1Password for Mac 6.5.5: Manual update required

tl;dr

As a result of an expired provisioning profile and format change in the developer certificate, customers who downloaded 1Password for Mac directly from our site will need to manually update to the latest version. Those using 1Password from the Mac App Store are not affected.

For those who are interested, here are the events that conspired against us to make for an interesting Family Day weekend…

Fire at the office

I was out at the gym yesterday when I received a call from my wife. I thought she was calling about our belated Valentine’s dinner we had planned. Instead she rather alarmingly told me that “Sara called and said there is a fire at the office”.

Rushing home, I was expecting to hear that the hammocks and standing desks had gone up in flames. (Happily our servers are all virtual so I wasn’t too concerned). The “fire at the office” turned out to be a fire with 1Password for Mac. Customers were getting an error message when trying to start 1Password!

Unable to start 1Password

I urgently gathered our Mac team who were enjoying their holiday weekend to figure out what happened. We quickly recreated the issue and found this error in the logs: Binary is improperly signed. This seemed very strange to me as this version was released back in 2016.

We knew our developer certificate was going to expire on Saturday, but thought nothing of it because we believed those were only necessary when publishing a new version. Apparently that’s not the case. In reality it had the unexpected side effect of causing macOS to refuse to launch 1Password properly.

New certificate, new format

We renewed our certificate and released 1Password 6.5.4 thinking all would be well. And that’s when the other shoe dropped. When we created the new certificate it had a new format for the Common Name.

While this sounds like an inconsequential change, our built-in installer goes to great lengths to validate that every 1Password update is actually 1Password. Since our installer did not recognize the new certificate format it refused to update.

No problem can’t be solved without yet another build, so we created 1Password 6.5.5 ?

Long story short, 1Password 6.5.5 is now available and solves all these problems. The only catch is it requires you to install it manually.

Moving forward

As you might imagine, we have a whole new level of understanding of the importance of expiring provisioning profiles and certificates. Our new certificate expires in 2022 but I can guarantee you we will be renewing it far before then.

I do apologize for the inconvenience and extra work that this will cause you. I am sure you had better things to do on your long weekend too. If you have any problems with this update please let us know.

I also want to take a quick moment to say “Thank You”. The understanding that I’ve seen from the 1Password community is overwhelming. You never cease to amaze me. It has truly been a humbling experience.

Having spent all Saturday fighting this fire, I still owe Brenda the dinner we were supposed to have had. After missing Valentine’s Day dinners two weeks in a row, I kind of wish the actual office had been on fire ?

Further Reading

This was the first post in a three part series. The story continues here:

Part 2 : Certificates, Provisioning Profiles, and Expiration Dates: The Perfect Storm

Part 3 : PSA for macOS Developers: Renew Your Certificates & Provisioning Profiles

172 replies
Newer Comments »
  1. Alec E
    Alec E says:

    Ah! Wondered why mine wasn’t working earlier. Just assumed my Mac was being a pain and reinstalled. Thanks for the blog post. Hope it didn’t ruin the weekend too much!

    Reply
    • Dave Teare
      Dave Teare says:

      Hi Alec! ?

      Thanks for letting us know! I’m glad to hear everything turned out for you.

      As for our weekend, it wasn’t what we had planned for but we managed to keep calm and enjoy the process as much as possible. Remembering to breath is a good first step, and if that doesn’t work, I always try to remind myself that the only people without problems are dead. ?

      Take care and enjoy the rest of your weekend.

      ++dave;

    • Shiner
      Shiner says:

      Hey Alec,

      You are very welcome for the post and thank you for your concern about my weekend.

      Normally I like to say that the difference between fun and frustrating is the amount of time that you have to solve a problem… but to be honest it was really nice to see our team come together, figure out what was wrong, and create a solution in such a short amount of time. Combine that with the understanding everyone has shown, and overall the weekend has been pretty good. ?

  2. Jeffrey Goldberg
    Jeffrey Goldberg says:

    Just a digression on Common Names and our updater:

    These are often very uncommon. The terminology is inherited from older identify management systems. This is why one of our common names (as far as TLS is concerned) is “*.1password.com”. For S/MIME certificates, the Common Name is typically the email address.

