best password manager

Discussion in 'Mac Apps and Mac App Store' started by hehe299792458, Feb 13, 2010.

  1. hehe299792458 macrumors 6502a

    hehe299792458

    Joined:
    Dec 13, 2008
    #1
    I'm looking for something more comprehensive than FF's inbuilt password. However, I was also hoping that the password manager would integrate nicely with Firefox. Right now, I'm looking at KeePassX and 1password. KeePassX is exactly what I want (secure, open source, etc) but I can't seem to figure out a way to integrate it seamlessly with FF- does anyone know how? As for 1password, I have difficulty trusting my password with it as it's close source and I'm paranoid that the commercial developer who coded it might have left a backdoor somewhere in the program (I know the probabilities of that are trivial, but as I said, I'm paranoid). So, are there any better alternatives out there? Thanks! :D
     
  2. TonyK macrumors 6502a

    TonyK

    Joined:
    May 24, 2009
    #2
    I've used 1Password since converting to OS X. I HIGHLY recommend it, especially if you have an iPod Touch or an iPhone. Get the mobile version (~$5) and you have all the features pretty much in your hand when traveling.

     
  3. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #4
    The possibility is definitely non-trivial. KeePassX is your best bet, but I haven't seen any sort of integration with FF. It's better that way anyways.
     
  4. hehe299792458 thread starter macrumors 6502a

    hehe299792458

    Joined:
    Dec 13, 2008
    #5
    Keepass is really what I've been looking for. However, the mac port, KeePassX, is really cumbersome with FF, and I'm too lazy to open another application every time I need to login to some website whose password I can't remember
     
  5. TonyK macrumors 6502a

    TonyK

    Joined:
    May 24, 2009
    #6
    The choice: Paranoid or Lazy.

    I'm pretty paranoid myself but have never had any problems with 1Password. Prior to that I used PasswordPlus (but don't recommend it for OS X use).

    If you are paranoid against any closed source application, then that limits the options.

    Edit: I looked at some of the others including KeePassX and LastPass. KeePassX is not even a fully released application and could die from lack of development. LastPass seems to be a subscription service. Don't pay, lose access. There is a free version but am worried about activation/subscription issues that may leave a backdoor open. Think I will stick to 1Password. It has a good following and LOTS of recommendations.
     
  6. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #7
    There you have it.

    It does. In the security world, "open" beats "closed" almost every time. I just don't trust 1Password.

    Maybe; but KeePassX is based off of KeePass (Windows only) which is in version 2.0-something. Even if it never makes it to RC it has a good following and the project has a good reputation in the circles that matter.
     
  7. Scorch07 macrumors 6502

    Joined:
    Dec 16, 2007
    #8
    I absolutely love 1Password. I really don't think you have anything to worry about. I really get the vibe that Agile (the developer) are really passionate about their product and I don't see them doing something like that. And it integrates with pretty much any browser beautifully.
     
  8. flynz4 macrumors 68040

    Joined:
    Aug 9, 2009
    Location:
    Portland, OR
    #9
    +1

    I also use 1Password and I think it is a great product. If it is any consolation about back-doors... the vault for this program is 100% in your control. It is not hosted by Agile in any way.

    /Jim
     
  9. TonyK macrumors 6502a

    TonyK

    Joined:
    May 24, 2009
    #10
    Then a question. What are you doing running OS X, which is a closed system? Yes there is Darwin, the open source sibling, but OS X itself is closed (the enhancements that make Darwin in to OS X).

    If "open" always beats "closed", there seems to be very few choices for an OS then, right?

    At some point a user has to trust someone or something. Email is going to cross between open and closed systems. So do the packets that make up the Internet.

    Just because something is open does not mean someone has not planted a backdoor, only that it has not been caught YET.

    Agile has a good reputation and a large following.

     
  10. miles01110 macrumors Core

    miles01110

    Joined:
    Jul 24, 2006
    Location:
    The Ivory Tower (I'm not coming down)
    #11
    I'm running OS X?
    Not really. There are more Linux distros than I care to even hear about, some more useful than others.

    True, but the odds of a backdoor being caught- due to the openness of the code- is much higher, and therefore can be patched faster. The situation you described above is exactly why virtually every proprietary "encryption" scheme utterly fails. People that use and espouse the values of closed security software are tacitly accepting that the code is secure without the benefit of close examination.

    A good reputation and a large following among who? People that don't know any better? People that store their passwords and then have them autofill in each website they visit?

    edit: Before you try to sound smart and correct me; I am well aware that 1Password claims to use AES-128 encryption, which is indeed an open standard. The problem in this case is that any common encryption algorithm that is suitable for any kind of sensitive information (AES, Triple DES, etc) is non-trivial to implement. Even government contractors get it wrong all the time. While I'm sure Agile has given it their best shot, I still have my doubts. But nobody will ever know if it's implemented correctly since the code isn't open for review (and given Agile's perfectly reasonable goal to profit from their software, it has no reason to be).
     
  11. TonyK macrumors 6502a

    TonyK

    Joined:
    May 24, 2009
    #12
    If you aren't, why post in a Mac based forum? If you aren't running OS X, then you are running a closed source OS with the closed "enhancements" Apple adds.

    BTDT since the early/mid 1990's. That is why I'm running OS X now and not Linux. That and I need applications, closed and open source, to get my work done.

    The same is true in a lot of day-to-day transactions. Banks and other financial institutions for instance. We've just come through some horrible experiences but because people could not see the "true" condition of the banks, they had to take people's word they were secure.

    That may be making your point except we cannot investigate everything all the time. There comes a time when we have to accept "some" risk and take things at face value.

    Again, I tend to be paranoid. There are things I won't even consider, such as online backups. I no longer trust online banking from any financial software (I use a browser and my bank's website - it does lesson the attack vectors) and even if I know you, I generally will not click on any links you send me. Paranoia does come in handy some days. :D


    Not being a security expert, I cannot out talk you. Won't even try. But the OP asked for the BEST password manager. That is usually a matter of personal opinion. We each have our own needs and requirements. Your primary requirement is open source. Mine is not.

    Can we agree to disagree on this?

    Take care,
     
  12. Scorch07 macrumors 6502

    Joined:
    Dec 16, 2007
    #13
    You could have worded that better. People who don't know any better? 1Password is widely respected in the whole Mac community. Major publications like Macworld have recommended it countless times. Are you saying Macworld doesn't know any better? Sure, Fort Knox isn't going to use it, but for regular consumers it's plenty powerful.
     
  13. santaliqueur macrumors 6502a

    Joined:
    Aug 7, 2007
    #14
    If you are that paranoid, don't use a computer. For everyone else, there's 1Password. I wouldn't even think of looking elsewhere for a password manager.
     
  14. dcl macrumors regular

    dcl

    Joined:
    May 28, 2006
    Location:
    Calif.
    #15
    Another Vote for 1Password :D

    Have been using it for years, no problems. I'm also very security concerned and feel comfortable using 1Password.
     

Share This Page