‘Take Control of 1Password’ ebook updated for all our big v4.1 Mac features!

Take Control 1P 1-1Remember how Joe Kissell wrote an entire book about 1Password? It covers how to get started with creating unique, strong passwords for all your sites, then how to get the most out of 1Password by securing all the other critical aspects of your identity, financials, and more. Well, Joe didn’t stop there—he’s already back with a free update!

Take Control of 1Password v1.1 covers the big changes we brought to 1Password 4.1 for Mac, including the excellent new ability to update an existing Login’s password right in your browser, new printing options, and much more. It’s a great update and we thank Joe for covering all our new goodies so thoroughly!

If you already own a copy, you may have received an email with instructions on how to update, or you can log into your Take Control Books account and grab it there. If you have yet to pick up your copy—run, don’t walk, and grab Take Control of 1Password for yourself or a friend to learn about all the ways 1Password can make security more convenient.

1Password for Mac Tip: One-click to tidy up your vault

Passwords mingling with LoginsYour 1Password 4 for Mac vault is probably filled with a collection of website Logins, Secure Notes, reward program memberships, and more. There may also be a number of Generated Password items too, and some of them might be redundant because they were turned into Logins. If you want a simple way to clean up these redundant items (and an explanation for why they’re there), here’s a quick trick you can use.

Simply unlock 1Password with your Master Password, then go to Help > Tools > Remove Redundant Generated Passwords. You’ll get a prompt like the one below, telling you how many items were found and offering the chance to back out.

Trash redundant duplicates

Note: I have over 1,500 items, so your results may vary :)

If you click Move to Trash, 1Password will do your bidding. To err on the side of caution, 1Password does not automatically empty the Trash, so you have one last opportunity to recover any you might need.

The backstory, if you’re curious

Erring on the side of caution is the reason these redundant Generated Password items are around in the first place. In many cases, we can detect when a Generated Password item becomes a Login, and we automatically convert the item to get it out of your way.

Bonus Tip: click any Generated Password item, then click the Convert to Login button at the bottom to perform this process manually.

However, in some cases, we can’t detect this Password –> Login process. Instead of guessing wrongly and deleting an item that you actually need, we play it safe and keep them around. But with this Remove Redundant Generated Passwords tool, we gave you a choice and a quick way to do some spring vault cleaning.

1Password + Holidays = Sanity

bowed icon macWe’re headed into the home stretch of 2013, and between travel coordination, meal planning, and shopping, there’s a whole lot of holiday stuff to juggle. If only we had computers that fit in our pockets that could make things easier… wait. We do have pocket computers, and 1Password for iOS just went on sale, so here are a few tips that will help you stay on track during the holiday season.

Secure Notes And You

We love Secure Notes. You can keep all kinds of things in them! A few examples:

  • Travel itineraries. Since you already have your logins in 1Password, add your trip info as a Secure Note. Then if you need to rebook or make a change, you’re one tap from logged in! You can also add the garage door or alarm codes for your in-laws house, or other temporary things you might need.
  • Shopping information. Got lots of people to track gifts for? Create a Note for each person, and add clothing or shoe sizes, preferences in colors, or ideas you came across before you were in full Gift Shopping Mode.
  • Epic menu data. You can keep lists of guests, their allergies, and their preferences, or even keep those Secret Family Recipes super secret!
  • You can keep lists of how people are related to each other (particularly handy for new family members), and nobody will stumble across it by accident! They’ll just think you have a great memory!

bowed icon iOSShop Securely… anywhere!

You already know you can store your credit card data in 1Password and fill it securely in a snap. Some other ways you can make shopping with 1Password more convenient are below:

  • Add all your card info to the 1Password Credit Card item, including all that information on the back about calling customer service or replacing a card. Then if you need it, just tap the phone number to make the call.
  • A number of popular websites have gotten more mobile-friendly, so now when you have the inspiration, you can log in using the built-in 1Browser and whip up a little holiday magic right from your iOS device. And if you combine that with “buy online, pick up in store” service, you’re only in the store long enough to pick it up, get a receipt, and get out again. (This does wonders for my budget!)
  • Identity Sorcery. Set up Identities for family members you regularly ship things to. Label them clearly, and voila! No more fumbling for info when you need to send something to kids or grandkids or anyone else.
  • Remember that you can always gift 1Password to those family members who are bad at remembering passwords or use the back of their address book. You can gift a copy from our store, or you can buy an iTunes gift card to gift the Mac App Store version.