    Anyway, as Jeff Shiner said in the post, our update takes great care to make sure that when it fetches an update to 1Password you are getting a bona fide version of 1Password. And so it checks many aspects of the signature of what it downloads. In this case it was checking the Common Name of the signer as being “Developer ID Application: Agilebits Inc.” But our new Common Name is “Developer ID Application: Agilebits Inc. (2BUA8C4S2C)”

    Anyway, that is why y’all need to update manually (if you are using 1Password for Mac that is not from the Mac App Store),.

    Reply
    • Thomas
      Thomas says:

      Jeff!
      This most likely is a coincidence: today (European time) I did have many crashes of 1PW on my iPad whenever I try to search for an entry. After entering one or two keystrokes it just turns off. It still is doing this. Right now it is unusable. This most likely does not go with your certificate problem but I wanted you to be aware of this.
      Enjoy the rest of your Sunday!

      Thomas

    • Dave Teare
      Dave Teare says:

      Thanks for elaborating on this, Jeff. You will have plenty of time to expand on this even further in our followup post that will expound on the technical details. We want to be able to talk with Apple first so this post may be a few weeks off, but stay tuned for a fun post! ?

      ++dave;

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Yup, Dave. I do want to go into this more deeply, and you will note that my expansion so far only talked about why manual updates were necessary. I did not dive into a discussion of the original problem that required the updates. I’m looking forward to getting a better understanding of why the operating felt that 1Password and 1Password mini shouldn’t be launched under those circumstances. It will hinge on some subtle differences between code signing certificates and provisioning profiles.

    • Dave Teare
      Dave Teare says:

      Hi Thomas,

      Jeff needed to travel downtown for a dinner meeting so I thought I’d jump in. ?

      This does indeed sound like a different issue. But it is an issue so we should get you fixed up!

      First and foremost, are you running the latest version of 1Password on your iPad? Try launching the App Store and checking your Updates tab to make sure.

      Assuming you’re on the latest version and it still crashes, can you send us a Diagnostics Report? Here’s how to send it:

      https://support.1password.com/diagnostics/

      With any luck the report will help our iOS team pin point the issue so they can fix it in a future update.

      Take care, and enjoy the rest of your Sunday, too! ❤️

      ++dave;

    • Dave Teare
      Dave Teare says:

      Thanks for letting us know, Phil.

      The fact this works for you is not unexpected, but it does show why troubleshooting this issue over the weekend was so difficult. ?

      There are a lot of moving parts and we don’t have access to the macOS internals to see exactly how things are stitched together, so this is conjecture on my part, but it seems that macOS will only verify the code signature when an app launches. This makes sense as it would be resource intensive to constantly verify things, and this explains why people won’t see this issue until they completely quit 1Password (including 1Password mini) and then restart.

      Now the part that confuses us is it appears as though macOS does not always perform this validation step. It seems to cache the results somewhere, and it’s unclear to us how to clear this cache.

      Long story short, your 6.5.2 version should indeed be affected by this issue at some point. I am just not entirely sure when that will be. I suspect if you reboot your Mac you probably will experience it sooner than you would otherwise.

      If you have a few minutes and would like to contribute to our understanding, please go ahead and reboot and see how things go. I’d be very curious to know the results. ?

      ++dave;

    • Dave Teare
      Dave Teare says:

      Hi Ron,

      Thanks for letting us know. I’m curious, what exactly did you try and what error message (if any) did you see? Any details you can share will help us narrow down the problem.

      We’ve heard back from hundreds of customers (probably thousands by now) that these steps fixed the issue for them so I’m guessing there’s something unique happening on your machine.

      One thing I would suggest is trying the steps again and then rebooting your Mac and seeing if that solves the issue. The reboot will make sure that the old version of 1Password is no longer running.

      Please give that a go and let us know how it turns out.

      ++dave;

  3. Thomas
    Thomas says:

    Hi Dave!
    I will call it a day soon so you have plenty of time ……
    I do run 6.5.2 on my iPad. (I do have automatic updates enabled). so that would be fine.
    It started with the crashes when I opened 1PW als second App on top of other apps, you know: sliding it in from the right side.
    I will see if I can get the Diagnosis Report to you.
    Take care

    Thomas

    Reply
  4. Dave Teare
    Dave Teare says:

    Interestingly enough, it looks like we weren’t alone fighting this fire this weekend. Some how that makes me feel a little bit better. ?

    Adam Angst had a write up of what happened to PDFpen:

    http://mjtsai.com/blog/2017/02/18/fixing-and-explaining-pdfpen-8-3-1s-crash-on-launch/

    And Michael Tsai had some good comments on that article here:

    http://mjtsai.com/blog/2017/02/18/fixing-and-explaining-pdfpen-8-3-1s-crash-on-launch/

    I need to send my friends at Smile a flower bouquet or something to let them know we know how they feel. ?

    ++dave;

    Reply
    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      I think during our discussion yesterday I said something like, “well if the operating system is treating certificates and profiles that way, we shouldn’t be the only ones encountering this.” (There may have been more profanities in our internal discussion of the issue than I am presenting in the way I’ve quoted it here.) That is, I was initially skeptical of our original (and correct) analysis because it looked like we were the first to have this happen.

      Well, we and Smile (and Apple) need to get the word out to other Mac software creators once we have a full analysis of this.

    • Gary
      Gary says:

      I know that Apple is trying to do the right thing here but the whole provisioning and certificates stuff is a mess. They auto-renewed my developer sub scription last year then immediately sent me a message saying that my certificate had been revoked. I haven’t actually sold any apps yet so no big deal, but it made me worry about the apps like yours that I have bought. So this doesn’t surprise me – well done with your fast response. Gary

  5. ron
    ron says:

    followed the instructions. (first time for everything) Looked like everything went as normal, but the app in the app folder still says 6.6.1.BETA-1

    Reply
    • Shiner
      Shiner says:

      Hi Ron,

      Ah, I see what is going on. As you are on the beta, installing the 6.5.5 stable version will not automatically overwrite your more recent 6.6.1 beta version.

      We have created an updated beta version (6.6.1.BETA-3) and you can download that version and overwrite your existing beta.

      You can download the updated beta version here.

      We will add a bit more to our instructions to make it more clear for folks on the beta.

    • Brent
      Brent says:

      Thanks. That was my problem too. I still show 6.6.1.BETA-1 even after the 6.5.5 manual update. Good thing I searched the comments for “Beta” to find this link to the beta update.

    • Dave Teare
      Dave Teare says:

      Awesome! Glad to hear you got everything sorted, Brent. ?

      We have updated the instructions to include a download link for beta users so hopefully others don’t trip over this same issue. Thanks for helping us make things easier for other beta users. ?

      Take care and thank you for being part of our beta family! ❤️

      ++dave;

  6. Thomas_U
    Thomas_U says:

    Hi Dave, thanks for explaining.

    I had already reinstalled 1P on my own. Got again puzzled by the 1P4 folder in Application Support, until I remembered… ;-)

    What still worries me: The error message is quite misleading. It should be something like

    “1 Password cannot be started. Please contact AgileBits support”.

    When everything worked after reinstall I thought I had repaired the 1P mini connection.

    Reply
    • Dave Teare
      Dave Teare says:

      Hi Thomas,

      I’m glad to hear everything is working for you now.

      Regarding the error message, I see your point. Perhaps we should simplify it and just talk about 1Password as that’s the most important bit. The reason we talk about mini is on a technical level, most of the heavy lifting is performed by 1Password mini, and as such the main app can’t run without it.

      Still, I like the idea of making this prompt better. We could have a special support email address that would allow us to better help those experiencing this issue.

      Take care and enjoy the rest of your weekend!

      ++dave;

  7. Hugo Gonzalez
    Hugo Gonzalez says:

    For the end users do you recommend any of the following to mitigate similar platform related issues in the future?

    If possible add 1 Password to another platform such as iOS, Android, or Windows.
    Print out a basic “emergency kit” type form and then fill it out. Keep the filled out form in a secure location. *** If you fill out the form electronically, make sure to delete the fill out file after printing as the filled out file is probably not secured. ***
    (One example form is located here: https://productivityist.com/1password-emergency-kit-3/ )
    1Password does have printing capabilities. You can print out your complete vault(s) or a selection of passwords. Instructions are available in the (hard to find) 1Password for Mac printable manual at https://support.1password.com/ebooks/mac/onepassword-mac-user-guide.pdf

    Reply
    • Dave Teare
      Dave Teare says:

      Hi Hugo,

      You make some great points. I agree completely, having your 1Password data available on all your devices is a great way to have a backup in case something like this ever happened again, or if anything ever happened to your computer.

      I’m not a big fan of the printing out your passwords, however. Sure it will work, but I’ve been watching a lot of documentaries on global warming and we’re gonna need every tree we can get, so best to print as little as possible.

      With that said, I would absolutely recommend you print out an emergency kit, either the one you linked to or the new one that we include with 1Password memberships which includes the very important Account Key.

      The other thing that I found great during this incident was the new web access available with our 1Password memberships. It allowed me to access all my data while on my laptop. I could have easily gotten what I needed from my phone or iPad, but they were all the way on the other side of the room, so I was quite happy to have the web access. ?

      Thanks again,

      ++dave;

    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Those are all great ideas, Hugo.

      What works and is appropriate for one person may not be appropriate for others, but something of that nature is a good idea and people will need to consider what works for them.

      The data that you have in 1Password is data that you need. Losing access to it would be a bad thing. Data availability is part of data security. In addition to the options that you mention, is the possibility of exporting your data to 1PIF (an unencrypted export format) and storing that on a compact disk in a safety deposit box. I have one that I update occasionally (but not as often as I should).

      In this particular case, it wasn’t actually a loss of data, but a loss of the ability to launch the 1Password application (and 1Password mini) itself. One of the many reasons that we are open about our data format and design is so that you are never locked out of your data (as long as you know your Master Password) even if the 1Password app ceases to function.

      Take a look at You have secrets; we don’t: Why our data format is public for more on that point.

  8. Rick
    Rick says:

    Ah, @Shiner – thanks for that link. The 6.6.1BETA-3 link on the downloads page appears to download something from the 6.5.x series.

    Reply
  9. lukeyboyuk
    lukeyboyuk says:

    Well that was easy enough to sort out! It was moderately annoying having the problem but I came here and the thread was obvious enough. 30 seconds later I am back up and running!

    Thank you for making the instructions clear!

    Reply
    • Dave Teare
      Dave Teare says:

      Awesome! I’m glad you’re back up and running! ?

      Sorry to have wasted a few minutes of your weekend, but I’m very happy you found our instructions clear and easy to follow. ❤️

      Now get back to your weekend and have fun!

      ++dave;

  10. Kristine
    Kristine says:

    I still have 6.5.3 downloaded from your site and no issues yet. Is it just a matter of time before it gives me an error message?

    Reply
    • Dave Teare
      Dave Teare says:

      Hi Kristine, ?

      Great question!

      Yes, I do believe it’s simply a matter of time until you encounter this issue. If you quit 1Password and 1Password mini, I think you’ll see the problem next time you launch 1Password. I don’t know the specifics but I think macOS only checks these provisioning profiles when an application launches.

      Even if you manage to never restart 1Password for years, you won’t be able to upgrade to any new versions due to the changes we needed to make to the updater.

      So it’s best to upgrade as soon as you get a chance. ?

      ++dave;

  11. Andrew
    Andrew says:

    Wow……the steps you take to ensure updates are compatible for your existing MAC customers is commendable! Good job on that front. Hopefully you will keep it up.

    Too bad you haven’t done the same to ensure WINDOWS updates are compatible for existing OPVault customers.

    To anyone thinking of starting to use 1Password for windows……know that 1Password has intentionally chosen to make the latest release (1 Password 6) NOT compatibility for existing OPVault customers. 1Password 6 Windows ONLY WORKS FOR SUBSCRIPTION USERS NOW! Anyone using the OPVault format they recommended for years isn’t able to use the new version. Dave has said that they are working on something for existing customers, but he has been saying that for months and months and months, and won’t even commit to having something compatible within 10 years. So your only option now if you want the new version is to pay 1Password more for a new subscription service (or wait like I have been doing for months and months, only to see them never release anything compatible).

