Register FAQ / Rules Forum Spy Search Today's Posts Mark Forums Read
Go Back   MacRumors Forums > iPhone, iPod and iPad > iPhone

Reply
 
Thread Tools Search this Thread Display Modes
Old Jan 22, 2013, 12:18 PM   #1
cmeisenzahl
macrumors regular
 
Join Date: Oct 2005
Anyone here using a password manager for iOS? What do you like?

Getting to the point that passwords are barely manageable. Thinking about using a password manager. But I work daily on Mac OS, iOS, and Windows.

What tools do you like/recommend?

Thanks in advance,
Chris
cmeisenzahl is offline   0 Reply With Quote
Old Jan 22, 2013, 12:31 PM   #2
Troneas
macrumors 65816
 
Troneas's Avatar
 
Join Date: Oct 2011
Location: At the hacks section.
http://forums.macrumors.com/showthread.php?t=1470844
Troneas is offline   0 Reply With Quote
Old Jan 22, 2013, 12:33 PM   #3
vastoholic
macrumors 68000
 
vastoholic's Avatar
 
Join Date: Jan 2009
Location: Tulsa, OK
Quote:
Originally Posted by cmeisenzahl View Post
Getting to the point that passwords are barely manageable. Thinking about using a password manager. But I work daily on Mac OS, iOS, and Windows.

What tools do you like/recommend?

Thanks in advance,
Chris
I've got mSecure. It's pretty decent for my needs. My main problem is I keep forgetting to update it after my passwords expire and I change them. It has a desktop companion that syncs with the mobile version as well.
__________________
View my flickr sets....if you want. They're not too exciting.
vastoholic is offline   0 Reply With Quote
Old Jan 22, 2013, 12:42 PM   #4
HiddenPuppy
macrumors 6502
 
Join Date: Dec 2011
I like SplashId since it has a desktop version and I can sync with that. I have used it since the first PDA and upgraded with each phone.
HiddenPuppy is offline   0 Reply With Quote
Old Jan 22, 2013, 12:44 PM   #5
cmeisenzahl
Thread Starter
macrumors regular
 
Join Date: Oct 2005
Excellent. Thanks, all!
cmeisenzahl is offline   0 Reply With Quote
Old Jan 22, 2013, 12:47 PM   #6
cambookpro
macrumors 68040
 
cambookpro's Avatar
 
Join Date: Feb 2010
Location: Berks, England
1Password for me.
cambookpro is offline   3 Reply With Quote
Old Jan 22, 2013, 12:56 PM   #7
shenfrey
macrumors 6502a
 
Join Date: May 2010
I use 1password, though it syncs beautifully via icloud on iOS, it doesn't sync with icloud via the mac, but for a phone password management app you can't go wrong with 1password.
__________________
27" Imac, 12GB ram (2009),
Macbook Pro Late 2012
Time Capsule (2009 1TB)
Apple TV (2012), IPhone 5, iPad (4th Gen)
shenfrey is offline   1 Reply With Quote
Old Jan 22, 2013, 01:01 PM   #8
Bob Coxner
macrumors 6502a
 
Join Date: Mar 2011
LastPass for me. Works well in Windows, iOS and OS X and syncs among all 3. It's free and gets great reviews.

https://lastpass.com/
__________________
MBA i5 13/4/128, iPad 1, iPad 3, iPod Touch 5g
Bob Coxner is offline   0 Reply With Quote
Old Jan 22, 2013, 03:24 PM   #9
Agent-P
macrumors 68020
 
Agent-P's Avatar
 
Join Date: Dec 2009
Location: Colorado
Currently I use 1Password for IOS, OSX, and Windows. Overall I like it, but I'm considering switching to LastPass to see how I like it because it has a better Windows client.
Agent-P is offline   0 Reply With Quote
Old Jan 22, 2013, 03:25 PM   #10
ManicMarc
macrumors regular
 
