For a security mechanism that has existed since mankind traded places with apes to raise to the top of the food chain, passwords have shown a surprising longevity. Passwords act as gatekeepers to our email, banking, social media accounts, and just about anything else that we do, regardless of whether we are online or not.
Unfortunately, humans are not very good at either creating or remembering passwords. Left to our own devices, we tend to pick passwords that are easy for us to remember, which is good, but also easy for others to guess, which isn’t good. For this reason, Web developers try to gently coerce us into adopting more secure password generation habits by enforcing an ever-increasing set of rules on their sites: Your password must be at least eight characters long, contain one or more uppercase characters, a symbol, a smiley, and be typed standing on your left foot under a full moon while sacrificing a chicken…
Alas, all these restrictions make passwords difficult to remember, and our predictably poor response is to come up with one “good” password, which we keep reusing over and over again. The problem with this approach is that anyone who knows or learns this password can also gain access to all our other accounts—and if you use the same password to post photos on a social network and do your banking, it’s easy to see where trouble might arise.
This is a very serious problem; according to a survey conducted by security firm CSID, 61 percent of Americans—nearly two out of every three people—admit to using the same password on different sites. And, to make things worse, many write that one password down and stash it in a wallet, or store it in a plain-text file on the computer, where it is up for grabs for anyone bold enough to make a move.
The immovable portable vault
As a researcher once said, the ideal password is one that is hard to guess, impossible to write down, and can only be used in one place. This combination of requirements is very hard for a human to achieve, but AgileBits’s 1Password 4 makes it an absolute breeze.
1Password 4 is the latest entry in the company’s long-running family of password management software. As a Universal app, it runs on your iPhone, iPod touch, or iPad, and requires iOS 6 or higher; it works by creating a virtual “vault” in which you can save many different kinds of sensitive information—passwords, of course, but also credit card and bank account numbers, passport data, software keys, and so forth.
Despite being branded as a “password management tool,” therefore, 1Password is capable of keeping of every last bit of information that you don’t want others to see—which is absolutely crucial when you realize that, with an iPhone in your pocket or an iPad in your bag, you basically carry your entire digital life around with you in a small package that is as convenient for you to use as it is for someone else to steal.
Flexibility and power
According to Agile Bits’s press material, 1Password 4 is a complete rewrite of its predecessor, a fact that is readily visible to anyone who has ever used previous versions of the software. Everything in the app has been re-engineered with the goal of making it easier to organize and use your information.
This shows prominently in the user interface, which is both gorgeous and extremely user-friendly. The app is organized in a logical way, and the transitions between the various screens are done so well that you’ll find yourself playing with them just for the visual pleasure that they bring.
Once inside the app, new items can be added directly from the Categories tab, where 1Password automatically splits the data you enter into individual groups. For example, there are pre-defined categories for logins, credit cards, software licenses, databases, passports, and so on. Adding and editing items is easy: 1Password uses an interface that is very similar to that of the Contacts app, making the process familiar for any iOS user.
In addition to the default categories, the app also allows you to group your secure items in arbitrary folders, which can be useful, for example, to separate work data from personal information. Folders come in particularly handy when you consider that 1Password can be used to store more than just passwords—for example, I keep confidential information about my clients in it, knowing that it will be safe from prying eyes if my iPhone or iPad should ever be stolen. Often-used items, like credit card numbers, banking logins, and the likes, can also be added to 1Password’s Favourites screen, which helps keeping them within easy reach whenever you need them.
Perhaps my favorite user-interface feature, however, is a built-in browser that allows you to navigate the Web and allows 1Password to automatically fill forms for you using your secure data. This is a major step forward compared to the previous version—which required you to painstakingly copy and paste your data into Safari—and one that dramatically improves 1Password’s user experience.
All your data is protected by strong encryption and can only be unlocked by a single password that you choose when you first set up the app; this makes it both very easy for you to carry all sorts of important information wherever you go, and very hard for anyone else to access it should your mobile device ever become lost or stolen.
1Password also employs a number of measures to keep your data safe. For example, even as you browse through your saved items, all sensitive information is discretely blanked out to prevent someone from shoulder-surfing their way into your secrets. You can, of course, easily reveal a particular piece of data by tapping on it, and just as easily copy it to the pasteboard, but the rest remains safely hidden until needed.
You can also set the app to automatically lock your data vault as soon as you leave 1Password, as well as after a certain amount of idle time, so that, should your device end up in ill-intentioned hands without your permission, they won’t be able to access all your passwords just because you forgot to exit the app. Finally, 1Password also offers to automatically clear out your pasteboard after a set period of time, so that other apps don’t have a chance to read your private data without you knowing.
And, if you find the default settings a little too paranoid for your taste, you’ll be happy to know that you can easily change them to suit your needs.
One of 1Password’s strong suits has always been the ability to synchronize your data across multiple devices, and its latest release does not disappoint, with support for both manual sync through iTunes, as well as automatic sync through either Dropbox or iCloud.
There is little to be said here, other than the sync feature really just works. In my tests, both with a completely new data file and with my existing vault, the process worked flawlessly on the first try, and changes propagated from one device to all my others in record time.
One thing that has been removed from this version is the ability to sync locally over Wi-Fi. This seems to have disappointed a number of users, and is the source of much angst in App Store reviews of the software, but I think it was the right move. Wi-Fi sync was a little too finicky, easily broken, and inherently less redundant than cloud-based solutions. For my part, I am happy to know that, if my house goes up in flames alongside all my electronic devices, my digital vault won’t go with it.
Strong password generator
An often-forgotten feature of 1Password is its strong password generator, which can be used to create—and store—passwords made up of pseudorandom characters; these are much harder to crack than anything a human could come up with, and can therefore improve the security of your logins dramatically.
Used properly, this generator turns password management on its head: Instead of storing your passwords, the app can automate the entire authentication process from end to end, making it easy to avoid many common security pitfalls, like reusing passwords or inadvertently coming up with passwords that are too easy to crack.
1Password is, quite simply, an excellent secure data management solution for every user, regardless of their sophistication or the complexity of their needs. Its execution is practically flawless, and a significant improvement over previous releases on all fronts.
Pricing—the app costs $18, although it is on sale for $8 until the end of the year—may seem a little steep at first, particularly considering that existing customers will have to purchase 1Password 4 anew.
This price, however, is perfectly reasonable when you consider two things. The first is that a person who gets hold of your passwords can essentially ruin your entire life, both socially and financially. The second is that 1Password gives you a great backup in case of emergency: If your wallet gets stolen, and you have saved all sorts of details about your various identity cards and financial accounts in 1Password, getting out of a sticky situation will be much easier.
Marco Tabini is based in Toronto, Canada, where he focuses on software development for mobile devices and for the Web.