud Keychain.

DarkRyoushii
Jun 15, 2013, 04:31 AM
Just so we are clear.. iCloud keychain uses client-side or server-side encryption?

I don't particularly want Apple having a nice database of users' passwords on the premise that "Don't worry, we encrypt with 256-bit encryption!" because that's great but if they have the keys it's pointless.

This is why I've stuck with lastpass, because they can't get in just as much as hackers can't get in.

docal97
Jun 15, 2013, 08:56 AM
slightly off topic, but really wish 1 password had the option to log into your account remotely on another computer to access your login data. Unless I am missing this somewhere.

Kuwait
Jun 15, 2013, 09:25 AM
iOS Cloud Keychain help people on safari iPhone fast login but you need 1Password for save everything
i am use both 1Password and iOS Cloud Keychain
iOS Cloud Keychain + 1Password = great service for people

iOS Cloud Keychain if your account has been hacked you got big problem but 1password safe and you can save your backup in usb flash

Tilpots
Jun 15, 2013, 09:25 AM
1Password Anywhere is still the killer feature. I can sit at any computer and access everything I have saved. No need for a Mac. I just need a browser and an Internet connection.

Baklava
Jun 15, 2013, 11:08 AM
I will NOT and never WILL BE send my passes to the cloud. (1Password-user)

BasilFawlty
Jun 17, 2013, 08:23 AM
Just watched the Keynote and saw where Mavericks will have key chain in the cloud. It will allow storing to passwords, credit card infer, etc., all encrypted of course. Will this make programs like 1Password (which I just bought and really like) obsolete?

overanalyzer
Jun 17, 2013, 08:30 AM
Not for me, at least not yet. I use 1Password not only for website passwords, but for lots of other secure information storage (bank account numbers, social security numbers, database server logins, etc.), plus for keeping track of software license numbers and such. I also use the web logins in multiple browsers on both Windows and Mac, so they'd need to cover that case too - as a web developer, I can't be tied to just Safari, as I have to work and test in Windows and multiple browsers.

That all being said, yes, I'm sure there are a fair number of people that could use the new functionality instead of 1Password, although my guess is that most of those people aren't yet using 1Password. 1Password is updated incredibly frequently and is clearly a high priority to its developers, so I'm inclined to stick with them and an excellent product I trust, and I imagine that'll be the case for many long-time 1Password users too.

GoCubsGo
Jun 17, 2013, 08:39 AM
Probably not and not for me if Keychain is not as secure as 1PW.

wrldwzrd89
Jun 17, 2013, 09:22 AM
Just so we are clear.. iCloud keychain uses client-side or server-side encryption?

I don't particularly want Apple having a nice database of users' passwords on the premise that "Don't worry, we encrypt with 256-bit encryption!" because that's great but if they have the keys it's pointless.

This is why I've stuck with lastpass, because they can't get in just as much as hackers can't get in.
My understanding is that this works just like Messages does - all the encryption and key exchange are done client-side, so Apple has no idea how to decrypt it. The difference with iCloud Keychain is that, instead of communicating between 2 computers that may not necessarily be on the same network or even trust each other, all computers involved are linked to the same Apple ID, and are thus implicitly trusted.

Bear
Jun 17, 2013, 09:27 AM
Just watched the Keynote and saw where Mavericks will have key chain in the cloud. It will allow storing to passwords, credit card infer, etc., all encrypted of course. Will this make programs like 1Password (which I just bought and really like) obsolete?It will not make 1Password/oneSafe/etc obsolete. I have information stored that has no place or reason to be on the Keychain. This include software license keys, passwords for various WiFi networks and combination locks.

Also, considering how important all the data is, I consider this an extra backup of the Keychain.

Also, what do you do if you're somewhere using a computer and want to log in to a web site. You can pull out your iOS device and easily look up the URL, username and password for the web site.

rexy101
Jun 26, 2013, 09:57 PM
I use and love 1pw. But also agree its a annoying that it can't be integrated with Safari or Chrome on iOS. Also I could see dropbox sync could cause problems but I myself have not had any as of yet. From what I could see from the WWDC event I don't really like apple integration. I much prefer how 1pw works by unlocking it first and then using it for what ever. If apple did this and built it into the OS including iOS, i think we would have a winner.

I feel for 1pw though, apple should have had this along time ago really. The devs at 1pw came up with a solution which has made it up the ranks on the MAS and apple have then gone thats a good idea lets add it to the next OS. This will be the case for lots of apps out there including one of my own. I understand they want to make there OS much better without users purchasing 3rd party apps. But its a little disappointing for the dev who saw the opportunity. I digress, so I think I still will be using 1pw when I adopt 10.9.

kristoffer4
Jun 29, 2013, 03:24 AM
How good does the password tool work in 10.9? Can I see a list with all my identities and passwords like in 1 Password?

I actually think that I will use both when Mavericks comes out. I own an ipad and an iphone so it's a no brainer even though I payed for 1 Password.

Especially the credit card synching. Also it is kind of a pain to switch app copy, switch app and then insert. I know it is beyond 1 Passwords control but still kind of a pain.

throAU
Jun 29, 2013, 03:27 AM
For me it is a total no-brainer.

1password is available on Windows.

iCloud keychain isn't.

1password is a file I can choose to store wherever I like. iCloud keychain requires me to trust apple to encrypt it securely (who has the master key? if apple can open it for you if you forget your password and prove who you are, guess what: apple has it!) and keep it secure. Not that I believe APPLE would do anything with my credentials, but if someone can socially engineer my iCloud credentials out of them, I'm boned.

Whilst its a neat idea, I'm sticking with 1password.

For those looking for something similar and don't want to pay: check out Keepass. GPL software, has been around since 2003 (i think?) and is totally cross-platform, including an available iPhone app.



iOS Cloud Keychain help people on safari iPhone fast login but you need 1Password for save everything
i am use both 1Password and iOS Cloud Keychain
iOS Cloud Keychain + 1Password = great service for people

iOS Cloud Keychain if your account has been hacked you got big problem but 1password safe and you can save your backup in usb flash

This is another one.

I have a copy of my 1password data backed up. even if someone hacks my dropbox (where i sync it with), the key file is still protected by a strong passphrase - the worst they can do is wipe my dropbox and then i just restore the file from time machine and away I go...

If someone hacks my iCloud account, they have access to all my passwords. I.e., there are 2 passwords protecting my 1password keychain, the one required to obtain a copy off dropbox (32 characters, totally random) and the other to open it (20 character passphrase).


edit:
Unless you use a separate keychain password on a particular keychain? Even so... no windows support = not for me.

bolen
Jul 1, 2013, 03:17 AM
Personally I'm going to continue using 1Password. I would however love it if 1Password would implement support for syncinc the "login category" with iCloud Keychain. I would suspect this is possible outside the MAS.

That way we could get the best of two worlds. A powerful, dedicated, password manager with the convenience of iOS Safari integration of iCloud Keychain...

One can dream..

janitor1999
Oct 23, 2013, 05:02 AM
Use 1password on the macs, but find it next to useless on ios devices, so will probably go with keychains, unless 1password can integrate into the browser, only using keychains with safari isn't a problem, as it's my browser of choice anyway.