Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Wanted: Secure password manager for OS X 10.9.5 please
- Thread starter magentawave
- Start date
- Sort by reaction score
I've used 1Password the past few years on OS X, iOS and Android. I just switched to Lastpass. I think it's fantastic. I studied the security aspect at length of the cloud before switching -- it is safe when used properly.
I also added a Yubikey NEO for even more security. It provides constant 2-Factor OTP from a USB key on your keychain. Anyone lucky enough to guess your userid and password is still not able to decrypt your data. On Android, the key also provides NFC authentication. This would/will work on iOS if Apple opens up NFC access. Tap your phone with the key, and your password app opens. You have the option to remember userid and password, and just use the NFC key for authentication on your phone (if you want to assume keys and phone won't be stolen together...). The App also fills in Mobile Chrome passwords in a way similar to desktop Chrome/Safari! Very cool.
Finally, what if you lose your Yubikey? Well, after entering userid and password, you can actually tap a link to send an email which can be used to temporarily disable your Yubikey and provide access to your account with just userid and password. Scary, you say? Well, you can have the email with the disable link sent to any email address (set in your preferences). I'm using a friend I can usually reach fairly quickly. She knows not to click on that link unless I call (should it ever actually happen). So...if someone is lucky enough to guess my userid, long password, and disable my Yubilink key, they still can't get my data unless they have also hacked my friend's email account (which they aren't obviously aware of).
Finally, the Yubikey NEO can be used with Yubico Authenticator to securely generate 2-factor tokens for Google, Dropbox, etc just like Google Authenticator. However, it is obviously much more secure than Google Authenticator (key is needed). And...the Yubikey NEO also does the brand new U2F authentication process, just introduced by Google last week. Expect others to follow.
Overall, I like this combo much more than 1Password, even though my encrypted data resides in the cloud. I think I'm much more secure should any of my Macs, tablets or phones get stolen, and I'm not worried about the encrypted data on the cloud especially given the addition of the hardware Yubikey.
I also added a Yubikey NEO for even more security. It provides constant 2-Factor OTP from a USB key on your keychain. Anyone lucky enough to guess your userid and password is still not able to decrypt your data. On Android, the key also provides NFC authentication. This would/will work on iOS if Apple opens up NFC access. Tap your phone with the key, and your password app opens. You have the option to remember userid and password, and just use the NFC key for authentication on your phone (if you want to assume keys and phone won't be stolen together...). The App also fills in Mobile Chrome passwords in a way similar to desktop Chrome/Safari! Very cool.
Finally, what if you lose your Yubikey? Well, after entering userid and password, you can actually tap a link to send an email which can be used to temporarily disable your Yubikey and provide access to your account with just userid and password. Scary, you say? Well, you can have the email with the disable link sent to any email address (set in your preferences). I'm using a friend I can usually reach fairly quickly. She knows not to click on that link unless I call (should it ever actually happen). So...if someone is lucky enough to guess my userid, long password, and disable my Yubilink key, they still can't get my data unless they have also hacked my friend's email account (which they aren't obviously aware of).
Finally, the Yubikey NEO can be used with Yubico Authenticator to securely generate 2-factor tokens for Google, Dropbox, etc just like Google Authenticator. However, it is obviously much more secure than Google Authenticator (key is needed). And...the Yubikey NEO also does the brand new U2F authentication process, just introduced by Google last week. Expect others to follow.
Overall, I like this combo much more than 1Password, even though my encrypted data resides in the cloud. I think I'm much more secure should any of my Macs, tablets or phones get stolen, and I'm not worried about the encrypted data on the cloud especially given the addition of the hardware Yubikey.