    Mac users……you should actually be concerned…..1Password may do the same thing to you one day! Updates may work for you now…….and it certainly appears that they care a lot about ensuring 1Password Mac updates are compatible with existing users………but one day Dave may start development of a new MAC version that only works for subscription users (just like he has done with the Windows app). I never thought I would have seen 1Password intentionally break compatibility for existing customers on Windows……but they did that, and after 8+ months since the first public beta of 1Passowrd6 for windows, there still isn’t a release that works for existing OPVault customers. The MAC version could be next……

    This is a company that has placed more value on ensuring the new release works for subscription users, and is totally willing to release new versions that do NOT work for existing OPVault customers.

    So if you care about future updates NOT breaking compatibility………..please let Dave / 1Password know. Otherwise, 1Password MAC may see future versions stop working for existing OPVault customers (like Dave intentionally chose to do when releasing 1 Password 6 for Windows).

    Reply
    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Hi Andrew, you touched on a wide range of things and I do see how they are all connected, but I’m going to just focus on one that is most closely connected to Saturday’s mishap.

      When you purchase a license for 1Password on a platform, you are free to use it on that system for as long as you like. We have always operated that way with purchases of licenses and always will

      What happened Saturday with 1Password for Mac “expiring” took us by as much surprise as it did anyone else. Not only did we not deliberately build in such an expiry, we aren’t even sure exactly how it happened. It should go without saying that the emergency fix from 6.5.3 to 6.5.5 removed no features and it would be unthinkable for something like that to be anything other than a free upgrade.

      Perhaps you are worried that have stumbled (and “stumbled” is the right word) across a technology that would allow us to put a lifespan on some licensed download. Could a purchased copy of 1Password die with these words?

      I have seen things you people wouldn’t believe. GPUs on fire cracking hashes of orion.com. I’ve watched generators glitter while you purchased orchestra seats for Tannhäuser. All those passwords will be lost in time, like tears in the rain. Time to die.

      Well that simply isn’t how things work. We do (very slowly) migrate data formats (I really want to see Agile Keychain Format die and encourage people to move to a 1Password.com account.) But we never, ever, want to lock anyone out of their data. We are not going to hold your data hostage. (You might be surprised to know how much work we still go through to ensure that there is a way for people to read/import 1Password 3 for iOS data on modern systems.)

      You don’t have to take our word for all of this. There are many things that ensure that you can’t ever be locked out of your OPVault (or Agile Keychain) data. Export capabilities, your license for your purchased version (and some updates) are perpetual, and the openness of our data formats. The technology is such that the only way for you to become really locked out of your data is to forget your Master Password (or lose your Secret Account Key for accounts users). So you don’t have to take our word for it. So please, everyone make sure that you don’t forget your Master Passwords and those of you using 1Password Accounts, do print out a copy of your Emergency Kits and store those in a safe place.

    • Andrew
      Andrew says:

      Jeffrey……I think you misunderstood the point of my post. I was not worried that you would disable the old version, 1Password4.

      The latest version of 1Password for Windows, 1Password6, is no longer fully compatible with OPVault. It works for monthly subscription customers, but not OPVault users. This was a decision Dave intentionally made when looking at design goals for the new product, and he has discussed his reasoning at length in comments on other blog posts / forum posts. Ensuring 1Password6 worked for new monthly subscription customers was more important to AgileBits than ensuring it worked for existing OPVault customers.

      I wanted to warn others to be wary of your company, as you now have a track record of intentionally releasing new versions that are no longer fully compatible. This doesn’t mean the old version stops working….it means that you can’t use the new version. I was worried that MAC users would commit to 1Password thinking this could never happen to them. It could……as it has already happened in 1Password for Windows.

    • Dave Teare
      Dave Teare says:

      Hi Andrew,

      As always I appreciate your passion for 1Password. I really really do. But we’ve had this discussion so many times now I’ve lost count. I replied to you in the forums on multiple occasions, many times on our 1Password Teams for Windows announcement, and on several other posts not related to Windows at all. I defended you when you attacked our CEO (you used the term “VERY harsh” to describe your own words) and did my best to put myself in your shoes and defend your actions when another 1Password user told me to “cut you loose”. I even offered to call you (not once but twice) so we could talk things through and get to know each other better. I wish you took me up on the offer as I think we could have had a good time and cleared things up.

      I had thought we had some good constructive conversations earlier but seeing you once again making the case that we don’t care about Windows or that we would ever break 1Password to force people to switch to a 1Password membership shows you felt otherwise. I love talking with customers and never want to discourage that, yet in this instance I feel the more we talk the further we get from a common understanding.

      At this point I simply don’t feel our conversations are constructive any more so I think it’s time for you to find a new password manager. I will no longer be approving your comments on this blog as I feel we’re well past the point of making progress and this downward spiral doesn’t help anyone.

      Life is too short for this – it’s time for us both to move on. Best of luck to you. I really do wish you nothing but the best. ❤️ ✌️

      For everyone else who is reading this I’d like to share with you our Windows plans so you know where we are headed. Before jumping in I need to set the stage and explain where we’ve been. Then we can cover where we’re at and finish off with where we’re headed.

      1Password 4 is our current official version for standalone license holders. Version 4 is based on the same technologies the first version used when it was released in 2011. Designed since the beginning for standalone licenses, it does this quite well and has support for syncing with Dropbox and even allows you to sync completely offline using WLAN Sync. The implementation was done using Delphi, and while this is a very good and capable programming language, Microsoft has introduced several newer technologies that we wanted to take advantage of.

      1Password 6 is our leap into the future that uses these new technologies exclusively and we are in the middle of rewriting everything from version 4 into this brave new world. It’s both very exciting and terrifying. The excitement comes from being able to use all the latest and greatest technologies, and the terror comes from needing to rewrite over 5 years worth of code.

      We knew from the start that 1Password 6 was going to be a monumental undertaking and so we tried to keep the feature set as small as possible. At the time we had zero support for 1Password Teams on Windows (our families and personal memberships didn’t exist yet) and we had full support for standalone licenses in version 4. Since we had a working solution for standalone vaults and given the effort version 6 would require, we made the decision early on to focus exclusively on Teams. To this end, 1Password 6 is currently focused exclusively on our new hosted services and so there is indeed no support for standalone licenses or other sync methods.

      I know a lot of people are using Dropbox and WLAN Sync and want to use this new version, and I certainly don’t want to do anything to upset any of our longtime supporters. At the same time, we have a lot of plates in the air we need to juggle so we needed to choose what to work on. The choice we made for version 6 was a whole new app focused exclusively on 1Password memberships.

      One could question our decision to start from scratch and completely rebuild everything. There are certainly many “post mortem” blog posts from other companies that have taken the same route in the past. Indeed it represents a mammoth undertaking as it takes time to build quality software. In our case, it took over 5 years to make 1Password 4 what it was at the time we decided to start over. We knew this going in and we were indeed a little scared, but our excitement outweighed that. We were excited because we wanted to use the latest and greatest technologies so we could create the best 1Password experience possible on Windows.

      Fast forward a year or so and we announced our beta and after toiling away and working our way through the beta process, I was really excited to announce 1Password 6 for Windows a few months later (back in October of last year). It was a good release, but like any “dot oh” release, there are a lot of things to polish and work through to make it really shine. And with this “dot oh” version being a complete rewrite, it’s no surprise that we’re still working through this process.

      It would have made everyone lives a lot easier if this release had complete support for all the standalone features but it simply wasn’t possible. I think it’s easy to underestimate the amount of effort involved to roll out support for Dropbox. I know I fall into this trap often myself so I think it would be helpful to elaborate on what’s required.

      We can start with the ability to sync your data as it gives a pretty good glimpse of what’s involved to go from a 1Password membership solution to one that also supporting standalone vaults.

      Syncing would require us to add two additional synchronization systems: WLAN Sync and Dropbox. Both of these do things completely differently from one another, and both are completely different than how our 1Password accounts sync (accounts sync much faster and have push notifications for live data reload because we have complete control over both the clients and server so we’re able to optimize the protocol and minimize how much data needs to be exchanged). Syncing is one of the most difficult problems in software today and is very difficult to get right once, let alone three times.

      And once we add these additional sync solutions, there’s also a lot of tricky things we need to do for conflict resolution along with new windows for adding multiple vaults and guarding against all the other crazy scenarios people can find themselves in. For example, what should 1Password do if you remove your data from Dropbox and add a new data file there? Or what happens if the files on Dropbox simply disappear? Did the user mean to delete the files or was it an accident? Should we import a missing file and thereby delete the local copy? And what do we do when a user restores an old backup or imports their files multiple times? All of these scenarios need to be accounted for and tested rigorously to ensure your data remains safe.

      The complexity introduced by distributed data sources is huge. So much so that one of my favourite things about our hosted accounts is 1Password.com is the single source of truth. This allows us to greatly simplify things across the board, both for users, our developers, and support teams.

      Now of course that’s just for syncing. For a complete solution we would also need to wire in license validation, create a new trial expiry window and purchase experience, guard against fraud, update our model to support additional data formats, extend our website to support the new license, document things for new users, and the list goes on from there.

      All of these things may not seem like a very big deal on their own, but they add up quickly. As such I’ve asked our Windows team to make version 6 the best it can be with an exclusive focus on hosted accounts. Once this is completed, we can take a step back and decide where we go from there.

      As much as I would have loved to have had full support for everything, our time is finite so we needed to pick a few priorities and roll with them. There are a lot of additional things going on behind the scenes that we need to complete as well so at this point in time I simply can’t say when we would be able to begin work on this. I’m trying to be as open as possible by saying this is not something we’re working on at this moment, but I can’t pull back the curtain any further than that.

      The easiest way forward is to sign up for a 1Password membership. Doing so will not only get you the latest version of 1Password on Windows, but it will also get you a lot of additional benefits that weren’t available to Windows users in version 4. For example, it’s very easy to have multiple vaults on Windows now (before you had to manually add each additional vault) and you can switch between them without needing to unlock each one separately. You also get the benefits of our hosted service, including data loss protection, item history, web access, built-in sync across all your devices, access to 1Password on all platforms, and free upgrades to every new version.

      I hope everyone reading this will give our new 1Password membership a chance (we have a 30 day free trial and it’s easy to move over your existing data) but of course you’re free to continue using 1Password 4 for as long as you like.

      Anyway, our general plan is clear: we need 1Password to have a consistent feature set and UX across every platform and we’re working our way there. I hesitate to give out any specific ETAs as it’s always hard to make the future reality match today’s plans – but we’re getting closer everyday. I can see the light at the end of the tunnel and I look forward to sharing more with you in the future ?

      Take care,

      ++dave;

  12. Karyn
    Karyn says:

    Thanks for the fast fix and the detailed explanation! I too encountered the bug earlier today and figured I’d get back to it later, so no problem.

    Reply
    • Dave Teare
      Dave Teare says:

      Thank you, Karyn. ❤️

      Hearing from awesome customers like you make our surprise weekend heroics all worth while. ?

      ++dave;

  13. Stuart
    Stuart says:

    This explains a great deal: in particular, why 1Password failed to unlock on my MBP this morning, when (a) I know damn well I haven’t changed anything, and (b) it was working just fine last week.

    Thanks for the detailed info – it’s very much appreciated. Seems like Apple is going out of its way to make the Mac increasingly less desirable as a platform. Damnit. Security versus usability… why do they always seem to be in direct opposition? (rhetorically asks the guy who used to program professionally for a living, and who now works as an IT consluttant…)

    Reply
    • Dave Teare
      Dave Teare says:

      Good morning, Stuart! ?

      I’m sorry for the unexpected surprise you got this weekend. It wasn’t something on our radar, either. ?

      As for Apple and the Mac becoming “increasingly less desirable”, I don’t see it that way at all. Apple has learned a great deal from iOS and is doing their best to bring this new knowledge back to macOS. It’s not an easy thing to do as there are huge differences between the two, so we shouldn’t be surprised about a few bumps along the way.

      Now to be clear, it is a holiday weekend and we haven’t had a chance to talk with Apple yet. It could very well be that we missed something in the manual and are the ones at fault. I simply don’t know. I don’t think this is the case as others are experiencing the same issue, but I certainly don’t plan on blaming Apple here. We’re both on the same side trying to make the world a better place. ✌️

      ++dave;

  14. Aleksandar Katanovic
    Aleksandar Katanovic says:

    I have downloaded the latest version (6.5.5) for Mac, and it works smoothly. What is the latest version for iOS from AppStore? I have noticed that they have different version numbers (5.5.3 in AppStore).

