Future Safari 5.1 users: meet the new 1Password extension (Updated)

As a Mac user who doesn’t live under a rock, you’ve probably heard of this Lion thing Apple plans to release soon. Lion is quite a significant upgrade for Mac OS X, and with it Apple will introduce Safari 5.1, a major update for Lion and Snow Leopard users that brings lots of great new features and perks. Being the agile folks that we are, 1Password 3.6 for Mac is already prepared, but this isn’t just a compatibility nip here and a bug tuck there. We completely rewrote our Safari for Mac extension for Safari 5.1 in the name of usability, speed, cross-platform harmony, and bringing you faster updates.

One thing to keep in mind for now, though, is that as of this writing, our new Safari extension that supports Lion and Safari 5.1 on Snow Leopard is in beta. It’s pretty solid, but there of course may be quirks, bumps, and other odd behavior, so we welcome you to catch us in the AgileBits forums with ideas and bug reports.

Once you decide to upgrade to Lion or Safari 5.1 on Snow Leopard, you’ll be prompted to install our new Safari extension because it’s the only one that will work for you. And since Apple’s releases will soon be upon us, I figured it’s time you meet the new 1Password Safari extension.

Update: If the rest of this blog post isn’t enough for you, we’ve been busy preparing more documentation and FAQs to help you get up to speed with the new extension. Check out the right side of our 1Password FAQs for everything from a quick intro, to a list of keyboard shortcuts, and some common support tips.


Our new Safari extension is based on the redesign we introduced in our Chrome extension last November. Instead of just a browser button with a couple menus, the new interface offers a more powerful and flexible slice of 1Password right inside your browser. Whether you click the toolbar button or use the default keyboard shortcut of Command-\ to trigger our Safari extension, it appears as a window that floats above the top left corner of the current page, featuring tabbed sections for Logins, Identities, Credit Cards, and our Strong Password Generator. This puts the 1Password extension’s capabilities in the spotlight for all users and makes navigating around your data much, much more convenient. It also means you can now do things that haven’t been possible before from within a browser, such as view and copy 1Password item details and even review a Login’s password history.


Using 1Password via our new Safari extension is now much faster and more efficient whether you’re a mouse user or a keyboard ninja. Most of our customers build quite long, eclectic collections of Logins, but navigating a list of even a couple dozen items with a browser button menu can be clunky; you can lose your place or miss a sub-menu and have to re-do a lot of scrolling. You also can’t really search your items or view any extra information about them. With our previous extension, you’d have to stop what you’re doing, open 1Password, unlock it, then go searching for what you need. A key goal of our new extension is to give you instant access to more of your 1Password information right there in the browser so you don’t miss a beat.

By presenting your 1Password data with this new interface, we’ve made it much easier for mouse users to navigate their data, peruse long lists of items, check or copy an item’s details, and pick the proper item without dealing with finicky menus or losing one’s place. But if you fancy yourself a keyboard ninja, you can can now open the extension, navigate your Logins, Identities, and Credit Cards, view item details, and fill a form all without ever having to touch the mouse. Check out some of our keyboard shortcuts for navigating the Safari extension:

  • Command-\ – This has been the default keyboard shortcut for quite some time to open our extension in any browser. We haven’t changed it since it’s still a great place to start. It opens our new extension interface and displays any relevant logins for the current page
  • Command-Option-\ – Opens our extension and take you straight to the All Logins tab to search for a Login. After finding the Login you want, hitting Return will open the Login’s URL, fill in your credentials, and log you in
  • Tab – On the extension’s Logins tab, this switches between the “Logins for this site” tab and “All Logins” tab
  • Right arrow keyThis one is a pretty big deal! It gives you access to much more of your 1Password data inside your browser than ever before. It allows you to view the details of any selected Login, Identity, or Credit Card. Need to copy a password for a Flash site, double-check a Credit Card’s expiration date, or verify the info in an Identity? This is a great way to do it without having to drop what you’re doing and open the 1Password app. To get back to the item list, simply hit the left arrow key
  • Command-arrow keys – Navigates between tabs for Logins, Identities, Credit Cards, and the Strong Password Generator (for Chrome users it’s Command-1, 2, 3, and 4)
  • Escape – Hides the 1Password extension and go on about your business

Cross-browser compatibility

Without delving into too many technical details, our new extension isn’t just a pretty face—it’s actually a complete architectural rewrite. There are a number of advantages to this for our developers, but for you, dear 1Password user, this means improved form filling, more features, and faster updates. In fact, this new extension format allows us to update the extension without having to update the 1Password application—that means more frequent updates and a smoother update process for you. For example, Safari and Chrome allow extensions to update automatically.

On a grander scale though, this new architecture will eventually allow us to use much more of the same code across the browsers we support. That translates to less work for our developers when it comes to keeping pace with the break-neck development cycles of Chrome and Firefox, but more importantly: a consistent, powerful, and flexible user experience no matter which browser you’re using.

Moving forward

We have a lot planned for our new browser extension, including features to add and some great interface enhancements. We’re also still working on the Firefox version, so stay tuned on that front. Ditto for our Windows users.

We’ve had an incredible response to our new extension from Chrome users over the past year, our beta testers, and early Lion and Safari 5.1 users. We think the new Safari extension marks a huge improvement to 1Password integration with the browser, making your data more accessible, and letting you get in, get out, and get back to what you’re doing faster than ever before. But that’s enough about us—let us know what you think in the comments!

32 replies
Newer Comments »
  1. Nick
    Nick says:

    Does the Command-\ shortcut still auto-fill and submit if there is one login? Or does it still open the UI and the user has to hit enter for it to go?

    • David
      David says:

      Hi Nick. Auto-filling and submitting when there’s only one Login for a site is something we’re still looking at during the extension beta period.

    • Derek
      Derek says:

      … and until it’s implemented, you’ll have to pry snow leopard from my cold, dead hands!

    • David
      David says:

      Fortunately, as an Agile customer, we have every intention of keeping you alive. Plus, we all have our own copies of Snow Leopard, so I think you’re safe on this front. :)

      However, if this functionality is a must-have for your 1Password Safari experience, I recommend holding off on upgrading to Safari 5.1 for Snow Leopard. I’m not sure when Apple is going to release it, but it stands to reason that it could be released alongside Lion. Perhaps you could watch out for it in Software Update and uncheck it to wait and install until we’ve updated the extension.

    • Paul
      Paul says:

      This is my only gripe with the new extension, otherwise it’s perfect. If there’s only 1 Login for a site, then it’s just an extra, unnecessary step to have to press Enter each time.

    • Mark
      Mark says:

      Agreed… this is a significant step backwards in terms of usability. I appreciate all the new functionality – but adding one and often multiple clicks to every login request is not ideal…

  2. Denis Lemire
    Denis Lemire says:

    In the Chrome extension, I can launch 1Password in a blank tab and have it take me to the site and login. On the new Safari extension, I can’t open 1Password from an empty/default ‘Top Sites’ tab. Can this be fixed or is it a limitation imposed by Safari?

    Other than that, great work! Can’t wait until Firefox follows suite.

    • David
      David says:

      Hi Denis. That’s on our to-do list, so let’s call it a limitation of the beta for now. :)

      Thanks for the kind words! We’re glad to hear you like the new extension.

  3. Paul Adams
    Paul Adams says:

    you say that “it appears as a window that floats above the top left corner of the current page…” but it’s not actually floating. On my 5.1 it’s just drawn there so it blocks the page below. shouldn’t floating mean that you can move it around on the page so you can see the parts that it is blocking? If It was move-able, it would be nice.

    • David
      David says:

      Hi Paul. You’re right in that the window isn’t moveable just yet. That’s something we’re looking at. I mostly wanted to describe the appearance of the extension since it’s a different experience from before.

    • Tuomas Hämäläinen
      Tuomas Hämäläinen says:

      And what if I have my [1P] button in the top right corner of my Safari window (like I have it now)? Will I have to mouse all the way over to the left, or can I set it to appear conveniently near the toolbar button?

      My other concern is space efficiency. In that screenshot there’s a lot of empty space in the 1Password window that covers more of the page than what’s really necessary.

      The current 1Password menu appears right there near the [1P] button and takes up as little space as possible. That’s what’s so neat about it. I hope this kind of user-friendliness will be carried over to the new extension.

    • David
      David says:

      Hi Tuomas, thanks for mentioning these issues. The overall design of the 1Password popup, as well as its placement, is something we’re looking at. For now, you could use a temporary workaround and move your 1Password toolbar button to the left side: go to View > Customize Toolbar, which will present a sheet of all the buttons you can add to Safari’s toolbar. Just drag your existing 1P button anywhere you want and click Done. I hope this helps!

  4. Steve
    Steve says:

    I for one HATE the new 1Password Safari Extension… every time asking me for password even though have option disabled….. I already have my account on my computer protected and only one that uses it so don’t need 1Password/Safari to ask me every 2 minutes… On top of that always asking every single webpage do I wanna save my login even though login for page is already saved in 1Password..

    • David
      David says:

      Hi Steve! Thanks for your feedback. This isn’t standard behavior–sounds like you’re running into some of the quirks of this extension being in beta. Feel free to catch us in the forums so we can help you out: http://forum.agilebits.com or contact us directly: http://agilebits.com/contact_us

      We should be able to get to the bottom of things and track down some of the bugs in the beta and publish an update. Thanks!

    • Paul Adams
      Paul Adams says:

      Hi David

      we’re having the same experience on three separate macs (we have the family pack :) – every time I manually click “login” on a page, 1Password asks me if I want to save the password – even when I just used 1Password to fill the password in for me. I’ll go see what’s up in the forums, I just wanted to let you know that Steve is not the only person seeing this behavior.


    • Shaun Harrison
      Shaun Harrison says:

      I’m having an identical experience as well, and quite honestly it makes me want to stop using the 1password browser extension.

      On Snow Leopard, I was dependent on 1password, I couldn’t use Safariw without it.

      On Lion, with this new extension, I do everything I can to avoid using it.

    • Mike
      Mike says:

      Hi Steve, the extensions aren’t yet fully implemented to understand your settings set in the 1Password.

      As for the 1Password saving the site again even if you have it saved in 1Password, that sounds like Safari’s auto-fill is turned on. We generally do not recommend leaving both Safari’s auto-fill and 1Password enabled at the same time. Please turn off Safari’s auto-fill and that’ll stop the repetitive requests to save the login. http://help.agilebits.com/1Password3/safari_autofill.html

  5. Kevin Yank
    Kevin Yank says:

    In theory, the new extension is a wonderful improvement. The fact that it provides Lion compatibility well before the release of the new OS is just icing on the cake.

    In practice, the new extension is slow, buggy, and limited compared to the previous version. Some specifics:

    1) Because the new extension must overlay a page, you can no longer invoke the extension to create a new window and log into a site in one action. You now need to open a new window, wait for your home page to load (if you have Safari configured to display a blank page or your top sites, 1Password is not available), and then ⌥⌘\ to open All Logins.

    2) The animations on the new extension are too slow. I wait a full second for the overlay to animate in, whereas previously it was open and available instantly.

    3) The extension doesn’t support logging into sites that require basic authentication (with a browser password dialog). This now requires opening the full 1Password application to do.

    4) Password matching is hit-and-miss with the new extension. I trust this will be improved to the standard of the previous extension in time.

    5) A bug: Invoking the extension often causes the browser to scroll back to the top of the page.

    6) A bug: my 1Password overlay has ugly scrollbars along the right and bottom edges. Hopefully you’re aware of this and working on a fix.

    • Kevin Yank
      Kevin Yank says:

      7) Go to and login (⌥⌘\) doesn’t submit the login form. Hopefully this is a bug that will be fixed.

      8) The feature where ⌘\ auto-fills and submits (if auto-submit is on) the best login match for the current page seems to be missing. Hopefully this will be added in due course.

  6. Daniel Compton
    Daniel Compton says:

    Hi David

    I have been using Chrome lately as Safari is being a memory hog and one difference I have found relates to signing up to new websites. In the current Safari extension if I click the Identity > Daniel button it fills my identity and automatically generates a password. In Chrome I have to add the password separately.

    I could be missing something, is there a way to have a password generated and fill my details in the Chrome/New Safari plugin?

    Thanks, Daniel.

  7. Andrey
    Andrey says:


    What I don’t like in extensions is that there’s no way to launch 1Password application. Or do I miss something?

    Thank you!

  8. jemi
    jemi says:

    I might get this wrong, but are you injecting the 1P gui into the document? What keeps a potentially malicious site from scraping the contents of your floating window?


    I think i will stop using the extension. now. :(


    • David
      David says:

      Hi Jemi! Thanks for bringing up the question. I have to admit I’m not quite knowledgeable enough to answer your question, but I’ve sent it along to one of our more seasoned ninjas who should be able to jump in soon. However, I am quite confident that our developers considered this method of attack from malicious sites, as this extension redesign has been in the works for over a year.

      We should be able to get you a more thorough answer soon! Thanks again.

    • Jeff
      Jeff says:

      Hi Jemi,

      This is a great question. As browsers (for very good security reasons) insist on more sandboxing, we have to do more of what 1Password does directly within the browser, and this does raise the question of whether 1Password becomes more vulnerable to browser exploits.

      There isn’t a simple answer as I don’t think it is a question of “more” as a question of “different”. 1Password has always integrated with browsers and so the question of browser exploits has always been something that we’ve needed to guard against.

      Our overall strategy has been to ensure very tight “encapsulation” of our code, particular the stuff that is accessible through the browser. This protects 1Password’s operation for other things going on in the browser. This is why historically there have been few conflicts of 1Password’s extensions with other extensions. The one notable exception is with the placement of the 1P button in the traditional Safari extension, but nothing having to do with the actual operation of 1Password.

      The “new” style of extensions that browsers are insisting on give with one hand and take with the other. They take in that they force us to do more within the browser than we have in the past. Because there is more that we do in the browser, there is a greater vulnerability surface. But they give us improvements in that they add increased “encapsulation” of extensions. That is, the same tools that browsers provide that make it harder for extensions to step on each others toes, also make it harder for an exploit within a web page to grab any private data within our extension.

      At this time, I can’t say with much confidence that the new extension over all is “more secure” or “less secure” than the previous ones. But what I can say with confidence is that as the extension models within browsers becomes more mature, that the security benefits will outweigh the added risks. I’m just not sure that we are there today. That is the sandboxing within browsers is not just to keep the browser separate from the rest of user data, but also works toward sandboxing individual extensions. This model really does improve security within browsers greatly.

      One thing to keep in mind is that 1Password keeps all your data encrypted except for the specific bit that it needs at the time for a particular page. The notion of everything being “unlocked” when 1Password is “unlocked” is a bit of an illusion. So there are more layers of security than you might imagine.

      I really wish that I could give you a definitive answer. But often I find that security trade-offs aren’t so much between convenience and security (as many people believe), but between security in one respect and security in another.

      Once things have settled down a bit and Dave and Roustem return from their travels (and I from mine after that), I’ll try to write up a knowledge base article that enumerates the more specific concerns.



    • Mike
      Mike says:

      Hi Jemi,

      Each extension using the Safari’s APIs are sandboxed from each other, meaning that it’s not feasible for a web site with malicious code to actually get back into the extension and try to steal data. The sites or the code doesn’t know about the extensions that exist outside their world.

  9. Daniel Compton
    Daniel Compton says:

    Another difference between the Safari and Chrome extensions is that using Quicksilver and presumably Launchbar I can select the password to fill and Safari opens the webpage and fills and submits it. Chrome only opens the webpage. Will the new Safari extension be roughly the same as the Chrome one?

    Thanks, Daniel.

Newer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.