1Password 6.8 for Mac & iOS: The Picnic Edition

It’s been a strange summer here in Syracuse, NY; the beginning of the season was characterized by sub-optimal temperatures punctuated with frequent rainstorms. It’s only recently, a few weeks into July, that the weather has finally made the turn and the mercury is holding steady at a more comfortable level. As we were brainstorming themes for this wonderful release of 1Password 6.8 for both Mac and iOS my good friend Megs said, “Picnics!” and I knew instantly she’d nailed it.

So my friends, get your picnic blanket ready, because we have prepared a basket full of delicious new treats just for you in 1Password 6.8. We hope you’re having a delightful, secure, and scrumptious summer!

TL;DR (Internet speak for ‘Too Long; Didn’t Read’)

• One-time passwords now copy themselves to the clipboard automatically whenever you fill an item that has a one-time password.
• The ability to create vaults has arrived for 1Password.com accounts!
• Item creation and modification dates now appear in the item details on iOS.
• Korean has made a triumphant return!

HOW ABOUT SOME EXTRA SPRINKLES FOR THAT ICE CREAM CONE?


We can’t think of anything better to beat the heat than a nice cold ice-cream in the sunshine … with extra sprinkles, of course. We’d like to think of your one-time passwords as the sprinkles that complete your Login items. Now 1Password automatically copies those one-time passwords when you fill an item with the 1Password Extension, saving you a step and a giving you more time to enjoy that ice cream. Yummy!

We had this feature in beta for quite some time (too long if you ask Rudy, the developer who added this feature 😉) and we’re really excited to have it see the light of day. Given the responses we’ve seen on Twitter so far you all love this one as much as we do. Thank you for all the positive feedback!

YOU CAN NEVER HAVE TOO MANY BASKETS OF GOODIES!


Everyone needs a safe place to store the pie so that no one gets into it before dessert. Now you can create new vaults in your 1Password.com account on the fly and off the cuff right within 1Password itself. No more storing the cherry pie with the cheese, or the cupcakes with the croissants. No matter what your organizational structure – creating new vaults on the go has never been so easy!

The ability to create vaults without having to visit 1Password.com has been one of the most requested features we’ve had and we’re really happy to finally make this feature available. Separating your items out into different vaults gives you a ton of flexibility not only over how you organize your items, but also how you share them. In the Fey household my wife and I share a vault of common logins (bank logins, credit cards, family social security numbers) but we also have a separate vault set up explicitly for estate planning. This vault contains all the information our executor needs in case the worst happens to the both of us. The peace of mind that comes with this setup is absolutely invaluable.

YOU’LL ALWAYS KNOW HOW FRESH YOUR ITEMS ARE.

A great sandwich is a staple at every picnic, but a truly great sandwich is only as good as the ingredients.
The same can be said for your security and an aging password is not a fresh part of your ecosystem.
With this latest update to 1Password for iOS, you’ll always know how fresh your items are by checking the dates your items were created and edited are right there at the bottom of the item details.

KOREAN LANGUAGE IS BACK! KOREAN BBQ, ANYONE?


맛있는 고기구이를 준비하고 사랑하는 이들과 함께 즐겨보시는 것은 어떨까요? 드디어 1Password에서 한국어를 지원하게 되었으니까요! 우리 멋진 한국어 번역자들이 아니었다면 불가능했을 겁니다. 정말 감사드립니다!
소중한 한국어 구사 고객들을 위해 1Password를 완벽하게 준비해두었답니다. 저희는 완벽주의자니까요. 이렇게 언어가 아름답게 돌아오게 된 것을 정말 자랑스럽게 생각하고 있습니다.

FULL RELEASE NOTES

1Password for iOS
You can find the full release notes here.

1Password for Mac
Our Mac release notes can be seen here.

YOUR FAVORITES?

I’d love to hear your favorite feature in this release. Sound off in the comments!

75 replies
Newer Comments »
  1. Nate
    Nate says:

    At the risk of hurting someone’s feelings at Agilebits, but as a long-time user going back to the early days of the product, I for one am getting completely confused and frustrated by the overly cutesy direction being taken by the announcements accompanying updates and product development.

    And this one is really the limit! All of the analogies to attending a picnic and eating or storing foods and desserts tells me just about little or nothing about what the update is about. Most of it is lala gibberish to me!

    Just one example – Sorry for my ignorance, but what the heck is a “one-time password” and where in this nursery book story is there anything telling me what it is or when I might want to employ it?

    Another example – Luckily, I just learned from another active thread here what “1Password.com accounts” are, but otherwise I would be scratching my head here about that too. No explanation for users who don’t read these discussions or just tuned in! Had I not just a few days ago read the thread on that subject, I would be totally baffled on what that was. Is that wise? How does that help the average user to know anything about where 1Password is going or how the update will be helpful to them?

    I’m sorry to say that, in my humble opinion, this “basket full of delicious new treats” is way too long on silly ornament and way, way too short on informing us of what this update contains and does for us users.

    For the benefit of the overwhelming majority of 1Password users who just want to know what preferred updates will do, can you please be more informative and less fanciful?

    Thank you.

    Reply
    • Michael Fey
      Michael Fey says:

      Hey there Nate,

      Thanks for the feedback! No worries about hurting anyone’s feelings, we’re always open to kind, thoughtful criticism. It’s a fine line we walk between being informative and being entertaining – and I am firm believer that it’s possible to be both. In this case, however, it appears we missed the mark for you. If you ever want to just skip past all the pomp and circumstance you can always find a straightforward list of changes for each product here: https://app-updates.agilebits.com

      Let me see if I can clear a few things up.

      One-time passwords are a form of two-factor verification supported by some sites that gives you an extra level of protection against an intruder getting into your accounts. The way it works is this: You sign into an account with your username and password, but before being allowed in you are asked for a one-time password. This password is generated by 1Password afresh every 30 seconds. Once you’ve supplied this one-time password and it’s been verified you are given access to your account. You can read more about one-time passwords on Wikipedia here: https://en.wikipedia.org/wiki/One-time_password

      You can also see a huge list of websites that support one-time passwords here: https://twofactorauth.org

      1Password.com accounts are, as you’ve now seen, a relatively new product for us. Every account includes simple, automatic syncing among all your devices; incredibly easy setup for new devices; included versions of 1Password on all of our platforms (Mac, Windows, iOS & Android); free upgrades to 1Password for as long as your subscription is in good standing; and automatic online backups.

      It truly is the best way to use 1Password today. You can start a 30-day trial of a new account here: https://1password.com/extlink/1password-signup/

      I hope this helps, but if there’s anything else you’d like me to clear up, please don’t hesitate to ask.

      All the best,
      Michael Fey

    • Steve
      Steve says:

      I respectfully disagree Nate. While there is a bit more fluff than necessary in this particular article, I generally appreciate the light tone of these posts which makes learning about the updates a more enjoyable read. Please don’t automatically assume that your opinion is shared by the overwhelming majority of users.

    • Michael Fey
      Michael Fey says:

      Good morning, Steve. Thanks so much for the kind words. Truth be told, the vast majority of the feedback we receive for our release notes is positive. It’s also one of my favorite parts of the release process, so I don’t see us changing away from this style any time soon. However, I really appreciate feedback like Nate’s because it serves as a constant reminder not to go too far off the deep end when we’re working on the next version.

    • Long Time User
      Long Time User says:

      I agree with Nate’s critique but I think it goes a little overboard.

      I hope 1Password can strike the right balance between being boring and technically detailed (what I want in a Password Vault) and fun so that the people developing the software that I depend on don’t get bored.

      The main thing I need is clear information about how the release will affect me and I’m nervous that AgileBits is being driven by marketing goals more than security goals lately.

    • Michael Fey
      Michael Fey says:

      Hi again Long Time User. :) Thanks for your input here. We will continue to strive towards a good balance between informative and entertaining. One thing I can absolutely guarantee is that we always have and always will put security first. Security isn’t an after thought here, it’s the basis upon which we make all our decisions. The bonus for us, of course, is that good security makes for good marketing. If there’s anything in particular you need clarification on please don’t hesitate to ask.

    • Kate Sebald
      Kate Sebald says:

      Hey Vince! We do tend to have a bit more fun with things on the blog. As Michael said before, we want to let y’all know what’s new, but we also enjoy the opportunity to entertain a bit more than was can in a simple change log. Of course, if you’re after just the facts, you can always find them in the release notes (Mac) (iOS). Scroll down to the orange NEW tag and you’ll find a simple list of changes waiting for you.🙂

    • Gre
      Gre says:

      Could not agree more. We’re a family subscriber and have been using the product happily for many years. PLEASE save the cuteness and confusion and just let us know what the enhancements are! Thank you!
      The Fishers

    • Kate Sebald
      Kate Sebald says:

      Hey Greg! While I totally understand wanting to get to the meat of things, these blog posts are more than a simple list of new features. You can find that in the release notes starting with the orange new tag. These blog posts are meant to go beyond those release notes. They put a human face on what we do here at AgileBits and (hopefully) allow us to connect with some of our customers. Of course, some folks just want to skim what’s new, decide if any of these features interest them and move on. That’s totally fine and the release notes are great for that. But the blog provides an opportunity for us to share a bit of who we are and most of us are at least a bit cutesy. 🙂

      We put a premium on personal interactions here at AgileBits, both in our blogs and newsletters as well as in our support forum and e-mail replies. These conversations put a human face on AgileBits and allow our customers to really get to know the cutesy, nerdy and goofy folks that make 1Password. This is an invaluable tool for us as it can often create a special sort of rapport with our customers. I know that I have a handful of customers who will reply to old e-mails with new issues just to make sure they get to me, because they know me and are comfortable working with me. I’m sure my teammates have had similar experiences. I love these conversations because they give us the opportunity to get a full understanding of your needs (including the need for an update announcement without any fluff). This way, we can adjust what we’re doing to fit those needs, or at least point you in the right direction to find what you’re looking for. 👍

      Analogies, pop culture references, and stories with a friendly cast of 1Password characters are part of who we are. That’s not going to change, but we can still take some lessons from y’all’s feedback. We should definitely include an update link with these posts. We already include a link to the release notes, but perhaps that should be included with the TL;DR for folks who just want to skim through a list of changes while on the go. We’re not going to change who we are, but we do appreciate your feedback! We’ll do our best to take it to heart and incorporate some “just the facts” without losing ourselves in the process. 🙂

    • Oz Crosby
      Oz Crosby says:

      I am a long-time user also. I agree with Nate about all the fluff getting in the way of what is new and how we use it. For example, i was REALLY interested in how to use one password for estate planning, but was left wit nothing in the way of how to execute. Do we leave a code with our lawyer or children? Where is the file stored. Love the product, especially being able to use my fingerprint for ID. Now even the most trivial websites have complex passwords.
      Oz

    • Kate Sebald
      Kate Sebald says:

      Hey Oz! While we’ve included the occasional How-to on the blog, you’re absolutely right that the blog probably isn’t a great reference for this sort of stuff. These posts are usually focused on particular points of interest while general information is better found on our support site or in the forum. That said, I’ve answered this question many times and would be happy to save you a search. 🙂

      The best way to ensure your family or attorney is able to access your vault should the need arise will be different based upon how you use 1Password. If you have a 1Password membership, you can print a copy of your Emergency Kit and note your Master Password in the space provided. Either give this to your attorney or a trust family member or keep it somewhere safe they can access in an emergency like a safety deposit box. This will give them the information needed to access your account from a browser on any computer, if they need to.

      If you have a standalone vault, this process is a bit different. Since your data is stored either locally or on Dropbox, the simplest way for an authorized person to access your vault would be on your own devices. Otherwise, they’d need to install 1Password themselves and sync up with your vault, which can be a bit of a complicated process to handle in emergency circumstances. To ensure they can access your vault, write down or print your Master Password and the password for your computer/device (if any) on a piece of paper. As with your Emergency Kit in the above example, either give a copy to those who need it or keep it in a safe place accessible in an emergency. Depending on who was taking on this responsibility for me, I’d potentially include a brief explanation of accessing my vault as well. My mom could probably handle it, but my dad may be a different story. 😉

      I hope this helps answer your question and remember, you can always contact us with any questions you may have in the future. 🙂

    • Janet Mamane
      Janet Mamane says:

      We all have so many emails that we receive daily, I do agree with Nate to a degree. I prefer more detailed info on how to use the updates rather than reading all of the unnecessary info that has no relevance at all. I want to get to the heart of the update and try it out to be sure I understand it. However, I must say 1Password is the most important software I use and appreciate the developers achievements. They rock!!!! Now, I gotta try this out. Wish me luck!

    • Kate Sebald
      Kate Sebald says:

      Thanks for the love, Janet!❤️ I’m glad you value 1Password so highly! I’ll be sure to pass your praise along to the development team. 🙂

      It sounds like you may be taking a leaf out of my book this time around. I usually play with things to figure them out rather than reading the manual, so to speak. Perhaps not the most efficient method, but updates are like getting new toys! I don’t want to wait to try them out. 😉

      For future reference, you can always find the release notes here (Mac, iOS) even when we don’t publish a blog post to go along with an update. Feel free to check them out and enjoy playing around with your new toys. I hope you love them and, if you have any questions along the way, we’re here for you! 🙂

  2. walter
    walter says:

    Does the “modified time stamp” change when I edit the domain address or other unimportant fields. Or only when I change the password?

    Reply
    • Michael Fey
      Michael Fey says:

      Hiya Walter!

      Any time you make a change to any part of an item its modified time stamp will be reset.

      Thanks for the question!

      All the best,
      Michael Fey

  3. Volker
    Volker says:

    Thanks Nate for your good question and Michael for your answer. I still don’t understand how I can make one-time Passwords with 1Password? Does it replace Apps like Authy? Thanks for your help!

    Volker from Germany

    Reply
    • Michael Fey
      Michael Fey says:

      Good morning, Volker! That’s a great followup question. Happily we have an excellent support article and video that should answer this question for you perfectly. You can find it here: https://support.1password.com/one-time-passwords/

      You can indeed use 1Password instead of an app like Authy for this functionality. Let me know if that covers it or if there’s anything else you’d like to know.

    • Volker
      Volker says:

      Thank you, Michael! Thas exactly what I needed, no more need for Authy (nothing against it, but one App less to care about). How long is the one-time Password feature there?

    • Michael Fey
      Michael Fey says:

      So glad that’s what you were looking for. We’ve actually had one-time password support in 1Password since January of 2015. I can’t believe it’s been over two years since we added that feature. Wow.

    • Volker
      Volker says:

      And I can’t believe how long I missed that! I’m a looong time user and since a few weeks 1Password Member and usually up to date…

    • Michael Fey
      Michael Fey says:

      Good morning, Martin! Thanks so much for the kind words – I’m glad to hear you’re enjoying this feature. While I can’t comment on future releases I will ping Michael Verde, our Android team lead, and make sure he’s aware of how much folks would love to see this feature there. 😃

  4. Long Time User
    Long Time User says:

    I’ve been following all the controversy over requiring 1Password users to create and maintain 1Password.com accounts. I’m afraid to update because I can’t figure out if I will be required to create a 1Password.com account. I get why you guys are trying to move to a subscription model but it’s a really bad direction for me personally and I definitely DO NOT want to be forced into maintaining and account for a variety of reasons that I won’t get into (unless you want to rehash that topic here? ..I’m guessing you don’t.). Can you please tell me if I will get to keep my no-account status if I install this update?

    Reply
    • Michael Fey
      Michael Fey says:

      Hey there Long Time User, thanks for the comment. If you are using 1Password with a standalone license now, you can continue to do so with this update – no 1Password.com account required. Have a good one!

    • Hanna
      Hanna says:

      Thank you for asking this question – I was reading through the comments with exactly this question in mind. And thank you Michael Fey for your answer, and for Agilebits being willing to continue to support us standalone users.

    • Kate Sebald
      Kate Sebald says:

      Hey Hanna! On behalf of Michael and the whole team here at AgileBits, you’re most welcome. Offering two ways to use 1Password can be confusing at times, but we know you use 1Password to safeguard some pretty important stuff and that having a choice in how to protect that data is as important as the data itself. Rest assured, standalone vaults haven’t gone anywhere. You have our support (technical and otherwise) no matter where you store your vaults. ❤️ 🙂

  5. Rena
    Rena says:

    Hi. If I upgrade my non-account-dependent version of 1Password to this release, will be forced into to creating a 1Password.com account or not?

    (I posted yesterday or the day before but my comment is still not here and I haven’t gotten a reply to the email I sent either)

    Reply
    • Michael Fey
      Michael Fey says:

      Good morning Rena! No, you will not be forced into an account. If you paid for the standalone version of 1Password you can continue to use that license with this update. Thanks for the question!

    • Kate Sebald
      Kate Sebald says:

      Oh no, David! I just looked through our ticketing system and our support forum for an inquiry from you, but I wasn’t able to find one so I went ahead and sent you a message to e-mail address associated with this comment. I’m so sorry we didn’t get back to you quick, but from here on out, consider me your personal 1Password assistant. If you have questions, just reply to my message and I’ll find you answers. 🙂

    • Colin Melville
      Colin Melville says:

      Couldn’t disagree with you more David. I find each time I have a question, and I’ve had plenty, 1Password are back to me in a flash and resolve my issue each and every time. The most recent occasion they sent an email straight back stating it could take longer than normal as they were experiencing a high volume of emails. It did take longer, instead of the usual 5 minute response it took them 10 minutes to solve my problem and in detail!! I love this company, seems you have just been unlucky. Best wishes, Colin

    • Kate Sebald
      Kate Sebald says:

      Thanks for the love, Colin! We do try really hard to get back to folks in a flash, but there’s an ebb and flow to the e-mails hitting our inboxes so I don’t doubt that we’re a bit less speedy at times. We may not be as fast as the robots, but we’re always working hard to make sure each of you gets the attention and support you deserve.❤️ We’ll do our best to continue to deliver lightning fast support and, until we’ve perfected our cybernetic troubleshooting enhancements, I hope you’ll be able to forgive the occasional slight delay.😉

  6. Fred
    Fred says:

    I agree with Nate. I am a long time 1Password user and started using PC’s in 1982. But at age 80, I am no longer keeping up with all the jargon and updates, nor do I really want to change established routines. I just need to know whether the latest update will be useful to me and how to use it.

    Reply
    • Kate Sebald
      Kate Sebald says:

      I completely understand, Fred! I’m only 30 and I still can’t keep up with every change on every platform. When I’m looking for a quick reference for recent changes, the release notes are a great resource. You can find iOS here and Mac here, including a no frills list of changes starting at the orange NEW tag. If you see something that interests you, you can search our support site for help using them or reach out to our support team, if you’d like. We’re always happy to lend a hand. 🙂

  7. Randy
    Randy says:

    I use the simplest features of 1Password-save my passwords . I am not a techie . How do I find out if I am a license user? And what does this mean-what are the implications? How can I find out what Agile is? And where can I get very simple instructions on features and additional use of 1Password?

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Randy! I stuck to the basics myself for the longest time and I love that 1Password is exactly as complex or as simple as you’d like it to be. There are still a handful of features I don’t use much outside of work and when I’m not using them, they stay nicely tucked away until I need them.

      How do I find out if I am a license user? And what does this mean-what are the implications?

      As for determining whether you have a license or a 1Password membership, you can tell by how you pay. If you pay monthly or annually for 1Password, you have a 1Password membership. If you paid a one-time fee for 1Password, you have a license. If you’re only using 1Password to save your passwords, you’ll primarily notice a difference in how you sync your passwords between devices. If you have a license, you’ll keep your passwords up-to-date across devices using a third-party sync service such as Dropbox or iCloud. If you have a 1Password membership, we take care of syncing for you so you won’t have to set up syncing at all. Just download the 1Password app on a new device, sign in an everything syncs up automatically. If you’re still not sure whether you have a license or a membership, go ahead and contact us. We can help you figure it out and would be happy to answer any questions you may have about the differences between licenses and 1Password memberships.

      How can I find out what Agile is?

      AgileBits is the company that creates 1Password and all of the people who work to make it great. You can check out our company page to see all the Happy 1Password Makers that keep 1Password running.

      And where can I get very simple instructions on features and additional use of 1Password?

      The best place to learn more about 1Password is on our support site. A good starting place is our “Get to Know …” articles for 1Password.com, Mac, Windows, iOS, and Android. Each article also includes links at the bottom to learn more, plus our support team is always happy to answer any questions you might have. 🙂

  8. Michael
    Michael says:

    I’ve been a 1password since the first version came out. This 1password.com and 6.8 update situation has caused me nothing but grief. My master password was no longer recognized on any of my devices and were if not for the fingerprint ID being activated on my iPad pro I would have lost all access to my passwords :-( Contacting customer support yielded only a “sorry we’re really busy” response (did finally get a response requesting more information days later) so my only alternative was to spend yet more money for a 1password.com account to be able to access my passwords on my other device.
    Even after buying a membership I still was unable to sync my information from one device to another, had to transfer manually which also resulted in double entries on the device using the 1password app :-(

    Reply
    • Kate Sebald
      Kate Sebald says:

      I’m so sorry to hear that, Michael! I see that one of my teammates has replied to your e-mail so I’ve added a link to your comment to that ticket so the team knows what has changed for you. We want the decision to switch to a 1Password membership to be something you choose, not something you’re forced into, so we’d be more than happy to help you get back to using your standalone license again if you’re not interested in making the switch. 🙂

      We do tend to get a bit busy sometimes, especially around the time updates are released, but we still strive for a quick turnaround on support requests and I’m really sorry we fell short here. Thanks for letting us know what happened and we’ll be sure to get things sorted out for you.❤️

    • Kate Sebald
      Kate Sebald says:

      Hey Peggy! You can find information about updating 1Password (and keeping it up to date) here. If you’re not using 1Password 6 just yet and are looking to upgrade, or you have any questions along the way, reach out to our support team. We’re here to help!❤️ 🙂

  9. Robin
    Robin says:

    Perhaps there is another way to do this, but my biggest frustration is being unable to share 1 password logins via text or email in an encrypted manner.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Robin! You’re right that you cannot share encrypted logins via text or e-mail, but you can share items securely with a 1Password Family account. If you have a login you’d like to share with a family member, you can move it to a shared vault they can access. As a bonus, this login item will update for both of you whenever you make a change so neither of you will ever be stuck with an outdated password.

      Want to share a password with a friend while they’re visiting or share the password for your WiFi with your babysitter? Maybe you want to share the code to deactivate your security system with your house sitter while you’re away. With a 1Password Family account, you can add anyone you’d like to your account as a guest and share items with them securely. When they no longer need access to these items, you can remove their guest access and update those items as needed.

      I love my 1Password Family account in large part because it makes sharing my unique, complex passwords with folks who need them so much easier and more secure. Never again will I need to shout the WiFi password I have written down to my parents in the living room, because they already have it in our handy shared vault. If you don’t already have a 1Password Family membership, give it a try free for 30 days and see what you think!🙂

    • Robin
      Robin says:

      We have already spent a significant amount of money purchasing the 1Password software for Macs, PC’s, iPhones and iPads. So, I can’t justify spending an additional $60 each year for a family account. :(

    • Kate Sebald
      Kate Sebald says:

      That’s totally understandable, Robin! We all have a budget we need to stick to.🙂 I’ll pass along your feedback about secure sharing to the team. I can’t promise we’ll be able add any new sharing features for standalone vaults, but since we’re working on planning for 1Password 7 right now, it’s a great time to share your thoughts and play a role in planning for the future.❤️ 🙂

  10. EdH
    EdH says:

    Thanks for the update. Any chance you could spend some time working on the performance?

    It shouldn’t take 2-3 seconds every time to unlock the vault on an i7 Mac. I’m a long time customer, but find myself using Chrome passwords more and more just because of the delays.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Ed! Thanks for letting us know! That actually sounds like something is amiss as I wouldn’t expect 1Password to take that long to unlock. I’m going to shoot you an e-mail from our support system with some instructions to send me some additional information so we can take a look.🙂

  11. Bruce Smith
    Bruce Smith says:

    I’d love to see features that address border crossings and police searches. I have nothing to hide, but the thought of being forced to unlock my phone and let a stranger into every login, credit card, and bank account I own makes me cringe. I love the ability to unlock 1P on my phone with my fingerprint, but I understand that fingerprints aren’t considered private and police can force you to unlock your phone using a fingerprint without a warrant, but not a keyed in code (except at border crossings where they can make you key in a password. I don’t want to type my long unlock passphrase every time on my phone, so perhaps a combination of fingerprint and a short PIN to unlock the mobile version? And most of all I’d love to see a self-destruct code/PIN that will wipe 1P from a mobile device if entered!!!

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Bruce! It looks like we read your mind! We actually wanted to address this concern too, which is why we built Travel Mode. Travel Mode is available to everyone with a 1Password membership and takes advantage of the power of 1Password.com to remove vaults you want to keep private while traveling from your devices. You can check out the blog post linked above to learn more about Travel Mode and then head on over to this article on our support site to learn how to use it. Our goal is for Travel Mode to help you feel comfortable cooperating with law enforcement without compromising any sensitive data. If don’t already have a 1Password membership and want to take Travel Mode for a spin, they’re free for 30 days so go ahead and give it a try! 🙂

  12. Bill Gronke
    Bill Gronke says:

    Hi everyone,
    Just wanted to say that I pretty much agree with Nate. I think the reason for his remarks are pretty much akin to your attorney joking around at every step at the closing of your home purchase. Because 1Password is a critical part of my computer life, the upgrades are very important. If you want to joke around and show me pictures of your summer vacation, send me a separate e-mail. But trust me when I am looking at update information that you say is important and there is a lot of, I am not interested in laughter and joking around.

    To the person that is having trouble communicating with you; I found that to be unusual. Over the years I have found communication with you easy and who ever responded was professional and knowledgable.

    To all the people that responded, you all seem like great people, just the type of people who would love 1Password as I do. Love your input.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Bill! I know I’ll definitely have a bit of a different perspective from you here as I was actually the one joking around at my home closing. I felt like I was sitting there signing over my first born for my small slice of the American Dream and perhaps the poor attempts at humor helped to set my mind at ease.

      Of course, I still understand the need to put on my serious face when talking to folks about 1Password. After all, that home loan I signed over my first born for won’t get paid without 1Password and if 1Password ever breaks so does a good chunk of my life. Although we do have fun with sharing news and updates, we are deadly serious about security and support. I’ll sometimes crack a joke to lighten the mood when helping a customer resolve a problem, but I’ll never let levity get in the way of getting 1Password working again. I’m keenly aware of the disruption that can cause.

      With these blog posts about updates, we get the opportunity to dig a bit deeper into the updates and share a bit of ourselves with our customers. Just like I want to get to know my attorney as that helps build trust, many of our customers like to get to know those of us who build and support 1Password. Of course, that’s not the case for everybody, so you can always consult the release notes (Mac, iOS) for a list of changes without any pomp and circumstance. Just scroll down to the orange new tag and there you’ll find a neat and tidy list of everything new, improved and fixed.

      As I mentioned in prior replies, these posts are very much reflective of who we are as individuals and as a company. We’re real people lucky enough to build and support an app we love. While we’re extremely serious about building 1Password and ensuring it keeps your important data safe and secure, we like to share that love and a bit of ourselves when given the chance. We hope that we do get a chance to joke around with our customers and get to know y’all a bit better, but the proper venue for that will be different for each of you and we get that. We’ll take some lessons from these conversations and incorporate those into future posts. I wouldn’t expect the personal touches to go away, but we can still adjust to allow you to choose your own adventure (or choose to just look over the release notes themselves) without losing the personality you see in these blog posts. Thanks for sharing your thoughts and for trusting 1Password to take care of so much of your digital life. Although we do love a good Star Wars reference, I promise we take that responsibility very seriously each and every day.❤️ 🙂

  13. Mike Minh
    Mike Minh says:

    I’m afraid the One-time-password (OTP) stuff is less than clear, and, sorry to say, the linked 1P knowledge-DB article makes it even more confusing. The whole concept is so wildly unclear that I bet many users can’t be bothered to give it a try.

    To start with, how can 1P be the generator of OTPs, surely these must come from the system I want to log into. No? These little key fobs we have for some banking or corporate IT systems generate OTPs, or not? How can then 1P store them, sounds very much like a useless concept as the very nature of OTP is to be used for exactly one single time.

    In the linked article you somehow generate a QR code (containing what?), but its not scanned but somehow posted somewhere. Sounds all a bit weird to be honest. Why would I generate such a code, then simply store it elsewhere. Where is the 2nd factor (something I know, something I have) in this scenario?

    Sorry AgileBit team, I think on this one you are ahead of yourselves and lost many of us in the first 2 minutes.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Mike! Time-based one-time passwords (or TOTP as we often say) were pretty new to me too not terribly long ago, and they can be pretty confusing. I’ll do my best to explain a little better, address your questions, and throw in some useful links if you’d like to learn more. 🙂

      how can 1P be the generator of OTPs, surely these must come from the system I want to log into. How can then 1P store them, sounds very much like a useless concept as the very nature of OTP is to be used for exactly one single time.

      You’re right that they come from the system you want to log into, in a way. This question really ties into your point about that QR code. That QR code is actually just an easier way to share a secret generated by the site you’re setting up TOTP for. This secret is used by the site’s login system and 1Password to calculate your TOTP codes. Once this secret is exchanged, no network connection is needed to calculate these codes and both 1Password and the site you’re logging into generate them independently. I’ll illustrate with an example.

      When you set up TOTP for say, Dropbox, and scan the QR code with 1Password, you’re storing the TOTP secret, not the TOTP code itself. The code is generated, not stored. What happens is that both Dropbox’s login system and 1Password use that TOTP secret they exchanged during setup and the current time to calculate a TOTP code. Since they’re using the same secret and the same time of day to do their calculations, they’ll each generate the same code, even though they’re not talking to each other. This allows Dropbox to confirm that you are in possession of the device with the proper secret by seeing if the codes match. If they do, it lets you into your account. If you’d like to learn a bit more about how this works, we’ve published a blog that discusses how TOTP works in more detail here.

      These little key fobs we have for some banking or corporate IT systems generate OTPs, or not?

      These key fobs are another way of generating a TOTP code and, for sites or accounts where you are required to have a true second factor, these key fobs are a great bet. After all, you can’t possibly store your password or visit the site on your key fob. They have one purpose and one purpose only and that’s to generate TOTP codes. Of course, not every site that offers TOTP also offers one of these key fobs, which is where 1Password can help you out. In some cases, you may even be able to use 1Password instead of that key fob, but that would mean your TOTP is no longer a true second factor, which I’ll talk about a bit more in a bit.

      Where is the 2nd factor (something I know, something I have) in this scenario?

      As our Chief Defender Against the Dark Arts, Jeff Goldberg, discusses in this blog post TOTP secrets stored in 1Password aren’t a true “second factor.” In order be a real second factor, they would need to be stored separately from your password and not be available on the device you access the account from. For this reason, many sites will often refer to TOTP as “two-step verification” instead of “two-factor verification.” If the site gives you a choice in how to store your TOTP secret and what apps or devices to use to generate your TOTP codes, there’s no guarantee you’ll end up with a true second factor.

      That said, TOTP still has security benefits even when not used as a true second factor, as Jeff discussed in more detail in the post above. For example, they can be particularly useful if you find yourself having to use an untrusted network. Since these codes are only used once, they can protect an account from being accessed even if your password itself is compromised. The attacker who scraped your password from an unprotected connection will have an old TOTP code that can never be used again and therefore won’t be able to access your account.

      I hope this helped clear up any confusion about TOTP and that it wasn’t a bit more than you bargained for. If you have additional questions about TOTP, ask away. I’m always happy to talk more about it and, if I don’t have a good answer for you, I’m sure I can hunt down someone who does. 🙂

    • Janet
      Janet says:

      Thank you, Mike Minh. I have read and reread their instructions and watched the video which I do understand. But I am very concerned that if I let 1Password do this for me, then I might lose my ability to log in to those accounts directly which require a second authentication. I do not want to risk that loss as they are very important and that’s why they require a second authentication, right? I am going to wait until others test this and see what happens. There is one person who had major problems using this who messaged above so ….

    • Kate Sebald
      Kate Sebald says:

      Hey Janet! I hope my reply to Mike also helped you understand this feature a bit better and helps you figure out if using 1Password to generate your TOTP codes is the best choice for you. TOTP functionality in 1Password has been around for some time, so it has been pretty well-tested, but the feature to allow the code to auto-copy to the clipboard is new and should make TOTP much easier to use in 1Password.

      Specifically regarding losing access to an account using TOTP, most sites will provide you with several recovery codes in case you don’t have access to the app that generates your TOTP codes. Since TOTP relies on an app to generate these codes (whether you choose to use 1Password or something else), there is a risk that you’ll lose the device that generates the codes and allows you to log in. With 1Password, I hope that having the ability to access these codes on multiple devices helps to mitigate this risk, but if the worst happens, you have these recovery codes to access the account. Keep them somewhere safe and you’ll always be able to recover access to your accounts, even if you lose access to 1Password. 🙂

      I hope this helps you feel a bit better about using TOTP, but ultimately it’s up to you. We want you to feel comfortable with how you use 1Password. If you have any additional questions, feel free to let me know. I’m happy to do what I can to set your mind at ease. 🙂

  14. Harold A. Hartman
    Harold A. Hartman says:

    Second try at posting comment/query:
    When a site requires password entry twice, 1Password enters it only once. Attempts to fill the second space via copy/paste doesn’t work, either.

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Harold! I’m sorry you’ve been having some difficulties posting your comment. We do moderate them all to combat spam, so you may have my slow typing to blame for not seeing your comment right away. Sorry! I keep asking our founders to buy me robot fingers, but they keep telling me they’re not invented yet so I guess I’ll have to wait a few decades.😉

      As for your filling issue, the extension will currently only fill one username and one password when filling login items though we are exploring what we can do to fill even more. In this case, if copying and pasting the password doesn’t work either, it sounds like this particular site might be purposefully preventing any method of filling this second password other than typing it. Some sites will do things like that to combat bots, but I think it also has the (perhaps unintended) effect of causing folks to use simpler passwords. After all, typing out a long, complicated, super-secure password is a big pain, which is one reason the 1Password extension is so awesome. That said, if share the site you’re having this problem with, our extension team can take a look and get back with you if they’re able to find a workaround. Feel free to e-mail us if you don’t want to share the website publicly. We’ll take a gander and let you know what we find out.🙂

  15. Jim Babcock
    Jim Babcock says:

    Great discussion…but Alas I learned little. I still do not understand TOTP! I have about 130 sites under 1PW…..none require it. (note…I trashed Dropbox after 1password.com came out. No more syncing…thank goodness!
    One credit card site I use has some sort of 2-step….whatever. I store my iPhone # within them. When I login they ask me to choose either email or text to get my 6 digit one time code to continue the login phase.
    Now,,, what is that called?

    I hope to never be confronted with that TOTP requirement in th future. I do not understand it…even after reading the blog that attempts to explain it.

    Still a little confused….Jim B
    PS I am using 1password.com under a some ail setup offered by Dave last Feb or so…..will you automatically tell me when I need to pay the yearly fee?
    fee?

    Reply
    • Kate Sebald
      Kate Sebald says:

      Hey Jim! TOTP is actually similar to what your credit card company has you do with your phone. They are both a form of “two-step verification.” You take an extra step when logging in by entering the 6-digit code you’re sent, which would prevent someone who had your password (but not your phone) from logging into your account. Just so with TOTP. You take the extra step of entering a generated one-time password so that someone who has your password (but not access to your 1Password account) wouldn’t be able to log in. It’s up to you whether you’d like to use TOTP, of course, but if you do run into a site that requires it, we’d be happy to lend a hand in setting up if you’d like. 🙂

      Regarding your extended 1Password trial, I took a quick peek at our records and since you haven’t set up billing yet, you will get an e-mail when your trial is almost over that will tell you when it will end. If you add a credit card now, you won’t get an e-mail warning, so if you want to make sure you know the exact date you’ll be charged, I’d wait until you get that e-mail and set up billing then.🙂

Newer Comments »

Leave a Reply

Want to join the discussion?
Feel free to contribute!

Leave a Reply

Your email address will not be published. Required fields are marked *