Now here are a couple of bonus tips for those who think of Black Friday and December 26 not as days for power shopping, but as Family Technology Maintenance And Probably Assistance Hooking Up The New Thing They Just Got Day:

  • Keep Wi-Fi login information in 1Password for family routers. And while you’re at it, take photos of those stickers on the side/bottom of the router and modem with all the model information and serial numbers. Then when you’re trying to assist from afar, your search-fu is increased by including the model.
  • Expansion of the previous item: If you give or receive some tech, get a photo of that model/serial sticker on the device before you put it on the wall or in the A/V cabinet, then you have it later when you need it. (I attach these to secure notes with all the other information about the item, such as when and where it was purchased.)
  • Add other family logins to your login items, and tag them so you know they’re family items. Then save them in a smart folder. When you need a family login, that folder has everything in one place.

Hopefully these tips will keep your holiday season a fun one. :)

Time to give 1Password 4 for Mac’s Security Audit a whirl

1Password Security AuditIt was bound to happen eventually. A massive Adobe data theft of 130 million customer names, emails, encrypted passwords, source code, and more will enable almost limitless password reuse attacks in the coming weeks.

Suppose you are one of the 130 million people who’s oddly encrypted passwords were among the Adobe password breach. Suppose that you used the same password there as you do for PayPal.

To make matters worse, suppose you actually listed that fact in Adobe’s password hint. Since the malicious attackers dumped the Adobe data online, a quick check of Adobe customer password hints shows that there are more than 700 that say things like “paypal” or “sameaspaypal”. There are more than 20,000 hints referring to “bank”. I will talk about password hints at some other time; my point here is all about password reuse.

Only a fraction of the people who are reusing passwords will make that clear in their password hints. We already know password reuse is common. We also know that criminals do indeed exploit password to steal from people.

I am very tempted to explain all about Adobe’s peculiar method of storing passwords. It’s really a cool story with lots of interesting lessons, and explaining it would involve poorly encrypted pictures of a penguin.

I am also tempted to dive into gory details of the statistical properties of the data, the analysis of which has kept my computer busy for days on end. Likewise, I could rant about Cupid Media’s failure to encrypt or hash passwords for 42 million customers. Or I could talk about privilege escalation and the MacRumors discussion forums breach of 860,000 hashed passwords a week earlier, leading to the capture of all 860,000 hashed passwords.

But it is far more important for me to repeat what we’ve said in many different ways and at many different times: Password reuse—using the same password for different sites and services—is probably the biggest security problem with password behavior.

We want to fix that.

Knowing the right thing to do is easier than doing the right thing

Like most people, you weren’t born using 1Password, it’s something that came to use later in life. Now that you use 1Password, you will (or should) be using the Strong Password Generator when you register for a new website so you get a strong, unique password.

But think back to those dark days when you needed to come up with passwords on your own. You probably picked from a small handful that you had memorized, so now you’re stuck with a bunch of sites and services for which you used the same password.

Security Audit selections

Getting all of those old passwords sorted out is going to be a chore, but it doesn’t have to be done all at once. Best of all, 1Password 4 for Mac can help, thanks to its new Security Audit feature.

Let’s use an analogy: say that Molly (one of my dogs, and not really the cleverest of beasts) has just started using 1Password. She has a few passwords, but not many. Even though she doesn’t know how to push open a door that is already ajar, she can make use of the new Security Audit tool in 1Password for Mac.

In the left sidebar of 1Password 4 for Mac, down toward the bottom, there is a section called “Security Audit”. When Molly clicks (or paws) “Show” next to “Security Audit” she sees a number of audits available. She can select “Weak Passwords”, which will show her all of her items with weak passwords. She can also look at password items that are old. But the selection we are interested in today is “Duplicate Passwords”.

Security Audit: Molly's duplicates

Security Audit in 1Password 4 for Mac, displaying Molly’s duplicate passwords

What Molly sees is that she has two sets of duplicates. One of them is used for two Logins, and the other one is used for four Logins. As we can see, her Adobe.com password of “squirrel” is used for her Barkbook, Treats R Us, Cat Chasers Logins as well.

Molly transfixed by "squirrel"Molly should, of course, go to each of those sites and change her passwords on them. But there are squirrels in the back yard to bark at, and changing all of those passwords may seem overwhelming. So Patty (the cleverer dog in the family) advises Molly to think about which of those Logins are most crucial. Molly can’t tolerate the thought of anyone else getting a treat; so she starts with Treats are Us.

This does mean going to the Treats are Us site and using its password change mechanism. 1Password is smart, but it isn’t quite smart enough to go browsing through the sites to find their password change pages. Molly may decide that her Barkbook Login is also very important, and so will change that one right away as well.

Ideally, Molly should fix all of her weak and duplicate passwords as soon as possible. And as Molly has only a handful of Logins, she could do that. But for those of us who may have a large number of old accounts, it is probably best to check Security Audit and update reused or weak passwords at the most important sites first. Then, updating other passwords a few at a time is an easy way to make all our accounts much more secure.

