The Unofficial Apple Weblog (TUAW)

Nice! I've never seen the point until I watched their video, and now I understand!

Reply

↓↑report

Nice! I've never seen the point until I watched their video, and now I understand!

Reply

↓↑report

I bought it about 1 year ago.
Use it 10+ times a day.
Great product.

Reply

↓↑report

i bought it earlier this year, and i love it. i use it every day, several times a day.

Reply

↓↑report

does it work with leopard?

Reply

↓↑report

This is a great product!!

Reply

↓↑report

I've just downloaded this 1passwrd App, and it has a SERIOUS
security flaw:

It requires me to allow 1password to connect to their
website to register, and this happens
AFTER it prompts me for my admin password -- which in effect, means
that all my address book, my whole decrypted keychain, and all my
secrets can be sent during the registrations process, without my consent or knowledge.

These are the 2 problems that need to be fixed:
1 -- the fact that web-registration happens after my admin password
is asked for.

2 -- the fact that registration requires network access. The very
nature of this program should require that It NEVER connects to the
web. How can I safely put my credit cards
and all my passwords to my whole life in this one place and this app
now is able to send them to agilewebsolutions.com without my consent
or knowledge?

This could be the worst Trojen out for Mac OS X yet.

Reply

↓↑report

I just wanted to add that 1Passwd is directly integrated into Firefox *AND* Safari. This is a critical distinction from all the other password managers and autofill programs. Your passwords, form data, and identity information are all shared across both browsers.

Reply

↓↑report

Weird; my comment seemed to be merged with another user's comment. Comment #8 was from a different user. Here is what mine said:

@Matt: 1Password is working on Leopard.

@JR: I agree with you that we should not require Internet access for registration, so we do not require it. If you drag-and-drop the license card from your email to the 1Password Licenses window, then there is no need for net access. The other method of registration is when you click the registration link from within the license email; this method connects to our server to download your license. This is completely voluntary and we have an alert message that warns you of this before proceeding.

Regarding the Admin password, it is needed in Leopard because of the new requirements on Input Managers (i.e. the ownership needs to be root:admin).

Cheers!
--Dave Teare
Co-author of 1Password

Reply

↓↑report

Great, great product. Definitely next to shadowclipboard as my two most used utilities.

Reply

↓↑report

@JR: David already replied to your post. I just wanted to add that the Admin password you mentioned in your post is not requested by 1Password application, it is requested by Mac OS X to run the script that has to write to the /Library/InputManagers folder which is owned by root in Leopard. 1Password does not receive the password that you enter.

You can find more information about privileged operations with authorization services here:
http://developer.apple.com/documentation/Security/Conceptual/authorization_concepts/03authtasks/chapter_3_section_3.html

You can run also the script manually instead:
http://forum.agilewebsolutions.com/viewtopic.php?p=11457#11457

Reply

↓↑report

After installing 1Password, there is a system log entry that fires hourly: 1Password keychain backup starting. Which process is doing the automatic backup and how do I stop it?

Reply

↓↑report

My interest was piqued by this:

"...the online version of 1Password, so beloved by iPhone owners."

So I went to the 1Password web site for more info. Took me a while, but I finally found it.

•••••> Bottom line: 1Password on the iPhone does *not* provide autofill in mobile Safari.

Reply

↓↑report

[My previous post was truncated by the use of an apparently "illegal" character.] :-)

My interest was piqued by this:

"...the online version of 1Password, so beloved by iPhone owners."

So I went to the 1Password web site for more info. Took me a while, but I finally found it.

•••••> Bottom line: 1Password on the iPhone does *not* provide autofill in mobile Safari.

On 10.6.07, a user in the 1Password forum wrote:

"...there's absolutely no way to use [1Password's] information [while using mobile Safari]. Instead, you have to write down or remember your username and password, then go to the site, and type it in correctly.

If you've used 1Passwd/1Password to generate a password for you, the odds of you typing it in properly or remembering it without writing it down are slim to none.

This is nothing more than a list of passwords on your iPhone. It doesn't "tie in" to iPhone Safari at all."

And the developer's reply (on the same day):

"In the current version of 1Password for iPhone, the goal was to allow you to access your information from your iPhone. We are now working on solutions to allow you to autofill this information. Rome was not built in a day; it will take some time but we have some great solutions in mind."

Further posts, as recent as a few days ago, indicate that this limitation presently remains. I'm sure it's a great app, but iPhone users should know that this is not yet a "comprehensive" iPhone solution.

Reply

↓↑report

Downloaded it today. Loving it. very handy and easy to use! well done.

Reply

↓↑report

Downloaded it today. Loving it. very handy and easy to use! well done.

Reply

↓↑report

I has similar concerns about security. I dragged the license into the app and watched as it connected and sent "registration" information. Suddenly occurred to me that I might be sending a LOT more than registration info. I disabled 1passwd and then manually changed all my passwords again. While I love the functionality and idea of the product, it contains ALL my info and just one line of code could exploit every piece of info I have. The registration process is unsettling. Where is my password info stored for 1passwd? I deleted the program and plist, but if I reinstall it still shows all my info. I would love to use the program, but am very wary.

Reply

↓↑report

PS - That's "have" similar concerns. I wasn't raised by wolves!

Reply

↓↑report

@butch: 1Password only connects to our servers if you want us to. This includes signing up to the newsletter, using the automatic license registration process, checking for updates, and viewing videos or documentation.

All of these are optional, and they can all be disabled or avoided. You are more than welcome to run Little Snitch and block every network request.

With that said, I need to say it would be completely crazy for us to want to steal your information. We have 5 full time people working on 1Password and we are working on a product we love and supporting a user community we also love. It would be irrational for us to trade this for an unknown amount of money that would make us criminals.

I think both Steve Jobs and Steve Wozniak have proven that there is a lot more money to be made working on stuff you love than stealing.

Reply

↓↑report

David,

I didn't mean to contend that the folks at Agile would be interested in this information. I was more concerned that the info could be intercepted, or possibly that the site I was directed to was a fake, and my information might have been misdirected to some nefarious persons, or even that the license I received was fake and directed my info elsewhere. Is there any possibility or this? Just wary of putting all my eggs in one basket.

thanks...

Reply

↓↑report