Dashlane Introduces 'Password Changer', Allowing Users to Change Multiple Passwords With One Click

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

I don't trust these apps, I suppose I'm just paranoid. I don't use iCloud Keychain or 1Password. I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

You can still use an application like 1Password to keep your passwords just in your local drive, encrypted, but have the convenience of auto password generation and automatic filling of passwords. There has to be a limit to being paranoid, because otherwise, perhaps you could think Apple could be harvesting your passwords from your encrypted file in your encrypted drive, whenever you unencrypt them ;)

I like my password algorithm because I can still access any site even when 1Password is not available (phone died, whatever) and I'm not vulnerable if a flaw is ever discovered in 1Password's encryption.

I frankly think hacking BOTH 1Password and Dropbox or iCloud (particularly if one uses optional two-factor authentication) is a lot more difficult than hacking basic cypher algorithm. While your algorithm may discourage hacker, even the most amateur hacker can easily hack if they want to.

And if you depend on accessing data anywhere without your phone, you can use Dropbox (you will obviously need to remember its password) and open 1Password.html directly to access all the data.

I like all my passwords in my head and the ones I use infrequently stored in an encrypted file, within an encrypted disk image, on my encrypted hard drive.

Good luck with that. A password manager is a lot easier.

This is why I’m a big fan of password algorithms. You memorize an algorithm which produces a unique password for each site. For example (just made up):

[LIST=1]
* ABC (satisfies capital letter requirements)
* Last 4 letters in the site or company name, shifted left 2 keys on the keyboard, wrapping around if necessary, all lowercase
* . (satisfies special character requirements)
* 123 (satisfies number requirements)

So a few passwords would be:

* Apple: ABCiijq.123
* Amazon: ABCknuv.123
* Dropbox: ABCicum.123
* Google: ABCudjq.123
* Yahoo: ABCkfuu.123

Having only 4 characters (at least in your example) per site is very weak for anything but casual websites. All hacker needs is password for two websites.

With apps like 1Password integrating so tightly with iOS and Mac, I frankly don't see any need for doing all that work. On iOS, just summon 1Password from the share sheet, Touch ID to login, click a button or two, and you are logged in.

Exactly. The idea behind iCloud Keychain or 1Password seems perfect: remember one good password and the app takes care of remembering impossible passwords. Still, the risk that the service is hacked or a glitch causes the data to be lost is just too risky.

I don't even use the cloud for highly sensitive stuff. If I was hacked they'd get some family photos, my school calendar and assignments, and a basic notes journal. We don't live in a highly trustworthy world.

You should probably read up on how 1Password works. Its not really a service, it's just a database manager that stores the passwords in an encrypted file. This is all local. If you choose you can sync over wifi or through Dropbox. Still very secure because Dropbox syncs the encrypted file, even if your Dropbox account was hacked good luck with the encrypted file.