Apple and 1Password’s deal shows password managers are the future
On July 10, BGR scooped an interesting agreement between Apple and AgileBits, the developers of the popular password manager 1Password, with the company adopting the product for its more than 123,000 employees around the world, in addition to its store employees and up to five relatives of each employee if they wish. The agreement takes AgileBits to a new level, and includes service agreement provisions to ensure a response time of less than four hours, translation of the support pages to the world’s main languages, as well as password support on the iCloud.
The agreement could amount to around $2.5 million a year, with the company announcing a generous bonus program for all its employees involved in the project. In addition, BGR says Apple might be considering acquiring the company, something that AgileBits categorically denied through its Twitter account.
What is 1Password? It is one of the big four in this field, along with LastPass, Dashlane and KeePass. There are no figures on their respective market shares, but they all claim to have between one and five million users, and all of them have made inroads into the corporate market. Any differences between them are fundamentally a question of tastes and habits and they all have similar functions, and in general, the password market still has huge potential: most people still choose passwords they can memorize, using the same password for different services that can easily be cracked.
Password managers are the best way to use the internet securely, sometimes supplemented with additional methods such as multi-factor authentication or the use of security tokens: I’ve been using LastPass for a number of years and don’t know — and I don’t want to know — any of my passwords. If an account is compromised, the password is immediately exchanged for another I won’t bother memorizing. LastPass itself has been hacked several times, but this has not caused any problems, because all the passwords stored on it are encrypted.
Apple’s decision to use a password manager like 1Password for all its employees is proof of the growing maturity of this types of tools. Why 1Password and not another? Possibly to do with its interface, probably the best design compared to LastPass, which is much more basic, or Spartan and KeePass, more suitable for users who are more comfortable with technology. 1Password also works with the Apple keychain and the new iOS 12 API.
If you still don’t use a password manager, you should. But beyond individual use, it is interesting to think about corporate use: for reasons that are difficult to explain, many employees consider corporate security a matter for technology professionals and is not their direct responsibility, paying little attention to the issue: passwords that are easy to crack, often written down on post-its stuck to their computers, shouted out in open offices or sent through unencrypted channels, as though their were no security risks.
What’s more, these bad practices are often encouraged by the company itself: if your boss asks you to change your password every few days, you’re going to choose something that’s easy to remember and that you may well write down.
Instead, the sensible thing to do, as Apple has just shown, is to offer employees a system that allows them and their family members to manage their passwords securely. Investing in reasonable levels of security is not about turning your company into Fort Knox and making life impossible for everyone, but instead about adopt simple methods such as password managers that offer adequate guarantees in exchange for a system that is simple and easy to use.
(En español, aquí)