In the world of password management tools for OS X and iOS, there's one big gorilla out there -- 1Password from AgileBits. A new entry into the market may make inroads by not only offering a much more simple way to save login information, but also by letting you share that info with trusted individuals who can close your accounts safely after you're no longer able to. PasswordBox (free) is launching with a bang, offering free service for life -- and beyond -- to anyone who downloads the app this week.
On OS X (and other desktop operating systems), PasswordBox uses browser plugins to let you automatically log into your favorite websites or services. Those plugins are currently available on the PasswordBox website for Chrome, Safari, and Firefox. By using the plugins and having access to your browsing history, PasswordBox is able to recommend websites that you visit frequently and suggest that you store login information for compatible sites in PasswordBox.
Those passwords are encrypted with bank-grade encryption while syncing between devices, and there's a PIN code required to open PasswordBox on your iOS devices. On the iOS app, PasswordBox will either launch and log into a site through its own built-in browser, or you can choose to have it launch a third-party app, in which case the password is copied to the iOS clipboard for pasting.
PasswordBox's main selling point at this juncture is what they call Legacy passwords. These can be shared with a trusted individual, but are only shared after your untimely demise. Once you've shuffled off this mortal coil and joined the choir invisible, your friend or loved one can provide a death certificate to PasswordBox that they'll validate with authorities, at which time the passwords are transferred to that person's PasswordBox account. It's a fascinating capability that is described more fully in a short video on the PasswordBox website.
In a short trial of the app, I found some serious issues. For example, when I tapped a button to have the app log me into a Gmail account, it did what I expected -- it opened up the PasswordBox built-in browser to the Gmail login screen. But it didn't actually enter the passwords; instead, there were small "Box" buttons in the Email and Password fields. I assumed that I would just tap those buttons to have the information entered, but no -- it just copied the login info into the iOS clipboard for pasting. Worst of all, when I went to paste in what I thought was my email address, it pasted my password instead -- in plaintext. If I had been using an iPhone or iPad for a presentation and had wanted to log into a secure site, everyone in the room would have seen my password. Note that the browser plugins did work properly.
It should be noted that Apple's forthcoming iOS 7 and OS X Mavericks will feature iCloud Keychain, a capability that will provide cross-platform syncing of a number of logins for websites and apps. This built-in capability will address the needs of many users of Apple's desktop and mobile platforms without the need for a third-party service.
Although I find 1Password to occasionally be a total pain in the ass to use (why, oh why do some of my accounts have multiple duplications of logins?), it works exactly the way a password app should. It fills in the fields with email or user ID and password (hidden), and then logs in with a tap. So while the PasswordBox app may be useful in the afterlife, during life -- at least until some of these issues are addressed -- I'm going to still be using 1Password.