I always think The Oatmeal's App comic fits in nicely when people discuss price and what they feel they should or shouldn't pay.
http://theoatmeal.com/blog/apps
http://theoatmeal.com/blog/apps
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password 4 Detailed for Mac, Adds iCloud Syncing, Encrypted Messaging and Custom Fields
- Thread starter MacRumors
- Start date
- Sort by reaction score
What would the point of the drivers license feature be? I feel like I'm missing something obvious here...
It's not like you can tell someone "Hey, I forgot my license so let me pull out my 1password" since the vast majority of the time they need the physical card. And it's not like there's that many online forms that require driver license #s.
It's not like you can tell someone "Hey, I forgot my license so let me pull out my 1password" since the vast majority of the time they need the physical card. And it's not like there's that many online forms that require driver license #s.
I'm not so familiar with these password banks/keychains, but I see their usefulness as we all have regularly increasing logins to store.
I just wonder how safe storing so many passwords in one place can be, let alone storing them digitally, whether locally or in a cloud. It seems frightening what kind of potential for nefarious use is out there should someone manage to access your data, not to mention the company itself having access. I definitely wouldn't trust a "free" password bank, just as I wouldn't trust a physical bank protected by "free" security.
Can someone tell me if the convenience can outweigh the potential for damage, or where I'm mistaken?
I just wonder how safe storing so many passwords in one place can be, let alone storing them digitally, whether locally or in a cloud. It seems frightening what kind of potential for nefarious use is out there should someone manage to access your data, not to mention the company itself having access. I definitely wouldn't trust a "free" password bank, just as I wouldn't trust a physical bank protected by "free" security.
Can someone tell me if the convenience can outweigh the potential for damage, or where I'm mistaken?
It's all encrypted. The point is to use a giant single password that is used to encrypt your passwords. The encryption would take a long time to break (without some serious resources).
In addition, they all recommend changing the individual passwords as well as the master password every few months. If you follow basic security practices and someone ever did grab your password file - it would take so long to decrypt the passwords, they would be out of date.
That said, it surprises me how many people store static info like addresses and SSNs in these systems (1pass, lastpass, keepass, etc). That's foolish - since you can't "change" that information like the individual passwords if a security breach were to happen
Also the companies don't "have access" to the unencrypted data. There's no backdoor they can use to gain access to your data.
Last edited:
Well with say 1Password you can run it entirely local, this is how I have mine setup. So the encrypted file containing the passwords is never sent over the internet or stored elsewhere.
The benefit is that I can use long randomly generated passwords which are all different.
At this point I have somewhere in the region of 200 different passwords, most of which are over 20 characters long.
I've not heard of anyone having their 1Password file stolen and then decrypted. However there have been a lot of cases of people having website, email etc... accounts hacked into because they use weak passwords, or use the same or similar password for different websites. Especially as over the last year or so there have been some fairly big advances in password cracking.
If all you use are Apple devices no. If like the rest the world you want don't want to entirely dependent on Apple and use different devices in different set ups then its a big YES.
Although the hardware side has sped cracking up, it's been the release of vast amounts of passwords stored in plain text from some big websites, which allowed people to analyse the way people choose passwords that has really made a difference.*cough* Amazon EC2 GPU acceleration *cough*
So no more is it just all about using brute force, as even with the increased performance of EC2 you would still maxing out at something like 8 characters.
Remember this?
What a mess that was and LastPass never really came clean whether it had been hacked or not. That put me off right away. Apple's Dev site has been compromised, too, so I have my doubts about iCloud security.
STOP WHINING ABOUT THE PRICE!!!!!!!!!
The reason why it's so expensive is due to the licensing for all the encryptions used in the app, which are not cheap, in addition to the size of the company, and the development time.
The main hurdle for all password app, like 1Password is the fact that most country has huge restrictions on export of cryptography, with United States being one of the strictest. Since Agilebits is a Canadian company, they are bound by Canadian export laws in terms of cryptography:
http://www.international.gc.ca/controls-controles/export-exportation/crypto/Crypto_Intro.aspx
Obtaining the permit for export in cryptography is not cheap. In fact, it's pretty expensive when you factor in lawyers, fees, etc. This also leads to development time for the app being increased, since there are waiting periods for obtaining the permit. This means you have to pay the developers more money for extra hours spent on making the app.
Add all those factors together, and making a very simple password app management app, such as 1Password suddenly becomes very expensive.
Size of the company also factors into the price. Agilebits is a small, indie software company. LastPass is very large company with multiple backing from several corporation. That's why they are able to offer the app for free, and AgileBits charging for higher price. In general practice, Indie software company tends to deliver higher quality product.
The reason why it's so expensive is due to the licensing for all the encryptions used in the app, which are not cheap, in addition to the size of the company, and the development time.
The main hurdle for all password app, like 1Password is the fact that most country has huge restrictions on export of cryptography, with United States being one of the strictest. Since Agilebits is a Canadian company, they are bound by Canadian export laws in terms of cryptography:
http://www.international.gc.ca/controls-controles/export-exportation/crypto/Crypto_Intro.aspx
Obtaining the permit for export in cryptography is not cheap. In fact, it's pretty expensive when you factor in lawyers, fees, etc. This also leads to development time for the app being increased, since there are waiting periods for obtaining the permit. This means you have to pay the developers more money for extra hours spent on making the app.
Add all those factors together, and making a very simple password app management app, such as 1Password suddenly becomes very expensive.
Size of the company also factors into the price. Agilebits is a small, indie software company. LastPass is very large company with multiple backing from several corporation. That's why they are able to offer the app for free, and AgileBits charging for higher price. In general practice, Indie software company tends to deliver higher quality product.
Number 3 is a big one. You can do it in iOS 7 but you have to dig around in the settings and it's just a mess.
I trust 1password because I have to pay for their service, and it has never let me down. Why would I trust a free service that stores all my critical passwords ?
Trust is paramount here, and 1password have earnt it in droves ...
Note : I am in no way affiliated with 1password. I wish I was
Trust is paramount here, and 1password have earnt it in droves ...
Note : I am in no way affiliated with 1password. I wish I was
Thanks for voluntarily giving your passwords to NSA
Except if you watch 1Password it doesn't have any outgoing connections. Only one I saw was registration when first booted.
Nope, I'll whine. Whine whine whine whine whine!
Cheese with your white whine?
I've occasionally had to enter my driver's license number online, and it was much more convenient to open 1PW than find my wallet. But there are data types that are more useful to store in 1PW, like bank accounts, software keys, credit cards, and identities. And with 1PW you don't have to house the data file in the cloud. I'm sure that iCloud Keychain will be sufficient for many people, but I'm sticking with 1PW.
I trust 1password because I have to pay for their service, and it has never let me down. Why would I trust a free service that stores all my critical passwords ?
Trust is paramount here, and 1password have earnt it in droves ...
Note : I am in no way affiliated with 1password. I wish I was
This x a million.
I think you have not learned a thing so far and still do not understand how system works
I've been using this program since it first came out, and have it on all my devices including various PC's. I have yet to find a better password program.
AgileBits deserves your money.
Sure, Apple will beat them at the basic level and with integration into iOS and OS X with iCloud Keychain. But if you don't want your keychain in the cloud, what then? Remember, Apple is subject to the NSA, or any idiot fed with a "warrant." (Read the news. I'm being generous with just quotes here.)
AgileBits took away LAN WiFi syncing from 1Password, then pushed their DropBox sync system, but then after hearing all the negative feedback about it (and believe me, I was part of the negative feedback), they've been working on a USB sync solution. It's still beta, but it works pretty well, and it satisfies the need of us paranoid types who refuse to let their password managers ever talk to the network.
So... how has Apple been responding to your feedback lately?
I'm not a shill, I was genuinely angry with AgileBits for taking away WiFi sync, but I will repeat myself: They listen to their customers.
Sure, Apple will beat them at the basic level and with integration into iOS and OS X with iCloud Keychain. But if you don't want your keychain in the cloud, what then? Remember, Apple is subject to the NSA, or any idiot fed with a "warrant." (Read the news. I'm being generous with just quotes here.)
AgileBits took away LAN WiFi syncing from 1Password, then pushed their DropBox sync system, but then after hearing all the negative feedback about it (and believe me, I was part of the negative feedback), they've been working on a USB sync solution. It's still beta, but it works pretty well, and it satisfies the need of us paranoid types who refuse to let their password managers ever talk to the network.
So... how has Apple been responding to your feedback lately?
I'm not a shill, I was genuinely angry with AgileBits for taking away WiFi sync, but I will repeat myself: They listen to their customers.
I heard they want to remove local sync support and go Dropbox/iCloud only.
HELL NO.
The securest data is the data that does NOT leave your home! Why would I want my passwords "out there", even if they are in an encrypted form?
No way, guys!
Seriously? Are they dropping local sync? Why would they be stupid enough to make it less secure?