I agree, but remind that all your complex passwords are protected behind a SINGLE simple and "easy" password... Especially if you work on multiple or public computers (libraries, shared computers, etc) you master password can be stolen and all of your credit cards/passwords will be at risk.
Substantially, you pay an app that creates hundreds of strong and secure passwords, all of them protected by an easy one. Bummer...
As others have pointed out, you should not be using an easy password for your Master Password. You should be using a complex, strong but memorable master password. Mine is over 20 characters in length, has symbols, numbers and mixed case letters in it. It is however easy to remember.
The other part is that you should NOT be using 1Password on a computer you do not trust. If you do not trust that computer, you should avoid entering your master password into it, and you should avoid entering _any_ password into it.
My plan of action in these cases is this:
1) Mobile Device, such as an iPad or iPhone using wifi
2) Whenever I am on an unprotected (read, any that isn't mine) wifi I use a VPN. We recommend our good friends over at GetCloak.com
3) Never using any computer that isn't mine or trusted (which is basically any that aren't mine
I'm a bit more on the paranoid side, but not a tin foil hat wearing person either. A VPN means that if you're on a wifi network and unsecure traffic is going across the wire your good buddies on the same wifi network cannot see the data going across the pipe from you to your favorite websites. I pay for the middle plan, but for many people who are just using it sparsely, the cheapest plan would suffice.
Yes, I use this at friends houses as well
You don't use an easy one for your master password. Something memorable but at the same time complex so would take a long time to crack.
Hackers would have to get access to and be interested in you and your devices/cloud storage in the first place as 1Password vaults are not stored on a central server, but if using the cloud sync are distributed over the web, a different location for each file, so not easy to harvest.
Add to that fact that AgileBits business depends on being secure and you pay a not insignificant price.
Look at the reviews - a 4-5* app.
You have to pay for two versions of an app? iOS and Mac/Windows- you would have to do this with a lot of paid apps.
Did I like paying so much? No, I waited until the app came on sale.
Was it worth it? Where else am I going to store my passwords and who am I willing to trust?
Good advice on the password, it should be strong, complex but memorable.
Thanks for the kind words
No. You're just used to the massive amount of 0.99$ "apps" out there.
What people forget however: actual software development costs a lot of money - especially if you continue to support your software, as the Agilebits people do!
It's not a "one time throw away fart app", it's a complex software. YES, you read that correct: getting cryptography applied correctly IS hard! The underlying APIs are complex. And even if you understand them your application still has to make sure that user entered passwords do not linger in memory longer than necessary etc. (such that another malicious process could steal them through security holes in the OS - and YES, there will always be security holes!).
In short: 50$ for such an application (on the desktop) was well worth it for me! And I still get updates and new features. My gain? Absolutely "hard-to-brute-force" passwords on any website!
I am talking "30 characters of ASCII garbage" kind of passwords here! As long as the service/web site allows to store such long passwords. And I have them with me on my mobile phone (which I only sync locally via my own Wi-Fi network that I control).
Thanks for the awesome user experience writeup there
I'm glad you're happy with 1Password, if there's anything we can ever do to help please let us know!
First of all, your single ONE password doesn't have to be "easy" - ever wondered why the application is called ONEPassword?
In fact, Agilebits tell you how to come up with a "strong" password.
But even if you choose a "weak" 6 digit password, there is still a HUGE difference if you keep your password file LOCAL (as I do, and as I would recommend to everyone else: only sync LOCALLY with your OWN Wi-Fi network - you never know what "Cloud Storage" will be hacked next...): The difference being that the attacker first needs to get PHYSICAL access to that file! And that means that they either have to hack your desktop computer and be able to extract the file from there, or get physical access to your mobile phone and hack into the OS (and you did at least set a 4 digit unlock code on your phone, at least did you?
).
Normally you'd store usually the SAME (or similar "constructed" passwords) on websites such as this one, MacRumors. Maybe you have a few "more secure" passwords for your more sensitive websites such as email servers.
But the point is: it is only a question of time until SOME of your passwords will be stolen by hacking into such websites, and since those are ONLINE it might only be a matter of running "scripts against a range of IP ports and see who's vulnerable"! Very different from trying to extract YOUR PERSONAL encrypted 1password file stored LOCALLY on your desktop (which hopefully is NOT reachable from the outside network - unless you're running your own Webserver, but then storing your 1Password keychain file on that computer would also be a risk that I'd avoid).
And there is yet ANOTHER reason to use software such as 1Password: password GENERATION!
If you think you've created a "secure" password "SucHAzTh1sOn3": think again! Basically if any of the underlying words can be found with Google, Wikipedia, the Bible or any other electronically accessible word dictionary: you're doomed!
Keywords: "substitution attacks": by cleverly substituting letters and digits, and also appending "pre- and postfixes" (birthday years, 123, ...) and much much more those programs manage to "guess" way over 50% of passwords (sometimes up to 80% and more!) within HOURS and DAYS, given a huge collection of encrypted passwords (which were stolen from some websites).
Here are some links about the "impossibility" to generate a "secure" password by yourself:
http://arstechnica.com/security/201...eling-the-next-frontier-of-password-cracking/
And this is how those "rule based substitution attacks" get fueled even more:
http://arstechnica.com/security/201...acker-group-now-has-1-2b-usernames-passwords/
After you have read that, tell me: what is more secure: trying to come up with "secure passwords" for every "sensible web service" for yourself (possibly having to change them in case those sites got hacked and come up with a COMPLETELY different password each time), OR: have those passwords GENERATED and MANAGED by a single application, and only taking care PERSONALLY that this file is not stolen by anyone else?
Educated, high five my friend
You'll have to pay for the windows version again.
There's the bundle on our store, we sell both the Mac and Windows versions bundled together at a massive discount over buying them both separately.
You can also get the other platform cheaper if you purchased one of them already by using our Upgrade store. It's not as cheap as buying both of them at the same time, but it's pretty close.
Check out Agilebit's website: IIRC correctly they are also offering a "download" installer, including a "all platforms" offer which then covers iOS, OS X and Windows (or at least OS X and Windows).
If you purchase in the Mac App Store then you only get an OS X version - naturally.
Sorta correct. We cannot bundle the iOS version from our store. Apple doesn't provide a method for doing this. We can bundle the Mac and Windows version from our store. This Mac version does not include a Mac App Store copy though.
If someone purchased on the Mac App Store and wishes to get the Windows version at a discount they can email into our support with their receipt of purchase and we'll take a look at what we can do to help.
Thanks, yes I now see on their website they offer a discounted bundle with both the OS X and Windows version, still costs more than a single platform version so I might forego the Windows version and just enter passwords manually when I'm using my PC.
So before I buy the Mac version - is it better to buy direct or through the Mac App Store? I'd normally buy through the MAS but I see that when they release new full versions they normally offer discounts to upgraders who bought direct, but I know this is something the MAS isn't geared up to do. Does anyone know if discounted upgrades to 1Password have been available via the Mac App Store previously, or only for direct purchases?
We promised 1Password 3 purchases from the Mac App Store a free upgrade to version 4, so at this time we have not charged for any update on the Mac App Store. I'm not sure how we'd do this should we decide to do it, so I can't really give any accurate info here.
If you're interested in upgrade discounts though, I'd say the better route to go is our website simply because it's a possible way to do it at this time, no one knows what the future holds with the App Stores but we do know what can be done now on our website.
Question (and let me start by saying I own up-to-date copies of 1Password for iOS and OS X, and have updated several times).
What are the main benefits of using this compared to iCloud keychain? I'll probably stick with 1Password, but thinking about what's best for my wife. If you use Safari on OS X and iOS, the integration is very good. The main annoyance with iCloud keychain for me, would be lack of easy access to wallet information/sight of passwords (e.g. using the iOS app to help login on computers I don't own), but I'd like to make things as uncomplicated and easy for my wife who is not going to want dedicate much time to keeping usernames and passwords up to date...
1Password can help here. You can install the app on her iPhone and only link up her vault to it if you wish. Then on your iPhone/Mac/iPad you can link up hers and yours. (Dropbox only)
This would let you have access to her data and yours easily and you can help her maintain her information, as it sounds like she isn't probably interested in that.
The new iOS 8 features will mean you get filling via Safari as well. It's a simple tap on the Action menu and the 1Password icon and selecting the login to fill
iCloud Keychain
Syncs across iOS and Mac, including Chrome on my Mac. Auto fills web forms and logins. Mac client allows you to search for login details. All of this FREE. You don't need to wait for iOS8
1Password
Aside from a more detailed password management client and password generator, there is no selling point for me. Keychain does what most need from an app like this.
Until 1Password auto fills passwords and forms in third party apps, it's a no sale. Those who've already bought the app may be happy with it, but Apple have fundamentally crashed Agile'sbusiness here. This is like Growl on the Mac after Apple integrated Notifications for the OS
We're offering filling into Safari in the iOS 8 application, which as the parent article points out is being included free for users who purchase the current version.
We're also including application extensions so that other applications can link into 1Password to have us fill into their apps as well. The thing that wasn't pointed out very well in any of the articles is that other apps can also CREATE items in 1Password as well using these Application Extensions, so it means you can open an app that supports it, sign up and it can ask to save it into 1Password.
We won't be auto-filling into anything as we think leaving that up to the user is the best choice. The user must explicitly choose to fill. We feel that if we fill without their action then we're possibly deceiving them and not living up to the trust that people expect from us.
I have been tempted to purchase this app for a while, particularly with the ios 8 integration.
I am currently using roboform and I am genuinely wondering why people thing 1password is better.
The free version of roboform apparently has a 10 password limit but I have easily breached that and it syncs perfectly between ios and windows( not on a trial).
Granted for ios I have to go to app and find password but it is reasonable to say that they might bring integration to safari like 1password although it may not be present in free version.
I dislike iCloud Keychain because if my phone is open anyone can login to my accounts rather than having protection per password entry.
Read through my other responses here, you'll see a number of reasons why I feel 1Password is better, but the original parent article also shows some of the features we are going to include in the next version. If those appeal to you I would say that would handily be a great reason to use 1Password
I'm happy to discuss in more detail with you if you wish, just send me a PM or email in and ask for me. Contact Info in my signature.
everyone keeps suggesting the iOS 8.0 integration is going to be awesome, but don't the apps have to support 1Password? In their example it looked like the other app knew to call the 1Password extension. It might work with Safari right away but I don't think it will work for a very large amount of apps(right away) let alone Chrome(my main iOS browser).
Did I miss something? Or am I wrong?
Yes, Applications will have to build in support for 1Password. Given the popularity of the code we released to allow developers to do this, and the emails I have seen, I think it'll be very rapidly supported.
Can't say anything about Chrome supporting 1Password though, at least on iOS. I think that's more of a less common scenario, I suspect most users use Safari on iOS.
So if I get the OS X version, populate all the passwords me and the wife use, then get the iOS version to sync, do I have to also get a separate iOS version for my wife's iPhone or can we share via Dropbox?
If you share the same AppleID with your Wife, only purchase will be fine. If you use separate AppleIDs for each person, you will need to either way for Family Sharing or purchase twice. Note that Family Sharing requires you use the same credit card for each AppleID before they can be linked.
1Password has a feature called Vaults. You can create separate vaults (i.e. databases), all protected with their own master password, and use them for different purposes. You can store really sensitive data like banking details in one vault and website logins in another. ;-)
You need 1Password for iOS on every device. You can share the same 1Password library, but you do need the app. However, it might be possible that you can use
family sharing once iOS 8 is released.
Thumbs up!
If you have separate iTunes accounts, then yes. Unless you qualify for family sharing in iOS 8.
Thanks but the family sharing thing is still (somewhat) an unknown as to how it will work.
See above, it should be pretty straight forward, but you will have to use the same credit card for each account.
If you only use iOS devices and Macs is there anything that makes this worth paying for over keychain sync?
Better organizational tools (Tags, Folders, and Smart Folders), sync choice (Dropbox, iCloud, Wifi), browser choice (Firefox, Safari, Chrome, Opera). My favorite: Full support!
----------
I'd love to use 1Password, but I'm sticking with LastPass for now, which has served me very well. One primary reason is that in addition to accessing my passwords on my Mac and iPhone, I also access them on a work computer that doesn't allow me to install applications but does allow me to run the LastPass Chrome extension... and they block Dropbox preventing me from syncing 1Password if I were to get the app installed. The other reason is that I also have a Chromebook for light browsing that I also use LastPass on, which I don't think I can do with 1Password.
But this is pretty cool news about the price discount. However, I would imagine their prices will stay low or possibly go lower as they work to lure people away from just using Keychain with the improvements Apple is bringing to it.
Finally, does anyone know if LastPass is planning this type of application integration in iOS8? I don't see why they couldn't or shouldn't.
1Password has something called 1PasswordAnywhere, which you can use in a few ways to access your data via a built in webpage in the agilekeychain format. More details here:
http://guides.agilebits.com/knowledgebase/1password4/en/topic/1passwordanywhere?
There's something I never understood about passwords. Let's say I have a relatively "strong" password for some login, such as Apple ID or my bank. I notice that most sites I've used, if you enter a wrong password say more than 5 times (or 10), it locks you out. So, if someone is going to "guess" my password - whether "by hand" (fingers) or through some algorithm, if they only have 5 or 10 attempts to log into my bank account, how is that going to help them?
I'm just trying to understand how it could work. How could some algorithm "eventually" guess my password, since it would have to try every "guess" and each would fail - resulting in a "lock-out" eventually. Even if a site didn't do a 'lockout', how would someone try say a million attempts (via some algorithm) in a log-in; the log-in is not something that is automated; the person (or a program/algorithm) has to type/enter each of the million guesses in one-by-one.
I must be missing something on how someone could hack into my Apple ID if they would need say a million guesses to eventually come up with my password (or even if they could do it in only 1000 guesses) ???
I'd like to understand this aspect of password protection better ...
Thanks!
Jim
This was one thing that was explained below by another user but in the LinkedIn example, a user broke into the server, dumped the user table and saved it. This meant they had a copy of the data on their own computer. In the case of other sites that did more to encrypt the passwords, the cracker would then run a tool to try to crack the passwords. The website limits would not apply since they have access to the actual data.
By using a unique password then if one site is cracked you'd only have to worry about that one site. Change the password for it, and you're set again. If you used the same password on multiple sites you risk exposure and having to change the password on all of them.
If the password database was insecure and hacked, hackers could carry out blunt force attacks on copies of the database. They could then use this information on your site logins, and on the off chance you use the same password everywhere, they could try these logins on other sites. If they can crack your email password, it would be pretty easy to reset other passwords...
Brute force, but yes
Correcto!
Why do I need this if Apple already has their own password protector/generator?
Does this App work with the Fingerprint scanner?
Somebody sell me on this so I can justify buying it.
If you can't justify buying it then iCloud Keychain should work fine for you. Some of the reasons for what differentiates 1Password though:
* We support Opera, Chrome, Firefox and Safari.
* We support Mac, Windows, iOS and Android
* We sync with Dropbox, iCloud and direct Wifi sync between Mac/Win and iOS
* We provide organizational tools like Tags, Folders and Smart Folders
* We provide a service called Watchtower that informs you when sites are broken into or need passwords changed
* My favorite, we provide full support when you purchase, we're happy to help just contact us with your question or concern and we'll get you the answers you need!
