Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report

Jonathan S. Geller, reporting for BGR: Apple acquires an average of 15 to 20 companies a year, according to CEO Tim Cook. Of that number, we only hear about a couple, as most of these acquisitions or aqcui-hires are not consumer-facing, nor disclosed. However, we have exclusively learned that Apple is planning an interesting partnership and a potential acquisition of AgileBits, maker of the popular password manager 1Password.

According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We're told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months. Update: In a statement, 1Password said rumors of its acquisition were "completely false."

Re:Why?

[Kokuyo]

In today's world, ANY method you use for account security will have downsides.

I have decided that this method gives me a balance between usability and security I can live with.

But you knew yours was a rhetorical question to make people look stupid, didn't you?

Or on a computer

[Okian+Warrior]

Why would anyone store their passwords in the cloud? Color me stupid, paranoid, whatever, I don't get it.

Keepass for the win,

Just as relevant, why would anyone store their passwords on their computer? (Which could be compromised, malware could follow you unlocking your password vault and replay that action later.)

What we need is dedicated hardware, a password vault that we could take with us in the form factor of a small USB dongle, where the processing is done in the dongle and not on the computer. Inexpensive, with a way to make secure backups and reload our passwords to a newly purchased dongle when lost or stolen. The device needs a PIN that's entered on the device, and not on the computer.

(Or in the form of a credit card, a NFC or BLE device that you can just place near your computer. The form factor of a credit-card calculator would work - small solar panel for power, keypad for entering the PIN, and LCD display for feedback.)

Mooltipass comes close, it's got the right functionality but it's big and is an "add-on" to most software.

Re:Or on a computer

[Average]

My team's preferred password management is basically doing that right now.

We use the standard 'zx2c4' pass program (passwordstore.org). Which is a readable set of BASH wrapper scripts around GPG and Git.

Our GPG private keys are on Yubikeys. Where the crypto processing does happen on the smartcard/dongle as you suggest. There's a step there where it's in memory, but that's inevitable (even with mooltipass emulating a keyboard).

This even works over NFC on Android (Password Store and OpenKeychain).

iow, it's baked... we've been doing this for like three years now.

Re:Thank goodness

[caution+live+frogs]

1Password is actually fine as far as 3rd party concerns go. You can use their internal cloud to store your password archive, or one of many other cloud services, or even keep the archive in local storage and NOT in the cloud. The password archive is a file. You can put it anywhere you put any other file. The trust for this location is entirely up to you. If you trust Apple, put the archive into iCloud and you're solid.

I've been using the program for several years. I'm quite happy to see Apple using it. They could choose from any password tool on the market. I'm sure they extensively vetted the alternatives before picking 1Password. If it's secure enough for Apple, I feel safe trusting it as well.