Chanpory Rith
Jan 3, 2008
It’s tough keepin’ up with the gluttony of “insanely great” Mac utilities. Everyday, VersionTracker lists scores of new apps ready to tweak, optimize, and organize all the crap on your computer. For the most part, I ignore them. Usually, they’re so buggy and poorly designed, I just send them straight to trash after trying them out.
But there are always exceptions.
I’ve just discovered a utility that I now can’t live without. It’s called 1Password, and I’ll never ever throw it in the trash. So what does it do? Here’s the tagline straight from the developer’s website:
“1Password keeps track of all web passwords, automates sign-in, guards from identity theft.”
In other words, it’s the Barry Bonds of password management utilities, injecting your Keychain with a little something extra to hit a home run. It does the basics like storing web passwords, forms, and identity information. Where 1Password really flexes it’s muscle, however, is how smoothly it lets you access that information. Direct browser integration, automatic form submissions, and synchronization all make this a must-have app for any Mac user.
Being a curmudgeony 27-year-old, I was naturally skeptical. “Great, yet another password management utility,” I thought. But after trying it out, I’m now a believer. It has just the right amount of nifty, effective, and useful features. Here are the ones I love:
Autofill and Auto-submit
Although most web browsers feature autofill and password-saving functionality, 1Password takes it a step further. It not only remembers and autofills login forms, it also auto-submits them. This takes the extra step out of a sign-in process. Signing into a site is simple. Just hit a simple key command, and 1Password fills in the login information and automagically signs you in.Instant Login Bookmarks
If you’re feeling super lazy, you can create secure login bookmarks that will open the page, fill out the form, and submit it all in one step. 1Password integrates directly with popular web browsers (Safari, OmniWeb, Firefox, Camino and Flock). And yes, depending on your browser, you can launch 1Password bookmarks with Quicksilver.Multiple Identities
Don’t feel like giving out all your personal information when filling out a registration form? Use 1Password to define multiple identities, each with its own set of information. Next time you fill out a form, you can choose the appropriate persona depending on the site.Digital Wallet
If you’re tired of digging for your credit card when buying stuff you don’t need, you can take a rest. Instead, use 1Password to store all your credit card information. During checkout, just hit the 1Password button in your browser and choose the credit card you want. The utility instantly fills in your payment information automatically. Okay, if I love this feature, does it mean I shop online way too much?Maximum Security
1Password makes it so easy to sign in and save your passwords, it sounds almost scary. Could it be too easy for hackers? Nope. To thwart would-be information bandits, 1Password has several mechanisms to protect you. The application uses “military-grade” encryption and requires a master password before you can unlock any information. By default, 1Password also locks you out after 60 minutes of inactivity. And since you don’t need to type in a password to sign in to your favorite sites, you’ll bypass any hidden keyloggers installed on your computer.
I have very few gripes with 1Password. Arguably, the major downside is that there’s no Windows version. Can any PC users recommend a secure password manager that gets close?
Special thanks to Philip Foeckler for recommending this app to me.
Note: This is NOT a paid review. I bought the software myself and I liked it.
54 Comments
backes
6:30 am
Hi,
currently I’m using KeePass X! It does its job very well. But in the actual version it does not support the autofill in OSX. The Version for Windows is a little bit better in this case! ;)
There’s also a Portable Version for Portable Apps. Very handy when surfing “on the road”
Win: http://keepass.info/index.html OSX: http://keepassx.sourceforge.net/
Have fun!
I forgot the best, it’s free! ;)
Wilk
6:34 am
>> Can any PC users recommend a secure password manager that gets close?
Check out roboform.com
(no affiliation - I used roboform before switching and liked it. 1password imported all my old saved items from a roboform export, which was a nice timesaver)
Kristi Holl
8:11 am
I was so excited reading this post—just what I was looking for! And then you said there was no Windows version—rats. I will check out the roboform mentioned above. Thanks!
http://www.Writers-First-Aid.blogspot.com
Chris
8:23 am
KeePass doesn’t just come close, it blows this out of the water. http://keepass.info/ (For Linux, OS X, Windows, various mobiles, and more)
SR
8:48 am
>> Can any PC users recommend a secure password manager that gets close?
Yes! KeePass does almost all the things you mentioned, and it’s open source. http://keepass.info/
Hayden Tompkins
10:41 am
I really like having a password algorithm. That way, I only have to remember one algorithm. I feel weird about using programs like this. I would forget my passwords and then if the program or CPU crashed or something, I would be SOL.
Computer Tips and tricks
1:03 pm
I am using a similar program using windows. One password, several identities,
http://www.roboform.com/ It is free to try.
noone
1:39 pm
you people are morons, Mac Keychain already has everything you need, why do mac users use other apps that do the same thing the Mac is designed for
stevelucky
2:50 pm
@ noone. you’d better check yo’self foo. the keychain doesn’t come close (italics would have been added for emphasis) to the features of 1password. since when would the keychain auto fill a login form based on multiple identites? when would the keychain store all of your credit card information? what about all of your serial numbers for software licenses? what about integrating with all of your browsers? sorry, noone, but unless you’ve used 1password, you just don’t know. i started using 1password a few months ago and i can honestly say it’s made my browsing and online shopping experience a LOT better.
samaiam
3:01 pm
Perhaps a stupid question from a paranoid old fart, but how can one sure this offers Maximum Security and be completely trust worthy? In fact, I’ve had this concern about all password managers. How do you know it is not the fox guarding the hen house? By the number of happy users? Something else? I am being serious here. Why should such a obviously useful utility be trusted?
Geakz!
3:46 pm
@samaiam:
Good questions. Take a look at the link provided by “backes” (first in this thread)
Keepass is open source. Anyone can look at the code that runs the program. Open code means no hidden agenda - the best thing for a security based software program.
I use the USB version available at portableapps.com
If that isn’t good enough for you I suggest a piece of paper tucked under your pillow ;)
Lee
4:32 pm
I love 1Password. Unfortunately I spend my days on a Windows machine. I don’t lament the lack of 1Password on Windows (one can’t ask for the moon); I lament the lack of two-way syncronization between 1Password and other password managers. When Windows was my only platform, I made good use of Roboform, which to me is the gold standard of password/identity management on Windows, as powerful and intuitive as 1Password. My life would be much easier if 1Password did two-way sync with Roboform.
As it is, I’m manually moving my 1Password entries to KeePass, so I can use a single password database across platforms. But I don’t have to like it.
Chanpory Rith
9:10 am
@stevelucky, totally agree with you. 1Password is so much much more than just the simple Mac OS X Keychain. After using it, you wonder why Apple hasn’t bought out 1Password yet.
Pierre B
10:45 am
The interaction with Windows will likely be solved in the near future. 1password has launched a web application that I would expect will allow users that use a Mac a home and a Windows computer at work to access their 1password information on their Windows machine.
The web feature is at this point in beta and hopefully will also permit ability to sync with multiple macs.
Christina
8:05 am
Correction: It’s 1Passwd not 1Password… Sorry, little errors like that irk me. Otherwise, thanks for the great tip! I might use this! :-)
Lee
8:19 am
Sorry, Christina, they changed their name recently, and it is now 1Password. The website it still 1Passwd.com, but the product name was changed in October, around the time of the Leopard release.
becca
12:49 pm
This looks like a great app- I use a different password for practically every site I visit, and if I don’t write them down, I usually forget them. I wish it was free though- then I could use it.
matt
7:22 pm
You just found this application? Are you new to the mac?
Michiel
7:36 am
1password is ok…. but it asks for your master password everytime you startup your browser.
Lee
10:07 am
Well, Michiel, that’s called “security.”
samaiam
6:16 am
so it seems most folks are more interested in a Window version than wondering how to determine if such an application should be trusted with such personal info. I guess it is just a given that it is OK?
I am not trying to suggest it is not, or anything bad about the company or the products by the way. They actually look great. I just want to know what makes them trustworthy to people? I guess maybe I am just paranoid. If I wasn’t I’d definitely be using this program, but as it is, I am a little reluctant to give this kind of info/control to an application.
Dirk
9:37 am
love this app, just started using it and its a big help. Being able to sync with my iPhone is awesome!
Adam Posey
9:11 am
According to their site, they couldn’t get into your information if they wanted to. Your information is encrypted with your master password before it ever touches their servers. Sounds safe enough to me.
Chris
8:33 am
@samaiam-
I’m with you on this one.
My question is, how do I know that someone can’t bust through my firewall and break into 1Password? Maybe I’m a touch paranoid, but considering how rampant identity theft is, it pays to play safely.
BTW: I do keep my passwords on paper, just not under my pillow. It’s called a Roladex. It works, but I just have to retype my passwords over and over.
Can someone quell my fears?
Chris
9:15 am
Forgot to add. if you’re interested in picking up 1Password, go check out http://www.macheist.com
It’s currently part of the bundle they are offering for six more days. This is how I came to own it.
Slov
5:04 pm
“If you can’t stand the heat, get out of the kitchen.”
You can either have 100% safety and write down your passwords in a piece of paper or trust a safe app and have lots of comfort.
Of course sh*t can happen. Murphy already said so.
What this review tells us is that the probability of such a thing happening has been vastly diminished. You can either be happy with the 99,99999999999% or stay focused on the 0,00000000001%.
IMHO, it is more likely that you will have problems with a tiger chasing you in Manhattan.
Sal
7:53 pm
1Password would seem to leave a person wide open if their Mac were stolen. If by chance the thief happens upon the single master password - he has the keys to the kingdom.
What happens if the machine I’m using it on crashes and I have no backup. Do I know have to approach each website to change the password and then enter it into 1Password?
Lee
10:55 pm
@Sal: First, it’s important to NOT put your 1Password password on your Mac’s keychain. That way access to your computer’s account won’t automatically compromise 1Password. Certainly if someone gains access to your master password, they’ll have access to everything. That can happen with any password scheme.
Second, that’s a dumb question. Why would you not keep backups? What is more basic to your digital well-being than keeping backups? If you don’t have backups of your critical data, you deserve everything you get when (not if) your system crashes.
I’m amazed at the straw men I see being set up here. Chris, how safe is your Rolodex? Where do you keep it? On your desk? What if someone broke into your house? Do you keep it in a safe? Do you open the safe and take it out every time you fill in a password? Samaiam, this application has been out a long time. If they are so interested in using their software to steal your data, or if there is an exploitable hole in it for others to use, why haven’t any of its thousands of users complained of identity theft? Perhaps you simply need a password method that’s easy for you to memorize, because there is no absolute security.
Sal
7:15 am
Good points Lee. As I thought - 1Password leaves me at more risk than having multiple ID’s and multiple passwords would. A thief and a password cracking utility and he/she will have it all, 1Password will even explicitly provide them the very sites I’m looking to protect. I make it a point to keep multiple ID’s/passwords and I don’t bookmark/favorite any site with data I don’t want thieves getting at. Sure, it’s a bit of a hassle; but, it will be a bit of a hassle for a thief to defeat as well. 1Password is just that 1 password away from total defeat.
As for backing up - I only back up my files. I never backup the Operating system and applications. I don’t really consider OS and applications critical data. Personal data files - yes, they are critical and I back them up. I doubt 1Password has a backup/archive method. It’s pretty easy to rebuild systems and most every system needs a good rebuild from time to time.
Chris
2:16 pm
@ Lee-
Fair enough. I do know that about my Rolodex, but if someone were to break into my home, with my iMac and other electronic gear around the house, I’d place my money on the Rolodex staying put and the Mac taking a hike.
I wasn’t trying to stir up the pot, just wrap my mind around the security of a program I know nothing about. As I see it, there are good points and bad points to any and all password protection schemes, whether paper or electronic.
I appreciate all the comments, both for and against.
Thanks again! Chris
Jesse
5:31 pm
I Think it’s more important that your passwords are encrypted and sent over a connection, and at the same time, keeping keyloggers out of the way.. 1Password copies your passwords directly into the field, not first into the clipboard and then into the field.. And if passwords are sent over an encrypted connection, it’s much tougher for sniffers to get your info.. So always use SSL in your e-mail at work,college, etcetera.. And if they were to try getting into your account, they will have a hard time to crack open that 50 character password.. Yes, if they have your master password and now what to do, you are ofcourse screwed.. Put you could always keep track of what passwords you have logged in 1password and just when you lose a bank card, try to block those accounts from further access immediatly..
Robert
4:21 pm
Chris, I recently got 1Password as part of the Macheist bundle and have been investigating how it works also.
All of it’s info is stored in a separate Apple keychain within Keychain.app so it’s quite safe. As long as you keep the password to that keychain secure, someone who stole your Mac couldn’t get at any 1Password data.
It’s good, because it means 1Password is using Apple’s encryption rather than reinventing it’s own. It’s also bad because it means once 1Password grabs all the data then it’s all unlocked. At that point anyone sitting down at your computer could read everything 1Password contains.
Sure, 1Password can be set to lock after X number of minutes or whenever the computer sleeps. But if I step away from my computer I have to remember to lock it. Security really is a weakest link type of thing. And in this case that link would be me… I’m worried at some point I will forget.
(The alternative is the keychain is set to always be locked, but then you go bonkers typing its password every single time 1Password does anything useful, including trivial stuff like logging into your favourite blog or bbs).
An advantage of Keychain.app is you can divide stuff up into “2Passwords,” and keep only sensitive, important info (such as banking logins) in a locked keychain that you have to type in a password to use. But of course in every other regard Keychain.app isnt as useful as 1Password. Sort of a catch-22.
Linda
6:08 am
The best windows program for this is Roboform. I switched to a MAC for a few months, and the fact that there was no comparable program to Roboform was one of the factors that led to my decision to throw my MAC in the trash.
Chris
10:48 am
@ Robert: Great insight into this. I too am my own weakest link. Just like running backup software, there’s the right way and my way. ;-)
@Jesse: I think you hit on 1Password’s strongest feature. The ability to block key loggers is key, and the main reason I want to learn the best way to use this program.
@Linda: Throwing your Mac in the trash because of one little password encryption program? Isn’t that a bit extreme?
OTOH, how many people have thrown their PeeCees in the trash because they run on Windows XP or Vista and cannot run iLife?
Yeah, it’s not a fair comparison, but you’re the one who started it. ;-)
Linda
11:43 am
Chris - I said it was one of the factors. I could list the other 20 or 30 things I hated about my Mac, but I don’t think you want to start that discussion here. You know how some people like vanilla and some like chocolate? Its like that with operating systems. I gave it a good shot, and went back to a PC.
As for the trash, yes that is extreme. But that’s just me.
Eric
11:47 am
Linda, Ill be honest I am curious to know your 20–30 reasons! There cant really be that many reasons why you hate Mac OS X. And for every reason you give I would be able to give 3 reasons why the Windows is a far inferior OS.
miel
9:36 am
to be honnest: it sounds great, but when only needing it for browsing, just check out Opera browsers, they already have the ‘tap and go’ functionality..
Jim
8:13 pm
The only difference I see in Roboform and 1Password is that Roboform has Roboform2Go which loads on your USB memory stick and runs from it. If you leave your PC at work just pull the stick and Roboform turns off automatically. This also does not leave the program on your PC and you can carry it from PC to PC and laptop which I find myself doing. Otherwise I think both programs are good and do their job well.
John
8:03 am
I switched to mac at home five months ago. Previously I used Roboform (and loved it) on my PC at home and then synched to a USB flash drive with RoboForm2Go so I could access certain web logins from work. The switch to 1Password was painless since it could import the passwords I exported from Roboform.
My only grip with 1Password is that there’s no way (that I know of) to synch with my RoboForm2Go. Ideally, they’d have both a mac and PC version. If Roboform had both I would have stayed with it.
I haven’t tried the online version yet (myPassword) still not sure that I trust all of my passwords sitting on some unknown server.
Note - I have posts on both 1Password and Roboform on my web-site.
erika
6:25 pm
1password can export your passwords to iPod, iPhone, in html (secured with password so you can log in and check ur passwords everywhere), you can also back it up
Owen
7:19 am
Keepass>> create a key file so when you log in using it it will need the key file along with a password, store that key file and or your Password database on a thumb drive, preferably key separately from the database that way 1 wont work without the other. I recommend Database on the thumb drive and carry it with you that way they have nothing to read when they steal your PC and not the thumb drive. OR go the portable version of the app on the drive with the PW DB and the key on the computers u want to use it with, only problem is copying the key everywhere.
Also the one reasons why I haven’t switched to a mac yet is hardware support, not being able to change hardware like a video card at will and have it work 100% of the time just doesn’t cut it for me (AKA a manually upgradeable computer) Sorry not trying to start a Mac and PC fight.
Daniel Speranza
10:18 pm
I can’t get 1Password to Automatically lock when exiting. When I open the app it isn’t locked it just opens!!! This is not a good thing at all. I did have it set up earlier but can find the setting as I started from scratch.
Mike
9:16 am
I am looking for an application just like this but with “enterprise” support. I want all MAC users, Windows users and iPhone users in the enterprise to be able to share one common password database.
Does anyone know if there is such an application out there?
Ted
7:47 am
I agree completely. 1Password is one of the best applications I’ve ever seen. BTW, look for a Windows port in the future — one of the rationales behind switching from the Mac Keychain to the Agile Keychain was future Windows portability.
@Sal:
The application saves data to your Keychain, which is absolutely one of the files you should be backing up frequently. If you’re not, start doing it! It has nothing to do with backing up your OS (though Macs are certainly better at that than Windows).
About the one master password comment, I disagree with your assessment that it is less secure. It means you can have unique long passwords for every site you visit, something you couldn’t possibly manage without writing them down. Yes, if your computer is stolen AND someone cracks your master password you are screwed, but if you pick a strong master password the odds of both things happening are really exceptionally low. In my mind the overall security is better with 1Password than without.
Kris Hunt
2:22 pm
Correct me if I’m wrong, but it seems that using 1Password makes it essentially impossible to log into any web site when you’re away from your home computer.
mike
6:24 pm
Windows use Ewallet. Syncs wifi with iphone or will sync windows mobile phones also.
Joe V
9:28 am
Kris: You would be wrong. Using DropBox or similar free services (or something you set up on your own) you are able to keep you passwords 100% in sync on every machine you use nearly instantaneously.
p.
10:32 am
@ Joe V Further clarification — 1Password makes it essentially impossible to log into any web site from a computer that does not have 1Password installed. And because 1Password is exclusively Mac, you can’t log into any web site from a PC.
If anything, 1Password is cutting down on wasted employee hours in the corporate world because the majority are using PCs and employees that use 1Password at home can no longer log into their favourite sites in the business place. Therefore, they are forced to actually work.
Camner
2:51 pm
@p.
What could you possibly be referring to? I have 1Password installed on some, but not all, of my machines, and I have absolutely no problems logging into web sites from my machine that doesn’t have 1Password. It’s only a matter of remembering the password I set. One doesn’t need to use the magic password generator in 1Password unless one wishes to.
treef
1:05 pm
Rather than the need to crack your master password, couldn’t someone just open Safari and through 1password’s browser integration log-in to your web banking accounts etc.? This is the only security issue I’m hesitant about with this great program.
RRAY
10:15 pm
Surely the makers of 1Password don’t expect all of using Windows to run out and buy Macs, and then spend $40 more to install the app - just so that we can manually enter all of our information from Roboform, Cloak, or any one of several other apps already in use …?
Get real. Make it work with Windows. Make it import from other widely used apps. And make it snyc locally.
dbz123
10:26 am
Thought I’d just jump in here and ask a question. I’m a little lost and not to familiar with these password applications.
Does anyone know of any good ones to store all your information? I have a PC and you guys say roboform and keepassx is recommend, but how about one that is offline? What I use right now to keep my password information is a silly notepad on my pc. Its sorta boring, but just looking for an application that organizes it better on windows.
T.
9:41 pm
dbz123: I don’t know if keepass or roboform always stores your passwords on-line… I think either will will store your on-line passwords though. I’m pretty sure keepass doesn’t necessarily sync your passwords online… it may be a handy feature that some people use.
Dave Barnes
9:22 am
@dbz123, 1Password does what you want. I use it to manage 600+ logins. I use to a very large Word doc to keep track of everything.