1Password – Who really needs this, right?

February 8, 2008 at 12:34 am 1 comment

1Password is an application looking for a problem.  I mean, who really needs a password manager, right?  That’s what I used to think.

Last month, it was part of the MacHeist II bundle.  I looked over the demo videos on their website and was happily surprised to see that it supports all the browsers I use…  (Omniweb, Firefox, Safari, and Camino)  I was even more surprised to see that it actually looked very useful, particularly with the password generation and the fact that it has a single database that all of these various browsers can pull data from.

After much deliberation, I bought the $49 bundle ($39 for me, since I had participated in the “Heists”).  So far, 1Password is the only tool from it that I use on a daily basis.

Security experts say we shouldn’t use the same password on more than one website.  I had a real hard time with this.  I mostly used the same base password with one or two characters different, but only if it was a site that I felt needed to be secure.  For most of the “forum” sites that I visit, I used the same password.  With 1Password, I’ve seen the light.  1Password has a feature that generates random passwords for you.  Just set the password length, along with how many special characters and numbers to use, and it creates passwords for you that anyone would have trouble guessing.  I’ve visited the majority of financial related websites that I frequent and used this tool to change all of my passwords, usually to the maximum number of characters that the website allows.

A feature that I didn’t know existed is one that looks very, very interesting.  It syncs with the iPhone so you can have password protected bookmarks that automatically log you into your 1Password sites.  Since I don’t have an iPhone (yet), I can’t actually test this, but it sounds like a killer feature.  (If anyone wants to send me an iPhone to test this out, I’d be more than willing to oblige and post the results.)

Now, I still have some concerns about this…  If I have a completely unrecoverable failure with my machine, I’d be in serious trouble since I have no clue what my passwords are since I’ve never even actually typed them.  Fortunately, I’m super-paranoid about backups.  I use TimeMachine, plus have a bootable clone made daily using SuperDuper (now Leopard compatible!).

I also question the security of 1Password.   The Mac platform has been getting some attention from hackers.  It is possible that 1Password will, itself, become a target because of the sensitive information it holds.  I could see the possibility of someone writing a trojan that accesses your 1Password database looking for all the places you’ve saved your passwords off to.   Of course, it is encrypted, but the possibility exists that it could be hacked somehow.

At this point, I’m not terribly concerned.  I honestly feel like my logins are more secure than they would be otherwise.  If only every website offered the RSA Secure-ID option.


Entry filed under: Mac.

Spotlight Experiences MacHeist II and Yazsoft

1 Comment Add your own

  • 1. dteare  |  February 8, 2008 at 11:01 am

    It’s awesome to hear 1Password is treating you well! We hear the phrase “this is not needed” a lot, but once tried, these same people love 1Password 🙂

    Regarding the security of 1Password, we use the Mac OS X Keychain that is shipped with every Mac. The Keychain is Open Source, is supported by Apple, and is so widely used that if there were a hole available it most likely would have been found and exploited by now.

    Of course trojans and other malware are nasty business, and in theory once installed with root access they can do anything. However, 1Password adds an additional layer of security that protects you from the 2 most common attacks: Phishing and Keyloggers. 1Password will not fill your information into Phishers’ websites, and hides your information from the vast majority of keyloggers.

    No defense is perfect, and it is why a Defense in Depth approach to security is so critical. 1Password protects you from many things, but it does not mean you can be reckless and install untrusted applications or allow unprotected access to your machine.

    Be sure to stop by our forums and share your thoughts and ideas for improvement. As good as it is, we’re still actively improving 1Password 🙂


    –Dave Teare
    Co-author of 1Password
    Everyone is Switching to Mac!


Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


February 2008
« Jan   Mar »

Most Recent Posts

%d bloggers like this: