1Password 4 Detailed for Mac, Adds iCloud Syncing, Encrypted Messaging and Custom Fields

[r.harris1]

I always think The Oatmeal's App comic fits in nicely when people discuss price and what they feel they should or shouldn't pay.

http://theoatmeal.com/blog/apps

 

[thekingofnerds]

What would the point of the drivers license feature be? I feel like I'm missing something obvious here...

It's not like you can tell someone "Hey, I forgot my license so let me pull out my 1password" since the vast majority of the time they need the physical card. And it's not like there's that many online forms that require driver license #s.

 

[FelixAng]

I'm not so familiar with these password banks/keychains, but I see their usefulness as we all have regularly increasing logins to store.

I just wonder how safe storing so many passwords in one place can be, let alone storing them digitally, whether locally or in a cloud. It seems frightening what kind of potential for nefarious use is out there should someone manage to access your data, not to mention the company itself having access. I definitely wouldn't trust a "free" password bank, just as I wouldn't trust a physical bank protected by "free" security.

Can someone tell me if the convenience can outweigh the potential for damage, or where I'm mistaken?

 

[scottsjack]

$17.99? Seriously? 😛

Looking for a $.99 iToys app? 1Password is serious software.

 

[thekingofnerds]

I'm not so familiar with these password banks/keychains, but I see their usefulness as we all have regularly increasing logins to store.

I just wonder how safe storing so many passwords in one place can be, let alone storing them digitally, whether locally or in a cloud. It seems frightening what kind of potential for nefarious use is out there should someone manage to access your data, not to mention the company itself having access. I definitely wouldn't trust a "free" password bank, just as I wouldn't trust a physical bank protected by "free" security.

Can someone tell me if the convenience can outweigh the potential for damage, or where I'm mistaken?

It's all encrypted. The point is to use a giant single password that is used to encrypt your passwords. The encryption would take a long time to break (without some serious resources).

In addition, they all recommend changing the individual passwords as well as the master password every few months. If you follow basic security practices and someone ever did grab your password file - it would take so long to decrypt the passwords, they would be out of date.

That said, it surprises me how many people store static info like addresses and SSNs in these systems (1pass, lastpass, keepass, etc). That's foolish - since you can't "change" that information like the individual passwords if a security breach were to happen

Also the companies don't "have access" to the unencrypted data. There's no backdoor they can use to gain access to your data.

 

[Dark Dragoon]

Can someone tell me if the convenience can outweigh the potential for damage, or where I'm mistaken?

Well with say 1Password you can run it entirely local, this is how I have mine setup. So the encrypted file containing the passwords is never sent over the internet or stored elsewhere.

The benefit is that I can use long randomly generated passwords which are all different.
At this point I have somewhere in the region of 200 different passwords, most of which are over 20 characters long.

I've not heard of anyone having their 1Password file stolen and then decrypted. However there have been a lot of cases of people having website, email etc... accounts hacked into because they use weak passwords, or use the same or similar password for different websites. Especially as over the last year or so there have been some fairly big advances in password cracking.

 

[thekingofnerds]

Especially as over the last year or so there have been some fairly big advances in password cracking.

*cough* Amazon EC2 GPU acceleration *cough* 😀

 

[Carl Sagan]

Is there any major reason to buy this, over using the upcoming iCloud Keychain?

If all you use are Apple devices no. If like the rest the world you want don't want to entirely dependent on Apple and use different devices in different set ups then its a big YES.

 

[Dark Dragoon]

*cough* Amazon EC2 GPU acceleration *cough* 😀

Although the hardware side has sped cracking up, it's been the release of vast amounts of passwords stored in plain text from some big websites, which allowed people to analyse the way people choose passwords that has really made a difference.

So no more is it just all about using brute force, as even with the increased performance of EC2 you would still maxing out at something like 8 characters.

 

[weckart]

Why pay for that when you get same stuff using Lastpass?

Remember this?

What a mess that was and LastPass never really came clean whether it had been hacked or not. That put me off right away. Apple's Dev site has been compromised, too, so I have my doubts about iCloud security.

 

[GenesisST]

I don't know what I would do without this piece of software.

I don't even know most of my passwords!

 

[Jessica Lares]

What would the point of the drivers license feature be? I feel like I'm missing something obvious here...

It's not like you can tell someone "Hey, I forgot my license so let me pull out my 1password" since the vast majority of the time they need the physical card. And it's not like there's that many online forms that require driver license #s.

PayPal and eBay both require ID numbers at various stages.

 

[Chrjy]

1Password is cross-platform, what is even more important, Apple has never been a security company so I would not believe in their expertise in making security software.

You can't be serious?

 

[alchemistmuffin]

STOP WHINING ABOUT THE PRICE!!!!!!!!!

The reason why it's so expensive is due to the licensing for all the encryptions used in the app, which are not cheap, in addition to the size of the company, and the development time.

The main hurdle for all password app, like 1Password is the fact that most country has huge restrictions on export of cryptography, with United States being one of the strictest. Since Agilebits is a Canadian company, they are bound by Canadian export laws in terms of cryptography:

http://www.international.gc.ca/controls-controles/export-exportation/crypto/Crypto_Intro.aspx

Obtaining the permit for export in cryptography is not cheap. In fact, it's pretty expensive when you factor in lawyers, fees, etc. This also leads to development time for the app being increased, since there are waiting periods for obtaining the permit. This means you have to pay the developers more money for extra hours spent on making the app.

Add all those factors together, and making a very simple password app management app, such as 1Password suddenly becomes very expensive.

Size of the company also factors into the price. Agilebits is a small, indie software company. LastPass is very large company with multiple backing from several corporation. That's why they are able to offer the app for free, and AgileBits charging for higher price. In general practice, Indie software company tends to deliver higher quality product.

 

[ajvizzgamer101]

There are actually 3 major reasons that come to mind to use 1Password or similar programs:

1. These applications store information that doesn't "fit" on the iCloud Keychain including:
   • Serial Numbers, especially for things you take out of your home like portable electronics and camera gear.
   • Combinations for locks
   • Software registration keys
   • etc
2. Cross platform compatibility (not just Macs and iOS devices)
3. The easy ability to look up information on your iOS device when you are at a computer that isn't yours.

Number 3 is a big one. You can do it in iOS 7 but you have to dig around in the settings and it's just a mess.

 

[Lazrhog]

I trust 1password because I have to pay for their service, and it has never let me down. Why would I trust a free service that stores all my critical passwords ?

Trust is paramount here, and 1password have earnt it in droves ...

Note : I am in no way affiliated with 1password. I wish I was 🙂

 

[cerote]

Thanks for voluntarily giving your passwords to NSA 😀

Except if you watch 1Password it doesn't have any outgoing connections. Only one I saw was registration when first booted.

 

[Zyphras]

STOP WHINING ABOUT THE PRICE!!!!!!!!!

Nope, I'll whine. Whine whine whine whine whine!

Cheese with your white whine?

 

[Roller]

What would the point of the drivers license feature be? I feel like I'm missing something obvious here...

It's not like you can tell someone "Hey, I forgot my license so let me pull out my 1password" since the vast majority of the time they need the physical card. And it's not like there's that many online forms that require driver license #s.

I've occasionally had to enter my driver's license number online, and it was much more convenient to open 1PW than find my wallet. But there are data types that are more useful to store in 1PW, like bank accounts, software keys, credit cards, and identities. And with 1PW you don't have to house the data file in the cloud. I'm sure that iCloud Keychain will be sufficient for many people, but I'm sticking with 1PW.

 

[Stike]

I heard they want to remove local sync support and go Dropbox/iCloud only.

HELL NO.

The securest data is the data that does NOT leave your home! Why would I want my passwords "out there", even if they are in an encrypted form?

No way, guys! 😡

 

[Carl Sagan]

I trust 1password because I have to pay for their service, and it has never let me down. Why would I trust a free service that stores all my critical passwords ?

Trust is paramount here, and 1password have earnt it in droves ...

Note : I am in no way affiliated with 1password. I wish I was 🙂

This x a million.

 

[mytakeontech]

Except if you watch 1Password it doesn't have any outgoing connections. Only one I saw was registration when first booted.

I think you have not learned a thing so far and still do not understand how system works 😉

 

[pimentoLoaf]

I've been using this program since it first came out, and have it on all my devices including various PC's. I have yet to find a better password program.

 

[isomorphic]

AgileBits deserves your money.

Sure, Apple will beat them at the basic level and with integration into iOS and OS X with iCloud Keychain. But if you don't want your keychain in the cloud, what then? Remember, Apple is subject to the NSA, or any idiot fed with a "warrant." (Read the news. I'm being generous with just quotes here.)

AgileBits took away LAN WiFi syncing from 1Password, then pushed their DropBox sync system, but then after hearing all the negative feedback about it (and believe me, I was part of the negative feedback), they've been working on a USB sync solution. It's still beta, but it works pretty well, and it satisfies the need of us paranoid types who refuse to let their password managers ever talk to the network.

So... how has Apple been responding to your feedback lately?

I'm not a shill, I was genuinely angry with AgileBits for taking away WiFi sync, but I will repeat myself: They listen to their customers.

 

[TwoBytes]

I heard they want to remove local sync support and go Dropbox/iCloud only.

HELL NO.

The securest data is the data that does NOT leave your home! Why would I want my passwords "out there", even if they are in an encrypted form?

No way, guys! 😡

Seriously? Are they dropping local sync? Why would they be stupid enough to make it less secure?