Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

best password manager

hehe299792458

hehe299792458

macrumors 6502a
Original poster
Dec 13, 2008
783
3
I'm looking for something more comprehensive than FF's inbuilt password. However, I was also hoping that the password manager would integrate nicely with Firefox. Right now, I'm looking at KeePassX and 1password. KeePassX is exactly what I want (secure, open source, etc) but I can't seem to figure out a way to integrate it seamlessly with FF- does anyone know how? As for 1password, I have difficulty trusting my password with it as it's close source and I'm paranoid that the commercial developer who coded it might have left a backdoor somewhere in the program (I know the probabilities of that are trivial, but as I said, I'm paranoid). So, are there any better alternatives out there? Thanks! :D
 
I've used 1Password since converting to OS X. I HIGHLY recommend it, especially if you have an iPod Touch or an iPhone. Get the mobile version (~$5) and you have all the features pretty much in your hand when traveling.

hehe299792458 said:
I'm looking for something more comprehensive than FF's inbuilt password. However, I was also hoping that the password manager would integrate nicely with Firefox. Right now, I'm looking at KeePassX and 1password. KeePassX is exactly what I want (secure, open source, etc) but I can't seem to figure out a way to integrate it seamlessly with FF- does anyone know how? As for 1password, I have difficulty trusting my password with it as it's close source and I'm paranoid that the commercial developer who coded it might have left a backdoor somewhere in the program (I know the probabilities of that are trivial, but as I said, I'm paranoid). So, are there any better alternatives out there? Thanks! :D
Click to expand...
 
hehe299792458 said:
As for 1password, I have difficulty trusting my password with it as it's close source and I'm paranoid that the commercial developer who coded it might have left a backdoor somewhere in the program (I know the probabilities of that are trivial, but as I said, I'm paranoid).
Click to expand...

The possibility is definitely non-trivial. KeePassX is your best bet, but I haven't seen any sort of integration with FF. It's better that way anyways.
 
miles01110 said:
The possibility is definitely non-trivial. KeePassX is your best bet, but I haven't seen any sort of integration with FF. It's better that way anyways.
Click to expand...

Keepass is really what I've been looking for. However, the mac port, KeePassX, is really cumbersome with FF, and I'm too lazy to open another application every time I need to login to some website whose password I can't remember
 
The choice: Paranoid or Lazy.

I'm pretty paranoid myself but have never had any problems with 1Password. Prior to that I used PasswordPlus (but don't recommend it for OS X use).

If you are paranoid against any closed source application, then that limits the options.

Edit: I looked at some of the others including KeePassX and LastPass. KeePassX is not even a fully released application and could die from lack of development. LastPass seems to be a subscription service. Don't pay, lose access. There is a free version but am worried about activation/subscription issues that may leave a backdoor open. Think I will stick to 1Password. It has a good following and LOTS of recommendations.
 
TonyK said:
The choice: Paranoid or Lazy.
Click to expand...

There you have it.

If you are paranoid against any closed source application, then that limits the options.
Click to expand...

It does. In the security world, "open" beats "closed" almost every time. I just don't trust 1Password.

KeePassX is not even a fully released application and could die from lack of development.
Click to expand...

Maybe; but KeePassX is based off of KeePass (Windows only) which is in version 2.0-something. Even if it never makes it to RC it has a good following and the project has a good reputation in the circles that matter.
 
I absolutely love 1Password. I really don't think you have anything to worry about. I really get the vibe that Agile (the developer) are really passionate about their product and I don't see them doing something like that. And it integrates with pretty much any browser beautifully.
 
Scorch07 said:
I absolutely love 1Password. I really don't think you have anything to worry about. I really get the vibe that Agile (the developer) are really passionate about their product and I don't see them doing something like that. And it integrates with pretty much any browser beautifully.
Click to expand...
+1

I also use 1Password and I think it is a great product. If it is any consolation about back-doors... the vault for this program is 100% in your control. It is not hosted by Agile in any way.

/Jim
 
Then a question. What are you doing running OS X, which is a closed system? Yes there is Darwin, the open source sibling, but OS X itself is closed (the enhancements that make Darwin in to OS X).

If "open" always beats "closed", there seems to be very few choices for an OS then, right?

At some point a user has to trust someone or something. Email is going to cross between open and closed systems. So do the packets that make up the Internet.

Just because something is open does not mean someone has not planted a backdoor, only that it has not been caught YET.

Agile has a good reputation and a large following.

miles01110 said:
...
It does. In the security world, "open" beats "closed" almost every time. I just don't trust 1Password.
...
Click to expand...
 
TonyK said:
Then a question. What are you doing running OS X, which is a closed system?
Click to expand...

I'm running OS X?
If "open" always beats "closed", there seems to be very few choices for an OS then, right?
Click to expand...

Not really. There are more Linux distros than I care to even hear about, some more useful than others.

Just because something is open does not mean someone has not planted a backdoor, only that it has not been caught YET.
Click to expand...

True, but the odds of a backdoor being caught- due to the openness of the code- is much higher, and therefore can be patched faster. The situation you described above is exactly why virtually every proprietary "encryption" scheme utterly fails. People that use and espouse the values of closed security software are tacitly accepting that the code is secure without the benefit of close examination.

Agile has a good reputation and a large following.
Click to expand...

A good reputation and a large following among who? People that don't know any better? People that store their passwords and then have them autofill in each website they visit?

edit: Before you try to sound smart and correct me; I am well aware that 1Password claims to use AES-128 encryption, which is indeed an open standard. The problem in this case is that any common encryption algorithm that is suitable for any kind of sensitive information (AES, Triple DES, etc) is non-trivial to implement. Even government contractors get it wrong all the time. While I'm sure Agile has given it their best shot, I still have my doubts. But nobody will ever know if it's implemented correctly since the code isn't open for review (and given Agile's perfectly reasonable goal to profit from their software, it has no reason to be).
 
miles01110 said:
I'm running OS X?
Click to expand...

If you aren't, why post in a Mac based forum? If you aren't running OS X, then you are running a closed source OS with the closed "enhancements" Apple adds.

Not really. There are more Linux distros than I care to even hear about, some more useful than others.
Click to expand...

BTDT since the early/mid 1990's. That is why I'm running OS X now and not Linux. That and I need applications, closed and open source, to get my work done.

True, but the odds of a backdoor being caught- due to the openness of the code- is much higher, and therefore can be patched faster. The situation you described above is exactly why virtually every proprietary "encryption" scheme utterly fails. People that use and espouse the values of closed security software are tacitly accepting that the code is secure without the benefit of close examination.
Click to expand...

The same is true in a lot of day-to-day transactions. Banks and other financial institutions for instance. We've just come through some horrible experiences but because people could not see the "true" condition of the banks, they had to take people's word they were secure.

That may be making your point except we cannot investigate everything all the time. There comes a time when we have to accept "some" risk and take things at face value.

Again, I tend to be paranoid. There are things I won't even consider, such as online backups. I no longer trust online banking from any financial software (I use a browser and my bank's website - it does lesson the attack vectors) and even if I know you, I generally will not click on any links you send me. Paranoia does come in handy some days. :D


A good reputation and a large following among who? People that don't know any better? People that store their passwords and then have them autofill in each website they visit?

edit: Before you try to sound smart and correct me; I am well aware that 1Password claims to use AES-128 encryption, which is indeed an open standard. The problem in this case is that any common encryption algorithm that is suitable for any kind of sensitive information (AES, Triple DES, etc) is non-trivial to implement. Even government contractors get it wrong all the time. While I'm sure Agile has given it their best shot, I still have my doubts. But nobody will ever know if it's implemented correctly since the code isn't open for review (and given Agile's perfectly reasonable goal to profit from their software, it has no reason to be).
Click to expand...

Not being a security expert, I cannot out talk you. Won't even try. But the OP asked for the BEST password manager. That is usually a matter of personal opinion. We each have our own needs and requirements. Your primary requirement is open source. Mine is not.

Can we agree to disagree on this?

Take care,
 
miles01110 said:
A good reputation and a large following among who? People that don't know any better? People that store their passwords and then have them autofill in each website they visit?

edit: Before you try to sound smart and correct me; I am well aware that 1Password claims to use AES-128 encryption, which is indeed an open standard. The problem in this case is that any common encryption algorithm that is suitable for any kind of sensitive information (AES, Triple DES, etc) is non-trivial to implement. Even government contractors get it wrong all the time. While I'm sure Agile has given it their best shot, I still have my doubts. But nobody will ever know if it's implemented correctly since the code isn't open for review (and given Agile's perfectly reasonable goal to profit from their software, it has no reason to be).
Click to expand...
You could have worded that better. People who don't know any better? 1Password is widely respected in the whole Mac community. Major publications like Macworld have recommended it countless times. Are you saying Macworld doesn't know any better? Sure, Fort Knox isn't going to use it, but for regular consumers it's plenty powerful.
 
If you are that paranoid, don't use a computer. For everyone else, there's 1Password. I wouldn't even think of looking elsewhere for a password manager.
 
Another Vote for 1Password :D

Have been using it for years, no problems. I'm also very security concerned and feel comfortable using 1Password.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back