1Passwd to rule them all I’m terrible with passwords, despite sometimes using the Apple Keychain application to store the passwords on my mac. I still tend to stick to one of my ‘pool’ passwords. Don’t we all do that? Pet’s name, pet’s maiden name, pet’s married name and so on and so on. You get the picture. It’s a bad habit, as they are not particularly cryptic and if people got to know me fairly well, they could make a damn good stab at what they might be. It seems lately there hasn’t been a week go by without an article about security flaws in most of the popular browsers. So now my bad habit has escalated to even more obscure passwords and I’d gotten into the habit of not even storing them on my mac - they’re all up here (taps noggin!) for safekeeping. Or not as the case may be. More often than not, I forget the password and end up back at the new password request page. Very frustrating! Funnily enough, I actually won a copy of 1Passwd a few months ago on Mac Heist. To be honest I hadn’t touched it since. That was until the 1Passwd review assignment arrived in my inbox. The timing was perfect, as I had been frequenting the new password request pages on an almost weekly basis. Plus, I was starting to run out of my pet’s extended family for password inspiration. As the name suggests the concept behind the 1Passwd Manager + Autofill is that you only ever need to remember one password.
The hidden Apple password managerAs you may or may not be aware the Mac already has a password manager out of the box. It lives in your Utilities folder and it’s called Keychain. What 1Passwd does is take the keychain technology and improves on it. What 1Passwd does is “Pimp your Keychain”. 1Passwd uses the OS X keychain to store all your 1Passwd details in a separate keychain file. The OS X keychain encrypts your password at 3DES level encryption used for ‘SECRET’ level classified information of the American government level of encryption. But only the password. With 1Passwd it uses the keychain technology to encrypt the password and user name at that level. After you have done this once, 1Passwd will keep your keychain unlocked until told differently, you quit the browser or the time out feature is activated. One important feature to point out about the browser integration is that all of the password details can be shared across browsers in the same session. So, for instance, you could be checking your GMail in Firefox, checking your bank in Safari and ordering an item on Amazon in Camino. All of the passwords are updated on the fly and are available instantly to all other browsers. Very cool! We have talked about existing passwords, adding them is also a simple procedure. Find your website, enter the details but before you submit the password click on the save menu in the drop down menu and 1Passwd will ask you a brief description of the web form you want to save. That’s it, next time you visit, 1Passwd will remember the website and offer you a login and password. If you visit a new website and you are asked for a new password, well now you can do it in a flash with the 1Passwd password generator menu. From the drop down menu you can specify password length, minimum numbers and minimum symbols.
Automatic Form FillerWe are a one Mac house unfortunately. But, occasionally I do grant permission for other users to use my pride and joy (but only occassionally!). With the Automatic Form Filler built in to 1Passwd you can generate multiple identities on your mac. Categories include Name, address, web site, email and even credit card details. So those annoying address forms are a thing of the past. Just one click on the Use Identity drop down menu, select the identity and the form is completed in a fraction of a second.
Gone PhishingNow, I want to try an experiment. Put one finger to your iSight camera and then place your other hand on your forehead. Now I am going to try and read your inbox. Seriously, you won’t feel a thing! Now let me see… last week… hold it steady… hold it steady… concentrate… last week you received an email from eBay telling you to update your account details. Am I right? If I am, I just successfully read your inbox, if I was wrong I will now predict the future and reveal to you that you will be getting an email from them next week. How did I do that? O.K. enough, and by the way you can remove your hands and fingers. Well statistically the chances are very high that you have received an email from eBay, requesting this information even if you don’t have an account. Only problem is, I am almost certain it wasn’t sent from eBay. It was a phishing attack. A what? Phishing - the latest technique to try and steal your important information and thus cause mayhem to your life. In a nutshell the way it works is like this. You get a bogus email from some undesirable that looks like an authentic email from eBay, Bank, PayPal to name but a few. You then click on the link in the email but instead of taking you to the official site it takes you to some obscure web address. You innocently enter your login and password details, and bang, the deed is done. They now have your personal login details! You just got phished, hook, line and sinker! With 1Passwd what it does is very clever. You see it’s all to do with that filtering of passwords I mentioned earlier. 1Passwd will only offer you a web form if the web address matches what has been stored previously. This is where the (phishers?) come unstuck. You see they have no control over the web domain you see in your browser. If you have ever taken the time to open up and look at a phishing email. Click on the link and you will notice some obscure web address in the browser. Because 1Passwd remembers that my eBay login for example, matches ebay.com it filters my passwords and displays only a match of the two items. I think this feature is an ingenious feature and something that makes 1Passwd so much more than just a password manager. It’s also watching your back for phishing attacks.
Further protectionYet another scam to try and prise valuable information from your computer and cause havoc with your online personal data are keyloggers. Keyloggers are little applications that you inadvertently download or perhaps receive by email that hide themselves on your hard disk and log keystrokes. That’s their sole purpose to record keystrokes. That could be anything as harmless as an email to a family member or something as serious as your bank login details. So how does 1Paswwd stop this? Once again the guys as 1Passwd have come up trumps. Everything you do with 1Passwd is menu based. So for instance you visit PayPal, you go to the browser and click and hold the restore menu and the details are entered. No keystrokes are used, therefore no keystrokes logged, it really is that simple. But it got me thinking. If keyloggers record keystrokes what’s to stop them recording my Master Password? I pondered this fact for a few days. In the end I fired an email over to the developer. And this is their reply…
“I believe that you are correct. It is possible to record the master password using keylogger (esp. hardware-based since the master password is always entered via NSSecureTextField which provides certain level of protection against software keyloggers). As Bruce Schneier mentioned in his book, there is nothing that can be is absolutely, 100% secure and we will always be making the trade-offs: http://www.schneier.com/book-beyondfear.html 1Passwd adds an extra layer of protection by encrypting all online passwords and entering them automatically. This protection can still be broken if someone gets access to both 1Passwd.keychain file AND the master password. It is possible but it is more difficult compared to getting access to your online accounts by simply recording the text you type.”
Other cool features…
- Integrated with Safari, OmniWeb, DEVONagent, Firefox, Camino, and Flock.
- Take your passwords with you on your Palm / Treo.
- .Mac integration allows passwords to be synced across machines.
- OS X Keychain integration provides maximum security.
- Easily import from Safari, Firefox, Web Confidential, and RoboForm.
- Generate and enter strong passwords with a single click.