1Password for iOS/Mac Gets Price Cut Ahead of Upcoming Free iOS 8 Update

[flash84x]

Am I crazy to think $34.99 on a Mac for a password utility is overpriced severely? And $9.99 on iOS?

At the surface, no you're not crazy to think that.

But, it is completely worth it for the time savings and headaches of forgetting passwords alone. Not to mention how much more secure your accounts will be with heavily randomized passwords that are different for EVERY service. One service gets compromised? Change that password, not every password for every account you have (which we all know you won't do anyway).

Plus, these guys are the real deal.

 

[mw360]

Am I crazy to think $34.99 on a Mac for a password utility is overpriced severely? And $9.99 on iOS?

Yes, you are, but sadly not alone.

There are cheaper alternatives, but when it comes to security, I don't recommend the lowest bidder.

 

[Mollan]

I thought this, too, until I finally was persuaded to buy it. Totally worth it, both for peace of mind and for the convenience of being able to use complex passwords without having to remember them on any platform.

I agree, but remind that all your complex passwords are protected behind a SINGLE simple and "easy" password... Especially if you work on multiple or public computers (libraries, shared computers, etc) you master password can be stolen and all of your credit cards/passwords will be at risk.
Substantially, you pay an app that creates hundreds of strong and secure passwords, all of them protected by an easy one. Bummer...

 

[mabhatter]

I assume this app is risky... I mean it's a wonderful idea in this day in age where we all have 200+ usernames and passwords for everything.... But what if someone hacks 1Passwords servers and gets ALL your passwords?....

I've been told that even services such as Life Lock are dangerous. Let me know because I forget all my passwords all the time and would love to get this app if I wasn't concerned over my data being stolen.

It doesn't store data on their servers. It store it locally or in your Dropbox or iCloud account. I would assume it's heavily encrypted by the App, but somebody probably could crack it with enough time and luck left alone.. they can also break in your windows with a crowbar at noon to take your real stuff.

----------

Am I crazy to think $34.99 on a Mac for a password utility is overpriced severely? And $9.99 on iOS?

It's VERY useful.. And goes on sale for 1/2 price often. They do like to have customers pay for new versions more than most App Store apps. You just have to watch sites with Mac news for when the sakes will be... But where??

----------

how is this different than icloud keychain?

It came out about 5 year ago to do the same thing...

 

[dilbert99]

I agree, but remind that all your complex passwords are protected behind a SINGLE simple and "easy" password... Especially if you work on multiple or public computers (libraries, shared computers, etc) you master password can be stolen and all of your credit cards/passwords will be at risk.
Substantially, you pay an app that creates hundreds of strong and secure passwords, all of them protected by an easy one. Bummer...

You don't use an easy one for your master password. Something memorable but at the same time complex so would take a long time to crack.

Hackers would have to get access to and be interested in you and your devices/cloud storage in the first place as 1Password vaults are not stored on a central server, but if using the cloud sync are distributed over the web, a different location for each file, so not easy to harvest.

Add to that fact that AgileBits business depends on being secure and you pay a not insignificant price.

Look at the reviews - a 4-5* app.

You have to pay for two versions of an app? iOS and Mac/Windows- you would have to do this with a lot of paid apps.

Did I like paying so much? No, I waited until the app came on sale.

Was it worth it? Where else am I going to store my passwords and who am I willing to trust?

 

[till213]

Am I crazy to think $34.99 on a Mac for a password utility is overpriced severely? And $9.99 on iOS?

No. You're just used to the massive amount of 0.99$ "apps" out there.

What people forget however: actual software development costs a lot of money - especially if you continue to support your software, as the Agilebits people do!

It's not a "one time throw away fart app", it's a complex software. YES, you read that correct: getting cryptography applied correctly IS hard! The underlying APIs are complex. And even if you understand them your application still has to make sure that user entered passwords do not linger in memory longer than necessary etc. (such that another malicious process could steal them through security holes in the OS - and YES, there will always be security holes!).

In short: 50$ for such an application (on the desktop) was well worth it for me! And I still get updates and new features. My gain? Absolutely "hard-to-brute-force" passwords on any website!

I am talking "30 characters of ASCII garbage" kind of passwords here! As long as the service/web site allows to store such long passwords. And I have them with me on my mobile phone (which I only sync locally via my own Wi-Fi network that I control).

 

[till213]

I agree, but remind that all your complex passwords are protected behind a SINGLE simple and "easy" password...

First of all, your single ONE password doesn't have to be "easy" - ever wondered why the application is called ONEPassword?

In fact, Agilebits tell you how to come up with a "strong" password.

But even if you choose a "weak" 6 digit password, there is still a HUGE difference if you keep your password file LOCAL (as I do, and as I would recommend to everyone else: only sync LOCALLY with your OWN Wi-Fi network - you never know what "Cloud Storage" will be hacked next...): The difference being that the attacker first needs to get PHYSICAL access to that file! And that means that they either have to hack your desktop computer and be able to extract the file from there, or get physical access to your mobile phone and hack into the OS (and you did at least set a 4 digit unlock code on your phone, at least did you? ).

Normally you'd store usually the SAME (or similar "constructed" passwords) on websites such as this one, MacRumors. Maybe you have a few "more secure" passwords for your more sensitive websites such as email servers.

But the point is: it is only a question of time until SOME of your passwords will be stolen by hacking into such websites, and since those are ONLINE it might only be a matter of running "scripts against a range of IP ports and see who's vulnerable"! Very different from trying to extract YOUR PERSONAL encrypted 1password file stored LOCALLY on your desktop (which hopefully is NOT reachable from the outside network - unless you're running your own Webserver, but then storing your 1Password keychain file on that computer would also be a risk that I'd avoid).


And there is yet ANOTHER reason to use software such as 1Password: password GENERATION!

If you think you've created a "secure" password "SucHAzTh1sOn3": think again! Basically if any of the underlying words can be found with Google, Wikipedia, the Bible or any other electronically accessible word dictionary: you're doomed!

Keywords: "substitution attacks": by cleverly substituting letters and digits, and also appending "pre- and postfixes" (birthday years, 123, ...) and much much more those programs manage to "guess" way over 50% of passwords (sometimes up to 80% and more!) within HOURS and DAYS, given a huge collection of encrypted passwords (which were stolen from some websites).


Here are some links about the "impossibility" to generate a "secure" password by yourself:

http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/


And this is how those "rule based substitution attacks" get fueled even more:

http://arstechnica.com/security/201...acker-group-now-has-1-2b-usernames-passwords/


After you have read that, tell me: what is more secure: trying to come up with "secure passwords" for every "sensible web service" for yourself (possibly having to change them in case those sites got hacked and come up with a COMPLETELY different password each time), OR: have those passwords GENERATED and MANAGED by a single application, and only taking care PERSONALLY that this file is not stolen by anyone else?

 

[NightFox]

Educate yourself before commenting - 1Password does not store passwords on any server, it is an offline app (with optional iCloud / Dropbox / Wi-fi sync)

To be fair I think he was trying to educate himself by asking.

Anyway, can someone please educate me - I've now bought this for my iPhone, but because I flit between a Mac and a PC for work, would I need to spend money on 1Password for both platforms, or does one cost cover both Mac and PC?

 

[SMIDG3T]

I finally got it. So is the iOS 8 update going to make the app finally integrated into Safari? I hope so

Also, heavy Touch ID integration

 

[wsc9005]

To be fair I think he was trying to educate himself by asking.

Anyway, can someone please educate me - I've now bought this for my iPhone, but because I flit between a Mac and a PC for work, would I need to spend money on 1Password for both platforms, or does one cost cover both Mac and PC?

You'll have to pay for the windows version again.

 

[till213]

To be fair I think he was trying to educate himself by asking.

Anyway, can someone please educate me - I've now bought this for my iPhone, but because I flit between a Mac and a PC for work, would I need to spend money on 1Password for both platforms, or does one cost cover both Mac and PC?

Check out Agilebit's website: IIRC correctly they are also offering a "download" installer, including a "all platforms" offer which then covers iOS, OS X and Windows (or at least OS X and Windows).

If you purchase in the Mac App Store then you only get an OS X version - naturally.

 

[NightFox]

Check out Agilebit's website: IIRC correctly they are also offering a "download" installer, including a "all platforms" offer which then covers iOS, OS X and Windows (or at least OS X and Windows).

If you purchase in the Mac App Store then you only get an OS X version - naturally.

Thanks, yes I now see on their website they offer a discounted bundle with both the OS X and Windows version, still costs more than a single platform version so I might forego the Windows version and just enter passwords manually when I'm using my PC.

So before I buy the Mac version - is it better to buy direct or through the Mac App Store? I'd normally buy through the MAS but I see that when they release new full versions they normally offer discounts to upgraders who bought direct, but I know this is something the MAS isn't geared up to do. Does anyone know if discounted upgrades to 1Password have been available via the Mac App Store previously, or only for direct purchases?

 

[Kissaragi]

By far the best apps I ever bought. They are worth every penny even at full price. I can't wait for safari integration on iOS 8.

 

[farleysmaster]

Question (and let me start by saying I own up-to-date copies of 1Password for iOS and OS X, and have updated several times).

What are the main benefits of using this compared to iCloud keychain? I'll probably stick with 1Password, but thinking about what's best for my wife. If you use Safari on OS X and iOS, the integration is very good. The main annoyance with iCloud keychain for me, would be lack of easy access to wallet information/sight of passwords (e.g. using the iOS app to help login on computers I don't own), but I'd like to make things as uncomplicated and easy for my wife who is not going to want dedicate much time to keeping usernames and passwords up to date...

 

[Meus Me]

iCloud Keychain

Syncs across iOS and Mac, including Chrome on my Mac. Auto fills web forms and logins. Mac client allows you to search for login details. All of this FREE. You don't need to wait for iOS8

1Password

Aside from a more detailed password management client and password generator, there is no selling point for me. Keychain does what most need from an app like this.

Until 1Password auto fills passwords and forms in third party apps, it's a no sale. Those who've already bought the app may be happy with it, but Apple have fundamentally crashed Agile'sbusiness here. This is like Growl on the Mac after Apple integrated Notifications for the OS

 

[dav465]

I have been tempted to purchase this app for a while, particularly with the ios 8 integration.

I am currently using roboform and I am genuinely wondering why people thing 1password is better.
The free version of roboform apparently has a 10 password limit but I have easily breached that and it syncs perfectly between ios and windows( not on a trial).
Granted for ios I have to go to app and find password but it is reasonable to say that they might bring integration to safari like 1password although it may not be present in free version.

I dislike iCloud Keychain because if my phone is open anyone can login to my accounts rather than having protection per password entry.

 

[Scuba629]

everyone keeps suggesting the iOS 8.0 integration is going to be awesome, but don't the apps have to support 1Password? In their example it looked like the other app knew to call the 1Password extension. It might work with Safari right away but I don't think it will work for a very large amount of apps(right away) let alone Chrome(my main iOS browser).

Did I miss something? Or am I wrong?

 

[whsbuss]

So if I get the OS X version, populate all the passwords me and the wife use, then get the iOS version to sync, do I have to also get a separate iOS version for my wife's iPhone or can we share via Dropbox?

 

[KALLT]

I agree, but remind that all your complex passwords are protected behind a SINGLE simple and "easy" password... Especially if you work on multiple or public computers (libraries, shared computers, etc) you master password can be stolen and all of your credit cards/passwords will be at risk.
Substantially, you pay an app that creates hundreds of strong and secure passwords, all of them protected by an easy one. Bummer...

1Password has a feature called Vaults. You can create separate vaults (i.e. databases), all protected with their own master password, and use them for different purposes. You can store really sensitive data like banking details in one vault and website logins in another. ;-)

So if I get the OS X version, populate all the passwords me and the wife use, then get the iOS version to sync, do I have to also get a separate iOS version for my wife's iPhone or can we share via Dropbox?

You need 1Password for iOS on every device. You can share the same 1Password library, but you do need the app. However, it might be possible that you can use family sharing once iOS 8 is released.

 

[whsbuss]

You need 1Password for iOS on every device. You can share the same 1Password library, but you do need the app. However, it might be possible that you can use family sharing once iOS 8 is released.

I know you need the iOS app but my question is do I need to buy it once for my iPhone and then again for my wife's iPhone.

 

[KALLT]

I know you need the iOS app but my question is do I need to buy it once for my iPhone and then again for my wife's iPhone.

If you have separate iTunes accounts, then yes. Unless you qualify for family sharing in iOS 8.

 

[farleysmaster]

If you have separate iTunes accounts, then yes. Unless you qualify for family sharing in iOS 8.

You can use multiple accounts on one iPhone. If anything, family sharing is just simplifying something that's already possible.

 

[Mollan]

First of all, your single ONE password doesn't have to be "easy" - ever wondered why the application is called ONEPassword?

In fact, Agilebits tell you how to come up with a "strong" password.

But even if you choose a "weak" 6 digit password, there is still a HUGE difference if you keep your password file LOCAL (as I do, and as I would recommend to everyone else: only sync LOCALLY with your OWN Wi-Fi network - you never know what "Cloud Storage" will be hacked next...): The difference being that the attacker first needs to get PHYSICAL access to that file! And that means that they either have to hack your desktop computer and be able to extract the file from there, or get physical access to your mobile phone and hack into the OS (and you did at least set a 4 digit unlock code on your phone, at least did you? ).

Thank you for the huge and complete answer, and I thank also @dilbert99
I'm trying to decide whether to buy the app (especially now with the discount price) or to remain on iCloud keychain. I did not think about the possibility of a local sync, and that's a very good point in favor of 1Password. (p.s. I did not set the 4 digit unlock code for the phone since I unlock it very often using instant messaging )

Normally you'd store usually the SAME (or similar "constructed" passwords) on websites such as this one, MacRumors. Maybe you have a few "more secure" passwords for your more sensitive websites such as email servers.

But the point is: it is only a question of time until SOME of your passwords will be stolen by hacking into such websites, and since those are ONLINE it might only be a matter of running "scripts against a range of IP ports and see who's vulnerable"! Very different from trying to extract YOUR PERSONAL encrypted 1password file stored LOCALLY on your desktop (which hopefully is NOT reachable from the outside network - unless you're running your own Webserver, but then storing your 1Password keychain file on that computer would also be a risk that I'd avoid).

Yes, from this point of view it seems to be more secure than iCloud Keychain.

And there is yet ANOTHER reason to use software such as 1Password: password GENERATION!

If you think you've created a "secure" password "SucHAzTh1sOn3": think again! Basically if any of the underlying words can be found with Google, Wikipedia, the Bible or any other electronically accessible word dictionary: you're doomed!

Keywords: "substitution attacks": by cleverly substituting letters and digits, and also appending "pre- and postfixes" (birthday years, 123, ...) and much much more those programs manage to "guess" way over 50% of passwords (sometimes up to 80% and more!) within HOURS and DAYS, given a huge collection of encrypted passwords (which were stolen from some websites). Here are some links about the "impossibility" to generate a "secure" password by yourself:

http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/


And this is how those "rule based substitution attacks" get fueled even more:

http://arstechnica.com/security/201...acker-group-now-has-1-2b-usernames-passwords/

This possibility is also available with iCloud Keychain, so they're even on this point.

After you have read that, tell me: what is more secure: trying to come up with "secure passwords" for every "sensible web service" for yourself (possibly having to change them in case those sites got hacked and come up with a COMPLETELY different password each time), OR: have those passwords GENERATED and MANAGED by a single application, and only taking care PERSONALLY that this file is not stolen by anyone else?

Yes, I agree with you on that. I'm only concerned about public or shared computers. If I have to login into my email from the university computer or from some internet points when I'm abroad (e.g. no iPhone), I have to login first into the 1Password website, enter my master password, unlock the keychain and access all my password from there. Only then, I can copy the password and paste it in my email website. Isn't it the same and hackable function that iCloud keychain has?

 

[whsbuss]

If you have separate iTunes accounts, then yes. Unless you qualify for family sharing in iOS 8.

Thanks but the family sharing thing is still (somewhat) an unknown as to how it will work.

 

[irnchriz]

If you only use iOS devices and Macs is there anything that makes this worth paying for over keychain sync?