About iCloud changes in 1Password 5

iCloud borderless iconOne of the big changes in 1Password 5 for Mac and iOS is a brand new iCloud sync engine. This change is a huge, order-of-magnitude-improvement over what we had in 1Password 4, but it came at a cost. I would like to explain how we arrived at this decision.

Mac App Store and AgileBits Web Store

There are two versions of 1Password for Mac. One is available on the Mac App Store and the other is in our own AgileBits Store. For the most part, these two versions are identical. One major difference is that Mac App Store version of 1Password is sandboxed to satisfy the store requirements. Another big difference is the access to iCloud features. Starting with 1Password 5, only apps downloaded from iOS or Mac App Stores have access to iCloud.

Hey Siri, define “iCloud”

“iCloud” is a name that covers many different services and technologies. This umbrella name makes it difficult to talk about iCloud.

For Mac and iOS users, iCloud could mean:

  • Services that keep track of your iTunes Movies and Music purchases
  • Services that keep your application data and iPhone backups
  • iCloud.com
  • And more: apple.com/icloud

For developers, iCloud could mean:

  • a low-level API that is used to read and write files to the local iCloud container folders
  • a document-based API that is used to store documents for apps like TextEdit or Preview
  • an API for apps using Core Data framework
  • new CloudKit API
  • More information is here: developer.apple.com/icloud/index.html

1Password 4 was using the low-level API tied to the local iCloud container folder. It is similar for both Mac App Store and iOS apps. Because the local container folder was available to all apps on Mac, our Web Store version of 1Password could also use iCloud for syncing.

History

Here is a short history of iCloud and 1Password:

  • 2011: iCloud introduced in iOS 5
  • 2012: iOS includes many fixes and new APIs in iCloud. 1Password 4 for iOS 6 (finally!) adds support for iCloud
  • 2013: 1Password 4 for Mac is out with iCloud support
  • 2014: iCloud gets completely re-implemented and reintroduced as CloudKit and iCloud Drive.
  • One-time migration of user data is performed when upgrading to iOS 8 and OS X Yosemite. 1Password 5 for Mac and iOS now use CloudKit

1Password 4 and iCloud

From the developer’s perspective, the original iCloud was pure magic. To sync with iCloud, the “only” thing that the app had to do was to save its files into a special folder and the operating system took care of the rest. The files were magically transferred between all computers and devices.

When the magic worked it was great. When it didn’t, it could be frustrating because there was no way to tell why.

Over time, after dealing with the problems we “learned” and made defensive changes in the app. For example, after initially syncing to iCloud, 1Password would show a message that the data will be available on other devices “in a few minutes”, even though we had no way to tell when it would actually happen. If you were setting up a new device and downloading a lot of data, it would take hours for your 1Password data to appear.

1Password was not the only app affected by iCloud issues:

There is no doubt that these issues triggered a major change in iCloud and the introduction of iCloud Drive and CloudKit. Unfortunately, it seems that iCloud Drive might have inherited some of the issues.

CloudKit

In 2014, Apple announced CloudKit, available exclusively to apps in iOS 8 and OS X Yosemite. It is a simple and elegant network API that allows apps to store data remotely on Apple servers. The biggest difference from iCloud is that there is no magic. Instead of writing the files locally and then waiting for them to magically appear on other devices, the app simply makes a request to update its data on the server. It does require developers to write more code, but the end result is a hundred times better.

CloudKit is very fast, efficient, and makes it easy to detect and troubleshoot errors. CloudKit is predictable. 1Password now knows if the item was successfully updated on the server and is available to other devices. If the operation fails, the app now gets a detailed error message explaining why it happened, be it a network error, a downed server, no space available, or the user was rate-limited.

We don’t have to guess when something goes wrong anymore, and we no longer have to tell our users to perform a set of magic steps hoping that some of them would trigger iCloud to work. CloudKit solved the problems we had with the old iCloud.

Other advantages of CloudKit include:

  • CloudKit stores data as records instead of files. It allows apps to perform partial record fetches and updates that make syncing more efficient and do not force dowloading or uploading an entire file.
  • Remote CloudKit database supports queries that allow 1Password perform syncing faster compared to scanning a directory of files.
  • CloudKit supports “server change tokens”. They are used by 1Password to quickly test for changes made on other devices.
  • 1Password on both Mac and iOS uses CloudKit Remote Push Notifications to perform syncing almost instantly when a change made on a remote device or Mac.
  • CloudKit provides a special record asset type (CKAsset) that is used to sync large attachments.

All these features made a huge difference. We tested CloudKit integration in early betas of 1Password 5 and we immediately became very excited about it. After using CloudKit in the beta for several weeks, we decided it is the best way for 1Password to support iCloud sync.

Conclusion

I hope this explains why we made a decision to switch to CloudKit. The performance and reliability of CloudKit, combined with issues of the old iCloud sync, made it impossible for us to not use CloudKit in 1Password 5.

Tips & Tricks: 1Password 5.1 for iOS

1Pi iOS 7 icon 1521Password 5.1 for iOS is now up in the App Store, and it sports some great new stuff based on your feedback. In fact, there’s enough for a bulleted list not much unlike this:

  • Touch ID now has 42% more touch, 27% more ID – We simplified our Auto-Lock settings for your Master Password and Touch ID to be clearer. Give Settings > Security a look.
  • Tags go mobile – Need more than folders? Folders just not your thing? Now you can add tags to items on iOS. Sub-tip: they’re comma separated.
  • iPhone 6- and 6-Plus-ified – Better graphics, even richer icons, and other tweaks for iPhone 6 and 6 Plus owners.
  • Custom keyboard control – Third-party keyboards are a big thing in iOS 8, but they don’t need to be in your 1Password (in short, some of them can transmit what you type to servers for, ideally, useful text-in-the-cloud stuff). We disable them by default, but you can turn them on in Settings > Advanced.

We hope you enjoy! If you get a minute, please spread some of your review magic in the App Store. They really do help!

Touching on security and convenience

I remember watching Craig Federighi introduce the Touch ID API at WWDC this year. I remember thinking he was speaking directly to me, that Touch ID was clearly meant for 1Password. The next day, I ran out to buy an iPhone 5S, downloaded the new Xcode and iOS 8 betas, and added Touch ID to 1Password that night.

I remember how excited I felt the first time I was able to successfully unlock 1Password with Touch ID. Unlocking 1Password would never be the same.

Security and Convenience

A password manager is a combination of two occasionally conflicting concepts: Security & Convenience. First and foremost, a password manager must keep your data secure. But it also needs to give you quick, convenient access to your data.

The addition of Touch ID allowed us to take a huge step forward in convenience without sacrificing security.

Touch ID does not replace your Master Password. After unlocking with your Master Password, you can enable Touch ID. Once enabled, 1Password will present the Touch ID prompt instead of asking for the Master Password, allowing you to unlock using your fingerprint. Your data is always encrypted with your Master Password.

Thanks to Touch ID, you can now have the security of a strong, complicated Master Password with the convenience of unlocking with a fingerprint.

Turning on Touch ID

1P 5.0 iOS security settingsTurning on Touch ID in 1Password 5.0 is as simple as tapping Settings > Security and flipping the Touch ID switch.

When enabled, you can specify a “Request Fingerprint After” timeout, also known as an Auto-Lock timeout. This timeout sets how long 1Password is inactive before locking.

Those with sharp eyes may also notice a second timeout for the Master Password as well. Read on further to see how we are simplifying this for 1Password 5.1.

Now let’s take a quick look at how Touch ID was added to 1Password and what’s happening underneath the hood.

Adding Touch ID to 1Password

1P iOS Touch ID promptAdding Touch ID to 1Password started out as quite a simple task. The challenge was determining how to use Touch ID to access your 1Password data.

Apple’s Local Authentication framework made it easy to authorize a fingerprint, but the result is a simple success or fail. 1Password, however, needs your Master Password to decrypt your data after a successful authorization. To make this possible, 1Password stores your Master Password in the iOS Keychain when Touch ID is enabled.

Your Master Password is the most important password you have, and we take many precautions to keep it secure.

The iOS Keychain provides a way to store your Master Password in a secure place that only 1Password can access. The iOS Keychain item that contains your Master Password is never synced to other devices or backed up to iTunes or iCloud. It is also aggressively removed from the keychain whenever Touch ID authorization fails or if Touch ID or the device Passcode are disabled.

I hope this helps explain how Touch ID and your Master Password work in tandem to provide convenient, secure access to your data. Now, let’s talk about why adding Touch ID to 1Password turned out to be not quite so simple after all.

Improving Touch ID

1P 5.1 iOS Security settingsI had an awesome time adding Touch ID to 1Password and was overwhelmed by the hugely positive feedback that we received (no really, there was a ton of it). But it turns out that, instead of Touch ID, many people were seeing Master Password prompts far too often.

First, there was an issue in my code that caused the Master Password to be required at times instead of Touch ID. I’m happy to say this has been fixed in 1Password 5.1, which is strolling through App Store review and should be out soon.

In many cases though, the Master Password prompt was showing up in 5.0 exactly when it should, at least according to our confusing settings—we had Auto-Lock inactivity timeouts for both the Master Password and Touch ID.

In fact, even I had trouble explaining how the “Request After” and “Request Fingerprint After” settings worked together. After explaining (unsuccessfully) to so many people, I knew something had to change.

Starting in 1Password 5.1, there will be a single Auto-Lock timeout that works for both.

Auto-Lock specifies how long 1Password will wait before it locks automatically. To unlock 1Password again, you can use your fingerprint if Touch ID is enabled, otherwise enter your Master Password. Your Master Password will be required after a device restart or when Touch ID authentication fails.

Combined with Lock on Exit, this gives you a great deal of control over when, and how, 1Password locks.

Until Next Time

Touch ID has made a big difference in how I use 1Password and my phone in general. I hope it has for you as well, and yes—I can’t wait until Touch ID enabled iPads are available!

I do worry that Touch ID will make things so convenient that people will forget their Master Password. I’m tossing around the idea of requiring your Master Password once every 14 days or so. I’d love to hear your thoughts in the comments.

Check out the first apps to support our 1Password App Extension for iOS 8!

Just in time for iOS 8, 1Password 5 for iOS has been unleashed in all its Touch ID, ready-for-iPhone-6-Plus glory. It also supports iOS 8’s brand new App Extensions feature, which means over 100 developers (and counting!) are building support directly into their apps for our 1Password App Extension, allowing you to unlock your vault with Touch ID, log in with a tap, and even update your app passwords!

In fact a number of developers shipped their 1Password-slinging updates alongside iOS 8 too, from a bank to community favorite apps for reading and work collaboration. Here’s our first rundown of the available 1Password-endowed apps so far, and keep an eye on our Apps that Love 1Password page for a major redesign soon!

Simple

Simple is a new kind of bank. It has no overdraft, minimums, or monthly fees, and it actually gives you great tools for savings and managing financial goals. Support is powered by human beings you can contact right inside this iPhone app, and you can instantly transfer money to (and from!) friends.

Simple integrated our 1Password extension so you can unlock your vault with Touch ID right inside the app and log into your account with a single tap. You can get Simple 2.1 with 1Password integration in the App Store now.

Slack

Slack is changing the way teams communicate. It’s real-time messaging for iPhone, iPad, and the web, combined with file storage and integrated with tools that teams are already using: Dropbox, Asana, Google+ Hangouts, Twitter, Zendesk, and many more. Conversations and files are archived, indexed, and instantly synced across multiple devices, making everything accessible through one simple search box.

You can find out more about Slack on its website, and get it on the App Store to see how Slack could help you be more productive and less busy.

Instapaper

Instapaper is the read-later service that lets you save anything and read it anywhere. You can save articles and other things on the web from any device, then grab this iPhone and iPad app to read those things later, even while offline.

Among plenty of other great new features, the new Instapaper added the 1Password extension so you can use Touch ID and log into your account with a single tap. You can pick up Instapaper 6.0 now in the App Store.

Retro

Retro is a beautiful Instagram browsing app for iPad. It supports multiple accounts, a Today widget for a quick glance at your feed, multiple themes, background updates, and much more.

With its latest update, Retro also gained the 1Password extension for that sweet Touch ID unlocking action and one-tap logging in. You can get Retro 2.2.1 for Instagram in the App Store.

InBrowser – Private Browsing

InBrowser is a web browser for iPhone and iPad with privacy at its heart. In fact, everything will be erased every time you exit InBrowser, including history, cookies, and sessions. You also get tabbed browsing, browser agent cloaking to avoid mobile sites, AirPlay, and more.

Considering InBrowser’s focus on privacy, it’s a good thing the latest version gained the 1Password extension. Now you can unlock your 1Password vault right inside InBrowser with Touch ID, log in with a tap, and leave no trace when you’re done. You can get InBrowser 1.55 in the App Store now.

Treehouse

Treehouse for iPad is “the best way to learn technology.” You can learn to build everything from websites to iPhone apps to web apps, or even to start a business. Over 1,000 videos, quizzes, and interactive code quizzes help you to learn and retain your new skills.

For its big upgrade, Treehouse now includes the 1Password extension so you can unlock your vault with Touch ID and log into your account with a single tap, or sign up for a new account with our Strong Password Generator! You can get learning with Treehouse 2 now in the App Store.

Paste+

 

Paste+ for iPhone is an interesting new breed of iOS 8 apps in that it is primarily a Today widget, and a useful one at that. When you copy something to your clipboard, Paste+ has lots of quick one-tap actions you can take with that thing, such as search it in Google, upload to Dropbox, share to social media and messaging, create reminders, make calls, and much more.

We’re thrilled to see that, for its 1.0 debut, Paste+ included our 1Password extension for login prompts. When you need to authorize Paste+ to access Dropbox, Twitter, or other services, you can unlock your vault with Touch ID and use 1Password to log in with a single tap.

You can get the first-ever version of Paste+ in the App Store now.

1Password 5 for iOS how-to: Enable the extension for Safari and third-party apps

1P5 iOS App Extension sheet

1Password 5 for iOS is now available for iOS 8 and it. is. amazing. One of its best new features is an App Extension that lets you fill Logins directly in Safari and even third-party apps!

There’s just one thing you have to do: like all iOS 8 App Extensions, you have to manually enable the 1Password extension if you want to use it in Safari and other apps. It’s easy to do it, and we have a great support document that shows you how.

The simple version is that you just need to launch 1Password 5 first (and set it up if you never have), then tap the Action menu, scroll to the right of the actions list (the bottom one with black and white icons; Share extensions are on top), tap More, and enable it.

Then you can get on with filling Logins (and soon Identities and Credit Cards) right into Safari!

1Password 5 for iOS is here with App Extensions, Touch ID, new freemium price

I can’t tell you how fired up we are about this release! I literally can’t because there is no tool that can measure excitement on this scale. Years in the making, 1Password 5 is rolling out to the App Store with iOS 8’s best features at its heart, and now it’s free so everyone can save time and get secure online. All Pro features are free to existing v4 owners, and new customers can now get started for free.

By the way, if you sync with iCloud, please see this document about requirements and how best to upgrade.

The new 1Password 5 for iPhone and iPad now requires iOS 8 and is packed with some of our (and your!) best ideas ever:

  • App Extensions – Use 1Password to log into a growing list of your favorite apps and even update your passwords—all with just a tap!
  • Safari + 1Password – You read that right. Just like our in-app 1Browser, you can now fill 1Password Logins directly within Safari! Ooh, speaking of thumbs…
  • Unlock with Touch ID – After unlocking with your Master Password, get back into your vault in 1Password, Safari, and your favorite apps with just your thumb on devices with Touch ID. Check Settings > Security to learn how this works and pick your auto-lock time.
  • Sync now goes to 11 – We rebuilt iCloud sync using Apple’s new CloudKit and it is awesome. Wi-Fi Sync will be automatic and sync attachments with the forthcoming 1Password 5 for Mac, and it’s just plain also awesomer.
  • Adaptive UI – Whether you’re on an iPhone 4S, iPad Air, or a brand new iPhone 6 Plus, 1Password’s interface is dressed for the occasion.
  • So much more – Resume editing items after unlocking 1Password. A brand new Welcome Aboard process makes it even easier to set sail with 1Password. Backup restoration has you covered. And all that is just page one.

Oh, did we mention free?

I have good news and great news.

The good news

1Password 5 for iOS and all Pro features (yep, you read that right!) are a free upgrade to all existing 1Password 4 for iOS customers (reminder: 1Password 5 requires iOS 8).

The great news

1Password 5 for iOS and its core features are now free for everyone to use. We believe every man, woman, and child needs to save time and get secure online. This release is another big step towards making that dream reality.

The free edition can create Logins, Identities, Credit Cards, and Secure Notes, and use those items in Safari and other apps. It can also sync with 1Password for Mac, Windows, and Android.

Introducing Pro features

For a one-time in-app purchase in version 5, Pro features unlock the full power of 1Password 5 for iOS. You can:

  • Create the full range of items including Bank Accounts, Email Accounts, Memberships, Passports, Reward Programs, Wireless Routers, Software Licenses, and many more.
  • Organize your items with folders and tags.
  • Create and add Multiple Vaults.
  • Add custom fields to all items.
  • Support a great company with world-class human-powered customer service that loves you. Yes, including you.

Told you we were excited

We’ve been working towards this day for years and some of us are literally bouncing off our Toronto office walls with joy. We hope you love the new 1Password as much as we do, and now all our friends, family, and coworkers have even more great reasons to use it.

Please let us know what you think on Twitter @1Password, Facebook, and our forum, and join our newsletter so we can stay in touch with you!

Filling with your approval: On 1Password’s App Extension and iOS 8 security

App ExtensioniOS 8 has an incredible feature coming called App Extensions, and we’re thrilled to say we have a 1Password extension ready for developers to use right in their apps! In apps that gain support for our extension, you will no longer have to copy and paste passwords from 1Password. Yes, it really is a game changer, and you can see it in action for yourself.

Naturally, this new-fangled way for apps to interact in iOS 8 is leading people to ask how we do this in a secure manner:

  • Are we really letting third-party apps poke around inside of your 1Password data?
    • Answer: No, that is not how extensions work.
  • Can these third party apps ask 1Password for your PayPal password?
    • Answer: Well, they can ask, but you decide if they should get what they ask for.
  • Can they trick you into entering your 1Password Master Password into something that isn’t 1Password?
    • Answer: The very same mechanisms that prevent that today apply to application extensions.

TL;DR

I will elaborate on all of this below. But to summarize, all of my points and these safeguards in both iOS extensions and 1Password are built on an important design principle: Nothing happens without your explicit action.

Read more

Introducing the 1Password App Extension for iOS 8 apps

Throughout history, the greats have always sought a “holy grail.” The Dude really wanted that new rug. Indiana Jones searched for… well, the Holy Grail. Today, we’re happy to say we built our holy grail: automatic 1Password Logins right in iOS 8 apps.

The video embedded here, produced by our fearless co-founder Dave Teare, speaks for itself. Thanks to Apple’s incredible new developer features in iOS 8, third-party apps can let 1Password fill Logins without the user ever leaving the app. Yep, complete with Touch ID for unlocking the vault. Yep, it’s this awesome.

How easy is it for third-party apps to get in on this one-tap Login goodness? Extremely! Developers: check out our 1Password App Extension on GitHub with documentation and sample code.

App users: reach out to the developers of your favorite apps and help us spread the word! Show them the video and link this blog post and our GitHub project.

We want to share our holy grail with all apps: the convenience of one-tap Logins and the security of strong, unique passwords with 1Password.

Apps that Love 1Password: SOLARO – Study help for Common Core

solaro_app_icon_roundedThe Apps that Love 1Password page has broken into education with the addition of SOLARO, a comprehensive study guide and service for Common Core K-12 classes!

SOLARO packs content for over 1,500 classes across English language arts, mathematics from 3rd to 12th Grade, and science for all 50 states in the U.S. and some Canadian provinces. It offers things like topic-level practice tests, section-level quizzes, flashcards, study notes, and more, and now students can login much more easily with SOLARO’s new 1Password for iOS support!

In SOLARO’s latest update, a new 1Password button in the login screen will automatically search 1Password for your SOLARO Login. You simply need to unlock with your Master Password, swipe right on the SOLARO item for the Copy button, copy, then double-tap the Home button to switch back, paste, and get to learning.

Thanks to SOLARO, we’re thrilled students have an easier way to stay secure while staying on top of their studies. You can get SOLARO in the App Store.

1Password 4.5 for iOS: The full release notes

1Password 4 for iOS icon

Last week Tuesday we released 1Password 4.5 for iOS and 1Password 4.3 for Mac, updates that were both so large that I figured I’d skip listing their full release notes for fear of making you scroll your morning and afternoon away. However, we’ve had enough requests to see the full release notes here on the blog, so I am happy to deliver!

What follows is screenshots and every last big feature and little improvement that make 1Password 4.5 for iOS so touchable and just plain wonderful.

Read more