Password Chef review: A recipe for cooking up healthy security dishes
By J.R. Bookwalter
MacworldNOV 5, 2015 10:00 pm PST
At a glance
It’s basically impossible these days to maintain a single, universally compatible password that works across multiple websites and internet services. Increased security measures in the wake of high-profile security breaches and hacks have exposed just how fragile our sensitive data really is, especially when it exists purely in the realm of cyberspace.
Security experts claim the best defense is a strong offense: A password, in this case. But who can remember something like “UNW3fJ(Y9oGv4+whX”—especially when every website has different requirements for how long a password should be and what kind of unique characters must be used.
For years, 1Password has been my go-to solution for this thorny dilemma, and while I still think it’s hands-down the best choice for those who want maximum control over their online security, I couldn’t help but be intrigued by a new app that promises to create strong, yet easy to remember passwords which can be recycled over and over again for any website.
Password Chef is deliciously simple for creating custom “recipes” that use the name of a website as the starting point for more secure passwords. That may sound like a contradiction—after all, how safe could such a method be?—but like any great chef, the magic is not in the ingredients used, but rather how they’re all prepared.
As it turns out, Password Chef’s secret sauce is the way the app whips up a soufflé of letters and digits, combining a secret code or other input of your design with characters, vowels, or consonants in the actual site name to bake a seemingly impenetrable combination that can be repeated endlessly, with different results each time.
Although I’ve never had reservations about storing my highly encrypted 1Password vaults on Dropbox, privacy advocates will be happy to hear Password Chef’s recipes exist only on the device where they’re created. Personally, I’d prefer the convenience of iCloud sync so recipes created on my iPad can be synced to iPhone, and vice versa—or even an Apple Watch component, which seems like a no-brainer for an app like this.
Recipe for security
As you’re cooking up new recipes, Password Chef keeps tabs on the strength of each password being created with a built-in meter across the bottom of the screen. Users continue adding steps until a small Chef Approved stamp appears in the bottom right corner, at which point you can rest assured the recipe is secure enough to vex even the most resilient hacker.
Indeed, the recipes that can be tossed together like a salad with Password Chef are also strong enough that a single one could be used everywhere, but for best results it pays to create a number of recipes for different occasions instead. For example, a more complicated recipe could be used to safeguard all of your bank account logins, while a shorter and easier to remember combination comes in handy for sites where getting online quickly is more important than account security, like Netflix or Hulu.
When in doubt, Password Chef can also test recipes against 100 of the most popular site names to make sure they meet some or all of the most common requirements. This test performs lower-case, upper-case, and special character checks as well as length and whether or not a recommended number is included, returning a maximum score of four—anything less, and that password should go back in the oven to cook for a bit longer.
Tastes great, less filling
Although Password Chef provides a fun and compelling method for creating new passwords, it doesn’t quite live up to marketing claims that you’ll easily be able to recall them from anywhere, even without your iPhone or iPad—that is, unless you’ve got a photographic memory capable of remembering the often complicated number of steps involved.
Password Chef can be set up to require a four-digit passcode at launch with automatic lock and self destruct options, but sadly there’s no Touch ID support in version 1.0. For additional security, users can also choose to blur secret codes while they’re displayed on-screen, although that opens the door for potentially mistyped characters that could render recipes unusable later on.
There are also a couple of nagging issues left unresolved with the initial release: Lack of iPhone 6 display support is a minor nuisance now that Cupertino’s big-screen smartphones are in their second generation, but a bug that crashes the entire app after placing the cursor in a text field while any third-party keyboard is activated is downright inconvenient for iOS 9 users like myself who prefer SwiftKey to Apple’s built-in digits.
Password Chef is cooking up something good, namely strong passwords that can be recycled in an unlimited number of combinations for practically any website. While creating recipes is easy, remembering them later is still a challenge, and the initial release has a few shortcomings, including lack of Touch ID and iPhone 6 display support.