How to store passwords for App's?

Michael Jennings
Michael Jennings
Community Member
in iOS

I just purchased 1password - my first password manager (not including Keychain).
I use an app for online banking and recently used 1password on my Mac to generate a new complex password. Is there a simple way to get this in to my App? Currently I have to open 1password, copy the password, then open the banking App and paste in the password. I'm hoping I'm missing something here as this is a real pain.

Comments

  • hawkmoth
    hawkmoth
    Community Member

    Because of Apple's sand boxing rules, there currently is no way to pass credentials demo 1Password to another application. This is the same for any applications, not just 1Password. So the process you describe is the one you will need to use, for now. Any other password manager will be the same in that regard.

    When iOS 8 appears, this may change. Apple will then be providing ways for applications to communicate with each other. So then life may get better, provided your banking application is modified to allow this to happen.

  • Unknown
    Unknown
    This content has been removed.
  • littlebobbytables
    littlebobbytables
    1Password Alumni

    In regard to banks.

    Honestly? Probably not. Why the pessimistic belief? Everything I've seen from your typical bank is that they're lazy and fearful. You could probably argue until you're blue in the face that enabling whatever feature 1Password needs to do its magic doesn't compromise your or their security at all but take a look at who you're trying to persuade. They're the people who insist on characters x, y & z of a password and then force you to use a poor password at the same time. They're the ones that say don't fall for phishing tactics but then when they call you expect you to authenticate who you are whilst offering no proof they are your bank.

    I hope I'm proven wrong either by the corporations I've just accused of being lazy and fearful (I forgot to add incompetent) or by Apple coming up with a way where 1Password can work in situations like these. Given their carefulness though in security through separation it seems unlikely to come from Apple.

    Banks - a necessity rather than a genuinely useful contributor to society.

  • Unknown
    Unknown
    This content has been removed.
  • littlebobbytables
    littlebobbytables
    1Password Alumni

    @Tangible‌ You mentioned a few areas, I just chose to take a pop at banks hence the start of my post ;)

    There are good security practices and then are clearly bad ones and banks don't, in my own opinion, always take the time to make sure they follow sound ones and yes, it would be fair to say I was quite cutting in my statement of this.

    I have a credit card from a bank that believes a four digit pin and a maximum of an eight character long password where symbols are disallowed is sufficiently strong - I would disagree, vehemently so.

    I have an account with a bank that did call me up unannounced and would not proceed until I had supplied answers to security questions. Does that sound like something a bank should be training its customers to do? I refused but eventually I did learn the call was genuine.

    That same bank makes use of a supposed security feature titled Verified by Visa where you're meant to trust that part of a web page is actually coming from your bank. 1. I see no reason why such a feature can't be faked and 2. my bank at least allows you to reset your separate password for this using the most easily obtainable information. I know because that's how somebody tried to max out my card. What stopped this attempt was the much older security practice of simply flagging dodgy looking transactions. This isn't some small mom & pop bank (if such a thing exists in other countries to mine),this was a big national bank in the UK.

    You're quite right, the use of a maiden name is appalling so why is such stupidity seemingly universal? I'm sure in the US you've got something like a unique tax code/ID that people often require like it's some sort of secret whereas in reality it really isn't and it shouldn't be considered as such. Despite that it often gets used in that exact situation. I wish I could remember what the ID was for, whatever it is it's something everybody definitely had so not like a driver's licence or passport.

    Banks are companies and companies are often only interested in doing as little as possible where it maximises profit. So going back to your question (I did diverge somewhat), I don't believe you will see banks jumping on board any time soon as to do so would require them to invest to ensure it's all okay. Why do that when it's much cheaper to simply say no? Hey, it would be great if I'm proven wrong, I just don't see it happening.

  • prime
    prime
    Community Member

    While I do find this a pain at times, I gotten use to it and now I don't mind it. For my bank app on my iPhone, I can save the user name on it so I just have to log in with the password. I don't even save the user name, it's my bank, my money, and I don't want to take any risks. Now my bank password is long, but I am starting to remember it.

    To me this is still easier then iCloud Keychain because in 1Password, everything is stored in a nice order and easy to find. Trying to find my info under the settings in iCloud Keychain... I want to scream! They could have done that so much better. This is also way safer than having your password on paper in your wallet.

    As others said, I don't see banks jumping on board with this, and probably never will.

  • Megan
    Megan
    1Password Alumni

    Hi all,

    This is a great conversation here. Of course, the extension will be more awesome the more apps that implement it, so we'd all be extra grateful if you share our app extension's github page with your favourite developers and encourage them to enable 1Password support. We haven't yet announced all the apps that have added 1Password support, so hopefully we have one in a future list that is more useful to you @Tangible‌! Personally, I tend to do a bit of app-shopping whenever these lists come out - I'm more inclined to consider an app if I know it comes with built-in 1Password support ... but clearly I'm a little bit biased here. As @littlebobbytables‌ says, it is harder to get some of the bigger companies on board, but we're doing what we can to get the word out - the more developers that add it, the more likely others are to as well.

    For banks, one of the great things about the 1Password extension is that it does work in mobile Safari, so you could always use your bank's mobile website and sign in quickly and easily with 1Password there.

    And @prime, my bank app allows me to store a username as well, so my workflow has been like this:

    • Unlock 1Password
    • Find my bank Login in my Favourites
    • Swipe to copy my password
    • Open my bank app
    • Paste my password

    Using Diceware to create memorable passwords is also a great solution.

    I'm still holding out hope that one day banks will see the advantage of password managers, but until that day, 1Password will do the best it can to make your password life simpler, and more secure. :D

  • prime
    prime
    Community Member

    @Megan‌ I do the same thing also, my only difference is I'll paste my password 1st, then type in my user name after. It works and I don't even worry anymore.

  • Unknown
    Unknown
    This content has been removed.
  • Megan
    Megan
    1Password Alumni

    Hi @Tangible,

    Thanks so much for the kind words! I certainly don't disagree that it's an uphill battle to convince major players to buy in to the extension. That's one of the reasons that we have used a brand-neutral URL scheme in our extension. You can read all the technical details in our blog post here: ** Filling with your approval: On 1Password’s App Extension and iOS 8 security **, but the relevant portion is this:

    We created an identifier that is brand and product neutral.

    This enables developers to simply call the brand neutral org.appextension.* schemes. When you, the user, call on an extension to perform these tasks, you will get your favorite password manager extension; the one you enabled on your device.

    Our brand-neutral scheme should make things easier both for users and for app developers. Thus, part of our reason for using a brand neutral scheme is to encourage as many app developers as possible to use this scheme. We aren’t forcing app developers to choose between 1Password and some competitor. Instead, we are delegating the choice of which password manager to use to where that choice belongs: you.

    I haven't yet heard of any other password managers taking advantage of this, but you're right - who knows what the future will bring! ;)

  • Michael Jennings
    Michael Jennings
    Community Member

    Megan,
    I have a proposal for 1password to make use with app's easier if you can't interact with the password field.
    It would be great for 1password to have a page of links to apps. When I select the link, it copies the associated password in to the clipboard and opens the app. Most app's remember the user name, so all I have to do is paste and login. It saves having to find an entry in 1password, edit it to copy link, close out, exit the app, search for other app and open it. Not ideal, but a much smoother flow than what we have now.

  • chrisdj
    chrisdj

    Hi Michael,

    While that is a super idea, that also requires the app in question to have a registered x-callback-url, as far as I understand it. 1Password can't simply launch any app. :(

This discussion has been closed.