I still prefer to have all my passwords in one place (which 1Password does not offer, it does not store your iTunes password unless you manually copy it over and if you change it you have to remember to manually copy it over again) to having security questions as they mean every website that employs them knows your "master passwords", they might hash and salt them to protect you against their systems being compromised but still. You could naturally treat them as a second set of passwords, but then you basically never use them which means you have to store them somewhere. And if you can do this, why not store the original password directly?
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple May Add Secure Password Suggestions to Safari with OS X Mountain Lion
- Thread starter MacRumors
- Start date
- Sort by reaction score
Don't do that.
They likely store a one-way hash of your password but store the plain text of your answers to the questions. If their database is compromised, your hashed password is useless but your answers to the questions are not.
A person who re-use passwords with other services will have the security of their password compromised by using it as an answer to the questions, in event of a breach.
On the other hand, people who re-use answers to the questions will have the security of those answers compromised in event of a breach.
The only safe thing to do with those security questions is to generate random answers and save them somewhere like 1Password.
They likely store a one-way hash of your password but store the plain text of your answers to the questions. If their database is compromised, your hashed password is useless but your answers to the questions are not.
A person who re-use passwords with other services will have the security of their password compromised by using it as an answer to the questions, in event of a breach.
On the other hand, people who re-use answers to the questions will have the security of those answers compromised in event of a breach.
The only safe thing to do with those security questions is to generate random answers and save them somewhere like 1Password.
A very modest search did not reveal the method the Sky people used, but in general it seems that it takes a really big effort to hack an account. While the rich and famous, and of course sensitive sites, need decent security, even half-arsed passwords would seem to protect the average person because nobody would even try to hack us.
All the password frenzy for iTunes or ATV is silly. There just isn't enough at stake to worry about.
Well, if you use a password manager you should never loose the original password anyway and you could use completely random stuff for the security questions.
And I find it hard to believe that a website would hash a password but not the security questions, they are probably even liklier to be reused by the user. If they are that thoughtless they likely make a lot of other mistakes.
Data loss/corruption, and password compromise. A second set of passwords stored somewhere else (bank vault) won't disappear or need to get changed with the first.
I don't know why anyone would want anything else?
One thing of course that this will have is the iOS integration too.
Well, if you use a password manager you should never loose the original password anyway and you could use completely random stuff for the security questions.
And I find it hard to believe that a website would hash a password but not the security questions, they are probably even liklier to be reused by the user. If they are that thoughtless they likely make a lot of other mistakes.
----------
It is saver to store a second set of passwords somewhere else than to store another copy of the original passwords somewhere else?
But then you do with 1password...
Agreed that it might not "stay" in the (1password) cloud but it sure have to be there at some point to sync...
EDIT:
At least, that's encrypted, so it seems...
O.T. but what about the "Notifications" tab in Safari?
I'm no apple dev and I heard about that new feature on ML but I didn't knew it was (and don't completely understand why it is) Safari's business to control that feature...
Last edited:
1Password as well as other apps like Keychain2Go can sync directly via a WiFi connection without any data leaving the WiFi network which does not even have to be connected to the internet.But then you do with 1password...
Agreed that it might not "stay" in the (1password) cloud but it sure have to be there at some point to sync...
Right, but (technically) someone could eaves drop on your network (might it be someone in your own house... Mouhahahahaha) So you have to make sure you store that WiFi password in a safe place... like 1password (wait...
)Hopefully this will pan out as actual implemented feature in OS X and iOS. 1Password is great app on OS X but on iOS side it suffers from lack of integration to the point that I "hate" when I have to use it on iOS. Unfortunately AgileBits can't do anything about the iOS integration so I guess they better start looking for another source of income since one could assume this will have serious negative impact on their bottom line. Unfortunately it's really sad to see stuf like this happening to developers. Reminds me of Konfabulator and how the introduction OS X widgets impacted the developer...
This is great news for consumers. Sure there are alternative options already out there, but most of them are badly designed and complicated to use. OS X Mountain Lion is going to be awesome and mind-blowing in so many ways. And with the Windows 8 trainwreck around the corner, Apple is going to gain more Mac users than ever before.
At this point I don't think so... but MobileMe did sync bookmarks and such... Apple appears to want iCloud to be desktop agnostic so it would make sense to have password sync be cross platform. Have to wait and see
And I never tried 1Password. I prefer to utilize my own methodology for passwords.
Passwords to be available automatically without having to record them manually? How would that work for hackers and identity thieves? Would it enable them to access all accounts by gaining access through the Cloud?
Seriously?
Who ever stores passwords on their browser, is just asking for it. Why don't you go ahead and store you bank account password while your at it.
Who ever stores passwords on their browser, is just asking for it. Why don't you go ahead and store you bank account password while your at it.
Another addition to the most underrated browser ever. Why? Safari the best Mac browser, and "pros" think it sucks just because it is default. They've learned a little too much from Windows.
----------
I do store my bank account password. What, is Apple going to steal it? Because nobody has ever stolen any of my passwords, including the intentionally insecure ones (I'll just give it out: dddddd is the password for my worthless accounts).
----------
Encryption...
----------
So this is Keychain with a little more automation. A master password (Keychain does this) that controls passwords for sites (Keychain does this) and can randomly generate passwords (Keychain does this, but not automatically).
Very good.
----------
I do store my bank account password. What, is Apple going to steal it? Because nobody has ever stolen any of my passwords, including the intentionally insecure ones (I'll just give it out: dddddd is the password for my worthless accounts).
----------
Right, but (technically) someone could eaves drop on your network (might it be someone in your own house... Mouhahahahaha) So you have to make sure you store that WiFi password in a safe place... like 1password (wait...
Encryption...
----------
So this is Keychain with a little more automation. A master password (Keychain does this) that controls passwords for sites (Keychain does this) and can randomly generate passwords (Keychain does this, but not automatically).
Very good.
There's a certain kind of web dropdown that 1Password can't handle, because Safari has no API to let it do so (an example: login at ipay.adp.com). Other than that, I have been very happy with 1Password and doubt that the Apple functionality will be better, since 1P handles a lot more than passwords. As for password generation, I use the make-a-pass widget, which I think is better than what both 1P and Apple will do.
There's no way of viewing stored passwords in Safari is there? Meaning once you start using complex generated passwords, there's no way back. If it doesn't work 100%, you are a bit screwed as you can't switch to a different solution. I use mSecure at the moment but an integrated solution that works with Safari iOS does sound appealing. At the back of my mind though, I wonder about trusting Apple to get it right, all the time. I still have to type my iCloud password into Mail every time I wake my MBP from sleep, which is an annoying bug.
Yes there is, Keychain Access in your Applications/Utilities Folder.
Open it and you see all your keychains, click on one and then show password, you then have to provide your Main password to see it.
Why do I feel third party developers are not going to make anything for the Mac anymore?
Apple either buys their company to use the product, or takes the idea and does it themselves.
If I was 1Password, or some other password storing company, I'd be a little worried and upset.
Software like Siri, 1Password, Things, etc are already included in iOS and/or Mac that someone else had started. Apple should just help these guys better integrate into their device rather than buy or take the idea and use it themselves.
That's just my .02
Apple either buys their company to use the product, or takes the idea and does it themselves.
If I was 1Password, or some other password storing company, I'd be a little worried and upset.
Software like Siri, 1Password, Things, etc are already included in iOS and/or Mac that someone else had started. Apple should just help these guys better integrate into their device rather than buy or take the idea and use it themselves.
That's just my .02
This is one of those features where you wonder why it hasn't been in there since day-one; after all, Safari can already remember passwords using the keychain, and OS X/keychain has had a usable (if not great) password generator UI for some time now.
However, unless other browsers follow suit and make better use of the keychain, then I don't see myself switching from 1Password personally.
With the password generator, cryptography and even the lookup process already available (and available for some time) then the rest is easy; just needs to use a list of sensible keywords to try to make a best guess at which fields are the username and password, maybe remember some other the other fields too. I just hope they remember to have the feature check the max length for the password field(s).
I really hope Apple will also make a bigger push for apps to integrate keychain support; it'd be nice if Steam would use it for example.
However, unless other browsers follow suit and make better use of the keychain, then I don't see myself switching from 1Password personally.
With the password generator, cryptography and even the lookup process already available (and available for some time) then the rest is easy; just needs to use a list of sensible keywords to try to make a best guess at which fields are the username and password, maybe remember some other the other fields too. I just hope they remember to have the feature check the max length for the password field(s).
I really hope Apple will also make a bigger push for apps to integrate keychain support; it'd be nice if Steam would use it for example.
Last edited:
Hey you are right, I guess I was used to the iPhone version, as on iPhone I just tap. On the iPad for some reason you have to tap and hold for it to show up. Oh well, it works for me.