Join Date: Jul 2012
I use LastPass, works great, especially the Safari bookmarklets.
__________________
ManicMarc is offline   0 Reply With Quote
Old Jan 22, 2013, 03:27 PM   #11
rever3nce
macrumors 6502a
 
rever3nce's Avatar
 
Join Date: Apr 2011
Quote:
Originally Posted by shenfrey View Post
I use 1password, though it syncs beautifully via icloud on iOS, it doesn't sync with icloud via the mac, but for a phone password management app you can't go wrong with 1password.
You can sync it with Dropbox . It works wonders for me! I have a lot of passwords and now I can have a more secure password by generating ine with 1password and just copy it from the app
__________________
iPhone 5 white 64GB, iPad 3rd gen white 32GB, 13" MacBook Pro with retina ,27" iMac, iPad mini 32GB,apple TV
rever3nce is offline   0 Reply With Quote
Old Jan 22, 2013, 03:33 PM   #12
wrosie
macrumors member
 
Join Date: Mar 2012
Location: California
I use Keeper.
__________________
2012 27" iMac; 3rd gen iPad; apple-certified tech offspring, thank heaven!
wrosie is offline   0 Reply With Quote
Old Jan 22, 2013, 03:36 PM   #13
bobr1952
macrumors 68000
 
bobr1952's Avatar
 
Join Date: Jan 2008
Location: Melbourne, FL
I don't mind saying this in the latest thread on this subject--I really love 1Password and have been using it since I bought my first iMac in 2008. I use it on my Macs and iPhone--great way to manage passwords across multiple devices. The new version for Mac they are working on will allow sync through iCloud. And please don't get on them too hard about needing to buy the latest version in the app store when it comes out, Apple only allows iCloud sync for apps that are sold in their app stores.
__________________
2012 rMPB, 2.3 Intel Core i7, 8GB Ram, 256 SSD; 2008 iMac, 24", 2GB, 500GB; Time Capsule 500GB (1st Gen); ATV3; ATV2; Airport Express; Black 64GB iPhone 4S; Black iPad Air, 32GB, wi-fi
bobr1952 is offline   0 Reply With Quote
Old Jan 22, 2013, 04:52 PM   #14
mdlooker
macrumors 6502
 
Join Date: Mar 2011
Location: US
I use keeper.. Not sure if it's free anymore but it was when I got it.
mdlooker is offline   0 Reply With Quote
Old Jan 22, 2013, 04:56 PM   #15
SandboxGeneral
Moderator
 
SandboxGeneral's Avatar
 
Join Date: Sep 2010
Location: Great Lakes State
Quote:
Originally Posted by cmeisenzahl View Post
Getting to the point that passwords are barely manageable. Thinking about using a password manager. But I work daily on Mac OS, iOS, and Windows.

What tools do you like/recommend?

Thanks in advance,
Chris
I use LastPass on iOS, OS X and Windows.
__________________
...the tiger striping is so beautiful it makes me want to cry.
SandboxGeneral is offline   0 Reply With Quote
Old Jan 22, 2013, 04:57 PM   #16
ManicMarc
macrumors regular
 
Join Date: Jul 2012
If anyone is interested, this Security Now podcast has an in-depth review of many if these suggestions and looks into their security (and lack of in some cases) well worth a listen before you go putting your important passwords into one of these things,

http://www.grc.com/sn/sn-347.htm
__________________
ManicMarc is offline   1 Reply With Quote
Old Jan 22, 2013, 05:09 PM   #17
DarrenUK
macrumors regular
 
Join Date: Oct 2012
Location: Southampton, UK
1password here also.
DarrenUK is offline   0 Reply With Quote
Old Jan 23, 2013, 07:41 AM   #18
sharpycl
macrumors 6502
 
Join Date: May 2009
Location: Gaithersburg, MD
What are the benefits of using these versus a spreadsheet to log all of your passwords?

I'm thinking of trying one of these programs myself.
sharpycl is offline   0 Reply With Quote
Old Jan 23, 2013, 08:33 AM   #19
vastoholic
macrumors 68000
 
vastoholic's Avatar
 
Join Date: Jan 2009
Location: Tulsa, OK
For those of you who didn't want to read the whole transcript looking for the password manager reviews, here's the few that I saw mentioned in this thread.

"Brain Challenged":

Quote:
Also under brain challenged is, for $9.99, something you pay $10 for and think, oh, well, if it's 10 bucks it must be better, this one is called SplashID Safe, SplashID Safe for iPhone. Now, this uses Blowfish rather than AES. And it's one of several, only a few, that do use Blowfish. Blowfish is interesting. It was designed by our friend Bruce Schneier back in 1993. So it's been around a long time, and it has withstood all attack.

The problem with Blowfish is that it uses, because it's so old, it uses a smaller block size. It's a 64-bit symmetric cipher, meaning you put in 64 bits at a time and get out a different 64 bits. That's significant because there aren't - there are, what, we know that there are four billion combinations of 32 bits. That means there's 16 billion billion combinations of 64. Once upon a time, back in '93 when Bruce did that, that was enough. But that was - that's a long time ago in terms of computing power explosion. So 64-bit block ciphers are really no longer considered secure enough for industrial work.

But what is significant about this is that it uses a highly complex key setup, which is to say, remember the way these ciphers work is there's something called a "key schedule" is the technical term, the idea being you take the key, and you do a bunch of stuff to it to create some raw data based on the key, which is then used, for example, by successive rounds of the key. This is the way AES, for example, works, where it's like an 11-round process for, I think it's AES-128 uses 11 rounds. Each of those 11 rounds uses different data from the key setup.

Well, normally a cipher wants a fast key setup, that is, it doesn't want much overhead associated with getting going. Blowfish has a particularly onerous key setup that involves preprocessing of a block of about 4K. So it's very slow to set up the key. But that's a good thing when you're wanting to prevent guessing because any brute forcing is by its nature requiring you to try this key, which means you've got to go through all this, in this case with Blowfish, a lot of work to get this thing set up.

So all of this sounds really good. In fact, I should mention that OpenBSD uses for some of its security Blowfish on purpose because it's so complex. It's just burdensome to guess what the key is. So all of this good stuff was used by SplashID Safe for iPhone for $10. After they did all this, the master password is encrypted under Blowfish - you're giggling, Leo.


Leo: I can just tell something bad's coming.

Steve: Something bad's coming. Master password is encrypted under Blowfish using a fixed key. Which is - I'll spare everyone saying upper and lower case. So it's "g.;59?^/0n1X*{OQIRwy." Now, clearly someone went to some serious trouble coming up with that.

Leo: Nice random password. But it's the same.

Steve: And it's always the same.

Leo: On every - I can't believe it.

Steve: It's built - I know, I know. It's built into the software. That's the magic key. So when someone sees that you're using SplashID Safe, for which you paid $10, and they have access to your raw data, they go, oh. And they simply use Blowfish to decrypt the stored encrypted key using that secret magic phrase. Then that gives them your actual Blowfish key, which allows them to decrypt all your data. So it doesn't matter how long it takes Blowfish to get going and set up its key schedule because they only have to do it once because they can decrypt your key using the secret passphrase built into the application. Not so good

Quote:
Now, stepping up a little bit, we come to the "brain challenged" two. There's something called Keeper Password and Data Vault. Now, this one uses encryption, AES-128. Most of the things we'll talk about from here on out use encryption, and most of them use AES-128, sometimes 256. We know that 128 is just fine for today. It encrypts in CBC mode, Cipher Block Chaining, which is one of the standard modes for using AES encryption, so that's good. The encryption key uses the first 16 bytes, which is 128 bits, of the SHA-1 hash of the master password. So that's pretty good. You put in any length password you want. It hashes that to 128. It does it as an SHA-1. Then it uses the first 128 bits of that as the key for the AES encryption.

But the master password is verified by comparing an MD5 hash of what you enter with the MD5 hash of the password when you set it. So when you're setting this up, it says give us your master password, and you enter it. And it says, oh, verify that. And so you put it in a second time. And it's like, oh, very good. You put it in twice correctly, so we believe you're going to be able to do it in the future. It then makes an MD5 hash of that, and that's what it stores. So the crypto is good, but it stored an MD5 hash, without any salt, of your password. Which means any rainbow table with MD5, which is one of the older hashes that has been rainbowed to death, can be used to look up your password. So not so good.

All they had to do was salt it, just add some salt to the hash, and then rainbow tables wouldn't be - precomputed rainbow tables couldn't be used. But they didn't do that. So you just - so anyone who has access to the raw data would take the MD5 hash of your password, look it up in an online rainbow table, which would give them the password. And then they put that in, which it then SHA-1 hashes to get the decryption key, and they can decrypt your data. So it's better than nothing. But they could have easily made it a little stronger. And, I mean, any listener to this podcast knows 25 ways that these things could be made stronger. But the authors of these programs apparently don't or didn't care.
"Useful" protectors:

Quote:
mSecure Password Manager, for $10, uses Blowfish encryption. The encryption key is an SHA-256 hash of the master password, so that's pretty strong. They do password verification by performing a trial decryption of a known verification value for comparison. So when you enter your password, they hash it and then perform a trial decryption of something whose decrypted value they know. And if it matches, then it's safe. So that means, okay, you could perform an offline attack. Password recovery would require one SHA-256 process and a Blowfish key setup. And that's significant because that's very slow. So I think mSecure looks like they did a good job.
Quote:
And finally LastPass - which is as we know $1 per month for the premium, Last Pass Premium, but they use the same technology even for their free, uses AES-256 encryption, so nice strong key. They use an SHA-256 hash of the username plus the password. So that's got the advantage of probably being longer than if you were just using the password. Essentially the username becomes the salt when you're entering the password every time, after you've set it up. And they verify by decrypting the 256-hash of the encryption key. So password recovery for LastPass requires two SHA-256 hashes and an AES-256 decryption. So that's also pretty strong.
Quote:
Steve: Yes, the numeral 1Password.

Steve: And they're good people. I did look at it. I looked at several of their blog entries. This report from ElcomSoft was a little harsh about them.

Leo: They're probably the No. 1 iOS password manager.

Steve: Well, yes. And they are absolutely strong. They're as strong as any of the good ones.

Steve: And from looking at the blog postings, they're going to make it stronger. They weren't, as I recall, they weren't doing any password strengthening, though all of their crypto was absolutely good and solid. I can probably - I didn't have it in my notes, but I think I've got the - I've got it right here in front of me, the ElcomSoft deal, what they said about 1Password. Yeah.
1Password Pro, it is $14.99. And it actually uses a bunch of MD5 hashes with salt, so rainbow tables cannot be applied. And it uses AES-128 encryption to generate database keys and strong validation. And I do know from reading their blogs that, if they haven't already, they're just in the process of adding some good strengthening to bring it up to speed. But I was impressed by everything that I saw on their website. So I think 1Password Pro is - and it looks like it's the priciest one of the ones we've seen. But they've done a good job. So I would absolutely trust them. There is no backdoor, no shortcut into passwords stored with them.
__________________
View my flickr sets....if you want. They're not too exciting.
vastoholic is offline   0 Reply With Quote
Old Jan 23, 2013, 09:54 AM   #20
old-wiz
macrumors 604
 
Join Date: Mar 2008
Location: West Suburban Boston Ma
I use 1Password on OSx and IOS. It works great on OSx, but more difficult on IOS since you can't have an add-on for safari or chrome. I keep passwords and CC info and have a strong password. Part of the problem on IOS is entering a strong password - I'm not that used to the little keypad
old-wiz is offline   0 Reply With Quote

Reply
MacRumors Forums > iPhone, iPod and iPad > iPhone

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
New OS X Password Manager Application - Password Brain BollingenSoft Mac Applications and Mac App Store 5 Feb 19, 2014 06:43 AM
What is the best password manager? DarrenUK Mac Applications and Mac App Store 35 May 16, 2013 09:53 AM
Password Guard Makes iPhone Your Personal Password Manager ioani iPhone and iPod touch Apps 1 Aug 24, 2012 10:38 AM

Forum Jump

All times are GMT -5. The time now is 05:07 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC