I don’t like the fact that a thief shoulder-surfing an iPhone passcode and then stealing the iPhone could get access to absolutely everything on the device, including all iCloud Passwords. While I am not using passkeys yet because of the relative non existence of them on the broader web…as far as 1PW is concerned a passkey is just a secret thing it stores and submits to the website when necessary…so it’s essentially just a better password that provides less visibility to the web site into who the user precisely is…and in these days of browser encodings and such I’m not convinced that a passkey is really an improvement except for the fact that it enforces long and complex and thus a greater cracking time since password and 1234 are still pretty popular password selections.įWIW, I’ve standardized on 1Password and have tried to stop storing passwords Apple’s iCloud Passwords. I’ve also conducted a pretty exhaustive examination of the application space and there’s not a single one that provides all the features of 1PW v7 and also the features that v8 removed…in fact there’s not even one that provides all the features of v7 on it’s own. And now that they’ve admitted how a user can backup and restore their data independent of the 1PW server farm…there are no show stopper reasons not to use v8 if it becomes necessary to switch to v8 or s witch apps. I don’t really like the their cloud only option…but can live with that if v7 of the app ever breaks. 1PW claims their Secret Key makes the new v8 so much more secure…and from a strictly technical standpoint they’re correct…but with a decent master password say 20 characters long that’s still 11 thousand trillion centuries to crack in the best case according to GRC's | Password Haystacks: How Well Hidden is Your Needle? so while 11 trillion trillion centuries is technically better the improvement is meaningless. I’m still sticking with 1PW because it’s so much more than just a password keeper for me…but despite having a subscription account their vault is currently just part of my backup scheme and I’m still on v7 because it allows DropBox and has real backup/restore capabilities built right into the app. So…I’m not thinking passkeys are really going to improve on that. They’re an improvement of course over passwords…but the SQRL tech developed by Steve Gibson of SpinRite fame is also an improvement over passwords and despite it being open source and released for at least a year it has essentially zero penetration AFAIK. Sure…geek oriented sites will use them but the rest of the web maybe not so much. Websites have to be recoded to use them, right? Looking at how many websites still offer no support for 2FA or have less than rigorous password requirements and less than adequate password database security…passkeys are going to be a long time to see much market penetration. I’m personally thinking that despite the claims of some…passkeys aren’t going to be the raging success they’re supposed to be. I have to admit that v8 of their app is IMO several steps in the wrong direction…but it’s not my company to manage and IMO they’re being forced by their VC investors/part owners to make more profit at the expense of usability…so I’m currently sticking with v7 and will use it until it quits working, when I will reluctantly switch to vi as the only hard no issue for me (backup and restore at my discretion without needing their cloud to do so) has been resolved.ĭocuments, image attachments, and notes in entries make it an all in one secrets keeper more than just a password manager. 1PW is pretty much the gold standard though…and while the company seems to be turning away some from individual users and Macs in general towards their common code and business customers they’re still pretty much the best around in what they do. 1PW is much more capable than iCloud Keychain…it lets you keep encrypted documents and uses categories to let’you more easily find what you’re looking for, and because it’s data is only decrypted on device may be more secure, I don’t know if the same is true for keychains or if Apple has any ability to decrypt them as I’ve never looked into it.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |