Phishers -- in their sinister attempts to bilk you out of your time, money, and personal information with bogus emails -- are becoming more and more clever. Luckily, with a little critical thinking and up-to-date software, you can keep yourself safe.

Typically, to avoid falling victim to phishing, check the URL that the email is asking you to click. Does it look right? One popular façade for phishing attempts is PayPal, and there's a new technique that makes it look like the request is coming, securely, from paypal.com. For the technical among us, it exploits a flaw in one of PayPal's screens that allows a phisher to include a redirect URL in an address that begins with https://www.paypal.com. Sneaky. Thankfully, Firefox blocks it on the rebound.

Also, emails that ask you to verify or enter account information (that you've already entered) have a high degree of poopiness about them. Reader Allan noted that because Apple is in the process of switching people to Mobile Me, some phishers are using the confusion to send people emails asking them to enter new billing information for the new service. That, of course, isn't necessary, and if you get that kind of email, you should delete it.

Another good way to protect yourself is to use an up-to-date browser. Firefox includes protection against known phishing sites, and warns you about them before letting you proceed. Safari, currently, does not, but 1Password does, and it works seamlessly with Safari. Installing one of these options is especially important for parents and grandparents that may not be as familiar with these attacks as their kids.

Lastly, there's a great overview at macphishingprotection.com, which notes, "Phishers win even if you make only one mistake." Truer words never spoken.

Thanks, Allan, Fernando and Aviv for the heads-up!

It's been six months between major upgrades to browser credentials manager and all-around swell pal 1Password, and the Agile team has not been napping; the new version 2.6 offers anti-phishing tech courtesy of integration with PhishTank.com, compatibility with SSB fave Fluid, and a more streamlined password-changing option to avoid the proliferation of old credentials.

Single-user licenses of 1Password are $34.95 and 3-license family packs are $49.95 (otherwise known as $35 and $50; can we agree that pricing downloadable items as if they were sportscars or boxes of detergent, while psychologically valid, is darned silly) and upgrades from 2.5 to 2.6 are free of charge for most users. MacHeist II bundle owners are covered for this upgrade, however those who got a free license via Macworld's Mac Gems promotion will have to cough up the dough for the new version.

Password concierge and form-filler extraordinaire 1Password was upped to version 2.5.12 today with more features, changes and fixes than we could possibly list. Of course, current bleeding-edge users probably noticed that 2.6 Beta 6 also came out today with its own improvements and fixes, including the missing Fluid extension from Beta 5. Did we mention it supports Fluid these days?

Version 2.5.12 packs Safari 3.1 support, iPhone bookmarklet changes, better Firefox support and a plethora of fixes. While the price of this TUAW favorite has gone up a whole $5, so has the functionality. The current update is free for license holders, newcomers get it for $34.95. To each their own, but I personally consider this one worth every penny.

Update: I'm quite obviously a month behind on my 1Password release notes. 2.6 Beta 6 did come out today, 2.5.12 came out... yes, a month ago. I apologize to anyone who was thrown into a time-warp due to my careless disregard of basic chronology.

The utility formerly known as 1Passwd, which holds a place of pride in the app folders of many, is currently free for the downloading from Agile Web as part of a Macworld newsletter promotion (no, you don't need to subscribe to download). Since 1Password normally retails for $29.95, this is a bargain -- however, downloaders note that the promotional license is not eligible for upgrading to future versions, nor does it grant the user access to the online version of 1Password, so beloved by iPhone owners.

For anyone managing a lot of web form passwords and signup info, 1Password's ease of entry and Keychain integration are definitely worth a look. Of course, once they get you hooked... that's why the first sample is always free.

Thanks to everyone who sent this in.

The browser password manager 1Passwd has just been updated to version 2.5b and adds an interesting new feature: iPhone export. You're now able to export your secure passwords and notes to the iPhone from your Mac. The clever thing is that they accomplish this without hacking the iPhone in any way.

Basically what it does is create a special Safari secured bookmarket from your 1Passwrd data "using 448 bit Blowfish encryption." This special bookmarklet is then synced to the iPhone in the normal way through iTunes. When you access the bookmarklet in mobile Safari on the iPhone it prompts you for your password and then gives you access to your passwords, secure notes, etc. Since it's just a bookmarklet in mobile Safari this should not be affected by any future firmware changes, etc.

