A free 1Password competitor trying to kill the password

Featured comment

Steve Kirsch@stkirsch · CEO, Token
Update — the newest app is out for iOS and we now support TouchID, plus addressed many early comments from our users. Would love to know what you think.
DiscussionYou need to become a Contributor to join the discussion - Find out how.
Ouriel Ohayon@ourielohayon · appsfire, CEO/ isai (VC) co-founder
free? what s the catch?
Steve Kirsch
@stkirsch · CEO, Token
I am the creator and founder of oneID. I have been involved with the Internet since it first began and I deeply care about identity and security so I wanted to address the four top issues brought up in the comments so far. Comment #1: oneID doesn’t address the real problem with passwords We spent years creating an award-winning unbreakable, trustable federated digital identity for the Internet. It was designed by some of the world’s best cryptographers and identity experts. But websites refused to implement it until there was a big enough installed base. So we added legacy password management to help create that installed base. When you get a oneID, you are not just getting yet another password manager. You are also getting a new bulletproof identity based on the oneID architecture. I published a very long piece on security and identity on Medium last year that explains how this works and why trustable federated identity is the best way to solve the identity and cybersecurity problem: http://goo.gl/GkUsQN The bottom line is this: when you choose to use oneID and encourage people to do the same, you are creating a safe, federated identity for yourself and by doing so, you are helping to move the world to a better place where we can then get sites to adopt this and finally fix the problems with identity and cybersecurity. You can’t do that with any other password manager out there. Comment #2: A four digit PIN can't possibly be safe My username is stk@oneid.com. My PIN is 0000. But even though you now know that you can’t break into my account. Nor can oneID. The PIN we use doesn’t operate as a shared secret; it is hashed with a high entropy private key stored on your computer to create a local private signing key to authorize the release of your password to your device where it is decrypted using a local symmetric key. If someone breaks into oneID, your passwords can’t be decrypted because they are all encrypted with high entropy keys that are not known to us. In comparison, that other password manager you are using encrypts your password with an extremely low entropy key...the password that you think can’t be guessed. Also, using other password products, your information can be accessed by malware. This isn’t true with our product because we only release the password you need. So I think your passwords are safer for that reason as well. Comment #3: oneID isn’t working on some mobile sites and there are problems with the Chrome plug-in. We are aware of these issues and we are working on fixing them, along with a list of additional features we know people want. Comment #4: How can this be free? What’s the catch? We make money by charging sites a small fee for our 1-click checkout service. We give our software away to consumers to create an installed base of users. It’s the same business model used by Google, Facebook, PayPal, and others. We love feedback - please keep it coming. You can comment here or reach me at stk@oneid.com.
Kumar Thangudu@datarade · Technologist
Isn't a password tool that stores your password in the 'cloud', by definition not secure? I'm no security expert, just curious. Nice website.
Jeremiah Lee@jeremiahlee · Web API, Fitbit
Complete non-starter: it's a service, not a product. The beauty of 1Password is that it's only ever on your devices and syncs in a peer-to-peer between devices. Any password product that depends on a middleman service is a security nightmare waiting to happen.
Joe Blau@joe_blau · iOS Engineer @ Uber, ATC
Onboarding experience is great especially with the fact that you don't have to enter any passwords to create your account. The user interface is clean and modern. From the security side it's still one password, but it has been reduced to a 4 digit pin which is going to be a lot easier to figure out than my alpha-numeric-symbolic password on 1Password. Everything was working great until I tried to log into Twitter's website via the OneID iOS app extension. I got an error that said "The mobile site does not allow auto-fill." I tried the same thing with 1Password and it worked and I was successfully logged in. Probably going to stick with 1Password since they have the 1st movers advantage, but this seems like a really good alternative.
Kim Schulz@kimschulz · Staff Engineer, Software
@joe_blau actually thought that LastPass was the first mover and 1Password was still just trying to catch up?
Joe Blau@joe_blau · iOS Engineer @ Uber, ATC
@kimschulz actually, you're right. I just heard of 1Password in a MacHeist 8 years ago or so before I ever heard of LastPass. I guess 1Password would be more of a first discovering for me :).