Yesterday, I wrote my review of 1Password, the OS X application, but I didn’t go into detail about some of Agile Web Solutions’ other offerings that help make 1Password even better. One example is my1Password, a service that AWS will provide (either for free or at cost, unknown at this point) that ties in with 1Password. my1Password is currently in private beta, and the only reason that I have access is because everyone who bought the January 2008 MacHeist Bundle got an invite. However, I have been trying it out for quite awhile, and so here is my review.

Probably the best analogy of how my1Password ties into 1Password would be to think of how MobileMe connects to the applications on the Mac. In its online form, MobileMe provides applications that are nearly identical to their Mac counterparts that can be accessible from any computer on any web browser, so that you can get to your data from wherever you go. Well, my1Password extends this idea to passwords: it is an online service that allows you to view all of the passwords, wallets, notes, and anything else you have in 1Password, online, so you can have this info with you wherever you need to go.

Now, why is this useful? Well, remember that one of 1Password’s functions is to allow you to generate stronger, more secure passwords, and to have them in one central location so that you don’t have to worry about remembering them. But what if you have to login onto a site from somewhere other than your computer? All of your passwords are sitting on your computer’s copy of 1Password, wherever it is! A service like my1Password allows you to get to your 1Password information from anywhere, and in my opinion, really completes 1Password by making it a real solution for your digital life.

So how does it work? Well, once you’ve registered for my1Password, you need to synchronize your 1Password information with the service. To do this, you open 1Password, and choose “Sync to my1Password Service” from the Sync menu, or simply do Command-Y. From there, you login to your my1Password account, and you’re asked to sync your data with a Data Encryption password (more on this below), and then you click Sync Now, which synchronizes your data over to the my1Password server. Unfortunately, since the my1Password service is still in development, 1Password cannot automatically sync changes over to my1Password yet, but the program makes it cler that auto-syncing functionality will be coming soon. Until then, you just have to remember to go and manually sync every so often.

By now, you should be wondering, what about security? The folks at Agile Web Solutions have clearly designed my1Password with security in mind. On your Mac, 1Password creates is own keychain (using the Mac’s keychain technology) to keep your data secure, but keychains don’t travel onto the internet. To rectify this, before 1Password syncs your data to the my1Password servers, it encrypts all of your information with 448bit Blowfish Cryptography using the data encryption password that you set when you sync, which is one of the most secure, open-source encryptions out there. Your data is stored on the my1Password servers in its encrypted form so that no one, not even the people who run the my1Password servers, can see it. When you’re using my1Password, you enter the encryption password separately from logging in to the service, and the decryption is done within your web browser using JavaScript, so the my1Password servers aren’t even involved in encrypting/decrypting your data. Plus, my1Password uses a secure SSL connection both during use and during sync to ensure that others aren’t sniffing through your passwords.

The my1Password service, itself, feels as though it could have been designed by the very folks at Apple who designed MobileMe–it looks an feels as if you are using a read-only version of the very same 1Password application. It displays the exact same information as 1Password does, including any organizational folders you may have created. It allows you to sort the lists of items the same way 1Password does, it has a live search bar (the same kind Apple loves to show you in MobileMe demos), and it even has the very same power button on the upper-right for logging out. (Actually, my1Password had this power button before Apple even revealed MobileMe in June.) When you click on an item, the item details show up in a pane underneath the list. Well, actually, you’re first asked to enter your encryption password to reveal the information, and–this is quite interesting–the text shown behind the Encryption Password box is the very same password/wallet/note information that you clicked on, but before it’s been decrypted! It’s kind of cool how my1Password lets you watch the encrypted data turn into the very same decrypted data right before you eyes, but it’s there as a visual reminder that the decryption is happening within your browser, not on my1Password’s servers.
Beyond that, however, my1Password has practically the same interface as 1Password and works just the same way, which is really awesome for a web application.

Finally, to ensure that your private information remains private on the web, my1Password allows you to specify a period of idle time after which the service will automatically log you out–set to 5 minutes by default, which means that if you don’t use my1Password for 5 minutes, it will log you out by itself. Another nice thought on their part to keep your data secure.

Obviously, since my1Password is still in development, there are still a few things that aren’t quite all there. As I already mentioned, 1Password cannot sync to my1Password automatically, you have to run the sync yourself. my1Password is also read-only, so if you find yourself on another computer and you’re registering somewhere or changing the password to a service, you can’t use my1Password to add that new information to your database, you’ll have to wait until you get your own computer back up. Also, if you decide to change your encryption password, 1Password will force you to remove all of your data from the server and then completely resync your data back to the server. While both of these tasks are as easy as pressing buttons, it would be nice if 1Password could take care of it by itself without needing to complain about it to the user.

However, if you’re really interested in making your passwords more secure, but have been held back by the fear that you’ll get stuck somewhere needing to login but not knowing what that super-secure password is, my1Password will be a godsend for you. It’s not yet publicly available (you can apparently request an invitation), but it’s a really nice service that completes the 1Password solution and will prove useful to almost anyone who uses the internet (and 1Password) frequently.

Final Rating:

Tags: 1Password, Agile Web Solutions, my1Password, online, passwords, review, security, service