1Password is a Mac App Store Best of 2013, so let’s have a saleabration!

MAS best of 2013

It’s only Tuesday, but I think it’s safe to say this is already one of our Best Weeks of 2013.

Yesterday we woke up to the wonderful news that Macworld gave us a 2013 Editors’ Choice Award, and this morning Apple says 1Password is one of the Best Apps of 2013!

To celebrate such wonderful presents, we spiked some eggnog, then we spiked our 1Password for Mac price by 30 percent so everyone can enjoy simple, convenient security over the holidays.

If you’ve had your eye on 1Password for Mac or it would make a great gift for someone, now is the perfect time. The sale ends with 2013.

1Password 4 for Mac wins a 2013 Macworld Eddy

Macworld_EddyWe could hardly believe our Twitter and Facebook followers this morning, but there it is, plain as day: 1Password 4 for Mac won a 2013 Macworld Eddy!

The fine folks at Macworld say “1Password offers the best combination of convenience and security that we’ve seen.” We may be just a teeny bit biased, but we’re inclined to agree. This is also perfect timing, since we’ve been talking about our plans for Macworld/iWorld 2014.

We’d like to thank everyone at Macworld for this award, and every single one of our customers for helping us get where we are. 1Password wouldn’t be what it is today without our customers, and we’ll never forget it.

1Password 4.1 for Mac: The Little Big Update

1Password 4 for Mac has only been out for two months, but we just couldn’t wait to get you an early holiday present—our first major update! 1Password 4.1 for Mac is now available for our website customers, and it is waiting for review out for Mac App Store customers as well. "4.1" may look like a small update, but it packs some great big stuff, including something we’ve wanted for a long time: updating Login passwords right from the browser extension!

1P4 Mac 4.1 update existing login

 

Now with 1Password 4.1 for Mac, when you update your password at a website (ideally using our Strong Password Generator!), our new save dialog has the option to create a new login or "Update existing Login." If you have more than one Login for the site, you can choose which Login to update. Toss in the ability to tag and add this Login to a folder on-the-fly, and this is pretty much the greatest way to create new Logins and update them down the road when the need arises.

There’s plenty more goodness where this came from, we also have: a new "Top" Item List Layout (yep, we brought back the traditional item list for the old schoolers), a new search-by-title option, printing (both individual items and your entire vault—careful with that last one!), some Wi-Fi Sync fixes, and more.

Check the gallery below for more highlights, get the full details in our changelog, or dive right in. Website customers can use 1Password > Check for Updates right now, and Mac App Store customers can check the store’s Updates tab.

Time to give 1Password 4 for Mac’s Security Audit a whirl

1Password Security AuditIt was bound to happen eventually. A massive Adobe data theft of 130 million customer names, emails, encrypted passwords, source code, and more will enable almost limitless password reuse attacks in the coming weeks.

Suppose you are one of the 130 million people who’s oddly encrypted passwords were among the Adobe password breach. Suppose that you used the same password there as you do for PayPal.

To make matters worse, suppose you actually listed that fact in Adobe’s password hint. Since the malicious attackers dumped the Adobe data online, a quick check of Adobe customer password hints shows that there are more than 700 that say things like “paypal” or “sameaspaypal”. There are more than 20,000 hints referring to “bank”. I will talk about password hints at some other time; my point here is all about password reuse.

Only a fraction of the people who are reusing passwords will make that clear in their password hints. We already know password reuse is common. We also know that criminals do indeed exploit password to steal from people.

I am very tempted to explain all about Adobe’s peculiar method of storing passwords. It’s really a cool story with lots of interesting lessons, and explaining it would involve poorly encrypted pictures of a penguin.

I am also tempted to dive into gory details of the statistical properties of the data, the analysis of which has kept my computer busy for days on end. Likewise, I could rant about Cupid Media’s failure to encrypt or hash passwords for 42 million customers. Or I could talk about privilege escalation and the MacRumors discussion forums breach of 860,000 hashed passwords a week earlier, leading to the capture of all 860,000 hashed passwords.

But it is far more important for me to repeat what we’ve said in many different ways and at many different times: Password reuse—using the same password for different sites and services—is probably the biggest security problem with password behavior.

We want to fix that.

Knowing the right thing to do is easier than doing the right thing

Like most people, you weren’t born using 1Password, it’s something that came to use later in life. Now that you use 1Password, you will (or should) be using the Strong Password Generator when you register for a new website so you get a strong, unique password.