The latest 1passwd beta can be downloaded from the Agile Web Solutions Forum.

For anyone who has ever wished that Firefox did this or that on Mac OS X - get ready to voice your requests and complaints. Jeff Smykil at Ars Technica is reporting that Colin Barrett of the Firefox team has left the door wide open for Mac users to submit requests for the browser, including a short list of things they already know are at the top of many users' lists (some of which are already planned). For example: Native Form Widgets (i.e. - web form buttons that look and feel more like Mac OS X a lá Safari / Camino / OmniWeb) are on the drawing board for Firefox 3, and a Unified toolbar is apparently "not completely hopeless." Performance is of course on the list (is it ever not?), but a big one that this blogger feels is fundamental to any Mac OS X app that deals with passwords also made the list: Keychain integration (Colin - does that count for my request submission?). We of course have 1Passwd, a password and identity manager that (among other things) integrates Firefox with the Mac OS X Keychain, but 1Passwd's $30 price tag understandably sets it outside of most user's budgets (though until Firefox builds this feature in, I definitely recommend 1Passwd as a happy customer).

But don't stop there - Colin and the Firefox team want to hear your thoughts on these features, as well as all the others missing from the browser that you simply can't live without. In fact, they want all the email they can get their hands on, so head on over to Colin's blog to get the email address with which you can help make Firefox a better browser for the Mac.

Over at the Switcher's Blog (which is actually the blog for browser form manger 1Passwd) they're crowing about their new innovation: software License Cards. These are basically just graphic files that contain the registration information embedded in them. These "cards" are emailed to customers, and the registration is achieved by dragging and dropping the card on the application. They claim these cards are much more Mac-like than the standard method of a hex code.

While there's something to that, I don't like this idea as a complete replacement for registration codes for one simple reason: it requires me to keep these card files. With text registration codes it's very easy to keep a list of them in a plaintext file. For instance when I register software I immediately add the new code to my local registration text file, then I email it, as plain text, to myself for backup. I realize that I could email myself these cards as attachments, but it just adds an extra layer of complexity. If every developer used these things, I'd quickly end up with a ridiculous collection of these cards. Further, as some have pointed out, this also precludes printing out and keeping a hard copy of the codes. (All these points apply as well to the related practice of program specific binary keys such as used by Pukka and Overflow).

So I have a simple suggestion. Why not use both? In fact, the hex code could be "printed" on the face card itself. That way old curmudgeons like me could keep doing it the old way, but whatever putative benefits these cards offer would still be there. So what do you think? Do you like the idea of License Cards?

[Via Digg]

This week's podcast covers 1Passwd, the password manager and autofill tool that brings some really unique features and multi-browser support for the Keychain to the table. For just under 8 minutes I demonstrate some of the killer features of this app that go above and beyond the norm, and the whole thing weighs in at a mere 28MB. Snag it from our iTunes Store Podcast directory, this direct link or our own podcast rss feed. Enjoy!

1Passwd from Agile Web Solutions is one of those browser addons that just makes me feel all warm and fuzzy, as if its developers had an epiphany while laying in a field of not-too-prickly grass on a perfectly warm, sunny day, asking themselves: "how can we make the world a better place?"

Which browser does 1Passwd work with, you ask? Why, just about all of them. This password and identity manager integrates with nearly every major Mac OS X browser, including Safari, Firefox, Camino and OmniWeb, as well as DEVONagent and even NetNewsWire, to bring Keychain nirvana and multiple identity autofill to website forms (that's right: Firefox can use the Keychain, thanks to 1Passwd). In other words: it's an über-Keychain for your browsers, allowing you to stop caring about which one you're using, where you saved that forum's password or how you're going to fill out the umpteenth store registration. And as you might have guessed from my introduction: I kind of like 1Passwd, and a recent upgrade to v2.3 offers even more to rave about.

Most noticeably, the new version ushers in a fresh new UI, shedding the old 'n busted brushed metal for the unified look that's all the craze with 3rd party developers and lovers of good-looking software. Don't be fooled though; the new features are far more than skin deep. Folders and smart folders are now in full effect, allowing for more flexible organization of your unruly collection of logins. Another really slick new feature is 1Click Login Bookmarks, which allow you to save a bookmark with specific login credentials - perfect for sites at which you have multiple credentials. Goodbye, tedious logging in/out all day!

Plenty of other new and updated features are detailed in this blog post, and many of 1Passwd's major features, such as Firefox integration and Palm/Treo syncing, have screenshots or video demonstrations on its product page (scroll down for all the goods). A demo is available, while a single license costs a mere $30, with a 3-license family pack for $40.

1Passwd, our favorite Tiger-only web form filler and password manager, was updated yesterday to version 2.1 build 3744. It sports a shiny new icon and now supports NetNewsWire! Also in this release are over 20 other improvements and bug fixes, along with the following new features:

• Added 'Find and Delete Duplicates' do locate web forms that have identical contents.
• Added NetNewsWire extension (using context menu instead of toolbar).
• Added dynamic toolbar buttons to all supported browsers.
• Web forms now can be dragged to web browser to create bookmarks.
• 1Passwd keychain will be automatically backed-up daily to a local folder.
• Added Autosave Rules to disable autosave on user-defined domains.
• Added 1Passwd context menu to Safari, Camino, DEVONagent, and OmniWeb.

Complete details are available on the 1Passwd blog and you can download a copy on the main site. Upgrades are free for registered users, and there's a free trial if you need it. New registration will cost you $29.95.

My favorite password and form manager, 1Passwd from Agile Web Solutions, has been given a nice update from version 1.5 to version 2.0. As a registered user I appreciate that there's no charge for this update, even though it's a major update and not a minor tweak. The authors have even stated there won't be a charge for the Leopard-compatible update when the time comes, thanks in part to the support they've received from sites like MacUpdate, VersionTracker and iUseThis. The free major upgrades are their way of saying "Thanks" to the community that has helped them build and improve their app.

1Passwd is a password manager and form-filler for Mac OS X that allows multiple identities, generates strong passwords, integrates with the OS X Keychain and most browsers (Safari, Firefox, Camino, Shiira, Flock and now OmniWeb and DevonAgent), and also integrates with .Mac so you can sync your passwords and forms across multiple systems. It's like the OS X keychain on steroids and with an emphasis on web forms and better integration. I've been using it for a few months now and I've come to rely on it heavily.

Version 2's most notable feature addition is the new Secure Notes feature - which I don't have too much use for personally, but it's nice to know it's there! Additional features include:

• Added 1Passwd extension for DEVONagent 2.0.3.
• Added 1Passwd extension for OmniWeb 5.5.
• Added Import of RoboForm Safenotes.
• Updated About window to include code attribution and hide registration info by default.
• Fixed UTF8 encoding problems in Firefox extension.
• Fixed problem emptying the Trash with Identity records.

There are also several changes to the user interface, including a trash can for deleted entries in case you change your mind or delete the wrong entry by mistake. There are even more features coming in future 2.x updates, but the developers felt it was important to push these features out the door now so that OmniWeb and DevonAgent users could enjoy 1Passwd rather than make everyone wait a few more weeks for the kitchen sink. You can read more about the new features planned on their blog.

There's a free version which is fully functional but limits the number of saved forms and identities to saved forms and identities to 12 and 1, respectively. The registered version costs $29.99 or $39.99 for a family license (up to 3 users in the same household) and there's a 30-day, 100% refund guarantee. Go ahead and give it a try - you really have nothing to lose!

*Oh snap!* Agile Web Solutions has created a password and form manager extension for both Safari and Firefox that fixes one of my biggest gripes about Mozilla's flagship browser: it can store website passwords in Mac OS X's Keychain Access application. For those who haven't stumbled upon the wonders of the Keychain: it's a system-wide secure password manager that most other Mac OS X apps can use to store logins for things like websites and FTP access. 1Passwd is an extension that, amongst other features, lets Firefox join the Keychain party party so you can have one secure, centralized area for managing (and backing up) your logins. This also means that if you have a .Mac account, any passwords you enter into Firefox will sync between your Macs. But 1Passwd doesn't stop at handle just your login information. Check out the full feature list to see everything else it can do for both Safari and Firefox.

If beer could be sent virtually through PayPal, I'd send Agile Web Solutions a twelve pack; this brings Firefox one step closer to being a true Mac OS X browser. 1Passwd is currently in a third beta release, and those who opt to test the beta and offer their email addresses will receive a discount off its (somewhat steep) $29.95 price.