Slashdot Mirror
Apple To Deploy 1Password To All 123,000 Employees; In Talks To Acquire Password Manager's Parent-Firm AgileBits: Report (bgr.com)
Jonathan S. Geller, reporting for BGR: Apple acquires an average of 15 to 20 companies a year, according to CEO Tim Cook. Of that number, we only hear about a couple, as most of these acquisitions or aqcui-hires are not consumer-facing, nor disclosed. However, we have exclusively learned that Apple is planning an interesting partnership and a potential acquisition of AgileBits, maker of the popular password manager 1Password.
According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We're told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months. Update: In a statement, 1Password said rumors of its acquisition were "completely false."
According to our source, after many months of planning, Apple plans to deploy 1Password internally to all 123,000 employees. This includes not just employees in Cupertino, but extends all the way to retail, too. Furthermore, the company is said to have carved out a deal that includes family plans, giving up to 5 family members of each employee a free license for 1Password. With more and more emphasis on security in general, and especially at Apple, there are a number of reasons this deal makes sense. We're told that 100 Apple employees will start using 1Password through this initiative starting this week, with the full 123,000+ users expected to be activated within the next one to two months. Update: In a statement, 1Password said rumors of its acquisition were "completely false."
In today's world, ANY method you use for account security will have downsides.
I have decided that this method gives me a balance between usability and security I can live with.
But you knew yours was a rhetorical question to make people look stupid, didn't you?
So they automatically sync to my phone and iPad. Why would anyone manually sync passwords when you can get the same thing to happen automatically?
A password that is too sensitive for cloud sync is too sensitive for any password manager.
Does a list of passwords on a post-it note affixed to my monitor count as storing it "on" the computer? Maybe I should move it somewhere a bit more discrete.
"Action without philosophy is a lethal weapon; philosophy without action is worthless."
Why not give them each their own password instead?
"That's the way to do it" - Punch
My team's preferred password management is basically doing that right now.
We use the standard 'zx2c4' pass program (passwordstore.org). Which is a readable set of BASH wrapper scripts around GPG and Git.
Our GPG private keys are on Yubikeys. Where the crypto processing does happen on the smartcard/dongle as you suggest. There's a step there where it's in memory, but that's inevitable (even with mooltipass emulating a keyboard).
This even works over NFC on Android (Password Store and OpenKeychain).
iow, it's baked... we've been doing this for like three years now.
1Password is actually fine as far as 3rd party concerns go. You can use their internal cloud to store your password archive, or one of many other cloud services, or even keep the archive in local storage and NOT in the cloud. The password archive is a file. You can put it anywhere you put any other file. The trust for this location is entirely up to you. If you trust Apple, put the archive into iCloud and you're solid.
I've been using the program for several years. I'm quite happy to see Apple using it. They could choose from any password tool on the market. I'm sure they extensively vetted the alternatives before picking 1Password. If it's secure enough for Apple, I feel safe trusting it as well.