But think back to those dark days when you needed to come up with passwords on your own. You probably picked from a small handful that you had memorized, so now you’re stuck with a bunch of sites and services for which you used the same password.

Security Audit selections

Getting all of those old passwords sorted out is going to be a chore, but it doesn’t have to be done all at once. Best of all, 1Password 4 for Mac can help, thanks to its new Security Audit feature.

Let’s use an analogy: say that Molly (one of my dogs, and not really the cleverest of beasts) has just started using 1Password. She has a few passwords, but not many. Even though she doesn’t know how to push open a door that is already ajar, she can make use of the new Security Audit tool in 1Password for Mac.

In the left sidebar of 1Password 4 for Mac, down toward the bottom, there is a section called “Security Audit”. When Molly clicks (or paws) “Show” next to “Security Audit” she sees a number of audits available. She can select “Weak Passwords”, which will show her all of her items with weak passwords. She can also look at password items that are old. But the selection we are interested in today is “Duplicate Passwords”.

Security Audit: Molly's duplicates

Security Audit in 1Password 4 for Mac, displaying Molly’s duplicate passwords

What Molly sees is that she has two sets of duplicates. One of them is used for two Logins, and the other one is used for four Logins. As we can see, her Adobe.com password of “squirrel” is used for her Barkbook, Treats R Us, Cat Chasers Logins as well.

Molly transfixed by "squirrel"Molly should, of course, go to each of those sites and change her passwords on them. But there are squirrels in the back yard to bark at, and changing all of those passwords may seem overwhelming. So Patty (the cleverer dog in the family) advises Molly to think about which of those Logins are most crucial. Molly can’t tolerate the thought of anyone else getting a treat; so she starts with Treats are Us.

This does mean going to the Treats are Us site and using its password change mechanism. 1Password is smart, but it isn’t quite smart enough to go browsing through the sites to find their password change pages. Molly may decide that her Barkbook Login is also very important, and so will change that one right away as well.

Ideally, Molly should fix all of her weak and duplicate passwords as soon as possible. And as Molly has only a handful of Logins, she could do that. But for those of us who may have a large number of old accounts, it is probably best to check Security Audit and update reused or weak passwords at the most important sites first. Then, updating other passwords a few at a time is an easy way to make all our accounts much more secure.

1Password for Mac tip: How to create, share a vault with family or coworkers

switching vaults

1Password 4 for Mac brought over 90 awesome new features, and one of its best (and most-requested) is the brand new Multiple Vaults. You can now create extra vaults, copy items to them, and optionally share them with family, coworkers, or anyone else you choose.

We have a great support document that explains step-by-step how to create and share a new vault, but here are the cliff notes:

  • Create a new vault (1Password > New Vault…)
  • Customize its icon, color, and Master Password (you can even use photos from your Mac!)
  • Copy some items to this new secondary vault (select any item, click the sharing arrow and choose your new vault as the destination)
  • Place the vault in a shared Dropbox folder or other location (1Password > Preferences > Sync)
  • Have your family members or coworkers use 1Password 4 for Mac to add your new vault
  • Enjoy 1Password’s new Shared Vault awesomeness

Our new Multiple Vaults feature is Mac-only for now, emphasis on for now. But we think it’s the best way to collaborate with family and coworkers yet conveniently use strong, unique passwords to protect all your sites, apps, and devices.

Interview with Joe Kissell, author of Take Control of 1Password

Joe Kissell illustratedWith our release of the all-new 1Password 4 for Mac this month, the venerable Joe Kissell also wrote a whole book for the Take Control series called Take Control of 1Password (on sale for just $10!). It’s a great look into getting setup with 1Password 4 for Mac and even iOS and Android, as well as all the real-world ways 1Password can be useful for passwords and beyond.

Since Joe went so in-depth into getting the most out of 1Password, I figured we should go in-depth on Joe, the Take Control series, and his thoughts on 1Password and the future of security. I reached out for an interview, and he had some great responses.

AgileBits: First off, thanks for writing a whole book about 1Password, that’s pretty great of you. For our customers who aren’t familiar with the Take Control books, can you give a rundown on what the series is about?

