AgileBits today has updated its popular password manager app, 1Password for Mac, to version 4.2, bringing 30 new features, including significant improvements for 1Password Mini, the app's menu bar extension (via Cult of Mac).
1Password mini- You can now edit items directly within 1Password mini!
- Edit generated passwords in 1Password mini, too
- Greatly improved URL matching makes logging in to sites with sub domains easy
- Configure URL matching for sub domains in 1Password > Preferences > Browser
- Improved support for multiple Chrome profiles
- By popular request, 1Password mini now shows Secure Notes!
- 1Password mini now supports fuzzy search. For example: “oogle” will now return items named “Google”
Other improvements include refinements to the app's AutoSave functionality, as the app now searches all vaults before asking to save or update Logins and will prompt users to save Logins in their primary vaults by default. Additionally, item editing has been streamlined, allowing users to edit when 1Password locks or quits in the middle of a change as well as the ability to switch vaults while editing.
The update is currently available for download on AgileBits' website, and will be available in the Mac App Store once the update is approved.
1Password for Mac is available in the Mac App Store for $50. [Direct Link]
Top Rated Comments
So if you don't know what it means or don't understand, you just blow it off? You could, you know, read a little (http://blog.agilebits.com) and educate yourself (http://en.wikipedia.org/wiki/Encryption). If you're not going to do that, there's really no use proudly announcing you don't understand something so you're not going to use it. You basically have to trust a bunch of other people telling you a thing is real and good at what it claims, and 1Password is definitely the real thing and highly secure. Or you can just keep using the same weak/annoying password system you're using now.
So does Keychain
* thereisnofatebutwhatwemake
* eastofthesunwestofthemoon
* !)@(#*$&%^Test123
* *tecno9654postgres
* !@#$%^&*()_+lisa
* Ph'nglui mglw'nafh Cthulhu R'lyeh wgah'nagl fhtagn1
If your answer to just one of the above is "Yes": Think again real hard about using a good password manager!
Those passwords above were all guessed using "dictionary lookup" attacks within hours or days (not weeks or years)! Several hours to days!
(And please note: there are all considerably longer than your simple "8 or 9 character passwords"!)
Rule of thumb: if you try to come up with a password that is based on any (combination of) word(s) that can be found "on the Internet" (Twitter, Wikipedia, websites, news groups, the Bible, other book texts available in electronic form, ...), it is very likely that it will be guessed! Even 1f u d0!permutat1ons$and_try2bcl3v3r! ("rule-based substitution attacks").
For a detailed background why you should be very concerned:
http://arstechnica.com/security/2013/10/how-the-bible-and-youtube-are-fueling-the-next-frontier-of-password-cracking/2/
"How the Bible and YouTube are fueling the next frontier of password cracking"
And considering that several major (commercial) sites were hacked and millions of encrypted passwords were stolen in the past few months, you should really have different passwords for each and every service!
(What people often forget: they might have a hugely "secure password" for e.g. their Apple ID, but they have a weak password for their email, so attackers can guess the email password, reset the Apple ID with a confirmation email sent to that email address, and *zonK*! There you go! Your Apple ID accessible now to them as well!)
Well, as I said: reconsider of what you think is "secure"...
Yeah, it sounds impressive, but then they told passengers the Titanic was unsinkable due to it's state of the art engineering.
So while "256 bit locker encryption" sounds great, I don't understand what it means, whether it's appropriate, nor do I have any way of verifying it really is secure.
For me, that's reason enough to buy it. They're the only product out there (AFAIK) that is actively writing about their security processes (including flaws). I wouldn't trust _any_ of the other applications.
I'm shocked, to be honest, by all of the people on this "tech" site that think that
1 - reusing passwords is okay
2 - they can remember all of the secure passwords that they need
For 1: you will be burned. it may not be today, it may not be tomorrow, but you will be burned. someone will spoof your name on a forum, or you'll forget that "hey, that pizza place actually has my credit card on file... oops"
For 2: it's either one or the other. they're either secure, or you can remember them. choose one. not both.