PDA

View Full Version : 1Password to rule them all


MacBytes
May 1, 2008, 10:18 PM
http://www.macbytes.com/images/bytessig.gif (http://www.macbytes.com)

Category: 3rd Party Software
Link: 1Password to rule them all (http://www.macbytes.com/link.php?sid=20080501231800)
Description:: Use the same password for everything? Is it different from your PIN number? If you've got a Mac, now's the time to get serious about security with 1Password.

Posted on MacBytes.com (http://www.macbytes.com)
Approved by Mudbug

appledamian
May 1, 2008, 11:03 PM
Honestly Im not a fan of paying for small programs, but this one is amazing!! I give it a ten out of ten hands down! Anytime you enter a password on a new website is asks you if you want to save it, it works so well. Now all i do is open the program, via the safari tool bar, and click each site i want to log into. So with in 3 seconds I have logged into my car Web site, mac rumors, 3 banks, and my stocks. its just the best, well well worth the money and the updates flow down all the time. I cant say enough about this product. Oh also this program syncs to your iphone via one click. So if your surfing the net on the iphone you know inputting a long password is a pain. All you do is go to the site, hit bookmarks, click onepassword, and enter you single password, and it does the rest, its awesome!

iFizz
May 1, 2008, 11:39 PM
Yeah, if there was only one 3rd party app I could have on my Mac it would be 1Password.

mainstreetmark
May 2, 2008, 07:40 AM
Really?

I couldn't even work out what it was for. It seems to do all the same stuff that the browser + Keychain.app does. This came with one of the bundles, and i used it for like a month, but it didn't appear to do anything "new".

eeyoredragon
May 2, 2008, 08:04 AM
Really?

I couldn't even work out what it was for. It seems to do all the same stuff that the browser + Keychain.app does. This came with one of the bundles, and i used it for like a month, but it didn't appear to do anything "new".Yah, I got this with a bundle as well, and I've wondered the same thing: what exactly does this do different than the keychain?

dteare
May 2, 2008, 08:27 AM
I've wondered the same thing: what exactly does this do different than the keychain?

Full disclosure: I am one of the 1Password developers. With that said, let me answer your question :)

1Password starts where the Keychain leaves off. We actually use the keychain to store all your information, and then build from there to include cross-browser support, better autofill (including multiple profiles and credit card filling), built-in password generation, and probably best of all, you can save logins for any website, including Financial sites that prevent Safariís autofill and other sites that also give Safari troubles, such as two-step logins and sites with multiple password fields.

1Password also has an iPhone/iPod touch version so you can access and use your passwords from anywhere, and recently we added Enhanced Phishing Protection by integrating with PhishTank (http://www.phishtank.com/).

In short, watch the video (http://1password.com/home/show_movie) :)

dog24
May 2, 2008, 08:35 AM
What's so bad about Keychain?

GoCubsGo
May 2, 2008, 08:40 AM
Honestly Im not a fan of paying for small programs, but this one is amazing!! I give it a ten out of ten hands down! Anytime you enter a password on a new website is asks you if you want to save it, it works so well. Now all i do is open the program, via the safari tool bar, and click each site i want to log into. So with in 3 seconds I have logged into my car Web site, mac rumors, 3 banks, and my stocks. its just the best, well well worth the money and the updates flow down all the time. I cant say enough about this product. Oh also this program syncs to your iphone via one click. So if your surfing the net on the iphone you know inputting a long password is a pain. All you do is go to the site, hit bookmarks, click onepassword, and enter you single password, and it does the rest, its awesome!
This says it all.....

dteare
May 2, 2008, 08:46 AM
What's so bad about Keychain?

Nothing. Keychain is very useful and that's why 1Password uses it to store all your information.

I think a better comparison is "What's so bad about Safari AutoFill", since 1Password is effectively performing the same service as Safari's AutoFill.

While Safari's AutoFill is okay for the simple case, there are many areas where it falls short. In addition to the points in my previous post, one of my biggest pet peeves is how hard AutoFill makes it to have multiple logins for the same site. The very fact that LifeHacker wrote an article on how to Find lost passwords in the Mac Keychain (http://lifehacker.com/software/passwords/find-lost-passwords-in-the-mac-keychain-196280.php) signals that there are some short comings. The article discusses how to find a `lost` password when the login page changes, but the same can happen if you have multiple logins and you forget one of the usernames.

wordmunger
May 2, 2008, 08:51 AM
What I worry about with relying on things like keychain and programs like 1password, is the what if my password file gets corrupted? If I don't actually *remember* all my passwords, I'm stuck. Is there any way to have a failsafe backup of the passwords?

clevin
May 2, 2008, 08:59 AM
roboform has free version, can't you guys release a free version of some sort?

xUKHCx
May 2, 2008, 09:04 AM
What I worry about with relying on things like keychain and programs like 1password, is the what if my password file gets corrupted? If I don't actually *remember* all my passwords, I'm stuck. Is there any way to have a failsafe backup of the passwords?

You can print out the database which gives you your username/password and the web address.

They also have an upcoming online access system that is an invite only beta although not sure how that works as I am not on it.

wordmunger
May 2, 2008, 09:06 AM
You can print out the database which gives you your username/password and the web address.

They also have an upcoming online access system that is an invite only beta although not sure how that works as I am not on it.

Wow, that's what I needed to know. I might actually try this thing.

Dimwhit
May 2, 2008, 10:19 AM
I have this from one of the software bundled I purchased. Still haven't used it, though. Until I can auto-sync between 2 Macs without using .Mac (like using a regular web server), it's just not going to work for me. I really want to use it, though.

By the way, can you tell it to specifically NOT install on one of your browsers? (So it will install on Firefox, but not on Safari?)

iFizz
May 2, 2008, 02:52 PM
By the way, can you tell it to specifically NOT install on one of your browsers? (So it will install on Firefox, but not on Safari?)

Yes. All browser plug-ins are optional. It has support for quite a few browsers too.
I've been using it for over a year now. Love it! There's a reason it's been so highly rated around the web.
As for the failsafe backup, not only can you print out your passwords and secure notes, it also backs up, just like your login keychain, to any destination you choose (.Mac, Apple Backup, Time Machine, etc.). Another plus is it's not a 3rd-party file format. It's an actual keychain file that can be read by Keychain. This should bring you some peace of mind as well.

roboform has free version, can't you guys release a free version of some sort?

I'm perfectly ok with paying for this product. Roboform isn't even in the same league as 1Password. Just look at the reviews.

SilentPanda
May 2, 2008, 03:12 PM
I love 1Password. My old passwords were seriously lame and I knew that but never really bothered with it. 1Password came with the MacHeist bundle a while and I gave all the programs in the bundle a try. 1Password is the only one I use regularly. I have never ever stored my passwords in a web browser before and I'm not really sure why.

After I got the hang of the program I now use it for pretty much all my passwords. I also took the time to move my random smattering of registration code e-mails into secure notes for finding out my serial numbers easier. It also allows you to install it on multiple computers you own with your single license which allows me to keep the keychains synced between my Mac Pro and MacBook Air. I almost always have my iPhone with me so my passwords are always available to me.

I have also contemplated giving the master password to a trusted family member in case of my demise. It'd make it easier for them to access my accounts. Since they would have to be on my computer to access the actual passwords there isn't too much harm there anyway.

It also gives some protection against phishing attacks in that if they send you to hotmaill.com instead of hotmail.com it won't let you access the password set since the domain is different.

Modifications I would love to see though are (providing it's not there and I'm being dense)...

1) Sometimes I have one user name and password that works on multiple sites. It seems I have to store the login and password twice or more (once for each site) in 1Password. If I change the password I have to change it multiple times.

2) It seems like when I add a new password I have to manually tell it to resync with my iPhone. It would be nice if it automatically did this. I'm fairly sure the reason it doesn't though is because it generates a pure javascript page and doesn't know your password in order to encrypt the new one. Still a bummer and I'm not sure of a way around it. Maybe it could prompt you when you add a new one from Safari? I guess if it stored your iPhone unlock password in the keychain on your Mac, it could reencrypt the JS page with the password.

3) The ability to generate a password from the iPhone and store it. Although that might be more feasible once the SDK launches for real.

Overall it's a great program. It's worth registering just to drag the giant key image to the lock image to register it! :P

Dimwhit
May 2, 2008, 03:19 PM
As for the failsafe backup, not only can you print out your passwords and secure notes, it also backs up, just like your login keychain, to any destination you choose (.Mac, Apple Backup, Time Machine, etc.).

I'm not worried about backup. I'm trying to figure out how to sync it between two computers without .Mac. (And without exporting the data from one machine and importing it to another--that's not really syncing.)

Here's a question--if I want to use this to go back to existing accounts and create a better password, does 1Password handle that well? Can you get it to remember a new password for the same login, or do you have to delete it and create a new one?

SilentPanda
May 2, 2008, 03:41 PM
Here's a question--if I want to use this to go back to existing accounts and create a better password, does 1Password handle that well? Can you get it to remember a new password for the same login, or do you have to delete it and create a new one?

When I got 1Password, almost all my accounts had junky passwords. Things like "bird". Okay not that easy but you get the point. So I went an changed a good lot of them. Here is how I did it.

I went to the site and logged in as normal. 1Password asks if you want to save the password and I told it "not right now". I then went to the change password page on the site and used 1Password to generate a 14 character password. I then copied the password and logged out of the site. I then logged back into the site with my username and new password. This time I said, "Yes remember it!". I then logged out and back in using 1Password to verify it got stored.

Semi-lengthy process but you really only need to do it once per site. I haven't a clue what my MacRumors.com password is... good stuff!

clevin
May 2, 2008, 05:39 PM
I'm perfectly ok with paying for this product. Roboform isn't even in the same league as 1Password. Just look at the reviews.

ohh, care to elaborate? AFAIK, it does more or less same main function as roboform. what are the major differences? I can't tell any from the introduction of their website?

$35 isn't cheap, for a stuff does what it does.

iFizz
May 3, 2008, 12:46 AM
I'm not worried about backup. I'm trying to figure out how to sync it between two computers without .Mac. (And without exporting the data from one machine and importing it to another--that's not really syncing.)
Yes that is an interesting question. Any takers?
Here's a question--if I want to use this to go back to existing accounts and create a better password, does 1Password handle that well? Can you get it to remember a new password for the same login, or do you have to delete it and create a new one?
Yes it supports this. But if you want to be extra safe, just use a sticky note to paste your old password and new password to while you are working on it. Also, I've noticed that 1Password has a Password History Folder.
ohh, care to elaborate? AFAIK, it does more or less same main function as roboform. what are the major differences? I can't tell any from the introduction of their website?
$35 isn't cheap, for a stuff does what it does.
Ummm, well have you read this thread entirely? It pretty much answers your questions. :confused:

CalBoy
May 3, 2008, 12:58 AM
Am I the only one who remembers passwords the old fashioned way and doesn't use any technological aid?

I feel so old fashioned. :o

Yet somehow I feel more secure that way, even if it really doesn't make a difference.

Mitthrawnuruodo
May 3, 2008, 04:28 AM
I got the MacHeist II bundle just as I was migrating from Netscape Navigator to another browser (for now I've ended up in Camino). And using 1password was just excellent because 1) I could switch from browser to browser and still have all my passwords in one place and 2) it allowed me to store multiple passwords on a single site in Camino (which is crucial e.g. for managing several websites off a few servers).

It also allowed me to export all passwords and import them on my (temporary) office machine. If I keep that machine I might have to give that online syncing a try, though I have to say I'm quite sceptical at having all my passwords stored in one place online, no matter how well encrypted they might be... :o

But, all in all, 1password is one of the best little 3rd-party applications/tools/utilities I've found, so far, and just as SilentPanda, 1password is the only MHII app I use on a daily basis.

clevin
May 3, 2008, 06:20 AM
Ummm, well have you read this thread entirely? It pretty much answers your questions. :confused:

only these? you sure these are the major difference you were talking about?

if so, it should release a free version of some sort, there is nothing make it in a "different league" than roboform.
http://www.roboform.com/features.html
RoboForm is an award-winning automated password manager and web form filler with some serious Artificial Intelligence. This is what it does:
• AutoSave passwords in browser. for multiple ID
• AutoFill passwords to login form.
• Click Login button for you.
• Fill personal info into online forms.
• Save offline passwords & notes.
• Generate Secure Random Passwords.
• Encrypt passwords and personal data using AES, Blowfish, RC6, 3-DES or 1-DES algorithms.
• All personal info is stored on your computer only.
• Take RoboForm with you on USB disk for ultimate portability.
• Sync your passwords and notes to Palm or Pocket PC.
• Backup & Restore, Print your passwords.
• Works under Windows as an add-on to IE-based browsers.
• Works with Netscape, Mozilla, Firefox under Windows.

iFizz
May 3, 2008, 08:01 AM
only these? you sure these are the major difference you were talking about?

if so, it should release a free version of some sort, there is nothing make it in a "different league" than roboform.
http://www.roboform.com/features.html

As with every other thread I've seen you post in, you have interesting opinions. Whatever works for you, man....

clevin
May 3, 2008, 08:24 AM
As with every other thread I've seen you post in, you have interesting opinions. Whatever works for you, man....

whatever, u obviously don't respect each thread on their own merits. Im discussing each of the questions, not discussing about me or you. Thats not right attitude from the start.:p

iFizz
May 3, 2008, 08:38 AM
...Thats not right attitude from the start.:p

Remember that when you post about how good RoboForm is on a thread about 1Password...
If you want to advertise RoboForm, start a thread about it. :rolleyes:

Can we get back on topic, please...

clevin
May 3, 2008, 08:45 AM
Remember that when you post about how good RoboForm is on a thread about 1Password...
If you want to advertise RoboForm, start a thread about it. :rolleyes:

Can we get back on topic, please...

my first post in this thread
roboform has free version, can't you guys release a free version of some sort?
and thats the topic, can't they release a free version? and how good is roboform? can anybody tell from my first post?

free is good? sure, you bet

iFizz
May 3, 2008, 08:59 AM
Ok, answering your first question: why not free? I've used RoboForm for FireFox on Windows for a while now and never paid for it. The free version does just enough for me to where I use the product and never paid a dime for it. So why not free? Because software development costs money. It takes money to make (and update) good software. If 1Password were to come out with a free and limited version, many people would not pay for it, just satisfied with the free version. I'm a firm believer in paying for a product, unlike most of this new Generation-T (stands for Torrentor). Maybe I'm old, old fashioned, or just old school. I grew up in the 80s and I learned early how the real world works. You pay for goods and services. There's no free lunch. If you ever start your own small business you will understand exactly what I'm talking about it.

As far as why 1Password is in a completely different (better) league than RoboForm: It's not the features (although iPhone syncing and secure web access to your passwords is pretty cool), it's the way they implement the features. Anyone can code a proprietary browser plug-in that does what RoboForm does. However, 1Password has successfully implemented an efficient, secure, and elegant means of doing this using existing technology (Keychain). Hmmm.... "Efficient, secure, and elegant." Sounds like how I describe OSX. Interesting...
Others may have different opinions, but these are mine.

JNB
May 3, 2008, 09:28 AM
I'm not too concerned with the underlying technology (using Keychain vs. a separate file), but I still prefer Roboform, because it does the one thing I use a password manager for better, and that's just keep one password per site, and handles the newer multi-layered authentication sites without a thought. I use it for the 200 or so passwords I have to maintain on a thumb drive, so without the drive, my passwords are secure, and without the laptop, the passwords are also secure.

Yeah, I have 1Password on the MacBook, but I just need a good password manager, I don't need the constant re-approving requests to access my Keychain, I don't want 15 versions of the password being offered up (just the last one), I don't need syncing to other devices, I don't need support for browsers I've never heard of, I just want clean, simple, obvious. I'm not stupid, but I don't have the time to do a three-step program for password maintenance for hundreds of passwords.

Tell you what would be a huge improvement: a "find dupes" feature to help me eliminate a lot of the garbage that's built up in the last couple years. I'm about ready to dump the 1PW Keychains and reimport from Roboform--again--just to keep my sanity.

clevin
May 3, 2008, 09:28 AM
well, Im not saying it should be totally free, Im just saying I think roboform's business model-using a function limited free version to attract users- is a good one.

zweigand
May 3, 2008, 02:13 PM
I'm not worried about backup. I'm trying to figure out how to sync it between two computers without .Mac. (And without exporting the data from one machine and importing it to another--that's not really syncing.)

Here's a question--if I want to use this to go back to existing accounts and create a better password, does 1Password handle that well? Can you get it to remember a new password for the same login, or do you have to delete it and create a new one?
All of the data is stored in your ~/Library/Keychains/1Password.keychain file. If you want the data on a new computer all you have to do is manually copy the 1Password.keychain file to the new computer. Start up 1Password and it will have all the info there and ready.

As far as changing passwords, yes, you can do that too. Whenever you log into the site with a new password you can choose to overwrite the current password for the site ..it's fairly straightforward

Dimwhit
May 3, 2008, 02:57 PM
All of the data is stored in your ~/Library/Keychains/1Password.keychain file. If you want the data on a new computer all you have to do is manually copy the 1Password.keychain file to the new computer. Start up 1Password and it will have all the info there and ready.

I know I can do that, but then every time I add a password on either computer, I have to copy it back and forth. That would get annoying, and it each computer has a new password in it, copying the file over will erase one of them.

It would be nice if the program was able to use any web space to sync.

Dan Peterson
May 3, 2008, 03:57 PM
Thanks for all the awesome comments guys! I'm the lead designer for Agile Web Solutions (developers of 1Password) and thought I'd try to answer a couple of the questions I've seen.

@ Dimwhit: Regarding syncing: We currently have a new service in development called my1Password (https://my.1password.com/). Not only will my1Password allow you to sync your data between multiple machines but it also supplies a doubly encrypted web interface so you can access your data from anywhere, at anytime, on any computer with internet access. It is currently available by invite only while it goes through alpha and beta statuses (it is already very secure and stable). You can sign up for an invitation (https://my.1password.com/invite/request_code) if you want and it is completely free while in development.

@ clevin: We actually do have a free version. If you download 1Password from our website you get a 30 day free trial that lets you use the app to it's full potential for those 30 days. After the trial period is up you can continue to use 1Password for free for as long as you want but it is limited to working with 20 saved Web Forms. If you have saved more than that you will need to delete some of them but if not you are all set and can continue using it as long as you want.

appledamian
May 3, 2008, 05:10 PM
Dan,

I have a question for you, currently I use the program and it rocks well well worth it as i stated in my first post. As of now I also use it on my iphone, as its great for logging onto site that I use large passwords on like my bank that are easy to fat finger and mess up on the iphone due to keyboard size. Once the 3ed party apps hit could you guys make an app that you click the program enter your onepassword and this just has a list off links right into my sites. So make the program work the same way as it does on my mac. And then the program update the same way i does now. thanks for the great product


Damian Hindley

Dan Peterson
May 3, 2008, 05:20 PM
Hey Damian, thanks for the kind words! :) ... we are definitely making a native iPhone application and are working on figuring out all of it's limitations at this point. We are not quite sure yet exactly how powerful we can make it compared to the desktop application but I promise we will definitely do all we can to make it the best it can be.

iFizz
May 3, 2008, 09:44 PM
Hey Damian, thanks for the kind words! :) ... we are definitely making a native iPhone application and are working on figuring out all of it's limitations at this point. We are not quite sure yet exactly how powerful we can make it compared to the desktop application but I promise we will definitely do all we can to make it the best it can be.

I'm definitely looking forward to 1Password (and many other 3rd party apps) running on the iPhone this summer! Thanks Dan!

jive turkey
May 4, 2008, 10:43 PM
Don't shoot the idiot here (ME!), but how are you guys using RoboForm on Mac? Is there a Mac version hiding out there somewhere?

JNB
May 4, 2008, 10:48 PM
Don't shoot the idiot here (ME!), but how are you guys using RoboForm on Mac? Is there a Mac version hiding out there somewhere?

We're using Roboform in Windows (virtualized or bootcamped). I know, bummer, huh? ;)

ricardo1064
May 5, 2008, 07:26 PM
Don't shoot the idiot here (ME!), but how are you guys using RoboForm on Mac? Is there a Mac version hiding out there somewhere?

I was just thinking the same exact thing as i read this thread again.