Password Retriever 5.1.8
Developer: Koingo Software
Requirements: Mac OS X 10.2. Not Universal.
Trial: Fully-featured (15 days)
I don’t know why, but I’m surprisingly good at remembering the random strings of gibberish that make up my passwords. Good, but not perfect, and on the rare occasion that I can’t seem to get a password right, I’m left searching frantically for a piece of paper that might not even exist.
There are lots of password storage applications to choose from. They all offer some level of encryption and password protection, and that’s what’s most important. Password Retriever has been around for a long time, and offers a high level of encryption and an impressive array of features. It’s also fairly easy to use, though the user interface could desperately use some cleaning up. Oh, and there’s one major bug if you’re updating…
Creating a Record
When you open Password Retriever for the first time, you see (predictably) an empty database, with a toolbar whose leftmost button says New. It’s obvious what you should do. Clicking the button brings up a dialog box asking for the Name of the Service (password record), Login name, Password, and URL (any of which can be left blank). There’s a Random button to generate a random password, and by default the password is securely bulleted-out. The bulleting can be toggled to show the password briefly, or shut off from the program’s preferences.
There’s also an icon next to each field. After some fiddling around, I figured out that the icon is actually a button that copies the field’s contents to the clipboard. That’s especially handy with the password field—it copies the password instead of the (displayed) bullets. But it’d be nicer if it looked like a button.
The Copy icon in the toolbar is different from the one next to the fields: it’s a clipboard, which in most applications means Paste! As indicated by the little triangle beside it, clicking the button displays a pop-up menu. You can choose to copy any of the standard fields (except for Name) twice, or all the information in the record (including Name, created/modified dates, etc.). If you add additional fields to the record (via the Define Fields button; I’ve never needed to do that, but it’s nice to see the option there just in case I ever do), the additional fields appear only once in the pop-up menu, and are copied (as expected) if you copy All.
All those ways to copy, plus the usual Command-C, start to feel a little redundant. There are no paste buttons (understandable from a function point of view, but it’d be nice for symmetry). In a glaring omission, Undo doesn’t work at all, and I’ve missed it on more than one occasion.
Reset Fields and Revert, though they use the same icon, do different things. Revert reverts to the last saved version of the record, as expected. Reset fields doesn’t seem especially useful to me: it not only resets the fields available in the record to the defaults (i.e., if you added a non-standard field to the record, Reset Fields will make it disappear) but also clears the remaining fields (except for record Name) of their data: effectively, it changes your current record into a new record. Fortunately, it can be Reverted.
It’s not immediately clear what the “All” pop-up underneath the toolbar is for. Turns out it’s a category, and it’s strange that it’s not labeled as such, since every other field in the window is clearly labeled. At first, the only categories are All and Unfiled, and there’s no Edit… item in the pop-up menu. Categories are created only from Categories‣Edit Categories in the menu bar. The only other items in the Categories menu are the categories themselves; selecting one does not set the category of the record you’re editing, but rather changes the category displayed in the main database window, even if it isn’t frontmost. Strange.
When you’re done editing a record, you’ll probably want to save it. Not seeing a Save button, I just closed the window, hoping my changes were saved automatically. Nope: I got a dialog box asking if I wanted to save my changes. Later, I learned that the Apply button saves the record—so why not call it Save?
Browsing Your Records
Password Retriever’s main window shows a list of all your password records, or (via the Categories pop-up menu) just the records in a selected category. By default, it does not display the category any particular record belongs to—only Name, Login, Password (hidden under bullets, which can be toggled on or off), and URL are displayed.
As expected, clicking on the header of any column will sort by that column; clicking again will reverse-sort. (If the passwords are bulleted out, nothing happens when sorting by password, but if they’re displayed you can sort by them.) The widths of the columns can be changed, and should be: the default widths don’t make much sense, and leave blank space at the right hand side of the window. That might be acceptable for version 1 of a program, but by version 5 details like that should really be cleaned up.
Additional columns can be created for other fields (including custom fields) via the Show View Options dialog, but if you try to do so when viewing All records you’ll get an error message (“Could not find category to update!”). Sometimes it turns out the field was added despite the error message. I have not seen the error message when editing a category other than All. After working with Show View Options for a while, I think perhaps the only problem here is the error message, but I still find adding and removing columns to be cumbersome and confusing.
The Copy button in the main window’s toolbar works the same way as it does in the edit window, and is extremely useful. The Print button is also actually a pop-up menu. Keeping a printed record of passwords has its advantages and disadvantages, but I think it’s a good idea as long as you have a secure place to put it. Trouble is, if you tell Password Retriever to Print All, it prints one record per page, wasting large amounts of paper. The more sensible option is to print “Selected (flowing),” but first you’ve got to select all your records. (There is no option to print “All (flowing).”) It’s beyond me why all of the print options don’t flow automatically.
The Quick Browser, accessible from the Window menu, must have been named for the amount of time that was spent developing it. It’s a floating window that shows all of a record’s fields (including custom fields): a nice idea but it’s badly implemented. Arrow buttons (on opposite sides of the window, requiring a lot of unnecessary mousing if you’re going back-and-forth) let you move between records, in whatever order they happen to be sorted in back in the main window. Inexplicably, there are also two Stop buttons, which are always grayed out. A button in the middle says Show Passwords; if passwords are showing, you can click the button to hide them, but the button does not rename itself “Hide Passwords.” There is no button allowing you to copy obscured passwords, and even if passwords are showing, you can’t select one and copy it. It’s really a shame Koingo paid so little attention to detail when creating this feature.
After I finished creating all my password records, I quit Password Retriever. It asked me to save my changes, I clicked Save, and that was it. I didn’t even notice…I really should have noticed what didn’t happen next. Password Retriever closed, and I went on to other tasks. A few days later I needed a password and started the program. There were my passwords, right in front of me, but hold on a minute: shouldn’t this thing be password-protected?!
So it turns out that by default, the database is neither password-protected nor encrypted. I could open it up with a text editor and see all my passwords as plain text. Unbelievable! Koingo, tell me about that 448-bit encryption again? Tell me again how important it is to keep my passwords secure? Well, it’s an option: Go to File‣Database Protection to set up a password. Only then is the password database encrypted. Sure it’s simple enough, but why wasn’t I prompted to protect my database when I created it, or at least when I saved it? The very raison d’être of a program should not be implemented as an option that’s hidden in a menu and turned off by default.
Now, what’s worse than having encryption and password protection turned off by default? How about turning it off without telling the user? Oh, I am not even kidding. Say you had a Password Retriever 4 database and updated to Password Retriever 5. Before you can open your old database with the new version of the program, you have to use File‣Update Old Database… Fair enough. It prompts for the user name and password (NB there’s no longer a user name in Password Retriever 5), then opens the updated database. Do your work, close the database. Next time you open it, maybe a week later, you’re in for a shock: your password-protected encrypted database is not password-protected anymore, nor encrypted. Updating took that all away, without a peep of warning.
Have you been backing up your files? All your passwords, totally unencrypted, have been backed up too. After you’ve changed them all, you can update your records in Password Retriever and look for a way to enable the optional encryption and password protection…if you’re still interested in using the program.
Honestly, I have mixed feelings about Password Retriever. On the surface it’s simple, does what I want, and doesn’t get in my way; I like that. The user interface needs a cleanup, so I’d drop the rating down to Good. But Undo doesn’t work. And then there’s the whole issue of encryption and password protection being turned off by default, which is just plain stupid. Add the bug when updating from a previous version? I want to like this program, really I do, but Koingo, that’s just Rotten.