One of the most wonderful utilities of OS X, is the Keychain Access utility. A system wide keychain for all your passwords, forms and other items stored in a secure location. For most part, this keychain remains totally transparent to the user as we surf the web, autofill forms and know, that if we forget our password, Keychain is there to save us.
Given all this perfection in functionality, Agile Web Solutions feels that there are some gaps in the way Keychain operates. And they say they provide a solution, that is, 1Password. At first I didn’t think much of this utility, thinking that if OS X provides the functionality, I don’t need anything that can be considered ‘for power users’. However, after going through applicationss like TextExpander, SuperDuper!, and Pixelmator, I had to go through 1Password for all it’s worth. Read on for a smoking review of 1Password…
The moment I started writing the 1Password review, I knew that it wouldn’t be one of my regular explanatory technical reviews. So let me start by saying I like 1Password. It is everything a Mac application should be.
On first launch, 1Password throws up a little welcome window, offering to import your existing Keychain passwords, go through a ’3-minute tutorial’, or configure 1Password to suit your liking. I immediately imported my keychain passwords and ignored the welcome screen from thereon, skipping the tutorial altogether. A week later, I was wondering what the whole purpose of 1Password was! The user experience felt the same as Keychain and I was wondering why anyone would want to buy something like this?
So I took some time off and went through 1Password. I went through the training videos, I went through the support site, I went through forums, and suddenly it became clear to me how awesome this utility is. So let’s get started shall we?
The first thing I learnt about 1Password, is that you need to set things up. I’d suggest you not to import your Keychain data, and instead, start over. First thing, you need to set up your identities and wallet items.
1Password supports multiple identities that you can manage. Identities are basically form fillers. You can have a professional identity which puts in your formal name and signature, and a casual one for signing up on tech forums. Everything from name to AIM user IDs can be saved in each identity.
While most of us thrive on Paypal, there are still those times you need to enter in your credit card info, including details like the phone numbers of your issuing company! 1Password lets you neatly store info of all your credit cards, bank accounts, online memberships, and a bunch of other stuff I wouldn’t even want to know.
The beauty of this utility is that once you’ve set things up, using it is almost transparent. The application integrates well into Safari and can also be plugged into Firefox or another browser.
The way of working with passwords for most people, is to have 1 standard password for all your services. I mean, who can remember so many different passwords? Unfortunately, there is always that time when you will fumble, and your entire online life might be at the hands of a hacker de elite.
The key feature of 1Password is that it lets you generate totally random password for every service you sign up for. And the best part is, you don’t ever have to remember any of those complicated passwords.
Say I’m filling out a Gmail signup form. Once I get to the page, I’d click on the 1P button in Safari, and select “Fill Identity » Milind Alvares”. Once all my info is filled out, including a newly generated password! Okay, so I’m not comfortable not knowing what the password is going to be, so I clear the generated password, and select “Generate Password”. That’s when you see the awesome password generator.
The Password Generator
This is the most advanced password generator I have seen. Right from creating memorable passwords, to creating Digest passwords (passwords based on a word and domain, and reproducible), or totally random. You can adjust the length of your password, whether it includes hyphens, digits, and keep refreshing all of this to get new passwords every time. If you feel that you will be accessing a certain service (say your Mail account), I’d suggest creating a pronounceable one, while giving totally random passwords for sites you will be accessing only on your Mac. Once you are done with choosing your password, 1Password will fill them into your web form.
Whenever you enter a login for any website, or create a new login (as we just did with the Gmail web form), 1Password will throw up a little bar at the top asking you to save that password. Enter a meaningful name (the auto generated one isn’t so memorable) and save the password.
Now, any time you want to fill that login info for that website, just press the 1P button and fill the login information. This is terrific for those websites where you have multiple IDs and the built in Safari form filler just can’t keep up.
Backup and Sync
What if you have a bunch of Macs, as well as an iPhone, spread out in different locations. How are you supposed to remember that “089afhh3hkjn1#2″ password? Luckily, 1Password supports MobileMe sync, so all your Macs can have the same passwords at all times. And even if you don’t use MobileMe, the developers have provided guides to using a bunch of different web storage solutions like DropBox or SugarSync to get your passwords across.
Ever wanted to create a few notes that no one else should see? One might stuff them in a secure DMG, or perhaps email them to yourself. With 1Password, you can create simple notes, just a title and text content, which will never be accessible to anyone without a password.
Locking it up
1Password shares the master key with your Keychain access, which unlocks gives access to all your other passwords. Strangely however, the login window has this key auto filled in. Make sure you uncheck that option and have 1Password set to autolock within a short ten minutes of inactivity. This way, no one can ‘see’ your passwords. You may continue to fill web forms without having to unlock your 1Password application.
This is one of the key applications which is hit hard by the iPhone SDK. Since Mobile Safari cannot be touched by any iPhone app, 1Password cannot fill login when you are browsing. And since there is no copy-paste, you are left to looking at your passwords and then quickly switching to Safari with that info.
Thankfully they have included a built in Safari browser, which although isn’t exactly fully functional, gets the job done. Just scroll through the list of logins, and open any one of them in the built-in browser. This will be particularly handy when you have to fill in a complicated bank login while on the go.
The app is protected with two layers of security: a four digit code and a master password which can be set on a per-item basis. 1Password syncs with your desktop over Wifi and I’ve had no trouble getting data across to and fro. All logins, wallet items and notes are synced across. The iPhone app is free on the App Store, and is recommended for any 1Password user.
1Password also syncs with a Palm device. Unfortunately, none of the Smoking team members will touch a Palm device so we have no idea how that works out.
Wrapping things up
In the last four weeks of reviewing, there have been a lot of little surprises in 1Password that just keep increasing my respect for this app. And there are still some functions and features that I’m yet to figure out how to use. Initially I found that I had to force myself to use the 1Password button instead of manually entering text, but I got used to it within a week’s time.
A single license of 1Password costs $40, while a family pack costs $70. The cost might seem prohibitive for some, but the convenience, security and ease of use of 1Password totally justifies the cost. I’d highly recommend you get the trial version and give it a spin for a couple of days.
The Smoking Apples 1Password giveaway!
So you love the functioning of the application, but don’t make enough to budget spending 40 bucks on it? Thanks to Agile Web Solutions, we get to offer a full license to one lucky winner. The rules of the contest are simple.
- One entry per person.
- Valid email ID required (Never ever spammed. Only required for contacting the winner)
- Download the trial and tell us what you think of it.
- Optional: If you tweet about this, you get two entries into the draw. (Post your twitter status along with your comment)
The winner of this giveaway is Dumitru Tira. Thanks everyone for commenting.