1Password Turns Your Keychain into a Security Powerhouse

Developers team's enthusiasm results in great product.Password managers and generators have been around for a long time. Some of them are plain useless, others look OK but you can’t help wonder how secure your data really is with them. And then there’s that third category: applications that just work well and really secure your data. 1Password belongs to that category. It stores your passwords and secure data in Apple’s own keychain file. That file uses TripleDES to encrypt the password field of every keychain entry. TDES still is considered a highly secure algorithm, and Apple’s weight behind it means that if you decide to stop upgrading 1Password, you won’t lose any data.
1Password tries to make it impossible for phishing sites to steal your data, for keyloggers to steal your online account passwords, and it makes it easy to create and fill in strong passwords. It has an interface that lets you easily store identity information (Wallet), Web data (for forms and accounts), serial numbers (like in software registrations), and identities. It has secure notes, a complete list of import formats, the ability to export to a web page, an Interchange format or a text file.

It integrates seamlessly with all major web browsers, iPod and iPhone. I tested 1Password for about a month and was very impressed with the way the Canadian developers have conceived this software and keep it up to date. During the month that I was testing it, two free updates were released that actually contained new features—a very effective bookmarks HUD for browsers was one of them.
Unobtrusive password managementUsing 1Password is a breeze. Most of the time, you won’t even notice it’s there, except for the optional icon in the browser’s toolbar. The password generator is unique in that it enables you to create FIPS 181 compliant passwords (pronouncable), but also SuperPassGen compatible passwords and totally random ones. Most other password generators only support the latter.

Web forms can be saved without having to expressly open the 1Password application. In fact, almost all forms that I encounter and where Safari by itself offers to save your login details, automatically make a bar slide open beneath the tabs bar, where 1Password offers to save the passwords, allowing you to change some details in the process.
Changing existing passwords from weak to strong is easy too. 1Password has a special menu option for that which you can access directly from its button in the browser toolbar. Synchronisation of passwords across Macs is possible via the dot Mac service (at the time of this writing, it’s unclear whether this currently applies to MobileMe too), but also via a (paid) service from the developer—Agile Web Solutions’ my1Password web service which is still in beta.

Passwords can be synched with iPhones and iPods. And to make this integration as complete as possible, there is a 1Password for these devices.
Careful design result in best productThe Wallet feature holds credit card details, bank account data, memberships, etc. The only criticism that I have is that bank accounts and credit cards are limited to commonly used formats—read: from major countries. For example, you can fill in Swiss bank account details, but if you live in Holland or Luxemburg, you’ll have to do with another European format bank. It would be nice if you could add your own bank “template”, but I do realise I’m nitpicking.

Throughout the years, I’ve used quite a large collection of secure data managers for Mac OS X. There always was one feature that I found invaluable back then because it enabled you to quickly fill in forms and serials—a special Copy button or icon that let you copy the password.
With 1Password, I can do that—there is a Copy icon next to each relevant field in every type of data record—but I rarely feel the need to use the copy feature. 1Password is so well integrated with web browsers that copying of passwords to fill in forms (even in Flash or Java driven pages) is totally unnecessary. Nevertheless, the icon is there when I need it.

The Bookmarks HUD that I mentioned earlier is another example of Agile Web Solutions’ care for detail and enthusiasm for their product, as is their license—you don’t get an ordinary serial number sent to you by e-mail, but a virtual license card.

All these “niceties” are symptoms of what I see all too rarely: a team satisfied only with delivering the best product and service money can buy.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s