Password applications

kate2kate

macrumors newbie
Original poster
Aug 5, 2012
13
0
Are the apps that store and track your passwords safe? I have come to the point where keeping track of my passwords is not working.

If they are safe can you recommend one?

Thanks,
Katie
 

Rusty33

macrumors 6502
Jul 8, 2011
272
52
Australia
Are the apps that store and track your passwords safe? I have come to the point where keeping track of my passwords is not working.

If they are safe can you recommend one?

Thanks,
Katie
I've heard good things about 1Password...but have not tried any myself. I have been reluctant to jump onboard due to similar concerns...I'm just not sure that I am comfortable with all of my passwords being uploaded to some private vendors server...

Any thoughts from those with experience would be greatly appreciated!
 
Comment

flynz4

macrumors 68040
Aug 9, 2009
3,131
37
Portland, OR
I've heard good things about 1Password...but have not tried any myself. I have been reluctant to jump onboard due to similar concerns...I'm just not sure that I am comfortable with all of my passwords being uploaded to some private vendors server...

Any thoughts from those with experience would be greatly appreciated!
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.

You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.

The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.

The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.

When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4

Also, many sites also ask your birthday. I use different birthdays for every site.

Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.

Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.

/Jim
 
Last edited:
Comment

JoelBC

macrumors 6502a
Jun 16, 2012
661
4
+1 for 1Password, I use it on for my iOS, OS X and Windows devices, works very well and reliably across all platforms...

Only regret -- which has nothing to do with 1Password -- is that I do wish work would let me use a MBA or rMBP rather than the clumsy laptop that I know have...
 
Comment

glenthompson

macrumors 68020
Apr 27, 2011
2,035
168
Florida
Jim covers the subject very well. I have used both LastPass and 1Password (my current).

LastPass has the advantage of using a centralized storage site so multiple people can share a vault easily. My wife and I use one vault with different identities. Easier to share passwords. It has the downside of having your passwords stored on their server so it's an attack target.

Sharing vaults in 1Password is more difficult but I like the overall feel and operation of the program better.
 
Comment

BasicGreatGuy

macrumors G5
Sep 21, 2012
12,589
12,010
In the middle of several books.
I highly recommend testing out several password managers. I would start out with 1Password. They offer a 30 day trial. I believe the program is worth the money. However, it may not fit your needs or budget. Test LastPass, OneSafe, Enpass, and several others, if need be.
 
Comment

Booch21

macrumors regular
Oct 13, 2010
174
68
I've been using LastPass for about a year now. I'm very pleased with it and recommend it highly.
I've been using it for over two years. It's great for me, especially when I'm at work and I need to look up a password that I don't know.
 
Comment

flynz4

macrumors 68040
Aug 9, 2009
3,131
37
Portland, OR
Jim covers the subject very well. I have used both LastPass and 1Password (my current).

LastPass has the advantage of using a centralized storage site so multiple people can share a vault easily. My wife and I use one vault with different identities. Easier to share passwords. It has the downside of having your passwords stored on their server so it's an attack target.

Sharing vaults in 1Password is more difficult but I like the overall feel and operation of the program better.
My wife and I share a single vault. I created a shared folder in dropbox for the two of us, and we keep the vault in there. Neither one of us is worried about each other in our personal accounts. It does complicate things a tiny bit because when we visit a site where we both have accounts... we get the menu to select which login to use. For example, if we go to iCloud.com, 1Password pop up gives us the option for:
  • iCloud (Deb)
  • iCloud (Jim)
Because she comes first, all she has to do is hit return. I hit down-arrow then return.

/Jim
 
Comment

Primejimbo

macrumors 68040
Aug 10, 2008
3,295
131
Around
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.

You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.

The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.

The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.

When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4

Also, many sites also ask your birthday. I use different birthdays for every site.

Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.

Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.

/Jim
+1 for 1Password, I use it on for my iOS, OS X and Windows devices, works very well and reliably across all platforms...

Only regret -- which has nothing to do with 1Password -- is that I do wish work would let me use a MBA or rMBP rather than the clumsy laptop that I know have...
Another one for 1Password. Easy to use and the support is great.

----------

Jim covers the subject very well. I have used both LastPass and 1Password (my current).

LastPass has the advantage of using a centralized storage site so multiple people can share a vault easily. My wife and I use one vault with different identities. Easier to share passwords. It has the downside of having your passwords stored on their server so it's an attack target.

Sharing vaults in 1Password is more difficult but I like the overall feel and operation of the program better.
My wife and I both have it. We both have an iPhone and a iPad each, and share a Mac Mini (media hub). Each of our iDevices we have our own vaults and that's all, but on the Mac we have a primary vault and a secondary vault. The primary vault is mine and the secondary is hers. We have all out password separated, but we not have access to both vaults. It was very easy to set up this as well and everything syncs fine.
 
Comment

Rusty33

macrumors 6502
Jul 8, 2011
272
52
Australia
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.

You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.

The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.

The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.

When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4

Also, many sites also ask your birthday. I use different birthdays for every site.

Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.

Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.

/Jim
Thank you for this endorsement - much appreciated. I'm going to give it a whirl!
 
Comment

Pharmscott

macrumors 6502a
Dec 13, 2011
624
2
Sacramento, CA
Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.

/Jim
Yep, this is great. LastPass has a similar feature.
 
Comment

vixster1901

macrumors regular
Apr 25, 2009
179
164
+1 1password....

another great feature is that I can sync to my server or other computer withOUT going through dropbox or cloud. 1password makes it easy to sync a file. As I make a change or update to a password on one computer, I copy the file to other computers at my home. And you can easily sync the database using 1password wifi syncing mechanism.
 
Comment

nebo1ss

macrumors 68030
Jun 2, 2010
2,772
1,460
1Password does not upload your passwords to the cloud. They are kept securely encrypted in a vault on your own computer.

You have the option to sync your password vault across your computers, and across you IOS devices. This can be via Drobpox, iCloud (both natively supported) or by any other method that you choose. Your vault is encrypted on your own machines(s), nothing unencrypted ever leaves your machine... so even if someone was to get cloud access to your vault... they only have access to strongly encrypted data.

The advantages of using unique passwords for every site far outweighs any perceived risk of keeping your passwords in a vault. For example, a friend of mine had his Amazon.com account hacked, which he learned about when their security department called to verify a purchase. They cancelled the purchase, and instructed him to go in through the site and change his password. The problem is... without unique passwords, the thief can then try that same password at other sites such as banking, stocks, 401Ks, etc... and wipe you out.

The other great thing is that your passwords are not only unique, but also complex. An example of a password might be: gXpAK3Vax@Gax9H2vQvHA#vV but I never need to type or know that. When I go to a site, I just press a hotkey and it (along with my username) is automatically entered for me. If my vault is locked (the normal case)... then I am prompted for my single password that I use to unlock my vault. My personal password is also complex and virtually uncrackable, but sheer muscle memory allows me to type it in without thinking about it... my fingers just fly over the keyboard.

When you go in and change your passwords to unique complex passwords... I also suggest that you change your secret questions. Mother maiden name, first elementary school, high school mascot... etc. What a crock, this is a blatant security hole as most of this type of information is easily available online. So for example, by using 1Password, the name of my favorite pet might be: aPcWuhwuQmL9GwCjBve[^9K4

Also, many sites also ask your birthday. I use different birthdays for every site.

Finally, I got an extra unexpected benefit from 1Password. After the Heartbleed bug was found earlier this year (approximately ~2/3 of all servers in the world were affected)... 1Password provided an update that downloads the status off all servers... and then informs you when and if you should update your password for a specific site. At the time, I had 303 stored passwords, and 1Password flagged 101... exactly 1/3. When you use 1Password, if you are entering a site which was infected with Heartbleed (and now fixed)... you get a red banner to update your password. This was a HUGE increase to my personal security.

Bottom line... these things are fantastic. There are many password managers out there now, and they work differently. I chose 1Password since it has been the most popular for the longest time. It is a lot of work to convert all of your passwords, and I want to be with a company who is likely to survive in the long haul. I'd prefer to never have to go through the exercise again.

/Jim
Between your first and second Paragraph you have contradicted yourself. On the one hand you say it never leaves the device then you start talking about syncing using Dropbox and ICloud.
 
Comment

AndyK

macrumors 65816
Jan 10, 2008
1,021
375
Terra
+1 for 1password here. I'm forced to use a Windows machine for some things so the fact I can sync 1password via my dropbox to my mac, iPhone and windows machine & it all 'just work' makes it worth double what I pay for it for me.
 
Comment

jw12345678

macrumors member
Jan 28, 2009
89
2
UK
1Password

Another vote for 1Password. The new phone/ipad app makes it even better than before with the new extensions facility in IOS 8. Now you can access and insert your log details stored in 1Password straight into Safari. Thats been the missing function needed for so long....
 
Comment

glenthompson

macrumors 68020
Apr 27, 2011
2,035
168
Florida
Between your first and second Paragraph you have contradicted yourself. On the one hand you say it never leaves the device then you start talking about syncing using Dropbox and ICloud.
No contradiction, you can run 1Password entirely on your Mac and never put the vault on any other device. Those of us that want to access our vault from different devices and locations have the option to sync via iCloud or DropBox. Unlike some apps you are not required to store your data in the cloud.
 
Comment

flynz4

macrumors 68040
Aug 9, 2009
3,131
37
Portland, OR
Between your first and second Paragraph you have contradicted yourself. On the one hand you say it never leaves the device then you start talking about syncing using Dropbox and ICloud.
The second paragraph starts with: You have the option to sync your password vault across your computers

No contradiction at all. You do not need to use dropbox or any other cloud service. You can choose to not sync your vault if you wish... or you can duplicate it using manual means or anything else you desire.

Personally, I use dropbox. Since my vault is securely encrypted with a strong password, then it is the best option for my needs.

/Jim
 
Last edited:
Comment

flynz4

macrumors 68040
Aug 9, 2009
3,131
37
Portland, OR
Another vote for 1Password. The new phone/ipad app makes it even better than before with the new extensions facility in IOS 8. Now you can access and insert your log details stored in 1Password straight into Safari. Thats been the missing function needed for so long....
Thanks! I didn't realize that IOS 8 broke down the walls for password sharing!!! I agree, this function was long overdue.

It was also nice to see the 1Password5 was free, and that the pro-features were auto enabled for those of us who were on 1Password 4.

/Jim
 
Comment

Basilfawltyone

macrumors regular
Sep 2, 2013
105
5
Chicago, IL
I use OneSafe, more "Macish" and easy and intuitive.

I use it daily and it has less bells and whistles than 1PW but it has exactly what I need and use.

I prefer to use Apples Keychain for filling passwords in Safari, and not third party apps. Use it more as a safe for cc, wills, passports, loyalty cards, login info but no auto fill. Now with the latest update even better.
 
Comment

Similar threads

  • russell_314
5
Replies
5
Views
395
  • nelly22
0
Replies
0
Views
177
  • Huntn
66
Replies
66
Views
5K
Replies
0
Views
399
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.