Take Control is a series of ebooks that help ordinary, nontechnical people understand and make the best use of technology. The idea is that you have a professionally written and edited explanation of some technical topic that’s much more detailed than a magazine article could be (say, 100–150 pages instead of 2–6) but far more manageable than a 500+ page printed book. And, since they’re ebooks, we can treat them much like software: we offer minor updates for free and discounted upgrades on major new editions. You click a link to check for updates, download the new version, and that’s that. So the content can stay up to date as the technology changes, and you don’t end up with this huge chunk of paper that’s outdated before you even read it the first time. And all this comes at a modest price—most of our books are around $10–15.

The majority of our books focus on Apple (Mac and iOS) technologies. But we’re increasingly covering topics that apply across platforms, such as online privacy, Dropbox, and (of course) 1Password. We’ve even had a few books in the series that weren’t about computers at all, including one I wrote about how to prepare Thanksgiving dinner!

This month is actually the 10th anniversary of Take Control Books. Ten years ago this spring, I got a call from Adam Engst, who is well-known in the Apple community as the publisher of TidBITS and the author of numerous books. I’d known Adam for a long time—I’d written some TidBITS articles and Adam had written a foreword to one of my books and so on. He said he had an idea for an experiment in electronic publishing, and wanted to know if I’d be interested in joining a small group of other authors and editors in trying out this new model. I said sure, and the first book I wrote in the series was “Take Control of Upgrading to Panther,” which came out the same day Panther (Mac OS X 10.3) did, in October 2003. It sold a bazillion copies, and the rest is history. (And, this month, in keeping with tradition, we shipped “Take Control of Upgrading to Mavericks“!

Take-Control-of-1Password-book-cover.jpeg

What about your Take Control of 1Password book, in particular? Is there an overall approach or theme you had in mind while writing it?

Earlier this year I wrote a general-purpose book on password security, “Take Control of Your Passwords“. That book was all about understanding password security generally—why you need to have excellent, strong, unique passwords; what makes one password better than another; and what strategies you can use to keep from being overwhelmed by passwords. Of course, using a password manager like 1Password is one aspect of that, although I take pains to say it’s not a complete solution in and of itself.

In the 1Password book, I wanted to say, OK, if you’ve chosen 1Password (which happens to be my favorite password manager) for that aspect of your password strategy, then here are all the details about doing the stuff you care about doing with it. It’s no good to just say, “Go out and buy this app” if a reader isn’t sure what to do with it, how to use it most effectively, how to solve problems, and so on. So that’s what I was trying to do with this book.

For whom did you write this book? Was there a type of user or skill level in mind?

Well, I was thinking of people like my wife (hi, honey!), who may have had 1Password for a long time but never quite grokked it. People who aren’t technophobic but also don’t wear propeller beanies, if you know what I mean. Ordinary folk who just want to get things done and appreciate a bit of patient, systematic hand-holding but don’t want to be talked down to.

It’s not that 1Password has such a steep learning curve, but you kind of have to get on board conceptually with its way of handling things. And I think the best way to do that is to walk through all the steps of creating, storing, and using passwords a few times, with the sites you use most frequently, so it’s not just a vague idea about what should happen but the actual experience of making it happen. I try to walk users through both the theory and the practice so that, hopefully, after a few tries the process clicks and they go, “Aha! Now I see how much better this is than the old way.”

So, as with all my books, I’m writing for an intelligent reader who just isn’t an expert in this particular thing. And I try to focus more on real-world tasks than on features. In other words, I don’t think that by simply cataloguing what every button and menu command does, I’d be teaching someone how to use the product. Instead, I frame it as, “You probably need to accomplish x, y, and z with this app. How do you go about doing that?”

Besides stronger passwords, do you have another favorite use or some tricks for getting more out of 1Password?

I keep all my software licenses in 1Password. At the moment, I have—let’s see—373 of them! I find, especially at times like these when a new OS version is coming out, that I’m reinstalling apps quite a bit and I have to say, I’ve kind of fallen in love with 1Password mini for quickly retrieving license codes. I launch an app and it asks for the code, and now I just press Command-Option-\, type a few letters of the app’s name to find it, arrow over and down to the password field, and press Return to copy the code. Click back in the app, paste, and I’m done. So much simpler than it used to be!

Another thing I suggest in my book is to include not only textual data, such as your credit card, driver’s license, and passport numbers, but scanned images of the items themselves, as attachments. If you ever lose one of these items, a scanned copy can be very helpful in getting it replaced (and also provides some supporting evidence that you are who you say you are).

What do you think are some of the challenges for the security software space in general?

Wow, where to even begin? Well, I’ll focus on a couple of issues. First is the actual security part—making products and services robustly hack-resistant. Some of the folks who want to break into people’s accounts and steal their data, money, or identity are extremely smart and, shall we say, dedicated. Staying ahead of them requires even more smarts and dedication. I’ve seen some pretty scary security products—I’m thinking of a couple of password managers in particular—where it’s evident that the developers didn’t have a deep understanding of things like entropy, encryption algorithms, and exploits, but just threw something together that seemed to basically work. Most users won’t know the difference—until they get hacked.

So I love reading the security posts on the AgileBits blog by Jeff Goldberg and Roustem, because they demonstrate an extensive, thorough knowledge of cryptography that shows you guys really do know the score.

The other side of that is usability. You could ask users to enter a password, type a code from an SMS message, and do a fingerprint scan every time they go to a new Web site, and that might be super secure, but it’s an unreasonable amount of effort for what you’re trying to accomplish. Tools like password managers have to not only be easy to use but to respect varied workflows. If a tool requires you to throw out all your habits to adapt to the one way it knows how to do things, or if it imposes unreasonable restrictions (like forcing you to use just one browser), it’s not being kind to users.

Now, it does make me a bit sad that 1Password has had to remove or alter certain useful features over the years in order to remain compatible with all browsers and platforms. I understand why that is—you have to work within what browser developers, and especially Apple, permit you to do, and those restrictions have gotten tighter. But man, I miss the time when I could visit a new Web site that asked me to generate a password and then, with a single click, create, fill in, submit, and memorize that password. Those were the days! And I’ve been lobbying for an option to fill in and submit a default set of credentials automatically when you load a page, no clicks or keystrokes required. I would love to see 1Password take that next step in usability.

You have a section called ‘Glimpse the future of 1Password.’ Care to offer a glimpse of that glimpse for your potential readers?

Part of the reason for that section was to reassure users who upgrade to version 4 and have a moment of “Hey, wait a minute! What happened to (my favorite feature)?!” During the version 4 beta testing, AgileBits staffers were constantly reminding everyone that, because it was a total rewrite as well as a redesign, a few of the elements people were used to in version 3 aren’t quite there yet, but will be soon—and there are big new features in the works too. I think one of the most important changes in version 4 is that 1Password was rethought in such a way that adding new features will be easier, and significant updates should be more frequent.

So, based on my discussions with AgileBits staff and what I read on the beta discussion boards, I expect to see things like more view options (not just the single-column list) and editing directly in 1Password mini, without having to open the full app. And I know that some bugs—er, design challenges—such as getting 1Password mini to work correctly on multiple displays are being addressed too.

One of the other things I mention there is that the Windows and Android versions of 1Password, which haven’t seen a lot of love lately, are actively being worked on to bring them to feature parity with the Mac and iOS versions.

Do you remember when you first found 1Password? Who or what got you into it?

I looked through my email archives, and the first mention of 1Passwd—it didn’t have the “or” in the name back then—was in July 2006, about a month after its version 1.0 release. I got a copy of version 1.3 to review for TidBITS, although for reasons I can no longer recall, that review didn’t appear until nearly a year later: 1Passwd Eases Password Pain in June 2007. My very first impression was one of puzzlement: I couldn’t figure out why someone would need an extra program to do something that any Web browser can do on its own. But the proverbial lightbulb went on as soon as I started using 1Passwd, and as early as October 2006, when Macworld was asking contributors for nominees for that year’s Editors’ Choice awards, I wrote to my editor, “I’m really jazzed about 1Passwd, which has quickly become indispensable for me.”

So, I’m proud to say I’ve been a user almost since the very beginning of the product. That year, 2006, was also when I wrote my first Take Control book about passwords (which was replaced with a much more modern title earlier this year). I’ve written an awful lot about passwords in the intervening years, and 1Password has been a faithful companion the whole time.

Thanks a lot Joe!

As you can see, Joe knows his stuff and we’re honored that he’s been with us since way back when the “1Password” name was missing a vowel. The Take Control series really is wonderful, so check out Take Control of 1Password and their other books to learn how to get more out of your apps.

1Password 4 for Mac is ready for OS X Mavericks

1P4 Mac Mavericks desktop

In case you haven’t heard by now, Apple released big updates yesterday for… well, just about everything, including OS X. For our 1Password 4 for Mac customers, I’m happy to say you’re already prepared to drop in on the waves with the new OS X Mavericks.

In fact, 1Password 4 was not just ready for Mavericks, we did a few things to make it hum along with Apple’s latest Mac OS. We optimized 1Password 4 using new Xcode 5 instruments, which reduces CPU usage when idle and preserves battery life. We also leveraged Responsive Scrolling for that buttery smooth experience.

1Password 4 is a perfect complement to your iCloud Keychain

1Password 4 for Mac is also ready for all of Apple’s new iCloud features. We added iCloud sync to the Mac App Store version and 1Password 4 for iOS, and 1Password works quite well alongside Apple’s new iCloud Keychain.

For example, here’s one useful setup idea:

We hope you enjoy Mavericks as much as we do, and we’d love to hear from you on Twitter and Facebook if you have ideas, questions, or just suggestions for Apple’s next OS X naming system after big cats and great surfing locations.

1Password 4.3 for iOS brings Wi-Fi Sync, custom browser agents, more

A number of our customers want to sync their 1Password vault between multiple devices, but remain in complete control of their data, keeping it within their local network and out of The Cloud. We took a big step towards that goal earlier this month with the release of 1Password 4 for Mac and, among over 90 new features, the triumphant and revamped return Wi-Fi Sync. Today we take another big step with 1Password 4.3 for iOS, a free major update that now supports Wi-Fi Sync, among a few other new perks.

Wi-Fi Sync

1P4iOS wifi sync buttonAs the name suggests, Wi-Fi Sync lets you sync your 1Password data between multiple devices on the same Wi-Fi network, leaving The Cloud entirely out of the process. We have detailed step-by-step instructions for setting it up between a Mac and iOS device, but in short: go to the new Window > Wi-Fi Sync option in 1Password 4 for Mac, and it will walk you through a couple of simple steps to get going.

More Goodies

In addition to Wi-Fi Sync, 1Password 4.3 for iOS now lets you change the browser agent of our built-in 1Browser to Safari for iPhone, iPad, and Mac, as well as Firefox and Chrome. We also have better support for iOS 7, though our full iOS 7 refresh is coming in a future, free update.

There’s plenty more in 1Password 4.3 for iOS, so check it out in the App Store and leave us a great review so we can bring you more!

1Password 4 for Mac features: 1Password mini

With over 90 new features in 1Password 4 for Mac, I figured you could use some help exploring them. You can always check our Experience Guide, FAQs, and Knowledgebase, but I want to kick this series off with one of my favorites: 1Password mini.

That’s right, we took a cue from Dr. Evil and genetically engineered a sidekick for 1Password that lives in the menubar. To make things simple and help you get things done faster, 1Password mini has the same features and interface as our all-new browser extension, allowing you to:

  • search almost every vault item type
  • open Logins in your default browser and AutoFill your credentials
  • generate new passwords
  • browse your vault by item type, your folders folder, and tags
  • switch vaults if you’re using the new Multiple & Shared Vaults features
  • view item details and copy them to your clipboard
  • anchor item details to stay open in their own lil’ window
  • lock 1Password
  • and more!

Even if the main 1Password app isn’t running, 1Password mini is there to take care of nearly everything you need. 1Password mini is one of over 90 new features in the gorgeous new 1Password 4 for Mac. Check it out in the Mac App Store and our web store.

The 1Password 4 for Mac verdict is in

The all-new 1Password 4 for Mac sounds like a hit:

I can’t work without 1Password.

- Federico Viticci, MacStories

1Password is one of our favorite apps.

- Sean Hollister, The Verge

With lots of new landmark features, this release is a must-upgrade for existing users and a great buy for new customers.

- Josh Ong, The Next Web

It’s the best version of 1Password for Mac to date, and I highly recommend installing it as soon as you can.

- Mike Beasley, 9to5Mac

Need I go on? Oh heck, why not: MacworldArs Technica, Mashable, Fast Company, Beautiful Pixels, TUAW, AppAdvice, iMore, Lifehacker, Cult of Mac, and Net Security, just to name a few.

For existing Mac App Store customers, 1Password 4 for Mac is a free upgrade. Website customers who bought in 2013 also get version 4 for free, and for earlier customers we have an upgrade sale of just $24.99—that’s $10 off the regular upgrade price, and only half the regular price of a new license!

If you have finally been convinced to get stronger passwords, save time on the web, and secure your identity, we have a 1Password 4 for Mac launch celebration sale in our web store and the Mac App Store of just $39.99—that’s 20 percent off the regular price of $49.99! Family packs are on sale too, starting at $55.99.