Switchers' Blog

I read the following in The fine art of shoulder surfing today:

In the years that followed my first hack, I learned a lot about manipulating systems, analysing technical vulnerabilities, generating bespoke viruses and the like. But my first hack was a simple "shoulder-surf" — looking over someone's shoulder to note their password.

It amazes me that in today’s day and age, people are still using memorized passwords! Tools like 1Passwd’s OS X Password Manager and RoboForm’s Password Manager for Windows are not an option, they are a must!

The author goes on to say:

How do you guard against this? Well, obviously, use long passwords, mix numbers and the shift key and practise until you can type it as rapidly as possible.

This is what RoboForm and 1Passwd give you: the ability to have ONE password that you can make very strong since you only need to memorize one. You also become very good at typing that password :)

Here is an interesting website:

Fake Name Generator

It generates person name, mailing address, e-mail, phone number, mother’s maiden name, birthday, and credit card number. The data is generated based on information from US Census Bureau and other publicly available sources.

Do you think a similar feature might be useful for 1Passwd Identities? Let us know.

Found through Schneier on Security blog.

A new version of 1Passwd was released today! This is primarily a bug-fix release.

• [NEW] Added User Guide PDF to Disk Image
• [CHANGED] Fixed bug in Firefox Import Passwords that caused “0/xxx” passwords to be imported.
• [CHANGED] Changed 1Passwd Editor to make email/license key case-insensitive and ignore spaces.
• [CHANGED] Changed 1Passwd Editor to hide “Enter License Key…” menu item if application is registered.

Roustem and I are on our way to RailsConf this week. It should be very interesting and we’re looking forward to meeting a lot of new friends. Most Rails developers use Mac OS X, so they might be interested in knowing about the Best Password Manager for Mac OS X :)

During the next few days we’re going to fall behind in our customer support — we usually try to respond to all emails within 10 hours if we’re asleep, and less then 2 hours if we’re awake. With us at RailsConf, we will likely reply only once a day.

Once RailsConf is complete and we’re back on our feet, we’ll push 1Passwd version 1.1 out the door. We hope to have it ready the 1st or 2nd week of July; we think you’ll love the new features we have planned — stay tuned!

1Passwd has finally exited Beta testing and has just gone 1.0! It has been a long journey (the first beta was released May 19th, 2006), but by having an extended beta test, along with an amazing set of beta testers, version 1.0 is a polished product! We had over 250 beta testers join us over the past month to help us create the Best Mac OS X Password Manager and Form Filler; to reward their hard work they all received 50.01 percent off the purchase price.

Furthermore, there were 4 beta testers that went above and beyond the call of duty. These fine folks helped us so much that we couldn’t bear to charge them a single penny; so we gave them all free copies. Here’s why:

One of the biggest mistakes we made in 1Passwd was to use the default settings when creating the new keychain.

By default the new keychain is locking itself out after 5 minutes of inactivity. It means that when you are browsing the web with 1Passwd extension installed you will get a lot of password prompts to unlock the 1Passwd keychain over and over again.

This tiny issue caused a lot of grief to our users and they (deservingly) gave us very negative feedback abou the latest beta of 1Passwd.

Fortunately, this problem can be easily be resolved by setting the lock timeout to a more reasonable value (for example, 30 minutes). This is described in the user’s guide: http://1passwd.com/guide/admin/keychain_settings

The lesson learned: Make sure that default applcation settings are set properly “out-of-the-box” and do not force your users to do that for you.

In the next release 1Passwd will automatically set the keychain timeout to 60 minutes for all new users. If you already have 1Passwd.keychain created, please, please, take a look at the guide.

If you are using 1Passwd and there is anything else that makes you unhappy, please let us know and we will fix it as soon as we can.

SnapNDrag by Yellow Mug Software is a screen capture tool that you always wanted—I like the OS X built-in capture command (Cmd-Shift-4) but SnapNDrag is better:

Many people ask why 1Passwd needs to have a Safari extension — after all, Safari has an AutoFill feature and already uses the keychain. The reason 1Passwd is needed is because the AutoFill of Safari does not go far enough for most user’s needs, and it only works in Safari (obviously). Our goal is to provide the best Password Manager and Form Filler that works seamlessly across browsers, without ever needing to manually transfer passwords or saved forms back-and-forth.

One might argue that these stats are not completely correct. One might say that there are lies, damn lies and statistics.

It does not matter to me… After wasting hours “fixing” CSS just to make look ok in IE, I am happy to see Internet Explorer’s market share at 3% (even if it is only on 1Passwd.com):

We are releasing a new version of 1Passwd on Wednesday, and it is packed with new features and some important bug fixes. Subscribers of the 1Passwd newsletter will get a sneak preview of it tonight before it is released to the general community.

I’ve included the detailed changes below, but here are the highlights: