download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
download issue 24 here - Help Net Security
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Once unlocked, you can read all information,<br />
but no changes are allowed to the content of<br />
1Password. It would not be wise to have the<br />
1Password data in many places as it is still<br />
vulnerable to offline password cracking attacks.<br />
Hence, the master password complexity<br />
is key to the security of your 1Password data.<br />
The problems<br />
1Password works very well in most cases. The<br />
trouble begins with indexed passwords. Take<br />
Direct Line as an example. To login to their<br />
system you have to enter your email address<br />
and postcode. Then on the next page you are<br />
asked to enter the 2nd and 4th character from<br />
your password (for example). 1Password has<br />
no way of knowing which character the website<br />
wants. In this case, the workflow is little<br />
more complicated. I need to open 1Password,<br />
look up the website entry and display the<br />
password for it.<br />
Another <strong>issue</strong> I have with the software is that it<br />
does not work well all the time. This is espe-<br />
cially true on complex websites w<strong>here</strong> the<br />
login or registration form is driven by java<br />
script. I have had some websites that simply<br />
did not work. To the credit of the developers I<br />
must say that they promptly checked the website<br />
and sometimes updated the software in<br />
the next versions.<br />
1Password on the iPhone<br />
I do not always have my Mac with me, but I do<br />
have an iPhone. The perfect companion to<br />
1Password on my Mac is 1Password Touch<br />
Pro. This application synchronizes all 1Password<br />
data to the iPhone.<br />
The security model is slightly different <strong>here</strong>.<br />
The entry to the 1Password Touch application<br />
is secured by 4-digit passcode.<br />
Each entry in the 1Password database then<br />
has a flag to indicate whether another password<br />
is needed to unlock this entry in1Password<br />
Touch application.<br />
www.insecuremag.com 26