back to article Fiendishly complex password app extension ships for iOS 8

AgileBits wants more apps to use 1Password's strong passwords, and has released an extension on github to that end. The idea is that app developers can grab the extension, write a few lines of code into their apps, and allow their app users to create strong passwords during registration. Naturally, this would also push users …

keys to my castle(s)

am i the only one feeling uneasy about handing the key to various apps/websites to 1 single company?

i haven't decided if its a good or bad idea, something akin to having all my cash in 1 place (where i can keep an eye on it) or spread out all over the place (where a loss doesn't have such a big impact)

3
0
Silver badge
Big Brother

Re: keys to my castle(s)

Well... AgileBits are a Canadian company...

I'd rather trust them instead of ANY American company !

0
2
Silver badge

Re: keys to my castle(s)

Presumably the passwords file is encrypted, and not accessible by 1password at all? I use Keepass and it is very good.

0
0
Bronze badge

Re: keys to my castle(s)

AgileBits are a Canadian company...

I'd rather trust them instead of ANY American company !

Perhaps.

For now.

Don't forget, a certain Mr. Harper is in charge there.

0
0
Happy

keys to my castle(s)

I've been using LastPass for a while now, seems pretty robust across ios / mac / windows / usb key using chrome and safari. It creates 'random' passwords as required, mine are mostly 20 characters long as a minimum, providing the site allows.

As for handing keys to one company, the local copy of LastPass encrypts the keys before syncing through the central server with each platform. The '1company' only has access to the encrypted usernames/passwords and never sees the encryption key, with AES256 it's about as safe as required. It's certainly safer than using the same 8 char password with multiple sites which is what I used to do.

1
0
Big Brother

Re: keys to my castle(s)

I've always assumed that once something is store on a 'computer` - then it's not a secret anymore ...

1
0
Anonymous Coward

Re: keys to my castle(s)

I use 'EnPass', which is also cross-platform (I have it on Windows, Mac and Blackberry) does the same thing - except that its DropBox where my encrypted keys file is stored.

0
0

Re: keys to my castle(s)

Technically as 1Password stores your data on a cloud service like Dropbox or iCloud, they don't have even the encrypted keys, unless you think they've built a back door into their software.

0
0
Anonymous Coward

Or just use the free password system built into iOS that is likely to be better supported (by web sites etc.) and more likely to be put under scrutiny for security etc.?

2
1
Bronze badge

@AC

I tend to agree. This, and other iOS password managers, were created before Apple rolled out iCloud keychain to the masses. I have a similar password manager, but I rarely use it these days.

0
0
Unhappy

created before Apple rolled out iCloud keychain

iCloud keychain is okay unless you use non-apple platforms. My workplace uses Windows and I also use internet cafes, at which point Chrome running on a USB key with LastPass comes in handy!

0
0

Strong password to protect pictures of kittens.... WHY??!

It's been said many times before, but frankly I'd rather websites and apps stop forcing users to use strong passwords when the content they secure is worthless. Sure my bank should require a strong password, and paypal, and e-bay, and e-mails, and maybe even facebook (uuugh). Although two factor security would be far more reasonable: like gmail has (and paypal can afford to send me a text message to my mobile). Other websites essentially just keep my information private, and that's not worth much. I propose 4 classes of website - privacy, store account (without payment details retained), e-mail and social presence, payment/banking. I see no reason as to why privacy should be maintained by a unique strong password.

3
2

Re: Strong password to protect pictures of kittens.... WHY??!

...because in the real world not all websites will fit nicely into your categories and some will move from one to another depending on how they and/or your use of them changes over time.

Rather than manage this change, it's easier and more secure to have unique and strong passwords for everything. There are lots of ways to manage them now - KeePass, LastPass etc...

0
0

Re: Strong password to protect pictures of kittens.... WHY??!

Currently the weakest password that I use is in fact at my bank. They still insist that passwords are not case sensitive, and won't allow "special" characters.

But they do provide significant added security by demanding to know my mother's "maiden" name.

1
0

Re: Strong password to protect pictures of kittens.... WHY??!

Try Virginmedia's borked e-mail set-up - e-mail passwords, must be between 8 and 10 characters long, must start with a letter, cannot contain spaces. And apparently some word combinations are forbidden. Trying to generate something secure is horrendous.

0
0
Silver badge
Trollface

Isn't it ironic

that "1Password" looks like a classic example of a terrible password? (That would still pass the security requirements of most sites.) Only difference is you usually put the one on the other side.

0
0

Comparison?

Has anyone done a comparative review of these various options, LastPass, KeePass, 1Password etc. and evaluated them for various use cases?

If not, how about it, Reg?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums