Posted by Sam at November 2nd, 2007
In my recent post about making Safari more useful, I mentioned the differences between the firefox password manager and Safari’s. I gave a less than shining review of a program called “1password” which attempts to bridge the gap between all the browsers you use and keep all your passwords organized.
I’m always impressed when developers keep track of and respond to comments about their software, especially when the comment is on a third party site and not even submitted directly to them. I had a chance to email back and forth a little with Dave Teare, co-author of 1Password and talk to him about what I didn’t like about 1Password.
He made some really good points about the way password management aught to work, and the limitations that many websites bring to the table as far as password management. Of course, he also mentioned how 1Password tries to solve a lot of these limitations. Dave and his company work full time on making 1Password great, so I figured I could give it another shot. It had been a while since I had tested it and they have made several improvements.
1Password is a centralized application that ties in with your various browsers via plugins. You can load the application itself, which looks and functions a lot like an improved version of keychain. This solves one of my biggest quarrels with the Firefox password manager: being able to search passwords! I have about a billion, and when I actually need to look one up, it’s a huge pain!
You can see some other features over on the left that I haven’t played with too much yet, but which look very exciting. The “wallet” is for holding things like credit card information which, yes, you can auto-fill into web forms just like a username and password combination.
Identities lets you enter a bunch of information like name, address, etc. - all the stuff you usually have to fill out when signing up for a new website - and makes thse various signups I find myself doing a breeze. The best part is you can have multiple identities so on one site you can be your suave Spanish conquistador, while on another site you can be boring old you.
Once you’ve created an identity, it is saved for later use. Next time you see a registration form, simply hit the 1Password icon in your browser, and select the identity you want to use.
This feature worked great in my testing, and will definitely come in handy in the future.
But let’s talk about 1Password’s main feature: Password Management
When you fill out a password forum, you can set 1Password to automatically ask you to save it. This is much like Firefox or Safari where you get a yes/no/never option.
From the window you can also add a note to remind yourself what you are saving later. Two other settings, enable autosave and save forms automatically are included in the panel. Although they sound like the same thing - they are not. The little descriptions describe them adequately though.
The password save window is a little annoying and cluttered, and I think the two options could be moved into the general preferences somewhere - and I don’t really care about notes but I guess I can see that some people might. I’m trying to think of a reason I would use them but I honestly can’t. The website is enough of a descriptor.
The window comes up faithfully for most sites. It works about as good as Firefox’s - which does fail to come up on some types of login forms. Firefox does nothing to solve this, but 1Password gives you a manual form save function - so you can save passwords for forms that wouldn’t normally work with a password manager.
1Password also has an auto-submit feature. This is pretty nice so you don’t have to hang around on a website’s front page for too long - you can just hit the auto-fill keystroke (cmd+\) and the form is filled and submitted and you’re in.
I did run into problems with Weblogs, inc. blogs (powered by blogsmith) where I would autofill my username and password only to have a blank comment auto-submitted. 1Password even has you covered there by allowing you to turn off auto-submit for specific sites in the preferences. Nice!
1Password also does a good job of handling multiple accounts for one site. Hit the keystroke and a menu pops up with available accounts. This beats Firefox, which has no such feature. You have to type the first few letters of an account and hope that the auto-complete will pick it up. Sometimes you don’t remember an account name and you end up having to go into the Firefox password manager and browsing around until you find it. PAIN!
Another thing I find aggravating it when I auto-save a password only to have it turn out to be wrong. I’ll sit there and try a few more username/password combos, but in the back of my mind I will be miffed that I have to go into the password management program and delete the bad entry. Once I enter the right password, I have to log out, and log back in while saving the correct info.
1Password makes a step in the right direction by giving you a little meter next to the available logins menu on a given site. I’m not sure what the meter means, but when I choose a duplicate account with a higher meter it seems to work more often than not. This doesn’t really solve the problem though.
So I have an idea for the 1Password developers. Either delay the auto save box until the next window loads (for example: Would you like to save the form you entered on the last page?). This has some problems like security issues, but is probably the easiest way to solve the problem.
The other one would be to add a “remove last password” menu option to the browser toolbar button. You could make it only show up for a minute or so after a login is saved, and it would allow false positives to be quickly deleted from the database. That would be handy!
Moving on…
The more I look into it, the more control 1Password gives you over every aspect of password management.
Just like Firefox, 1Password also has a master password the you are required to type in periodically or it will stop supplying you with passwords. this gives you extra safety in case some maniac hops on your computer and starts trying to access your bank or something.
This is the most annoying window of all. Look at all that crap. I mean, its useful information - but maybe we should only see it the first time, or see it when we first set up out master password. I don’t need a whole e-book on master passwords each time I want to unlock my computer.
Nevertheless, the big annoying window doesn’t lack any functionality that it need to have. Enter the password, hit unlock, you’re done. It just makes me feel like the software is clunky. I want smooth and intuitive not lots of words. I’ve never even read what that window says to be honest, but managed to figure out master passwords anyway.
A clean and clear interface increases my confidence in the software.
My last quarrel with 1Password was the price. I feel like $30 is maybe a lot for this program, but after using it I think it is well worth it. If you switch between browsers a lot and want a centralized password management utility, it’s a solid choice. After talking with the developer, I am confident that they spend enough time on the program to make it worth it. They even had a Leopard update out within days of the new OS release.
So the final verdict is that 1Password is a keeper. The developers have done a good job seamlessly integrating 1Password’s features into the various browsers it interacts with. It adds much needed features like the ability to search passwords (which, by the way, are also stored and searchable in the regular keychain app) and more dynamic form filling options. And, of course, it even has cool bells and whistles like the wallet and identities.
I’d like to thank Dave for commenting on my last blog post and convincing me to give 1Password another try. I’m glad I did.
