PDA

View Full Version : Best Password App?



bothynights
07-26-2014, 12:14 AM
Hi folks,

Having read quite a few posts in this forum, it seems like people consistently champion the 1Password App. However, reading several reviews on the web, it seems to lag behind in terms of ratings for LastPass and DashLane in terms of security. One of the cons to 1Password seems to be a lack of 2 step verification. I too am wondering, what if someone intercepts my keystrokes when I enter my Master Password - then don't they have full access to my passwords?

Any advice on which program to choose? I have not been using a program, and realize it is time to move towards a password management tool....thanks!

chscag
07-26-2014, 01:43 AM
Every good password manager program that I'm familiar with requires a master password to gain access to the other passwords. If you're worried about a key logger, what's the difference then?

Choose whichever program you're comfortable with, or you can use your keychain application already built into your version of OS X.

chas_m
07-26-2014, 03:41 AM
If you're under the impression that you have to worry about someone physically installing a keylogger on your computer (the ONLY WAY one could get on there), you have far bigger issues to worry about than what's the best password manager.

I'm currently using Locko as a test. It's a ways behind 1Password but I suspect it will catch up in due course, and its cheaper. Haven't looked at LastPass and Dashlane but they seem like fine products as well.

bothynights
07-26-2014, 10:13 PM
Thank you both! What if I am logging into 1Password on my Mac while on wireless say at a coffee shop - could someone not use a remote keystroke logger of sorts? Thanks again!

chscag
07-26-2014, 10:32 PM
No, a key logger would have to be installed on your computer. When at coffee shops or any area where there is free public WiFi, it's probably a good idea to activate your Firewall and stay away from sites that require financial info or credit card input. In other words, don't do your on line banking from Starbucks or make purchases from Amazon... ;)

MacInWin
07-26-2014, 10:35 PM
1Password resides on your machine, the keystrokes to log in do not travel over wireless. So, there is nothing to intercept through the WiFi connection. As far as someone being able to install a key logger over that link, unless you allow it, it should not happen. In essence, you have a two-password system available to you with 1Password: the password to log into your account (you DO have one, right?) and the master password for 1Password.

MacInWin
07-26-2014, 10:35 PM
And chscag beats me to it, again!

chscag
07-26-2014, 11:41 PM
You added considerable information to the thread Jake. Always best to have more than one reply. :)

TattooedMac
07-27-2014, 05:53 AM
I wouldn't go past 1 password. Even though they are a little pricey, I say, what price will you put on security. I have been in their Beta Program for 2 yrs now, and I can tell you here and now that they are 1000% committed to security. the thing is, if you are the only one that knows your 1Password pass phrase then your the only one that can get in.

The thing with 1Password is now the amount of iOS Apps that have 1Password integration and more every day.

Check out my Review I did on 1Password last year Sep 9, 2013 #Online Security #Password Manager #Security #iOS #Mac OS X #More Than a Password Manager #Passwords #⌘⧵ Is My Password #⌘⧵ #One Love #1Password #AgileBits (http://tattooedmac.tumblr.com/post/60715978256/1password-review-before-1password-4-is-released)

bothynights
07-28-2014, 12:31 AM
Hi Jake and Chscag - thank you both for your replies - that really helps to clarify things! One last question for you - I checked with Apple Care and they say that a factory reset on my Mac would ensure that any concerns I have of of spyware or key loggers being installed on my computer would be alleviated by the factory reset. My plan is to use Command R on startup and then plug in my external drive that has a recent Time Machine Backup on it to hope to override any malware that may have been installed. Would that be enough, or do I have to erase the machine first via Disk Utility?

Do you know for sure if this is true? The reason I ask is in my thread here http://www.mac-forums.com/forums/security-awareness/313594-mac-tech-scam.html

Thanks again!

chas_m
07-28-2014, 01:04 AM
I should have mentioned that iCloud Keychain is working great for me as well. Always too easy to take the great stuff Apple makes for us for granted.

SparkyMac
07-28-2014, 02:15 AM
I swear by Datavault. It is available for Mac, iPad, iPhone and iPod touch. It has iCloud synchronisation as well as sync over wifi. Datavault has really secure encryption and the support is fantastic!


"Loving the OS X Yosemite bugs right now :P"

TattooedMac
07-28-2014, 07:22 AM
I should have mentioned that iCloud Keychain is working great for me as well. Always too easy to take the great stuff Apple makes for us for granted.

I don't take it for granted, and use it all the time, but nothing compares to a password manager, like the OP was asking about. Being able to hold logins, App Serials, government information, bank accounts, and the such at the touch of 2 keys, I'm sorry, but no matter how good iCloud Keychain is, I'm not giving up my password manager.

cptkrf
07-29-2014, 10:18 AM
I use Password Manager off the app store. Works good, even though I have no idea of its bulletproofness. I use gigantic passwords (If you are going to use PWs that can't be remembered, there is no reason not to make them huge) But, for my traveling Air, only the program is on the computer. The password file(s) reside on my keychain (the one with my car keys) usb drive. And there are two files. One for the few very important PWs (bank, stocks, etc) and one for everything else.

The everything else is just a file. Plug in the USB and Password Manager will use it. The other is encrypted and has to be unlocked with a huge random password that I chanted to myself for days to remember. Actually, the financial password file is fairly useless for the Air, since I would really have to be desperate to do banking or money-stuff on the road.

But as to the other file with normal passwords (i.e. Forums and newspapers), it also is not available on my laptop should the Air get stolen. All they would get is a computer with the program, but no password file to hack.

Actually, all my really important stuff is on my XP machine, in the basement and behind the drill press far from the Internet pipe and disguised as a broken microwave:D

Lifeisabeach
07-30-2014, 10:16 PM
Before anyone considers LastPass or any other password manager, read this article:
Severe password manager attacks steal digital keys and data en masse | Ars Technica (http://arstechnica.com/security/2014/07/severe-password-manager-attacks-steal-digital-keys-and-data-en-masse/)


The researchers examined LastPass and four other Web-based managers and found critical defects in all of them. The worst of the bugs allowed an attacker to remotely siphon plaintext passcodes out of users' wallets with no outward sign that anything was amiss. LastPass and three of the four other developers have since fixed the flaws, but the findings should serve as a wakeup call. If academic researchers from the University of California at Berkeley can devise these sorts of crippling attacks, so too can crooks who regularly case people's online bank accounts and other digital assets.

This exploit only applies (applied, perhaps) to web-based managers. 1Password is not one of those. I wouldn't trust a web-based service to store my passwords like that. There's just no telling when the next exploit gets found, and one will be.

danipoak
08-01-2014, 01:01 PM
Hi Jake and Chscag - thank you both for your replies - that really helps to clarify things! One last question for you - I checked with Apple Care and they say that a factory reset on my Mac would ensure that any concerns I have of of spyware or key loggers being installed on my computer would be alleviated by the factory reset. My plan is to use Command R on startup and then plug in my external drive that has a recent Time Machine Backup on it to hope to override any malware that may have been installed. Would that be enough, or do I have to erase the machine first via Disk Utility?

Do you know for sure if this is true? The reason I ask is in my thread here http://www.mac-forums.com/forums/security-awareness/313594-mac-tech-scam.html

Thanks again!

Restoring from Time Machine will just put exactly what was on your system before back on. So if you really are that afraid that someone put a key logger on your system you would have to do an install from scratch, not a restore.

Alwyn
08-05-2014, 10:43 AM
No, a key logger would have to be installed on your computer. When at coffee shops or any area where there is free public WiFi, it's probably a good idea to activate your Firewall and stay away from sites that require financial info or credit card input. In other words, don't do your on line banking from Starbucks or make purchases from Amazon... ;)

Seems like sensible advice. What about iPhone & iPad security. Are their operating systems more vulnerable than the OSX?

chscag
08-05-2014, 02:30 PM
Seems like sensible advice. What about iPhone & iPad security. Are their operating systems more vulnerable than the OSX?

The same advice would apply to using your iPhone or iPad where there is free WiFi. Re your second question... yes, Windows is many times more vulnerable due to the myriad of viruses and malware that exist for that operating system.