Skip to Content
Skip to Table of Contents

← Previous Article Next Article →

ATPM 12.04
April 2006

Columns

Segments

How To

Extras

Reviews

Download ATPM 12.04

Choose a format:

Software Review

by Paul Fatula, pfatula@atpm.com

Password Retriever 5.1.8

rotten

Developer: Koingo Software

Price: $20

Requirements: Mac OS X 10.2. Not Universal.

Trial: Fully-featured (15 days)

I don’t know why, but I’m surprisingly good at remembering the random strings of gibberish that make up my passwords. Good, but not perfect, and on the rare occasion that I can’t seem to get a password right, I’m left searching frantically for a piece of paper that might not even exist.

There are lots of password storage applications to choose from. They all offer some level of encryption and password protection, and that’s what’s most important. Password Retriever has been around for a long time, and offers a high level of encryption and an impressive array of features. It’s also fairly easy to use, though the user interface could desperately use some cleaning up. Oh, and there’s one major bug if you’re updating…

Creating a Record

When you open Password Retriever for the first time, you see (predictably) an empty database, with a toolbar whose leftmost button says New. It’s obvious what you should do. Clicking the button brings up a dialog box asking for the Name of the Service (password record), Login name, Password, and URL (any of which can be left blank). There’s a Random button to generate a random password, and by default the password is securely bulleted-out. The bulleting can be toggled to show the password briefly, or shut off from the program’s preferences.

password-retriever-1

There’s also an icon next to each field. After some fiddling around, I figured out that the icon is actually a button that copies the field’s contents to the clipboard. That’s especially handy with the password field—it copies the password instead of the (displayed) bullets. But it’d be nicer if it looked like a button.

password-retriever-2

The Copy icon in the toolbar is different from the one next to the fields: it’s a clipboard, which in most applications means Paste! As indicated by the little triangle beside it, clicking the button displays a pop-up menu. You can choose to copy any of the standard fields (except for Name) twice, or all the information in the record (including Name, created/modified dates, etc.). If you add additional fields to the record (via the Define Fields button; I’ve never needed to do that, but it’s nice to see the option there just in case I ever do), the additional fields appear only once in the pop-up menu, and are copied (as expected) if you copy All.

All those ways to copy, plus the usual Command-C, start to feel a little redundant. There are no paste buttons (understandable from a function point of view, but it’d be nice for symmetry). In a glaring omission, Undo doesn’t work at all, and I’ve missed it on more than one occasion.

Reset Fields and Revert, though they use the same icon, do different things. Revert reverts to the last saved version of the record, as expected. Reset fields doesn’t seem especially useful to me: it not only resets the fields available in the record to the defaults (i.e., if you added a non-standard field to the record, Reset Fields will make it disappear) but also clears the remaining fields (except for record Name) of their data: effectively, it changes your current record into a new record. Fortunately, it can be Reverted.

It’s not immediately clear what the “All” pop-up underneath the toolbar is for. Turns out it’s a category, and it’s strange that it’s not labeled as such, since every other field in the window is clearly labeled. At first, the only categories are All and Unfiled, and there’s no Edit… item in the pop-up menu. Categories are created only from Categories‣Edit Categories in the menu bar. The only other items in the Categories menu are the categories themselves; selecting one does not set the category of the record you’re editing, but rather changes the category displayed in the main database window, even if it isn’t frontmost. Strange.

When you’re done editing a record, you’ll probably want to save it. Not seeing a Save button, I just closed the window, hoping my changes were saved automatically. Nope: I got a dialog box asking if I wanted to save my changes. Later, I learned that the Apply button saves the record—so why not call it Save?

Browsing Your Records

Password Retriever’s main window shows a list of all your password records, or (via the Categories pop-up menu) just the records in a selected category. By default, it does not display the category any particular record belongs to—only Name, Login, Password (hidden under bullets, which can be toggled on or off), and URL are displayed.

password-retriever-4

As expected, clicking on the header of any column will sort by that column; clicking again will reverse-sort. (If the passwords are bulleted out, nothing happens when sorting by password, but if they’re displayed you can sort by them.) The widths of the columns can be changed, and should be: the default widths don’t make much sense, and leave blank space at the right hand side of the window. That might be acceptable for version 1 of a program, but by version 5 details like that should really be cleaned up.

Additional columns can be created for other fields (including custom fields) via the Show View Options dialog, but if you try to do so when viewing All records you’ll get an error message (“Could not find category to update!”). Sometimes it turns out the field was added despite the error message. I have not seen the error message when editing a category other than All. After working with Show View Options for a while, I think perhaps the only problem here is the error message, but I still find adding and removing columns to be cumbersome and confusing.

The Copy button in the main window’s toolbar works the same way as it does in the edit window, and is extremely useful. The Print button is also actually a pop-up menu. Keeping a printed record of passwords has its advantages and disadvantages, but I think it’s a good idea as long as you have a secure place to put it. Trouble is, if you tell Password Retriever to Print All, it prints one record per page, wasting large amounts of paper. The more sensible option is to print “Selected (flowing),” but first you’ve got to select all your records. (There is no option to print “All (flowing).”) It’s beyond me why all of the print options don’t flow automatically.

password-retriever-5

The Quick Browser, accessible from the Window menu, must have been named for the amount of time that was spent developing it. It’s a floating window that shows all of a record’s fields (including custom fields): a nice idea but it’s badly implemented. Arrow buttons (on opposite sides of the window, requiring a lot of unnecessary mousing if you’re going back-and-forth) let you move between records, in whatever order they happen to be sorted in back in the main window. Inexplicably, there are also two Stop buttons, which are always grayed out. A button in the middle says Show Passwords; if passwords are showing, you can click the button to hide them, but the button does not rename itself “Hide Passwords.” There is no button allowing you to copy obscured passwords, and even if passwords are showing, you can’t select one and copy it. It’s really a shame Koingo paid so little attention to detail when creating this feature.

Security?

After I finished creating all my password records, I quit Password Retriever. It asked me to save my changes, I clicked Save, and that was it. I didn’t even notice…I really should have noticed what didn’t happen next. Password Retriever closed, and I went on to other tasks. A few days later I needed a password and started the program. There were my passwords, right in front of me, but hold on a minute: shouldn’t this thing be password-protected?!

So it turns out that by default, the database is neither password-protected nor encrypted. I could open it up with a text editor and see all my passwords as plain text. Unbelievable! Koingo, tell me about that 448-bit encryption again? Tell me again how important it is to keep my passwords secure? Well, it’s an option: Go to File‣Database Protection to set up a password. Only then is the password database encrypted. Sure it’s simple enough, but why wasn’t I prompted to protect my database when I created it, or at least when I saved it? The very raison d’être of a program should not be implemented as an option that’s hidden in a menu and turned off by default.

password-retriever-3

Now, what’s worse than having encryption and password protection turned off by default? How about turning it off without telling the user? Oh, I am not even kidding. Say you had a Password Retriever 4 database and updated to Password Retriever 5. Before you can open your old database with the new version of the program, you have to use File‣Update Old Database… Fair enough. It prompts for the user name and password (NB there’s no longer a user name in Password Retriever 5), then opens the updated database. Do your work, close the database. Next time you open it, maybe a week later, you’re in for a shock: your password-protected encrypted database is not password-protected anymore, nor encrypted. Updating took that all away, without a peep of warning.

Have you been backing up your files? All your passwords, totally unencrypted, have been backed up too. After you’ve changed them all, you can update your records in Password Retriever and look for a way to enable the optional encryption and password protection…if you’re still interested in using the program.

Conclusion

Honestly, I have mixed feelings about Password Retriever. On the surface it’s simple, does what I want, and doesn’t get in my way; I like that. The user interface needs a cleanup, so I’d drop the rating down to Good. But Undo doesn’t work. And then there’s the whole issue of encryption and password protection being turned off by default, which is just plain stupid. Add the bug when updating from a previous version? I want to like this program, really I do, but Koingo, that’s just Rotten.

Reader Comments (15)

arcsine · April 3, 2006 - 00:48 EST #1
Not even a peep...
about Apple's built in and free Keychain App.

Why?
David Zatz · April 3, 2006 - 08:24 EST #2
Because the Keychain app doesn't do everything these programs do, and doesn't do it easily.
Nathan L. Silverman · April 3, 2006 - 09:41 EST #3
What I want, and haven't been able to find in the plethora of these programs, is a password encryption storage app that works in the background, like Keychain does, asks for my Keychain password once, and then inserts IDs and passwords into your browser without you having to go into the app and poke the entry.

I think these apps are a step backward in the sense that you have to give up Keychain's most valuable feature, in order to gain encrypted storage.

When I click the one little "tab" button in Safari which i have set up to open in tabbed order the 5 websites I want to check every morning like a ritual, I want the app to insert all 5 IDs and passwords the way Keychain does, not put me through the contortion of opening their app and jumping back and forth between their app and my browser 5 times!
Michael Tsai (ATPM Staff) · April 3, 2006 - 09:49 EST #4
Nathan, what you're describing isn't a feature of the keychain. It doesn't lurk in the background waiting to enter your names and passwords into the browser. Rather, Safari specifically asks the keychain to fill them in.

I put my passwords in Web Confidential, where I can organize them and add notes. When I use Safari, I let it remember most of the passwords in the keychain. This lets me have the convenience of the keychain without having to rely on it directly to manage my passwords.
Nathan L. Silverman · April 3, 2006 - 10:13 EST #5
Michael,

Could you please elaborate on this? I understand your explanation that I got the direction wrong as to which app calls the shots. If I understand you correctly, you are saying that Safari queries Keychain? Okay, then couldn't one of these password apps be set up so that it intercepts Safari's query, and it is passed off to that app instead, whenever Safari queries Keychain?

Nate
Michael Tsai (ATPM Staff) · April 3, 2006 - 10:25 EST #6
Yes, Nathan, Safari queries the keychain. I don't think it would be a good idea for these password apps to hack/patch the OS in order to intercept calls to the keychain.
Nathan L. Silverman · April 3, 2006 - 11:35 EST #7
I see your point. Is there no solution then to the objective I proposed above? It seems to me that the whole idea of flipping back and forth between a browser and a password manager is very unMaclike and, in the example I gave, really defeats the convenience of tabbed set bookmarks.

Do we have to wait until Apple decides to add an encryption option to Keychain?

Or perhaps Mozilla, with its own independent substitute for the Keychain in FireFox , would perhaps be more open to adding an option to select what app to query?

Nate
Michael Tsai (ATPM Staff) · April 3, 2006 - 11:47 EST #8
Nathan, the keychain is encrypted (always has been). Web Confidential (and perhaps some other password managers) adds a menu to the browser so that you can access the passwords there without flipping back and forth.
Paul Fatula (ATPM Staff) · April 3, 2006 - 12:05 EST #9
Nathan--If it were better done, i think the Quick Browse feature of this program could be a nice solution here. Since it's a floating window, you wouldn't have to flip back and forth. But to be useful it would need (1)a button to copy the password and (2)a better way to move from record to record. (i like adding a menu better though, since it doesn't use up screen space.)
Lee Bennett (ATPM Staff) · October 4, 2006 - 09:33 EST #10
Try Pastor. I've been using it for several years now—and it's donationware, not $20 freakin' bucks!
David Zatz · October 4, 2006 - 09:35 EST #11
I believe this has been replaced by Data Guardian.
Nathan L. Silverman · October 4, 2006 - 09:58 EST #12
Since writing above, I am now very, very happy with 1Passwd:

http://1passwd.com/

It not only works "like" Apple's Keychain, it actually uses the Keychain, and is accessible from the menus of Safari, FireFox, Camino etc.

It resolved all of the frustrations and concerns I had described above, and the authors seem to really be on the ball in responding to users' questions and suggestions.

I am not connected with this company in any way other than as a satisfied user and purchaser.
hamdi · December 1, 2007 - 08:54 EST #13
thank you
Derek · June 24, 2008 - 10:21 EST #14
is there a program that can help me retrieve a lost password for my mac
it is for a program on my mac
i have the admin password
but cant remember a password for a program
Lee Bennett (ATPM Staff) · June 24, 2008 - 12:04 EST #15
Derek - If there was a single program to pull passwords out of apps, then having passwords wouldn't be of much use, would they? I suspect your best course of action would be to contact the developer of the application for which you lost the password.

Add A Comment





 E-mail me new comments on this article