Friday, 19 July 2013

Get a Finger on your Passwords

If you're anything like me, you probably have passwords set up for several hundred accounts, web pages, payment cards and suchlike. All have different rules regarding password composition, some use emails as usernames, others need non-email usernames, and some make you change passwords on a regular basis. All of which makes managing accounts a complete nightmare unless you break the cardnial rule of security management and write everything down! Or use some software to help you.

I've used 1Password on my Macs to manage all my 'secrets' since it was first released, and have all those secrets synced onto my iOS devices (although I find 1Password on iOS a pain in the backside to use because of Apple's rules on how apps are allowed to play with each other).

It'll be interesting to see the fate of 1Password with the release of Mavericks later in the year when Keychain for iCloud takes centre stage. Of course, 1Password will continue to have a place for folk using earlier versions of OS X, but I can see a slew of software tools disappearing as Mavericks incorporates their ideas and functionality (TotalFinder, Tags, Punkanea are others that spring instantly to mind). Such is progress but resilient developers will find other opportunities to tout their talents and skills.

In fact 1Password may well continue to exist and flourish under Mavericks, simply because not everyone will want to trust all their most confidential information and data to Apple. Even I have reservations about moving to Keychain for iCloud until the technology is more established and initial bugs ironed out. I simply can't afford to have a situation where OS X has generated passwords (which I can't remember) and which I might not be able to access because of an iCloud glitch. I could indeed see a situation where I will use 1Password as a failsafe backup system, but we shall see. Experiences with iMatch for iTunes make me a little wary about failsafe syncronisation...

There has been quite a lot of noise recently about Apple using fingerprint security on new versions of the iPhone and iPad. The noises started to get louder when Apple bought Authentec (reportedly for $356M in 2012), who make fingerprint scanners and the accompanying TrueSuite software package.

I bought a pair of Upek scanners last year and use them alongside TrueSuite for OS X. Previously, prior to becoming a fully fledged Mac user, I used the Microsoft fingerprint scanner for Windows and was really pleased with the way it worked. That experience is now shared on the Mac - there is something reassuring about using a physical method to access my passwords which doesn't involve me having to remember anything. Of course this type of security is illusory since as soon as the fingerprint scanner is removed anyone who can type (as knows what the passwords are) can access the system.

UPEK Fingerprint Scanner
I'm sure much will be written about KeyChain for iCloud in the next few months and especially after its universal release, and I look forward to playing with it myself. In the meantime I have one request to website designers and businesses - if you don't need to put password access to your websites please don't. Having to remember a gazillion passwords is bad enough - having to remember them when there's nothing to protect is just mean!

1 comment: