PassLocker is a simple but flawed password manager for OS X
Macworld - These days, it seems that every single website I visit wants me to log in, no matter how trivial the service it offers. Of course, the most basic of cautions dictates that a different set of credentials are created for each site, least I wake up one morning to find out that my bank account was wiped clean because my favorite social network inadvertently leaked my password.
The ever-increasing complexity of managing logins has not gone unnoticed to software developers. Apps like 1Password provide comprehensive solutions aimed at making the storage and retrieval of security credentials easy and convenient, usually alongside other related features, like the ability to remember credit card numbers, digital keys to unlock software programs, and so on.
Unlike most of its competition, InnovationBox's PassLocker (Mac App Store link) foregoes complexity and breadth. It favors a laser-like focus on the core task of storing and retrieving usernames and passwords, while attempting to provide an experience that is simple and easy to grasp.
For starters, PassLocker doesn't have a traditional user interface. Instead, it runs quietly as an icon in OS X's Menu, coming into play only when called upon. This is a smart move, since it allows the app to be readily available without needlessly cluttering your screen, Dock, or Application Switcher.
Credentials are created and retrieved using a simple process that is easy to learn and quick to use. Rather than attempting integration with every browser that a user could conceivably use, PassLocker offers built-in support for many popular sites, including Amazon, Paypal, Twitter, and Facebook; clicking on a password for these sites causes the default browser to launch and automatically log you into your account. For all other credentials, the only option that the app offers is to copy either the username or password; you can also reveal the latter--a feature that, in my opinion, unduly endangers your confidential information by exposing it to public view.
PassLocker supports synchronizing your passwords through iCloud. In my testing, this feature worked flawlessly, with passwords synchronizing across multiple devices nearly instantaneously. You can also export your password locker to a ZIP file, and send it via email as an attachment.
Login credentials are protected by a four-digit pin number that is set when you first launch the app. As is normal for software of this kind, forgetting your PIN means that you will have to completely reinstall the app and lose access to all your stored credentials. Luckily, if you opt to use iCloud sync and have a copy of PassLocker installed elsewhere, these will immediately be restored for you under a new PIN.
Speaking of protection, the app encrypts credentials using 256-bit AES--a standard that, despite a few potential flaws, is still widely considered to be safe. In fact, the reliance on a four-digit PIN is a much greater concern than the use of AES-256, since cycling through all ten thousand possible combinations--a process known as a brute-force attack--is fairly trivial with today's powerful computers. PassLocker attempts to mitigate this issue by enforcing a 15-second cooldown period after three failed login attempts, making brute-force attacks a bit harder (but by no means impossible) to pull off.
The combination of low-price and ease of use make PassLocker a worthy candidate for users who are approaching the problem of password management for the first time and on a budget, but a sparse feature set and relatively insecure login mechanism conspire to limit its usefulness to all but the simplest of needs. PassLocker costs $5 and requires OS X 10.7 Lion.
- Top 10 Reasons to Strengthen Information Security with Desktop Virtualization Regain control and reduce risk without sacrificing business productivity and growth
- Preventing Sophisticated Attacks: Anti-Evasion & Advanced Evasion Techniques McAfee Next Generation Firewall applies sophisticated analysis techniques specifically to detect advanced evasion techniques (AET).
- The Security Industry's Dirty Little Secret The debate over advanced evasion techniques (AETs) This report summarizes the findings of a McAfee commissioned research group to determine the level of understanding IT security professionals have about AETs...
- Demand More, Get the Most from the Move to a Next-Generation Firewall Beyond the basics in a next generation firewall, to protect your investment you should demand other valuable features: intrusion prevention, contextual rules, advanced...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!