Comments on: Wesabe's Mac Dashboard Widget

By: Sam Quigley

Sam Quigley — Tue, 05 Feb 2008 01:26:34 +0000

Nat–

I work in the Security group here at Wesabe, and I just thought I’d point out
that the fact that the login keychain is often unlocked does *not* mean that
any application has access to its contents. The Mac Keychain only allows
“trusted applications” to access individual keychain entries: unless users
specifically grant access to the “Wesabe Widget” keychain item to other
programs, the only application that can read it will be the “DashboardClient”.[1]

The result of this is that I’m not sure moving the Wesabe widget password to a
different keychain is going to do much. If a user gives a malicious program
access to the Widget keychain item, then it doesn’t matter which keychain the
Widget uses. (Note that this can’t happen accidentally — the user would have
to explicitly grant such access.)

That said, your comment about setting keychains to lock brings up a good
point. By default, the login keychain on OS X is *not* set to lock
automatically, even if the computer goes to sleep. Apple set these defaults in
the interests of usability — most users don’t want to be prompted for their
password all the time, no matter what the marginal benefit — but more
paranoid (or just plain curious) users may want to change them.[2] This will
limit the amount of time passwords are stored in memory, and will protect your
passwords even from someone who steals your computer while it’s running…

Of course, if you have any other questions about Wesabe security, or ideas
about how to improve things, please don’t hesitate to send a note to
support@wesabe.com. We take these things really seriously here, and we’re
always happy to hear what people think…

-sq

[1] You can check this yourself by opening Keychain Access
(/Applications/Utilities/Keychain Access.app), double-clicking the “Wesabe
Widget” item, and looking in the “Access Control” tab.

[2] You can change the settings by opening Keychain Access, as described in
[1], ctrl-clicking the keychain marked “login”, and selecting the “Change
settings” option. I set mine to lock when sleeping and after 5 minutes of
inactivity, and I don’t find it too annoying. (But then again, I probably have
a higher tolerance for this than the average user…)

By: Nat Irons

Nat Irons — Mon, 04 Feb 2008 07:25:01 +0000

It’s not terribly safe, unless you remove the Wesabe password from your default keychain (where the Wesabe password is born, and which is probably unlocked most of the time), and put it in its own dedicated keychain. Then assign the new keychain file a unique password, which you’ll be prompted to enter when the Dashboard widget tries to collect new data. (For bonus points, open the new keychain’s settings and set it to lock after one minute.)

You could re-use your Wesabe account password for this new keychain, if it already strong and unique — if a bad actor ever compromised the password to your Wesabe keychain, they could by definition learn the password it’s protecting. Fortunately, Keychain’s encryption has a good track record.

By: Explore2Learn

Explore2Learn — Mon, 03 Dec 2007 00:24:53 +0000

How do they get all that secure info, yet not have any access to it? I guess I am not sure how safe it is.

By: Manage Your Money with Wesabe Dashboard Widget [Featured Mac Download] at SoftSaurus

Mon, 03 Dec 2007 00:21:43 +0000

[...] Mac OS X only: Previously introduced money management web app, Wesabe, makes it even easier to manage your money with a free dashboard widget. The widget has two views: transactions and accounts. The accounts view (shown above) displays the balance of each account. The transactions view (not shown) displays the most recent 10 transactions. The dashboard widget makes it very easy and convenient to manage your finances at-a-glance. The Wesabe dashboard widget is a free download for Mac OS X only. Wesabe’s Mac Dashboard Widget [Wheaties for your Wallet] [...]

By: Manage Your Money with Wesabe Dashboard Widget [Featured Mac Download] · TechBlogger

Sun, 02 Dec 2007 23:20:38 +0000

By: Briskar

Briskar — Thu, 22 Nov 2007 21:38:28 +0000

Great widget. It’s a huge timesaver.

By: metarand » What’s the KeyPoint of a Facebook Application?

metarand » What’s the KeyPoint of a Facebook Application? — Thu, 15 Nov 2007 22:26:27 +0000

[...] Checking out your balance on the site you most frequent is useful, but it’s not a gobsmackingly good experience you want to evangelize to all your Facebook friends, nor is it an engaging utility you cannot do with out. Widgets are great – for example, Wesabe has launched an account balance Mac widget which streams real time balance updates. [...]

By: kristof

kristof — Tue, 13 Nov 2007 15:45:20 +0000

You plan to develope it to windows?

By: Kyle P.

Kyle P. — Mon, 12 Nov 2007 10:37:05 +0000

Thank you. Downloaded it this morning. Love it.

By: Wesabe’s Mac Dashboard Widget « The Bankwatch

Wesabe’s Mac Dashboard Widget « The Bankwatch — Wed, 07 Nov 2007 01:31:49 +0000

[...] Wheaties for Your Wallet » Blog Archive » Wesabe’s Mac Dashboard Widget The Dashboard Widget gives you one-button access to your bank balances and recent transactions. This turns out to be hugely convenient — instead of having to log into all of your bank sites or even to Wesabe to check your balances, you just have to be logged into your Mac. [...]