When was the last time you counted how many online services you are a part of? 20? 50? Most likely you either have dozens of sticky notes scattered with random passwords, or use one password for all of your services.
This is where password managers come in handy. Recently, we have seen two of the more popular options: 1Password from Agile Web Solutions and Wallet from Acrylic Software, hit version 3. Both Wallet and 1Password also have corresponding iPhone / iPod touch Applications available for download.
This review will take an in-depth look at both applications, and hopefully guide you in the right direction for choosing a password manager to lock down your online identity. If you’re more interested in reading about all the different apps available, check out our roundup of 8 Password Managers for Mac.
Round 1: Security
When I first got hold of a copy of 1Password, I was skeptical that it was secure enough to handle all of my passwords, license codes, and logins to my online personas. However, many of these features are built right into Keychain Access, which is a core part of the Macintosh operating system.
Inside of Keychain Access the wireless network passwords, account passwords, and many web certificates are secured using Triple DES encryption standards.
Triple DES is the same security standards often used for transmitting electronic payments online.
First up under my security interrogation session was Wallet. Wallet stores all of your passwords and secure notes, serial numbers, etc. in a “Wallet Database File.” This file is wrapped in a 256-bit AES (Advanced Encryption Standard) encryption, often used to secure military level documents.
Next, I looked at 1Password. This application uses 128-bit AES encryption based on the OpenSSL standard. However, unlike the database file produced by Wallet, this application actually replace’s the Mac’s core “keychain” and replaced it with its own “Agile Keychain“.
This is radically different compared to many other password managers on the market. According to Agile Web Solutions (the makers of 1Password) this “Agile Keychain” can handle gigabytes and gigabytes of information (attached to logins, secure notes, etc) without slowing down or causing system lags. However after storing quite a bit of information into Wallet, I did not notice any kind of performance hit.
It is important to note that in both instances of these password managers, there is one “master password” that unlocks the rest of your logins and secured data. This means, if you make your master password too simple and easy to guess, the hacker has access to all of your passwords, serial numbers, credit cards, or anything else you choose to store in the application.
It goes both ways too though, if you forget your “master password” no one can help you to get your data back (short of a number of teenage Russian hackers!)
Round 2: Appearance and Flexibility
I had planned to lock nearly everything worth securing inside one of these applications. Both pieces of shareware give you the ability to store more than just web logins inside of them.
When you first open up Wallet, there are already a few predetermined groups: Web Passwords, Serial Numbers, Credit Cards, and Notes; with the ability to add more groups and even customize the icon associated with each. This is a bit more than what you get with 1Password.
In 1Password 3, there are improved options for storing information like application serial numbers, credit cards, etc. However, if you would like to store other arbitrary information, you are most likely stuck with storing them as Secure Notes.
I normally would not mind this, and lived with this during the days of 1Password 2, however after testing Wallet 3, I was able to customize groups and alternative information in a seamless, less thrown-together way.
When it comes down to aesthetics, I found Wallet to more seamlessly integrate with my Mac, with its familiar Address Book-inspired layout. That said, 1Password received a major facelift (and with good reason!) when it jumped to the 3.0 version. It seems like something from the future, with a neat login screen and Finder/iTunes inspired layout. I really loved the preview images of the websites and icons of software that are loaded into the application. However, I do personally prefer the Wallet icon over the 1Password (key/ignition slot) icon.
Round 3: Importing
If you are like me, you will be importing data from a previous password management program. 1Password 3 supports (at the time of writing) 20 varying password storage and software license formats, such as importing your Firefox passwords, your Appshelf software keys and your Roboforms information.
This is very handy if you happen to be using one of the supported applications, however if you aren’t, it can be a bit confusing and frustrating to get a generic CSV list into the application in working order.
Wallet takes an entirely different approach. Simply export your data from your current password manager into a generic text format and point Wallet to it. Wallet will then have you connect the “wires” between the fields. This format works extremely well and is very intuitive.
Round 4: Daily Use
One of the most important features of a password manager is the ability to work without hassle in your daily workflow. Both applications offer an auto-fill feature, with some browser integration.
Wallet offers a very, very meager version of this. It is a menu bar applet that allows you to fill in login information on the fly – that is, after you input your password, each and every time. This might be a bit more secure, but quite annoying after using it for a longer period of time. This applet only works with Safari at the moment, so Firefox, Flock, Chrome, Camino and users of more obscure browsers beware!
1Password has Wallet beat to a pulp on this round. The browser integration supports nearly every browser I have seen, and several that I haven’t even heard of. Plus, the application can also save passwords on the fly (or better yet, make new strong passwords for you) as you are signing into a new service. It will even detect a password change and update the database for you.
Also, 1Password features the ability to automatically fill in forms for you. Items such as your email, address, phone numbers, etc. can all be stored within the application and filled into new sites. It will even store multiple “Identities” so you can have a business account and a personal account.
Round 5: iPhone Sync
Both Wallet and 1Password offer a iPhone client that allows you to access your passwords on to go. This eliminates the need to have simple, easy to remember, easy to hack passwords for each of your online accounts.
Wallet has a very slick application, with the ability to synchronize over the air through MobileMe or WebDAV servers, or if you need to, directly over your Wifi network. The iPhone application resembles the Mac application in look and feel and has a built in browser that auto-fills your information.
However, syncing via online servers can be slow. Also, there is just one password used that stands in the way of someone accessing your data, and it must be entered each time the application is launched.
1Password for the iPhone resembles other generic iPhone applications, storing your logins and other information in the phone’s contact-like format. It isn’t as pretty as Wallet but boasts a few extra security measures. For one, you can simply access the titles of your logins (Mint, Gmail, Basecamp, etc) with a 4 digit pin, but if you would like to get access to the password you will need to enter a longer, more secure password.
All of these settings are available to be changed in their Mac based counterpart. The app also has a built in web browser that automatically fills in your username and password. However, you are forced to purchase the 1Password Pro version if you would like the ability to copy your password to the clipboard and into the normal version of Safari.
If you happen to be without your iPhone, but with access to a computer and web browser, you’re in luck. 1Password has a feature that allows you to save a HTML web based version of the application known as 1Password Anywhere, which can be accessed through a browser via an FTP/WebDAV server or through a service like DropBox.
It looks identical to the Mac version and works extremely well, however I would love to see them offer some sort of hosted service (even if it comes with an additional fee). I really enjoyed their now defunct my1Password service which is similar to 1Password Anywhere, but Agile Web Solutions hosted it themselves.
I liked both applications quite a bit, and having the over-the-air sync can be helpful in times when you are away from your computer and have not synced your information recently. I liked 1Passwords passcode system more than Wallet’s single password solution, but found it to lack the pizazz that is found in the Mac based application.
The Final Verdict
Overall I find that 1Password triumphs over Wallet because of its useful integration with every browser. Safari isn’t the only browser on the Mac, by far, and not supporting Firefox out the gate is a misstep in my mind.
I liked Wallet’s aesthetics and import process over 1Password. If you are really looking for a great way to keep track of sensitive data, Wallet would be better suited, but if you need an all-purpose password manager, 1Password is the clear winner.
Either way, let me know what you think of each application and if you have found any alternative solutions to sensitive data management!