    Reply
    • Dave Teare
      Dave Teare says:

      Good morning, Aleksandar! ☀️

      I’m glad 6.5.5 is working swimmingly for you. That’s great to hear. As for the App Store, it is indeed a different version number but it is basically the same. We simply took the original code that we used to ship 6.5.3, repackaged it, signed with our new developer certificate, and published as 6.5.5.

      We have a new 6.6 version coming out soon and once we publish that everyone will have the same version number again. That will be nice as I too like consistency. ?

      Take care,

      ++dave;

    • Dave Teare
      Dave Teare says:

      Understood! ?

      The funny part is I originally read 5.5.3 as 6.5.3 in your message so it read fine to me. This is why I like computers to verify things for me I guess – they are much better readers than I am ?

      ++dave;

  15. Neil
    Neil says:

    Thanks for the human story behind the bug. We had a couple of people in the office have this problem this morning, it was nice to be able to find not only a solution, but also a relatable explanation. I hope you and your wife finally get that Valentine’s dinner!

    Reply
    • Dave Teare
      Dave Teare says:

      Awesome! Thanks for being so understanding. Like Jeff alluded to in his post, we really do have the best customers in the world. ❤️

      As for Brenda and her Valentine’s Day dinner, I am going to make sure this happens. I’m not sure how I’m going to accomplish that just yet, but I have some ideas. With any luck someone will come up with a better idea than mine as currently my thoughts are revolving around revoking Jeff’s access on each weekend until he does. ?

      Take care,

      ++dave;

  16. Aleksandar Katanovic
    Aleksandar Katanovic says:

    Perhaps little bit unrealed to the problem at hand, but speaking hypothetically, if your server were down, and I could not open my 1Password app on my computer, would I not had access to my passwords due to the present problem (failure of connection)? What should I do to be prepared for such a hypothetical situation, i.e. to have access to my passwords? So far, I have exported my passwords to two files (txt and csv) and compressed them with encryption. Would this be the only available remedy?

    Reply
    • Jeffrey Goldberg
      Jeffrey Goldberg says:

      Excellent question, Aleksandar.

      The bug affected only the launching 1Password for Mac application (and its companion app 1Password mini). The connection failure in this case was between the 1Password browser extension (running in your browser) and 1Password mini (which should have been running on your computer but failed to launch).

      So if you are using a 1Password.com account then even with the failure of the applications on one platform you could get to your data with any of the other apps on other platforms or through the web. But when you sign up on a new platform you may need your secret Account Key as well as your Master Password, so if you haven’t yet saved and printed out a copy of your Emergency Kit please do so now.

      Now in your hypothetical, you also envisioned a scenario in which 1password.com is unavailable for an extended period of time. Data availability is an extremely important part of data security and so it is correct to wonder about these things. Now we make lots of backups and take steps to ensure that 1password.com will always be available, but you need to ask what happens if everyone working for AgileBits is abducted by aliens and taken away to Omicron Persei 8 to be eaten on an Omicronian live TV show. So let’s consider that.

      Most of the 1Password apps make a local copy of your encrypted data, so if you can open any of the apps that you have previously used you will be able to get to your data. (This is not the case for using 1password.com in the web browser.)

      Now if all of the apps (where you have a local cache of your data) and 1password.com suddenly become unlaunchable along with 1password.com becoming unavailable, things get tricky. We try to be open about our data formats so that in principle a third party would be able to create an app that could read your local data. Such a third party app would still need your Master Password and secret Account Key to decrypt the data. But waiting for a third party tool, may not be exactly pleasent.

      So for that kind of scenario, you may wish to have unencrypted backups of your data. Please take a look at some of the suggestions that Hugo made in his comments and my response to that for some ideas about making and storing external backups. It’s hard to recommend a particular backup plan because different people have different sorts of needs, requirements, and resources. I occasionally make unencrypted 1PIF exports to a CD that I put in a safe deposite box.

      As I’ve tried to say in many places, we never want anyone to be locked out of their data. But an incident like 1Password failing to launch raise questions about what if the worst should ever happen. It is an important question, and I hope that I’ve given some useful answers.

  17. Diana
    Diana says:

    Awesome!! This just happened to me, and I came straight here. You guys are so on the ball. Thank you–and your team–for sacrificing your free time to keep us all from flipping out. :)

    Reply
Newer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *