1Password - to use or not to use...

[zenbro]

Hi all,

I'm thinking about putting all my passwords in a password manager like 1Password.

I know a lot of people are using it. Somehow I'm not sure if I should take the step. Is it hackable? How safe is it really to use?

Can anyone share their experience?

 

[IHelpId10t5]

1Password is one of the most trusted Password managers on the market and has excellent native support for Mac and iOS. By all means do your research before choosing a password manager. Read the security information on the respective product websites. I've tested a few, and spent hours researching them, and still love 1Password over all the others. The nice thing about 1Password is that it does give you flexibility in deciding how your sync your keychain. If you don't trust iCloud then use Dropbox or LAN sync, it's your choice.

 

[cyclingplatypus]

I've been using 1P for a while now (three'ish years) and have never had any problems with it. I think I got my original copy in a bundle from MacHeist, maybe version 2. I've happily paid for an upgrade, if I recall when they went from v3 - v4 they charged but it is worth it in my opinion. Admittedly I haven't tried others (with the exception of keychain) because I'm a 'find something that works and stick with it' kind of guy - 1Password works.

 

[a2rael]

Definitely worth it. Been using it for over six years (we got it free as Apple employees to test out). Have paid for upgrades. It's invaluable to me on my mac. The iOS version is kinda no bueno in its layout, but five-stars on my mac for password safety AND creation. Keeps credit card info safe too!

Do your research, but you can't go wrong w this app.

 

[GerritV]

I've been beta-testing Locko a while ago.
It seemed like a solid app to me, although I wasn't able to transfer my 1P database to Locko.
So in the end, I stayed with 1P.

 

[Sebby]

I would wholehearted recommend 1Password.

 

[throAU]

Hi all,

I'm thinking about putting all my passwords in a password manager like 1Password.

I know a lot of people are using it. Somehow I'm not sure if I should take the step. Is it hackable? How safe is it really to use?

Can anyone share their experience?

I've been using it for a few years now.

Anything is hackable - eventually, however you can minimise the risk by using a password manager.

Now people will ask "what about the single password i use for my password manager?"

The reason this is not so much of a problem is due to the way your password manager works and how website passwords need to work.

A website has to serve many, many requests, some sites need to handle hundreds of thousands of hits per second. Password checking needs to be FAST.

Your password manager does not need to be fast. If it takes a second or two to unlock your password manager, it's not a big problem.

The implications of this: the encryption on your password manager password can be many, many times more complex and time consuming than a web site (essentially, 1password or other password managers will encrypt your password thousands of times to slow it down and make checking it more difficult). This means that trying to crack your password manager requires MUCH more effort in terms of time and CPU resources than a website password.

So... IF someone gets your password database, it takes a long time to crack.


So given all that, it makes a secure location to store individual passwords for every site you visit. Why do you want unique passwords for every site? Because any site on the internet can be hacked. If the site is hacked, the hacker gets a copy of the encrypted database. Now being a website, the encryption needs to be FAST (as above). This means that with a copy of the encrypted password database, a hacker can run millions/billions of guesses per second against all the encrypted passwords to see if he can get a correct match. If he does, he has your email address, name and password and can then try those details on other sites.

If you use the same details elsewhere, guess what? You're owned.



If you want something a little more cross-platform and FREE but a little less slick, check out KeePass.

 

[Paulk]

This idea of having one password for everything is something I have never heard of, but it is very useful
1password doesn't work with 10.8.5, so I am thinking of KeePass. Have not decide yet, though.

 

[WordsmithMR]

I have recommended 1Password for 2-3 years now. I have it installed on my MBP (on both partitions) and on my iPhone. I have also installed it on my mothers iPhone, although she doesn't make the best use of it, it is certainly better than her little day planner she kept to store her passwords in. That's whats great about 1P (or most password managers) they offer the simplicity of a secure notepad for passwords with so many intensive features for a more tech savvy person that I always tell people they need to get one.

 

[Paulk]

I have had terrible problems remembering passwords. It started on a scrap of paper that got so crowded and hard to read that I eventually gave up! Still not sorted it out, so perhaps this is the way...

 

[throAU]

I have had terrible problems remembering passwords. It started on a scrap of paper that got so crowded and hard to read that I eventually gave up! Still not sorted it out, so perhaps this is the way...

It's definitely the way forward. It takes a little time to get into the habit of using it, but once you do, and accept the fact that this is where your passwords are, things like changing them are no big deal. I don't know what most of my passwords are anymore anyway, so having to create a new one is very little effort and zero time spent trying to remember it.

Plus - most password managers have macros to auto-type the password for you, so its even faster than having to look the password up on paper and type it, or even type it from memory assuming your password manager is unlocked.

 

[Paulk]

Since my pc does not have an up-to-date OS, 1Password won't accept my pc as suitable. KeePass will work but only on the professional version. There is a discussion on this issue here: http://sourceforge.net/p/keepass/discussion/329220/thread/eb00d276/, and if I understand it right, even the mac version of the professional option needs the OS to be up-to-date. Mountain Lion isn't, quite simply because with our internet connection it would take 8 hours to download.

 

[b1scu1t]

I have been using 1Password since they first introduced the desktop version for the Mac many many years ago. Every step of the way I have upgraded and paid up(Mac/Windows Desktop/Family Version/iOS) and I can't recommend the program enough. They are quite religious about upgrading to use the latest ios features and are very responsive to support requests.

 

[throAU]

There's a version of KeePass for the mac - KeepassX i think that should work. There are a variety of Keepass versions which can open KeePass database files.

 

[zenbro]

Folks,

All the suggestions and opinions are much appreciated. Still not sure if I want to go that way. Let me see if I feel adventurous some time soon

 

[maxsix]

1Password has served me very well across my many Apple products. At any given time I have 3 or 4 current generation laptops, iPads, iPhones, plus supporting an additional 8 to 10 various Apple products in the family. In my case, frequently buying/replacing/trying out Apples latest, 1Password is a huge time saver.

That said, the one and only reason to use something else like the excellent "KeePass" is if you have other gear like a PC or Android etc. in the cross platform realm KeePass is very well regarded.

Obviously there are competitive products, but in my years of computing those two are very consistent and reliable.

 

[throAU]

There's one thing Keepass does that I wish 1password does - and that is a hotkey for auto-type into things other than web sites.

Keepass (at least on windows where i use it mostly) can respond to a key combination and perform an auto-type macro that you can define on a per-window basis. E.g., UAC or run-as-different-user prompt on windows, i can just click in the box, press ctrl+alt+a, confirm which account i want Keepass to auto type (default matches the window) and press enter and it will auto-fill the username and password boxes.

1password is web only (unless you manually copy/paste), unless i haven't read the manual and missed something?

 

[roncron]

Hi all,

I'm thinking about putting all my passwords in a password manager like 1Password.

I know a lot of people are using it. Somehow I'm not sure if I should take the step. Is it hackable? How safe is it really to use?

Can anyone share their experience?

LastPass is worth checking out. Like 1P, it is very highly rated. LP offers two factor authentication, not sure 1P does.

 

[Spink10]

LastPass is worth checking out. Like 1P, it is very highly rated. LP offers two factor authentication, not sure 1P does.

Currently a LastPass user - using two factor authentication. Very secure.

 

[Peepo]

I recommend 1password. I use on Mac iPad iPhone and windows 10 PC. No trouble and not vulnerable to hacks like last pass.

 

[tkukoc]

I too use 1password, absolutely awesome on the phone and on all my macs. Sure I know my passwords but the way this app helps login to sites/apps is amazing!

 

[Paulk]

I too use 1password, absolutely awesome on the phone and on all my macs. Sure I know my passwords but the way this app helps login to sites/apps is amazing!

I man have to reconsider this matter. Right now I have a scrap of paper with some 30+ passwords on it, now looking worn and tatty. Passports keep changing as old ones sometimes need a new one.

 

[Easttime]

1P is for storing a lot more secure info than just passwords. Secure notes, account numbers, purchase records, etc. Can attach PDFs and images. Extremely useful and very professionally maintained. Works brilliantly across devices.

 

[Floris]

I decided to go with 1Pass over LastPass, because it is not clear to me that LastPass stores keys on their systems one way or the other. 1Password does not in any shape or form. It's on the system, and not shared. If you don't know the pass, you won't have access - trust no one; the way it should be.

 

[Paulk]

Doesn't work with mountain lion.

Have to keep your updates updated. I have not done so because my slow internet connection.