Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report (bgr.com)

← Back to Stories (view on slashdot.org)

Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report (bgr.com)

Posted by msmash on Tuesday July 10, 2018 @03:50AM from the up-next dept.

Jonathan S. Geller, reporting for BGR: Apple acquires an average of 15 to 20 companies a year, according to CEO Tim Cook. Of that number, we only hear about a couple, as most of these acquisitions or aqcui-hires are not consumer-facing, nor disclosed. However, we have exclusively learned that Apple is planning an interesting partnership and a potential acquisition of AgileBits, maker of the popular password manager 1Password.

According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We're told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months. Update: In a statement, 1Password said rumors of its acquisition were "completely false."

15 of 104 comments (clear)

Min score:

Reason:

Sort:

Why? by Snotnose · 2018-07-10 04:00 · Score: 2, Insightful

Why would anyone store their passwords in the cloud? Color me stupid, paranoid, whatever, I don't get it.

Keepass for the win,
1. Re:Why? by Kokuyo · 2018-07-10 04:06 · Score: 4, Informative
  
  In today's world, ANY method you use for account security will have downsides.
  I have decided that this method gives me a balance between usability and security I can live with.
  But you knew yours was a rhetorical question to make people look stupid, didn't you?
2. Re:Why? by Tukz · 2018-07-10 04:29 · Score: 2
  
  The point is not having secure passwords, the point is having different passwords for your services.
  Your password security is only as secure as where you are using them.
  With cloud stored passwords, you can have auto generated arbitrary passwords, each different for each service so in case of a leak, your other services aren't compromised.
  Just make sure the password vault is encrypted client side and it should be reasonable secure for "random online stuff".
  For banking or high secure requirements, then no. Something involving keys would probably be better.
  
  --
  - Don't do what I do, it's probably not healthy nor safe. -
3. Re:Why? by Kohath · 2018-07-10 04:31 · Score: 5, Insightful
  
  So they automatically sync to my phone and iPad. Why would anyone manually sync passwords when you can get the same thing to happen automatically?
  A password that is too sensitive for cloud sync is too sensitive for any password manager.
4. Re:Why? by XXeR · 2018-07-10 05:36 · Score: 3, Insightful
  
  The point is not having secure passwords, the point is having different passwords for your services.
  Agreed.
  
  Your password security is only as secure as where you are using them.
  I disagree. If I use Keepass and store my DB locally, then I'd argue that's more secure than anything stored in the cloud. At the very least, it's up to me to ensure it's secure, rather than hoping someone else is doing so for me.
  
  With cloud stored passwords, you can have auto generated arbitrary passwords, each different for each service so in case of a leak, your other services aren't compromised.
  This doesn't require cloud storage of passwords.
  
  Just make sure the password vault is encrypted client side and it should be reasonable secure for "random online stuff".
  Or, store it COMPLETELY client side...and encrypt it.
  
  For banking or high secure requirements, then no. Something involving keys would probably be better.
  So you propose using a cloud storage service for passwords, unless you're banking?
5. Re: Why? by friedmud · 2018-07-10 06:28 · Score: 2
  
  This is pretty close to what I did for a long time... but then I got engaged. When you have TONS of shared passwords, and she is particularly bad at remembering any of them, 1Password is the answer.
  The "shared vaults" are awesome. We can both add passwords / logins / credit cards / whatever there... and it shows up on all of our collective devices.
  Has revolutionized the way I do things. Yeah: I have to trust 1Password... but the alternative is just non-functioning.
Probably not what it sounds like by goombah99 · 2018-07-10 04:09 · Score: 2

Password managment is something apple computers already do and sync. Letting a third party like apple be the conduit for your password syncs isn't particularly unnerving. It's no more unnerving than letting 1-password do it.
Unless of course, apple is your employer and insists you use an iphone or a mac computer. In that case you want a different third party.
So it makes sense for apple employees not to be forced to eat their company dogfood in this case. But it probably doesn't mean apple is going away from it's own password management. That works just fine and it's interoperable with other browsers like chrome.

--
Some drink at the fountain of knowledge. Others just gargle.
Re:Thank goodness by Anonymous Coward · 2018-07-10 04:12 · Score: 2, Interesting

I don't use 1Password but might if Apple bought it. As far as I have to trust third parties with my data I trust Apple, but 'Agile Bits'...? They may be extremely competent and morally beyond reproach but I have no way of knowing that.
Or on a computer by Okian+Warrior · 2018-07-10 04:14 · Score: 3, Informative

Why would anyone store their passwords in the cloud? Color me stupid, paranoid, whatever, I don't get it.
Keepass for the win,
Just as relevant, why would anyone store their passwords on their computer? (Which could be compromised, malware could follow you unlocking your password vault and replay that action later.)
What we need is dedicated hardware, a password vault that we could take with us in the form factor of a small USB dongle, where the processing is done in the dongle and not on the computer. Inexpensive, with a way to make secure backups and reload our passwords to a newly purchased dongle when lost or stolen. The device needs a PIN that's entered on the device, and not on the computer.
(Or in the form of a credit card, a NFC or BLE device that you can just place near your computer. The form factor of a credit-card calculator would work - small solar panel for power, keypad for entering the PIN, and LCD display for feedback.)
Mooltipass comes close, it's got the right functionality but it's big and is an "add-on" to most software.
1. Re:Or on a computer by Ogive17 · 2018-07-10 05:14 · Score: 4, Funny
  
  Does a list of passwords on a post-it note affixed to my monitor count as storing it "on" the computer? Maybe I should move it somewhere a bit more discrete.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
2. Re:Or on a computer by Average · 2018-07-10 05:37 · Score: 4, Informative
  
  My team's preferred password management is basically doing that right now.
  We use the standard 'zx2c4' pass program (passwordstore.org). Which is a readable set of BASH wrapper scripts around GPG and Git.
  Our GPG private keys are on Yubikeys. Where the crypto processing does happen on the smartcard/dongle as you suggest. There's a step there where it's in memory, but that's inevitable (even with mooltipass emulating a keyboard).
  This even works over NFC on Android (Password Store and OpenKeychain).
  iow, it's baked... we've been doing this for like three years now.
3. Re:Or on a computer by HockeyPuck · 2018-07-10 05:40 · Score: 2
  
  What we need is dedicated hardware,
  Greybeard here. Obviously you didn't live through the days of hooking up dongles to Banyan Vines servers...
Apple to deploy 1 password to 123,000 employees... by Oswald+McWeany · 2018-07-10 05:34 · Score: 4, Funny

Why not give them each their own password instead?

--
"That's the way to do it" - Punch
iCloud already has this functionality... by Graymalkin · 2018-07-10 05:40 · Score: 2

Why would Apple bother buying 1Password when iCloud already does the same thing and is integrated into all their platforms? Do people making shit up just use MadLibs and go with whatever? Are the clicks really worth that much?

--
I'm a loner Dottie, a Rebel.
Re:Thank goodness by caution+live+frogs · 2018-07-10 06:12 · Score: 5, Informative

1Password is actually fine as far as 3rd party concerns go. You can use their internal cloud to store your password archive, or one of many other cloud services, or even keep the archive in local storage and NOT in the cloud. The password archive is a file. You can put it anywhere you put any other file. The trust for this location is entirely up to you. If you trust Apple, put the archive into iCloud and you're solid.
I've been using the program for several years. I'm quite happy to see Apple using it. They could choose from any password tool on the market. I'm sure they extensively vetted the alternatives before picking 1Password. If it's secure enough for Apple, I feel safe trusting it as well.