Thanks for the paid ad AppleInsider disguised as news.
How is this an ad? Its simply telling people that there's a new version out and what it does. Isn't this what an Apple new site is supposed to do? At least they're not reporting something that happened at Samsung today.
I have found these password keepers cumbersome and not Apple stupid simple yet (which is what I need)
As an aside -Ben Horowitz(of Andreessen Horowitz) was on Charlie Rose the other night and postulated that some form of 'bit coin' would solve a lot of security problems as related to e-commerce.
Paraphrasing - You(the user) have your bit coins from your account (how that is secure I dunno, presume just a password). Go and buy what you want etc. No id needed etc except to fill out your shipping info.
OR spam - charge 1/100 a bitcoin for each email sent. No more spam.
Anyways, this guy thought bitcoin will be huge to solve these types of problems.
I'd rather an ad for 1Password, a useful and well-designed piece of software, than MacMall discounts that no one outside the US can use, and leave a cheap and nasty taint on the site.
I have found these password keepers cumbersome and not Apple stupid simple yet (which is what I need)
There is definitely a warming up period with all these robust password managers but once you have added most of them it's smooth sailing. Most of the ones you use you'll have completed within a few days, with some stragglers whose websites you may not try to access for months at a time popping up along the way, but the app will let you know when it's a new entry.
It's certainly more cumbersome on iOS than the Mac, since AgileBits can't plug directly into Safari. They've come up with some clever workarounds though, first the bookmarklet, and more recently 1Browser.
I use 1Browser almost as much as I use Safari, it's just a matter of getting used to it.
[@]macxpress[/@] and [@]ThePixelDoc[/@] sum it up nicely.
Agreed!
PS: This thread gives me hope. That other thread was literally scary the number of people that claims that internet security was so pointless that simple password used across all sites were just as secure as any long, complex, and unique passwords.
Again, agreed!
* Here is a simple workaround with a Smart Folder, also linked via that 3rd discussion page.
You can't paste from within the browser window but if you go to the Menu Bar and chose Edit » Paste it will usually work. I assume this is bypassing some JS code.
That is indeed what I do sometimes.
PS: I wonder if anyone has made a browser extension that stops the autofill prevention.
My bank doesn't allow me to save the password in iCloud Keychain. And while I think that is a good measure, they are pathetic at their password requirement (max 20 and only . - _ ! @ # $ %):
Kies een veilig wachtwoord
Gebruik letters, cijfers en leestekens.
Gebruik minimaal 1 hoofdletter, 1 kleine letter en 1 cijfer.
Lengte: minimaal 8 en maximaal 20 karakters.
Uw wachtwoord mag niet hetzelfde zijn als uw gebruikersnaam.
Kies een wachtwoord dat u de afgelopen 12 maanden niet heeft gebruikt.
U kunt kiezen uit de volgende karakters:
Cijfers: 0 t/m 9
Letters: kleine letter (a t/m z) en hoofdletter (A t/m Z)
Leestekens: punt (.), koppelteken (-), liggend streepje (_) en uitroepteken (!)
Overige tekens: @, #, $ en %
I wanted to translate for our non Dutch speaking, but somehow I just know you get it.
My bank doesn't allow me to save the password in iCloud Keychain. And while I think that is a good measure, they are pathetic at their password requirement (max 20 and only . - _ ! @ # $ %):
All my financial institutions require compatibly weak passwords. I think one has a maximum length of 12 or 16 characters and most (if not all) don't allow you to use that range of special characters so I have to turn off that feature in 1Password thereby making it alphanumeric and replace a character or two manually with the special characters it does allow.
I jumped onboard with version 4.0 and have not regretted the decision for a minute. A feature that I love that does not get a lot of press is that if you use dropbox sync, you can open a web version of the vault to retrieve your passwords from any computer. (Standard warnings about key loggers / sniffers apply for this). I don't use it often, but when you are at work and forgot to charge your phone, it can be a lifesaver.
I have also been a 1Pass user for years. Brilliant program. Other posters have pretty much covered all the highlights of using it above. The only thing I would add is that 1Pass was fantastic for dealing with Heartbleed. I had a lot of passwords to change & 1Pass was indispensable.
The only thing I would add is that 1Pass was fantastic for dealing with Heartbleed. I had a lot of passwords to change & 1Pass was indispensable.
What would be awesome is if 1Password could keep a public database of sites that have A) been hacked, and, in the case of Heartbleed, sites where a major security hole was found.
1Password could then periodically or at your request grab the DB file and then cross reference it (locally) to login items that match the list of URLs. Any matches then get two dates checked. One in your 1P DB to see the last time you changed the password and the other being the date the hole was plugged. If the date of your 1P DB login is older than the date of the DB file it downloaded then you get a request to change that password.
This would mean someone who has a Target account would know to change their password even if they didn't hear about the intrusion via the media.
I am still not certain if I changed all the needed passwords for sites affected by Heartbleed that have completed corrections.
edit: I submitted it.
edit2: They've already been working on that and it's already in the latest beta versions.
It's people like you who make software companies work harder and better, ironing out anything not good enough and give them the incentive to go beyond what they started out with, like your cross reference check on affected sites. Which I think is a great idea. Full props to you sir.
Comments
Thanks for the paid ad AppleInsider disguised as news.
Thanks for the paid ad AppleInsider disguised as news.
How is this an ad? Its simply telling people that there's a new version out and what it does. Isn't this what an Apple new site is supposed to do? At least they're not reporting something that happened at Samsung today.
I have found these password keepers cumbersome and not Apple stupid simple yet (which is what I need)
As an aside -Ben Horowitz(of Andreessen Horowitz) was on Charlie Rose the other night and postulated that some form of 'bit coin' would solve a lot of security problems as related to e-commerce.
Paraphrasing - You(the user) have your bit coins from your account (how that is secure I dunno, presume just a password). Go and buy what you want etc. No id needed etc except to fill out your shipping info.
OR spam - charge 1/100 a bitcoin for each email sent. No more spam.
Anyways, this guy thought bitcoin will be huge to solve these types of problems.
All Greek to me.
I'd rather an ad for 1Password, a useful and well-designed piece of software, than MacMall discounts that no one outside the US can use, and leave a cheap and nasty taint on the site.
There is definitely a warming up period with all these robust password managers but once you have added most of them it's smooth sailing. Most of the ones you use you'll have completed within a few days, with some stragglers whose websites you may not try to access for months at a time popping up along the way, but the app will let you know when it's a new entry.
I use 1Browser almost as much as I use Safari, it's just a matter of getting used to it.
Agreed!
Again, agreed!
Thanks for that. Plus the links.
That is indeed what I do sometimes.
My bank doesn't allow me to save the password in iCloud Keychain. And while I think that is a good measure, they are pathetic at their password requirement (max 20 and only . - _ ! @ # $ %):
Kies een veilig wachtwoord
Gebruik letters, cijfers en leestekens.
Gebruik minimaal 1 hoofdletter, 1 kleine letter en 1 cijfer.
Lengte: minimaal 8 en maximaal 20 karakters.
Uw wachtwoord mag niet hetzelfde zijn als uw gebruikersnaam.
Kies een wachtwoord dat u de afgelopen 12 maanden niet heeft gebruikt.
U kunt kiezen uit de volgende karakters:
Cijfers: 0 t/m 9
Letters: kleine letter (a t/m z) en hoofdletter (A t/m Z)
Leestekens: punt (.), koppelteken (-), liggend streepje (_) en uitroepteken (!)
Overige tekens: @, #, $ en %
I wanted to translate for our non Dutch speaking, but somehow I just know you get it.
All my financial institutions require compatibly weak passwords. I think one has a maximum length of 12 or 16 characters and most (if not all) don't allow you to use that range of special characters so I have to turn off that feature in 1Password thereby making it alphanumeric and replace a character or two manually with the special characters it does allow.
Strange that these financial institutions have a (way) lesser than safe password requirements. That is the first place I would expect it.
I jumped onboard with version 4.0 and have not regretted the decision for a minute. A feature that I love that does not get a lot of press is that if you use dropbox sync, you can open a web version of the vault to retrieve your passwords from any computer. (Standard warnings about key loggers / sniffers apply for this). I don't use it often, but when you are at work and forgot to charge your phone, it can be a lifesaver.
Brilliant program. Other posters have pretty much covered all the highlights of using it above.
The only thing I would add is that 1Pass was fantastic for dealing with Heartbleed. I had a lot of passwords to change & 1Pass was indispensable.
What would be awesome is if 1Password could keep a public database of sites that have A) been hacked, and, in the case of Heartbleed,
1Password could then periodically or at your request grab the DB file and then cross reference it (locally) to login items that match the list of URLs. Any matches then get two dates checked. One in your 1P DB to see the last time you changed the password and the other being the date the hole was plugged. If the date of your 1P DB login is older than the date of the DB file it downloaded then you get a request to change that password.
This would mean someone who has a Target account would know to change their password even if they didn't hear about the intrusion via the media.
I am still not certain if I changed all the needed passwords for sites affected by Heartbleed that have completed corrections.
edit: I submitted it.
edit2: They've already been working on that and it's already in the latest beta versions.
It's people like you who make software companies work harder and better, ironing out anything not good enough and give them the incentive to go beyond what they started out with, like your cross reference check on affected sites. Which I think is a great idea. Full props to you sir.