Why you can trust AppleInsider
Read how we test products or view our ethics policy. If you shop through our links, we may get a commission.

Review: 1Password 4 for Mac makes managing all your passwords easy and secure

1Password 4

4.0 / 5

Last updated

Passwords stink. Password policies vary widely from the many sites you choose or have to use, and satisfying them all is hard, and hard to keep up with. That's why 1Password is an invaluable application — and the new 1Password 4 qualifies as a worthy update.

Whether it's a password policy that says you need 8 to 14 characters with a capital letter and a number, but no symbols, or a policy that changes it every 20 days, or a policy that requires 10 letters, 2 numerals, a soundtrack and a plot, managing passwords can be ridiculous.

But there's a reason we need to get better at passwords: We are human. We are weak. We use the same username, email address, and password repeatedly. The most commonly used password is, well, "password."

1Password

In addition, major companies like Adobe and Sony have been hacked and user passwords have been stolen. From these breaches, take away some good practices:

  • Never use the same password in two places.
  • Never save your credit card, address or other personal information if possible.

This is where 1Password comes in. 1Password is a Mac, iOS, Windows, and Android application. It's a password locker, generator, and new in version 4, an auditor.

At its most simple, 1Password offers to store passwords as they are entered into websites. It will then allow you to autofill them on subsequent log in attempts using Cmd-\ as a keyboard shortcut. It uses either a browser plug-in or a menu bar application, 1Password Mini, to autofill the username and password. It will recognize the username and password needed for the page, but also allows searching of all saved passwords.

1Password

But 1Password is a little better than just a password locker. It generates passwords that comply with the various absurd requirements, fills in the fields as you're creating web page accounts, and saves them for you all in a few short steps.

It also saves credit card information, logins (similar to passwords), identities contaning address information for easy autofill, secure notes, and other categories (bank accounts, social security numbers, reward program numbers, licenses, and more.)

1Password

And new in version 4 is the ability to create 'vaults' so users can store account logins and passwords in contexts, such as a "work" vault, a "parents" vault, and so on.

How can this be secure?

Users are required to essentially trust their digital life to this application and its data file. How can it be trusted? Because AgileBits, makers of 1Password, are using good encryption.

1Password

AES-256 Authenticated Encryption and PBKDF2 calibration. AES-256 uses long keys that are difficult to attack and tough to derive. PBKDF2 is used to slow down attempts to crack the master password that secures the 1Password data.

That's glossing over the math, but it is safe to say that AES-256 is quite difficult to attack. Additionally, securing the metadata, the information around the login is important. Item titles and URLs are now always encrypted.

1Password

How does 1Password assist in correcting a user's bad habits?

1Password does two things:

  • Password generation. You can use the application, browser plug-in, or menu bar mini-app to create and auto-fill a strong password that complies with the requirements of the site (mixed case, numerals, hyphens, and password length.) It's appreciated that they've also made "pronouncable" an option, which helps with remembering passwords occasionally.
  • For password generation, it does NOT create long passwords made of multiple words. These are desirable, because they're also human memorable.
1Password

To help manage existing passwords better, the 1Password window has a series of filters that display accounts consisting of weak passwords, duplicate passwords, and date ranges on passwords for those between 6 and 12 months old, 1 and 3 years old, and more than 3 years old.

Admittedly, we had to spend some time and go through resetting passwords to clean up the bulk of old, duplicate weak passwords. But 1Password does a good job of making users aware of their bad habits.

1Password

1Password syncs the encrypted password store, and can sync it to the cloud. All versions of 1Password v4 for Mac sync to Dropbox. The Mac App Store version syncs to iCloud as well. However, the Mac App Store does not allow upgrade pricing from earlier versions, so it's worth it to decide if users need iCloud syncing, as well as preferences for purchasing from the Mac App Store, or directly from Agilebits.com

A Word on Mavericks

OS X 10.9 Mavericks includes a new feature called iCloud Keychain, where Safari will suggest a password and track it, syncing to iOS. However, its password generation and organzation are much more simplified, taking away options 1Password provides, and notably only working on Apple iOS7 and Mavericks.

In short, Apple's solution is good, and solves encouraging Apple users to use good passwords almost by default, but 1Password is much more flexible — data isn't tied to iCloud, isn't tied to Apple products only, and doesn't have to be synchronized over Wi-Fi. 1Password will also allow synchronization over USB, which means users can still have passwords on iOS without having to store them on Dropbox or iCloud.

1Password

Score: 4 out of 5

4 out of 5

Pros

  • Strong password generation
  • Synchronization of encrypted password file
  • Easy password form filling to login

Cons

  • Doesn't create any diceware-style passwords.
  • Due to the awkward way some websites create a password on a separate page as the username, 1Password will occasionally only save the password and not username to its locker.

Pricing

$39.99 from Agilebits.com and the Mac App Store for a limited time.



38 Comments

🎁
akqies 11 Years · 768 comments

I don't see diceware as being a good option, especially when considering that 1Password as an option to generate pronounceable passcodes with far more variety than what diceware offers per word. Now that 1Password has an option to run in the Menu Bar I was hoping it be intelligent enough to add authentication credentials to common apps but I haven't yet gotten that to work. I hope it's just a bug.

🌟
maestro64 19 Years · 5029 comments

I have been using this Application and iOS apple for years, the Mac App since version 1 and it the best app I have seen. I used other prior to this one and it just works seamlessly. They have done a few dumb things over time but they seem to correct them. The only issue I have with the more recently release which I have no upgrade to was the fact that is sync password via icloud now, in my mind that defeat the purpose, I want to direct sync my devices not have to do it via icloud, not interest in have a file on apple's servers with all my passwords on it. The program has allowed me to have different password for every website I use, so if one gave a security issue I do not have to worry about my other websites.

🎁
dugbug 11 Years · 283 comments

I have used it for years and do complain to them about the fact that when a website changes its login mechanism (or as you mention in your CONS the create account page just differs enough from the actual login screen) 1password just gets confused and the login entry is largely worthless other than copying your complex password to the clipboard and pasting it into safari.

 

The only way to repair this seems to be to delete and recreate the login for said site.  I do wish they would spend some good love on repairing broken logins.

 

Otherwise syncing with version 4 and the iphone version over icloud, which was one of the major features in this release, is flawless.  They did a bang-up job.  Prior to version 4 only the iphone/ipad version used icloud and we were left with dropbox only (they abandoned wifi sync at the time, though it has made a comeback).

 

I am not sure if I will move to icloud keychain or not, but it won't be due to the mac application.  What would drive me away would be how well icloud keychain works on iOS devices.  My 5S and fingerprint purchases go a long way to alleviate my frustrations but typically it goes like this:

1. I want to purchase something in the app store (or say a login for ebay or whatever)

2. Fire up 1password

3. Unlock 1password

4. Locate my password and copy it to the clipboard

5. Dclick home button and navigate back to app store

6. purchase, pasting password in popup.

 

The fingerprint sensor alleviates straight-up itunes and appstore purchases but not in-app purchases and well still a lot of password queries by iOS.  Since my passwords are insane random jobs, 1Password on the phone is still important.

 

If icloud keychain can help me with that flow, I may move over.

❄️
iaeen 13 Years · 588 comments

[quote name="Maestro64" url="/t/160039/review-1password-4-for-mac-makes-managing-all-your-passwords-easy-and-secure#post_2414517"]I have been using this Application and iOS apple for years, the Mac App since version 1 and it the best app I have seen. I used other prior to this one and it just works seamlessly. They have done a few dumb things over time but they seem to correct them. The only issue I have with the more recently release which I have no upgrade to was the fact that is sync password via icloud now, in my mind that defeat the purpose, I want to direct sync my devices not have to do it via icloud, not interest in have a file on apple's servers with all my passwords on it. The program has allowed me to have different password for every website I use, so if one gave a security issue I do not have to worry about my other websites.[/quote] If you don't want iCloud or Dropbox sync then you can turn it off. On the other hand, as long as you are using a strong password to lock 1password there is no way anyone will be able to access your data, so you don't really need to worry about it being stored in the cloud.