Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Apple May Add Secure Password Suggestions to Safari with OS X Mountain Lion

H

hayesk

macrumors 65816
May 20, 2003
1,459
101
chriswaco said:
I like Password Wallet. Syncs to Macs, PCs, iOS devices, etc. I'm not sure I trust my passwords in the cloud.
Click to expand...

1Password doesn't store your passwords in the cloud either, unless you tell it to sync through DropBox. And even then it's encrypted (by 1Password, not DropBox). If someone else got your password file, it's still encrypted.

And 1Password lets you store other types of data in there too.

The unfortunate part is 1Password can't integrate directly with Safari on iOS. If Apple adds that, it would be a big advantage.
 
wilsonlaidlaw

wilsonlaidlaw

macrumors 6502
Oct 29, 2008
443
74
Option for limited, maximum and minimum character passwords

One option which must be built in, is the ability to select maximum and minimum character passwords. I have an algorithm for generating passwords but it gets thrown out if the maximum number of characters is less than 10, or if numbers, symbols and upper case are not allowed, as in some sites' password fields. Synching with iOS and other Macs is a must and ability to work with other common browsers is desirable.
 
S

sigma8

macrumors regular
Feb 2, 2005
123
7
I really am not liking the way Apple has "upgraded" the password thing for my apple account. It used to be just a password. Now if someone answers five questions about me that can probably easily be phished through casual conversation (what school did you go to?) they defeat my password.

My only alternative is to use false answers for those questions. Which means I need to keep track of my answers, which means I need something like 1password and if the password for that gets cracked, the keys to the kingdom are truly compromised.

Alternatively, if I lose that database, I'm pretty screwed.
 
M

manu chao

macrumors 604
Jul 30, 2003
7,219
3,031
hayesk said:
1Password doesn't store your passwords in the cloud either, unless you tell it to sync through DropBox. And even then it's encrypted (by 1Password, not DropBox). If someone else got your password file, it's still encrypted.

And 1Password lets you store other types of data in there too.

The unfortunate part is 1Password can't integrate directly with Safari on iOS. If Apple adds that, it would be a big advantage.
Click to expand...

While 1Password has a nicer UI (and more features, particularly in their desktop client), when it comes to basic WiFi syncing of a Mac with an iOS device, apps like Keychain2Go offer basically the same functionality for a tenth of the price. And I just cannot stomach the idea of using two keychains on the Mac, 1Password for all browser-related stuff and the OS keychain for the rest.
 
M

manu chao

macrumors 604
Jul 30, 2003
7,219
3,031
sigma8 said:
I really am not liking the way Apple has "upgraded" the password thing for my apple account. It used to be just a password. Now if someone answers five questions about me that can probably easily be phished through casual conversation (what school did you go to?) they defeat my password.

My only alternative is to use false answers for those questions. Which means I need to keep track of my answers, which means I need something like 1password and if the password for that gets cracked, the keys to the kingdom are truly compromised.
.
Click to expand...
You could use your existing password as answer to all questions. That way you are back to one password only.
 
jclardy

jclardy

macrumors 601
Oct 6, 2008
4,154
4,358
I would use this, mainly if it synced with my iPad. I have and use 1Password right now, but there are some sites that don't work correctly with the built in 1Password browser on iPad. If they added a Copy button like on the Mac version it would work a lot better, as right now I have to hit edit, tap in the password box, select all, copy, click done to make sure I don't accidentally delete it, then switch back to Safari.

If Apple adds this then it would be nice if 1Password could retrieve all the Safari saved passwords automatically, but i'm guessing that won't be possible because of sandboxing.
 
Mal

Mal

macrumors 603
Jan 6, 2002
6,252
18
Orlando
Small White Car said:
I think I'm the only person in the world who tried and didn't like 1Password, so I'll be interested to see if Apple somehow does it differently.
Click to expand...

Not the only one. The problem I have with all of these programs, however, is that it makes it far too easy to forget your passwords (or come up with ones you'd never remember anyways). I'd rather have passwords that don't need a program specifically to manage them, and for the most part I've achieved that. That said, when I go to a website that has very specific password requirements that are in conflict with my usual passwords, something like this could be nice to have.

jW
 
I

iGaz

macrumors newbie
Apr 23, 2012
1
0
Interesting article, made me take the plunge to become a member rather than a lurker :)

I use Safari across iPhone and iPad so will be keen to get on board with this when it rolls out on those platforms. I currently use my1login to store my passwords, have also used 1Password and liked it, but needed access on a few different devices. I have a PC, so only prob I may have is trying to manage it across my desktop and iDevices.
 
S

shaynes

macrumors member
Dec 4, 2008
45
0
capoeirista said:
This seems like a good idea, but I have a stupid question. If/when this comes in and I use it on my mac to think of a password for gmail (for example), how do I log into my online mail account when I'm away from my mac?
Click to expand...

Using 1password, at least, there are a couple of ways. The one I use is the iOS app. If you are away from your computer you open the app on your iPhone, type in a password (this is the one password you have to remember) and then can bring up whatever login you are trying to remember. Then you'd have to type it in to the other computer.

There is also an option to store your passwords in an encrypted file in dropbox or on a thumb drive. It is an .html file that opens in any browser, is protected by a master password, and will also give you access to any of your passwords.

Apple could use any of these options, although I suspect Apple they would choose to store them in iCloud, meaning you just had to log-in using any browser to have access. The key improvement over 1password would of course be integration into mobile safari, which is the one thing I am missing from right now using 1password.
 
AdeFowler

AdeFowler

macrumors 68020
Aug 27, 2004
2,317
361
England
wilsonlaidlaw said:
One option which must be built in, is the ability to select maximum and minimum character passwords.
Click to expand...

The current password generator in Keychain allows passwords with a minimum length of 8 characters and a maximum of 31, so I suspect this would be the same.
 

Attachments

  • Screen Shot 2012-04-23 at 16.30.37.png
    Screen Shot 2012-04-23 at 16.30.37.png
    22.8 KB · Views: 564
bushido

bushido

Suspended
Mar 26, 2008
8,070
2,755
Germany
that reminds me of my mum and my sister "omg how does it know what my favorite book or my birth place is" xD they never understood what its for lol

i always just save my password in my browser, not the securest way but im too lazy to login/out
 
C

carlgo

macrumors 68000
Dec 29, 2006
1,806
17
Monterey CA
Just out of curiosity, how many times has somebody's simple password actually been hacked? Not stolen from a database or from a note, but from someone sitting down and tapping in numbers and letters and eventually downloading a free podcast of Glee or something?

What are the chances of some evil genius picking you, Joe Blow from East Nowhere, MI, and spending days and weeks or whatever to hack your bank account, only to find that you have $26.17 in it?

Just curious, if anyone actually knows.
 
T

tekno

macrumors 6502a
Oct 15, 2011
842
4
So what's stopping a malicious program simply cracking the master password and greeting all the high security passwords?
 
T

tekno

macrumors 6502a
Oct 15, 2011
842
4
carlgo said:
Just out of curiosity, how many times has somebody's simple password actually been hacked? Not stolen from a database or from a note, but from someone sitting down and tapping in numbers and letters and eventually downloading a free podcast of Glee or something?

What are the chances of some evil genius picking you, Joe Blow from East Nowhere, MI, and spending days and weeks or whatever to hack your bank account, only to find that you have $26.17 in it?

Just curious, if anyone actually knows.
Click to expand...

Google sky news email hack.
 
talmy

talmy

macrumors 601
Oct 26, 2009
4,726
332
Oregon
foodog said:
iCloud works for Windows too....
Click to expand...

But password syncing only works for apps that use the iCloud API (is this actually available for Windows? I've got no Windows App that accesses iCloud). If it only ends up being OS X and iOS Safari then it's useless for me. At least 1Password runs on OS X and Windows and works with all the browsers I use on both platforms.
 
charlieegan3

charlieegan3

macrumors 68020
Feb 16, 2012
2,394
17
U.K
I have to say the only password thing I have ever liked is the built in one for Google chrome, it's perfect for me anyway.
 
M

macthetiger85

macrumors regular
Apr 28, 2007
125
0
Baton Rouge, LA
jclardy said:
I would use this, mainly if it synced with my iPad. I have and use 1Password right now, but there are some sites that don't work correctly with the built in 1Password browser on iPad. If they added a Copy button like on the Mac version it would work a lot better, as right now I have to hit edit, tap in the password box, select all, copy, click done to make sure I don't accidentally delete it, then switch back to Safari.

If Apple adds this then it would be nice if 1Password could retrieve all the Safari saved passwords automatically, but i'm guessing that won't be possible because of sandboxing.
Click to expand...

All I do on my iPad is touch and hold the dots for the password that's stored in 1Password, then it asks if i want to copy - switch app done. Don't forget to copy a random word afterwards from safari as to not keep the password on your clipboard. Most of my logins have designated apps and if i can't store the passwords (banks and such) they typically store the username all i have to copy iss the password. Works good for me but I agree, 1Password would be better if they could "extend" safari to have access like they do on 1Password for Mac.

Storing of passwords btw I would presume would simply be a noter "app" on iCloud.com: Mail, Calendar, Contacts, iWork, Keys - that's how 1Password does it and it works great through DropBox.
 
T

Telf84

macrumors newbie
Apr 23, 2012
5
0
I use 1password all of the time (mainly due to inability to remember passwords). a great idea for strong passwords but a nightmare when logging in on any other device

icloud syncing would be useful in the apple environment, but unless it links in with the windows/linux etc world it will just become an annoyance for those using this particular feature
 
N

nokuchikushi

macrumors member
Jan 31, 2012
48
0
talmy said:
But password syncing only works for apps that use the iCloud API (is this actually available for Windows? I've got no Windows App that accesses iCloud). If it only ends up being OS X and iOS Safari then it's useless for me. At least 1Password runs on OS X and Windows and works with all the browsers I use on both platforms.
Click to expand...

It seems to me that all browsers on Windows and Mac - Firefox, Chrome, etc. - keep track of passwords internally, and sync them also. Apple is now adding Safari to the list; it will save and sync Safari passwords similarly to the way the other browsers do. None of the other Windows browsers do what you are asking for, that is, to allow other apps to access your stored passwords.

1Password does do what you ask, which is to work with more than one browser. But there's nothing wrong with using both methods, saving them in a browser and saving them in 1Password. There's no reason a person couldn't.
 
L

leukotriene

macrumors regular
Aug 1, 2008
148
0
AdeFowler said:
That’s where they are now if you’re using DropBox. The encryption is good though.
Click to expand...

I'm a 1password user and I use Dropbox for syncing, but here's a serious security risk:

Any app that you grant Dropbox permission to has access to your 1password database. A malicious app developer could, for example, put an app on the App Store that masquerades as a text editor that syncs with Dropbox. At a given time interval months from now (so as to evade App Store rejection), it uploads your 1password database to their server. At that point the developer can brute force the 1password database (could take days to years depending on your password strength) and have access I all your passwords. Even if 80% of 1password users use a strong enough password to make brute forcing a non-worthwhile endeavor, it's the unfortunate 20% who would get their password exposed by this sort of attack, and thus make this attack a profitable venture for a black hat. It's a very feasible scenario.

On the other hand, with Apple's hypothetical solution, it sounds like your master password would be sandboxed away from app developers whose apps access iCloud. My understanding of the iCloud APIs is that an app can only access data inside its own sandbox. Personally, if Apple comes up with a password syncing solution, I'll certainly switch.
 
F

firewood

macrumors G3
Jul 29, 2003
8,107
1,345
Silicon Valley
sigma8 said:
I really am not liking the way Apple has "upgraded" the password thing for my apple account. It used to be just a password. Now if someone answers five questions about me that can probably easily be phished through casual conversation (what school did you go to?) they defeat my password.
Click to expand...

The answer to the 5 questions can be a combination of real answers (which you may not have to store anywhere) plus a second password (with similar security issues to the main password). Someone would need both to get into your account, so it's sort-of an additional authentication factor.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom