1Password

Discussion in 'Mac Apps and Mac App Store' started by Broph, Oct 28, 2012.

  1. Broph macrumors 6502

    Broph

    Joined:
    Jun 23, 2010
    Location:
    New Zealand
    #1
    I've heard heaps of good things about 1Password, but I want a few questions answered by people that use it....

    1) I'm a little confused about the whole idea of it.. You have one password (the master password) which then unlocks it and shows all your passwords for all your logins? What would happen if someone stole your laptop, managed to crack the master password, then boom, they have all your info for all your sites?

    2) What happens if I want to login on a site on another computer? I think I read somewhere that you can go on a website, log in, then your passwords are listed there?

    Tried doing my research, but didn't stumble upon the answers to these in detail.
     
  2. James Craner macrumors 68000

    James Craner

    Joined:
    Sep 13, 2002
    Location:
    Bristol, UK
    #2
    Ok

    1 - Firstly choose a difficult to crack password as your master password, it is very unlikely that someone will be able to guess this password, unless you have left it in an unsecured location. The 1Password database is very secure and very unlikely to be cracked itself. Your data is encrypted using AES, the same state-of-the-art encryption algorithm used as the national standard in the United States. 1Password uses 128-bit keys for encryption, which means that it would take millions of years for a criminal to decrypt your data using a brute force attack.

    Providing you chose a secure master password, it would be almost impossible for someone to crack the database. If you were at all concerned you could simply change all the key passwords.

    2. You have a couple of options - The easiest is to use a copy of 1password on your smartphone, which can then sync with a copy of the secure database via dropbox. Or you can use 1PasswordAnywhere to decrypt and view your Agile Keychain if you can access it on Dropbox or store a copy on a USB flash drive.

    For an overview of what 1Password can do, more information can be found here.
     
  3. Xe89 macrumors regular

    Joined:
    Oct 23, 2009
    #3
    The problem with 1Password is that if you are a new user you probably don't know what a secure password is. I recommend a so called Diceware password with at least 7 words as a Master password for 1Password

    See http://world.std.com/~reinhold/diceware.html

    I think the developer Agilebits should provide some info about how to create a secure Master password when you start the program for the first time.
     
  4. Sital macrumors 68000

    Sital

    Joined:
    May 31, 2012
    Location:
    New England
    #4
    I agree that alot, if not most, people don't know how to make a secure password, but with that Diceware method the number of people who can't remember their master password would increase exponentially.
     
  5. Xe89 macrumors regular

    Joined:
    Oct 23, 2009
    #5
    Well, I have to disagree with you on that one. You only need to remember one Diceware passphrase because all your other logins are handled by 1Password (ok, maybe 2 because it is a very good idea to know the Dropbox password).

    With Diceware you don't need add confusing symbols or years, or replace the letter o with 0 or any other useless password creation tips. It is just words. If you're using a 7 word passphrase you could split it in two parts of 3 and 4 in your mind to make it easier to remember. Also, make sure 1Password auto-locks after a short period of time to force you into typing it. If think writing it down also is a good idea, given the alternatives (the note should of course be destroyed once you learned the password).
     
  6. James Craner macrumors 68000

    James Craner

    Joined:
    Sep 13, 2002
    Location:
    Bristol, UK
    #6
    This is always a tricky one and really is down to the users preference. With 1 password to gain access to the database you need to know the master password and have physical access to the Agile Keychain. While the 7 word diceware password sounds super secure, if I had to type that many words into 1Password each time, I doubt that I would ever use it. If you are happy doing that each time, then great, but I don't think most users need to go to that length.
     
  7. Sital macrumors 68000

    Sital

    Joined:
    May 31, 2012
    Location:
    New England
    #7
    I can see how that could be useful for some people, but typing a 7 word password each time I reboot or 1Password locks is overkill for me. My master password is a combination of letters and symbols, and while it looks random to someone else it's something that makes sense only to me.
     
  8. Xe89 macrumors regular

    Joined:
    Oct 23, 2009
    #8
    Of course a 7 word Diceware passphrase is overkill for most users. My point is however not that people should be forced to use the Diceware system but that they should be informed about it, and more importantly about the myths and facts in general about secure passwords.

    When I was new to 1Password I started out with a word from a wordlist, adding some symbols here and there and some capitals, numbers (in form of a year) thinking I was so smart. Then I started to read Agilebits blog that not only covers 1Password but internet security in general. I realised that my method was of course a usual one and that the password wasn't that good at all, despite its lenght and combination of numbers, letters and symbols.

    With Diceware even the ordinary user can calculate the security and choose the number of words that suits them. 5 words should probably be OK with most users (and as you point out the attacker must first obtain the password file itself, which is hard if you turn on Dropbox 2-factor auth).

    Edit: here's a good article on the subject:

    http://arstechnica.com/security/2012/08/passwords-under-assault/
     
  9. scarred macrumors 6502a

    Joined:
    Jul 24, 2011
    #9
    1) The folks at 1Password have done their best to make the database really tough to crack. I use 1Password and if my computer got stolen, I wouldn't need to panic. I'd still go and reset all my passwords, just to be sure, but it wouldn't be a huge rush at all. You'd probably even be safe not changing any password, but peace of mind is worth something.

    2) This is a PITA. I ended up buying 1Password for Windows as well, so that my work machine has access to all my crazy insane passwords. If you are using a public machine... sigh. still can't believe people use them... just don't.

    1Password is step 1 to organizing your digital life. Once you start using a password locker, you realize just how important your data is, and you should get a backup plan as well. Time capsule/back blaze/crash plan/arq, whatever... something.
     
  10. Broph thread starter macrumors 6502

    Broph

    Joined:
    Jun 23, 2010
    Location:
    New Zealand
    #10
    Thanks for all the awesome information, guys.

    I'll have a read over it when I get home.

    I know it's not ideal, but another option is to have them stored in a text file, in dropbox. I have two-step verification with dropbox, so they send me a text message with a code so I can login.

    If I forget a password for a site, it's obviously one I don't use too often, therefore won't be too much of a hassle having to go in to dropbox and seeing what it is.
     
  11. cuestakid macrumors 68000

    Joined:
    Jun 14, 2006
    Location:
    San Fran
    #11
    I am a strong supporter of 1password. I have it on all my devices (ipad, iphone, mac and windows machine). It is one of the best apps I have ever bought for any OS.

    James Craner is spot on-yes you have one password (hence the name) and that unlocks a keychain that contains all your passwords(I will mention you can also store information for web forms like addresses, Credit Cards and eve software licenses). The key point is to make a very secure master password.


    Assuming you have 1password installed, each time you log onto a site, you are prompted to save the credentials to your 1password keychain. The best way to keep it always updated is to use dropbox. They have step by step instructions on how to set this up.
     
  12. James Craner macrumors 68000

    James Craner

    Joined:
    Sep 13, 2002
    Location:
    Bristol, UK
    #12
    I think one of the best bits about 1password is it is so easy to use, and much, much quicker to enter secure passwords automatically onto different websites with a different password for each one, all kept in a sure database. Even if you can remember different passwords on each site it is much quicker for 1Password to automatically log you in each time. 1password can also be used for many other things as well. Take a look at the link that I posted on my first reply.
     
  13. balamw Moderator

    balamw

    Staff Member

    Joined:
    Aug 16, 2005
    Location:
    New England
    #13
    As Broph mentions, there is an iOS version of 1Password which comes in handy here. For example, when I want to access something from my work computer that I have a password for, I reach for my iPhone and enter the password manually.

    B
     
  14. blevins321 macrumors 68030

    Joined:
    Dec 24, 2010
    Location:
    Winnipeg, MB
    #14
    I do this too. It's very handy and IMHO, the app is very well built.
     

Share This Page