Apps that Love 1Password: Delivery Status touch

Delivery Status Touch iconYou buy stuff online, and you need to know when it’s going to show up at your house, work, or your lucky recipient’s doorstep. For years, community favorite Delivery Status touch has made it, dare I say, fun to track your packages. Now it’s adding the convenience of 1Password.

Delivery Status touch 5.0 just hit the App Store and it is a whopper of an upgrade. In addition to big new features like optional background notifications, Calendar support, and iCloud sync, you can use the new 1Password integration to quickly log into services and add packages to track.

For supported services like Amazon and Google Checkout, Delivery Status touch can simply log into your account and pull down the details it needs. Tap the new 1Password button in the service login section, and you will switch to 1Password with your All Items list already filtered for the service you’re adding. Swipe across the Login item you want to trigger the Action Bar, tap the clipboard button to copy your password to the clipboard, then switch back to Delivery Status touch to finish logging in.

We’d like to thank the fine folks at Junecloud for adding 1Password support to their legendary delivery tracker. Be sure to pick up Delivery Status touch in the App Store, and if you’re a developer, learn how you can add some 1Password to your iOS apps!

1Password for Mac tip: How to create, share a vault with family or coworkers

switching vaults

1Password 4 for Mac brought over 90 awesome new features, and one of its best (and most-requested) is the brand new Multiple Vaults. You can now create extra vaults, copy items to them, and optionally share them with family, coworkers, or anyone else you choose.

We have a great support document that explains step-by-step how to create and share a new vault, but here are the cliff notes:

  • Create a new vault (1Password > New Vault…)
  • Customize its icon, color, and Master Password (you can even use photos from your Mac!)
  • Copy some items to this new secondary vault (select any item, click the sharing arrow and choose your new vault as the destination)
  • Place the vault in a shared Dropbox folder or other location (1Password > Preferences > Sync)
  • Have your family members or coworkers use 1Password 4 for Mac to add your new vault
  • Enjoy 1Password’s new Shared Vault awesomeness

Our new Multiple Vaults feature is Mac-only for now, emphasis on for now. But we think it’s the best way to collaborate with family and coworkers yet conveniently use strong, unique passwords to protect all your sites, apps, and devices.

37signals recommends 1Password in new ‘Remote’ book

remote_frontYou might know 37signals from Basecamp, Highrise, and Campfire—excellent services that help team members collaborate better whether they’re across the hall or the world. Those folks know a thing or two about working remotely, so co-founder Jason Fried and company partner David Heinemeier Hansson wrote an entire book on the topic and called it Remote. You can get it in iBookstoreAmazon, and elsewhere.

Remote covers the advantages of allowing some or all of a company to work remotely and how to pull it off, and in the midst of all that, Fried and Hansson give a shout-out to 1Password. In a chapter called “Only the office can be secure,” Remote debunks the myth that employees need to be under the same roof in order to keep sensitive accounts and data under control. The company describes its simple security checklist that all employees must follow, and one of its cornerstones is to:

Use a unique, generated, long-form password for each site you visit, kept by a password-managing software, such as 1Password.

It’s a smart checklist overall, and one of the dozens of reasons you should really give Remote a look to learn more about how and why working remotely can open a lot of doors for you and your organization.

For bonus points, our very own co-founder Dave Teare had a brief Twitter conversation with Jason Fried to say thank you:

Dave Teare Jason Fried Remote Twitter conversation

1Password How To: Setup Dropbox sync on iOS

If you’re looking to gets some 1Password sync action going with iOS, this might be the how-to video for you. I show you how to create a Dropbox account and set it up on your iPhone and iPad so 1Password can wirelessly and automatically sync all your stuff, but the basic steps can apply to Mac and PC users, too (don’t worry, those videos are coming).

Let us know what you think of this, because there are more where it came from.

Developers: Here’s how to add a little 1Password to your iOS apps (Update 2x)

Use 1Password to login

Use 1Password to login to Riposte for App.net

Hey developers, know what your apps and 1Password for iOS have in common? They’re two great tastes that taste even better together, thanks to some of the URL schemes we added to 1Password 4.1 for iOS. Here’s how to get a little slice of 1Password into your apps to make the login and web browsing experiences even better for both our customers.

Plus, check out all the Apps that Love 1Password to get some ideas!

What we support so far

Without saying more than I’m allowed, we’re seeing fantastic interest from developers who want to build some 1Password support into their apps, so here is what we support so far:

  • a URL scheme for switching to 1Password to search item titles for a custom term, usually a service name like “twitter” or “evernote”. This speeds up the process for the user so they can copy something like their password and get back to your app
  • setting 1Password for iOS as an external browser. More and more users want this option as they are using our new AutoFill form-filling tools to login and shop right on their iPhone and iPad

There are a couple things we don’t support yet, but we’re looking at: the ability to search more than just the item titles, and a way to roundtrip the user back to your app once they do something in 1Password, such as copy data to the clipboard. For now, users need to use iOS’s default app switch method—double-tap the Home button, then tap your app to switch back.

Examples

Riposte for App.net provides a great example of how useful it is to integrate 1Password into your app. As a personal user and fan of App.net, I’m a pretty happy camper.

If Riposte finds that 1Password for iOS is installed (more on that in a minute), it presents a 1Password button right on the login screen! Tap it and you’ll switch to 1Password, where you can enter your Master Password (if necessary to unlock) and see that “app.net” has been auto-inserted in the search box to quickly filter results for you.

When using Riposte’s in-app browser, you can also tap the action arrow, then tap the 1Password option (again, the button only appears if Riposte sees it’s installed) to auto-search 1Password for the user’s Login for that site. This makes it easier for users to quickly use their 1Password Login for that site from within your app, instead of having to switch to another browser.

Of course, there is also Launch Center Pro, a fantastic iPhone productivity utility that has long had support for doing a few things faster with 1Password. It was the first to adopt our new URL schemes, so you can create quick actions to search 1Password for, say, the contents of your clipboard or a custom term, or open HTTP and HTTPS URLs in 1Password’s new Web Mode.

Download our icon pack

You’ll probably want our icon to place a button like you see in Riposte. Here is a pack of icons you can use, but get in touch if these don’t fit the bill. Update 4-19-2013: we updated this pack to include a couple monochrome icons at various sizes for things like the iOS sharing sheet.

Check if 1Password is installed

The first thing you probably want to do is find out whether 1Password is installed. This should help:

if ([[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"onepassword://search"]]) {
 NSLog(@"1Password is installed!");
}

Make it easier to login, auto-search 1Password

If your app uses a service that your users log into—whether it’s Twitter, App.net, or something homegrown—you can display a 1Password button and pass a search term with a simple URL like this:

onepassword://search/twitter

Or you can do it with code:

[[UIApplication sharedApplication] openURL:[NSURL URLWithString:@"onepassword://search/twitter.com"]];

This is also a useful way to let users switch from your in-app browser to quickly search 1Password for a Login for the page they’re on.

Open URLs externally, set 1Password as the default external browser

You can open URLs in 1Password (essentially like the ‘Open in Safari’ option) simply by inserting “op” in front of them:

ophttp:// or ophttps://

You can also use this code, then have UIApplication open that URL:

NSString *browser = [[NSUserDefaults standardUserDefaults] stringForKey:kPreferredBrowser];
	NSURL *url;
	if ([browser isEqualToString:@"1Password"]) {
		url = [NSURL urlWithString:[@"op" stringByAppendingString:urlString]];
	}

Again, this is just the beginning. We rolled out this support in our recent 4.1 update and we’re already seeing quite a bit of interest and requests, all which we’re pouring over as you read this. If you have a good idea we’d love to hear it, though, so definitely get in touch so we can chat.

Update

The fine folks behind Riposte open sourced their implementation of 1Password support. You can grab it on GitHub and fork it if you like. You could even spoon it if that’s your thing. We won’t judge.

PSA: closing the book on iOS 3 soon, here’s how to backup your app

1Password Pro iconThere comes a time in every app’s life when it has to part ways with previous OSes. Sometimes the app has grown to the point where it must simply move on, sometimes it’s a mutually beneficial separation of the bytes. This time it’s a little bit of both.

1Password 3.7.1 for iPhone and iPad is in review with Apple, and it contains some typical fit and finish you would expect in a small update like this. This version will also remove support for iOS 3.0 (or, for the tech history nerds in the audience, what was originally called iPhone OS 3.0). We’ve found that the vast majority of our users have upgraded to iOS 5 and 6, so it’s time for us to streamline the app and our workflow to make 1Password even better. Plus, the latest version of Xcode, which we need in order to keep making 1Password all it can be, simply no longer supports iOS 3.

If, for whatever reason, you will continue using devices that cannot upgrade past iOS 3.x, we highly recommend backing up your current  copy of the app, just in case you ever need to reinstall it (of course, you should also backup your app’s data, too, and often). As far as I know, the App Store on iPhone and iPad will not display updates that do not support the device’s OS, but iTunes may be a different story. Besides, it never hurts to be prepared for a rainy day.

Fortunately, we have instructions for backing up your current copy of the 1Password app for both Mac and Windows users. Our update is in review with Apple, but it will arrive soon and we’d like you to be better safe than sorry. As for our new minimum OS requirement, 1Password now needs iOS 4.3 or later.