1Password 4.1 for Mac: The Little Big Update

1Password 4 for Mac has only been out for two months, but we just couldn’t wait to get you an early holiday present—our first major update! 1Password 4.1 for Mac is now available for our website customers, and it is waiting for review out for Mac App Store customers as well. "4.1" may look like a small update, but it packs some great big stuff, including something we’ve wanted for a long time: updating Login passwords right from the browser extension!

1P4 Mac 4.1 update existing login

 

Now with 1Password 4.1 for Mac, when you update your password at a website (ideally using our Strong Password Generator!), our new save dialog has the option to create a new login or "Update existing Login." If you have more than one Login for the site, you can choose which Login to update. Toss in the ability to tag and add this Login to a folder on-the-fly, and this is pretty much the greatest way to create new Logins and update them down the road when the need arises.

There’s plenty more goodness where this came from, we also have: a new "Top" Item List Layout (yep, we brought back the traditional item list for the old schoolers), a new search-by-title option, printing (both individual items and your entire vault—careful with that last one!), some Wi-Fi Sync fixes, and more.

Check the gallery below for more highlights, get the full details in our changelog, or dive right in. Website customers can use 1Password > Check for Updates right now, and Mac App Store customers can check the store’s Updates tab.

1Password + Holidays = Sanity

bowed icon macWe’re headed into the home stretch of 2013, and between travel coordination, meal planning, and shopping, there’s a whole lot of holiday stuff to juggle. If only we had computers that fit in our pockets that could make things easier… wait. We do have pocket computers, and 1Password for iOS just went on sale, so here are a few tips that will help you stay on track during the holiday season.

Secure Notes And You

We love Secure Notes. You can keep all kinds of things in them! A few examples:

  • Travel itineraries. Since you already have your logins in 1Password, add your trip info as a Secure Note. Then if you need to rebook or make a change, you’re one tap from logged in! You can also add the garage door or alarm codes for your in-laws house, or other temporary things you might need.
  • Shopping information. Got lots of people to track gifts for? Create a Note for each person, and add clothing or shoe sizes, preferences in colors, or ideas you came across before you were in full Gift Shopping Mode.
  • Epic menu data. You can keep lists of guests, their allergies, and their preferences, or even keep those Secret Family Recipes super secret!
  • You can keep lists of how people are related to each other (particularly handy for new family members), and nobody will stumble across it by accident! They’ll just think you have a great memory!

bowed icon iOSShop Securely… anywhere!

You already know you can store your credit card data in 1Password and fill it securely in a snap. Some other ways you can make shopping with 1Password more convenient are below:

  • Add all your card info to the 1Password Credit Card item, including all that information on the back about calling customer service or replacing a card. Then if you need it, just tap the phone number to make the call.
  • A number of popular websites have gotten more mobile-friendly, so now when you have the inspiration, you can log in using the built-in 1Browser and whip up a little holiday magic right from your iOS device. And if you combine that with “buy online, pick up in store” service, you’re only in the store long enough to pick it up, get a receipt, and get out again. (This does wonders for my budget!)
  • Identity Sorcery. Set up Identities for family members you regularly ship things to. Label them clearly, and voila! No more fumbling for info when you need to send something to kids or grandkids or anyone else.
  • Remember that you can always gift 1Password to those family members who are bad at remembering passwords or use the back of their address book. You can gift a copy from our store, or you can buy an iTunes gift card to gift the Mac App Store version.

Now here are a couple of bonus tips for those who think of Black Friday and December 26 not as days for power shopping, but as Family Technology Maintenance And Probably Assistance Hooking Up The New Thing They Just Got Day:

  • Keep Wi-Fi login information in 1Password for family routers. And while you’re at it, take photos of those stickers on the side/bottom of the router and modem with all the model information and serial numbers. Then when you’re trying to assist from afar, your search-fu is increased by including the model.
  • Expansion of the previous item: If you give or receive some tech, get a photo of that model/serial sticker on the device before you put it on the wall or in the A/V cabinet, then you have it later when you need it. (I attach these to secure notes with all the other information about the item, such as when and where it was purchased.)
  • Add other family logins to your login items, and tag them so you know they’re family items. Then save them in a smart folder. When you need a family login, that folder has everything in one place.

Hopefully these tips will keep your holiday season a fun one. :)

Time to give 1Password 4 for Mac’s Security Audit a whirl

1Password Security AuditIt was bound to happen eventually. A massive Adobe data theft of 130 million customer names, emails, encrypted passwords, source code, and more will enable almost limitless password reuse attacks in the coming weeks.

Suppose you are one of the 130 million people who’s oddly encrypted passwords were among the Adobe password breach. Suppose that you used the same password there as you do for PayPal.

To make matters worse, suppose you actually listed that fact in Adobe’s password hint. Since the malicious attackers dumped the Adobe data online, a quick check of Adobe customer password hints shows that there are more than 700 that say things like “paypal” or “sameaspaypal”. There are more than 20,000 hints referring to “bank”. I will talk about password hints at some other time; my point here is all about password reuse.

Only a fraction of the people who are reusing passwords will make that clear in their password hints. We already know password reuse is common. We also know that criminals do indeed exploit password to steal from people.

I am very tempted to explain all about Adobe’s peculiar method of storing passwords. It’s really a cool story with lots of interesting lessons, and explaining it would involve poorly encrypted pictures of a penguin.

I am also tempted to dive into gory details of the statistical properties of the data, the analysis of which has kept my computer busy for days on end. Likewise, I could rant about Cupid Media’s failure to encrypt or hash passwords for 42 million customers. Or I could talk about privilege escalation and the MacRumors discussion forums breach of 860,000 hashed passwords a week earlier, leading to the capture of all 860,000 hashed passwords.

But it is far more important for me to repeat what we’ve said in many different ways and at many different times: Password reuse—using the same password for different sites and services—is probably the biggest security problem with password behavior.

We want to fix that.

Knowing the right thing to do is easier than doing the right thing

Like most people, you weren’t born using 1Password, it’s something that came to use later in life. Now that you use 1Password, you will (or should) be using the Strong Password Generator when you register for a new website so you get a strong, unique password.

But think back to those dark days when you needed to come up with passwords on your own. You probably picked from a small handful that you had memorized, so now you’re stuck with a bunch of sites and services for which you used the same password.

Security Audit selections

Getting all of those old passwords sorted out is going to be a chore, but it doesn’t have to be done all at once. Best of all, 1Password 4 for Mac can help, thanks to its new Security Audit feature.

Let’s use an analogy: say that Molly (one of my dogs, and not really the cleverest of beasts) has just started using 1Password. She has a few passwords, but not many. Even though she doesn’t know how to push open a door that is already ajar, she can make use of the new Security Audit tool in 1Password for Mac.

In the left sidebar of 1Password 4 for Mac, down toward the bottom, there is a section called “Security Audit”. When Molly clicks (or paws) “Show” next to “Security Audit” she sees a number of audits available. She can select “Weak Passwords”, which will show her all of her items with weak passwords. She can also look at password items that are old. But the selection we are interested in today is “Duplicate Passwords”.

Security Audit: Molly's duplicates

Security Audit in 1Password 4 for Mac, displaying Molly’s duplicate passwords

What Molly sees is that she has two sets of duplicates. One of them is used for two Logins, and the other one is used for four Logins. As we can see, her Adobe.com password of “squirrel” is used for her Barkbook, Treats R Us, Cat Chasers Logins as well.

Molly transfixed by "squirrel"Molly should, of course, go to each of those sites and change her passwords on them. But there are squirrels in the back yard to bark at, and changing all of those passwords may seem overwhelming. So Patty (the cleverer dog in the family) advises Molly to think about which of those Logins are most crucial. Molly can’t tolerate the thought of anyone else getting a treat; so she starts with Treats are Us.

This does mean going to the Treats are Us site and using its password change mechanism. 1Password is smart, but it isn’t quite smart enough to go browsing through the sites to find their password change pages. Molly may decide that her Barkbook Login is also very important, and so will change that one right away as well.

Ideally, Molly should fix all of her weak and duplicate passwords as soon as possible. And as Molly has only a handful of Logins, she could do that. But for those of us who may have a large number of old accounts, it is probably best to check Security Audit and update reused or weak passwords at the most important sites first. Then, updating other passwords a few at a time is an easy way to make all our accounts much more secure.

Apps that Love 1Password: Delivery Status touch

Delivery Status Touch iconYou buy stuff online, and you need to know when it’s going to show up at your house, work, or your lucky recipient’s doorstep. For years, community favorite Delivery Status touch has made it, dare I say, fun to track your packages. Now it’s adding the convenience of 1Password.

Delivery Status touch 5.0 just hit the App Store and it is a whopper of an upgrade. In addition to big new features like optional background notifications, Calendar support, and iCloud sync, you can use the new 1Password integration to quickly log into services and add packages to track.

For supported services like Amazon and Google Checkout, Delivery Status touch can simply log into your account and pull down the details it needs. Tap the new 1Password button in the service login section, and you will switch to 1Password with your All Items list already filtered for the service you’re adding. Swipe across the Login item you want to trigger the Action Bar, tap the clipboard button to copy your password to the clipboard, then switch back to Delivery Status touch to finish logging in.

We’d like to thank the fine folks at Junecloud for adding 1Password support to their legendary delivery tracker. Be sure to pick up Delivery Status touch in the App Store, and if you’re a developer, learn how you can add some 1Password to your iOS apps!

Apps that Love 1Password: Money Pilot

Money Pilot Icon@152pStaying on top of your finances is a good idea, and so is managing them in a secure way. That’s why we’re happy to see a brand new iPhone app, Money Pilot from Victor Hudson, join the ranks of Apps that Love 1Password!

This is one of those apps that was born out of necessity—literally. Victor told me that he started managing his finances a decade ago using a spreadsheet. He built a system and got pretty good at it, but then he bought an iPhone and this approach just didn’t hold up on such a personal, mobile device. He looked for apps that could supplant his financial management spreadsheet, including Apple’s own Numbers for iOS, but ultimately decided he’d have to build it himself. And so Money Pilot was born.

Money Pilot is a financial record keeper and bill planner. You can plan bills around your pay schedule, see how much you actually can spend right now, and gain some of the automation of spreadsheets without all the overhead. Victor also added some clever 1Password support that he says was a “must have” for him, personally: you can add bank URLs for your accounts, then set 1Password’s 1Browser as the default browser for when it’s time to visit their websites.

Get Money Pilot now in the App Store for just $2.99, and be sure to leave a review to support Victor and help him make it even better! If you want to check out all the other apps that have added 1Password support, from Twitter clients to beer companions (no, really!), check out our Apps that Love 1Password page!

1Password 4 for Android: The beta, like winter, is coming!

Android Signup Banner

You might have noticed that this summer a couple of interesting screenshots appeared in our Dropbox folder, and then here on the blog.

You also might have noticed that we ran a rather large beta test for our Mac version.

Now those two great tastes will taste great together! We’ve set up a shiny new (if I do say so myself) Android beta newsletter signup page.

If you ever sent us an email or a tweet asking about the future of 1Password on Android, now’s your chance to help shape that future.

It’s an opt-in newsletter, so we’ll send you a message with a confirmation link to click just to be sure you meant to sign up, and to make sure we got your address right.

Join us, won’t you?

1Password 4 for Windows is coming. Want to help beta test?

1P4 Win beta

I’m going to be honest: I can’t tell you anything about 1Password 4 for Windows. Technically speaking, I’m not even supposed to confirm it exists. But I can tell you that, if it did, we’d be accepting beta testers who want to help us polish it at a webpage like this.

So, if you like to live on the wild side, test Windows apps, and offer feedback in super special forums, you might want to add your email address to our beta Windows newsletter signup page.

1Password for Mac tip: How to create, share a vault with family or coworkers

switching vaults

1Password 4 for Mac brought over 90 awesome new features, and one of its best (and most-requested) is the brand new Multiple Vaults. You can now create extra vaults, copy items to them, and optionally share them with family, coworkers, or anyone else you choose.

We have a great support document that explains step-by-step how to create and share a new vault, but here are the cliff notes:

  • Create a new vault (1Password > New Vault…)
  • Customize its icon, color, and Master Password (you can even use photos from your Mac!)
  • Copy some items to this new secondary vault (select any item, click the sharing arrow and choose your new vault as the destination)
  • Place the vault in a shared Dropbox folder or other location (1Password > Preferences > Sync)
  • Have your family members or coworkers use 1Password 4 for Mac to add your new vault
  • Enjoy 1Password’s new Shared Vault awesomeness

Our new Multiple Vaults feature is Mac-only for now, emphasis on for now. But we think it’s the best way to collaborate with family and coworkers yet conveniently use strong, unique passwords to protect all your sites, apps, and devices.

Our own Kelly Guimont helps KGW News get the word out on a credit card scam

KGW News cellphone credit card scam Kelly

Credit card scams and Nigerian emails bearing gifts of unclaimed government treasures are usually things that happen to “other people.” Well, recently that “other people” happened to be our very own Kelly Guimont, so she helped KGW News in Portland get the word out on a new cellphone credit card scam making the rounds. Check out the video segment at KGW’s site, and be careful out there.

37signals recommends 1Password in new ‘Remote’ book

remote_frontYou might know 37signals from Basecamp, Highrise, and Campfire—excellent services that help team members collaborate better whether they’re across the hall or the world. Those folks know a thing or two about working remotely, so co-founder Jason Fried and company partner David Heinemeier Hansson wrote an entire book on the topic and called it Remote. You can get it in iBookstoreAmazon, and elsewhere.

Remote covers the advantages of allowing some or all of a company to work remotely and how to pull it off, and in the midst of all that, Fried and Hansson give a shout-out to 1Password. In a chapter called “Only the office can be secure,” Remote debunks the myth that employees need to be under the same roof in order to keep sensitive accounts and data under control. The company describes its simple security checklist that all employees must follow, and one of its cornerstones is to:

Use a unique, generated, long-form password for each site you visit, kept by a password-managing software, such as 1Password.

It’s a smart checklist overall, and one of the dozens of reasons you should really give Remote a look to learn more about how and why working remotely can open a lot of doors for you and your organization.

For bonus points, our very own co-founder Dave Teare had a brief Twitter conversation with Jason Fried to say thank you:

Dave Teare Jason Fried Remote Twitter conversation

%d bloggers like this: