More than just passwords header

Secure all the things in Secure Notes

The more I use 1Password, the more uses I think of for it. Of course, all my usernames and passwords are stored in the app, and I can’t tell you how much I love signing in to an iOS app that has enabled the 1Password app extension. It’s downright magical. If that’s all 1Password ever did for me, I’d be more than satisfied. But as 1Password has grown and developed, it’s given me so many wonderful options for keeping all kinds of data secure and sorted. For a girl who loves organization, it’s a dream come true!

One of my favourite improvements to 1Password is the Secure Notes category. With custom fields (and custom icons!), I’ve got my very own customizable database for any type of information I want to keep secure yet easily available. I want to share with you just how awesome this category can be, so here are a few of my favourite uses for Secure Notes.

Family medical history

Secure Notes: Medical info

Do you remember your complete medical history? How about your partner’s, your child’s, or your pet’s? I store information about each family member’s allergies, prescriptions, previous surgeries and other important details in a Secure Note shared in my family vault. Custom fields help me keep all the details nicely sorted, and the custom icons make these entries easy to recognize! I hope it’s never necessary, but it’s great to know that it’s available there, just in case.


Secure Notes: Taxes

Thankfully, we only have to deal with taxes once a year. But that infrequency can lead to a lot of forgetfulness. There are all sorts of identifying numbers associated with filing taxes, even more if I want to file online. In years past, I have had to dig through my not-so-awesome paper filing system to locate all those details. Now I’m building a Secure Note with all my tax information, including a list of charitable donations and other relevant deductions I know I’ll want to remember. I can even attach PDFs of previous tax returns and necessary forms for reference. I’m dreading tax season less already!

Insurance Policies

While we’re talking about fun stuff, do you know your insurance policy details? Whether it’s for your home, car or health, this is the sort of information that you don’t really need—until it’s really, really necessary. In my mind, this is exactly what the Secure Notes category in 1Password was designed for. Knowing that this data is secure and available when I need it gives me a whole lot of peace of mind.

Hardware database

Secure Notes: Hardware

It’s the age of technology, and we all have a wonderful collection of gadgets and gizmos to help us do our jobs and entertain us throughout the day. And each of those gadgets comes with warranty information, user guides and an array of important details. If that information gets stored in my “filing cabinet” (ok, it’s just a box with a bunch of loose papers at this point) it may as well go in the recycling bin. Now 1Password is my go-to database for all my hardware information from cameras and iDevices to game consoles and home appliances. Very neat and tidy.

Where is that thing?

I work with some really smart people. A while back, Mitch shared an awesome idea for Secure Notes. In his blog post, he talks about training 1Password to remember where you’ve stored physical things that are hardest to find when you need them, like a passport or winter gloves. I’m still geeking out over it!

I’m amazed by how powerful custom fields have made the Secure Notes category. I use them so much that I could probably talk to you about them all day. But I’d rather hear from you. Have you used this feature to simplify your life? Please share your story in the comments.

Security header

How 1Password for Teams protects your secrets

Since this is my first AgileBits byline, allow me to introduce myself. Last month, I joined the awesome security team here at AgileBits. I’m super excited to work with Jeffrey Goldberg, our Chief Defender Against the Dark Arts, and Jessy Irwin, our resident Security Evangelist. I aim to review product security and keep bad things from happening to good people. In addition, I write readable things: I’ve got a number of blog posts on deck that I look forward to sharing with you fine folks.

With pleasantries exchanged, let’s talk about 1Password for Teams, and about how your privacy and the security of your data are of the utmost importance to us. We are able to offer the great new features of 1Password for Teams by providing it as a service. If you are using 1Password but don’t have a 1Password for Teams account, your existing vaults remain unchanged, whether you sync them using Wi-FI, Dropbox or iCloud. While we have made some significant changes to how your data is stored in 1Password for Teams, our commitment to security and privacy has not changed.

How 1Password for Teams keeps your data safe

When we set out to build 1Password for Teams, our first concern was that our cryptography and security be absolutely top notch. I mention them both because they work hand in hand to keep your data secure. We opted for security that is enforced by cryptography instead of software or personnel policy.

Cryptography is what makes your data completely worthless to hackers. It is our cryptography that ensures that even if someone were to hack into our servers they would be able to access nothing more than a bunch of random numbers.

Security is what ensures that there are no back doors or vulnerabilities in the code. Security has to do with the assurance that certain policies are enforced by the operating system. Specifically, that there are no workarounds or back doors into our servers.

Private by Design

We take the “privacy by design” approach because we believe that we can best protect your secrets by not knowing them. It is impossible to lose, use or abuse data one doesn’t possess. Therefore, we designed systems that reduce the amount of sensitive user data we can access or acquire.

Triple-Layer Cake

1Password for Teams stores your encrypted data on our servers, but neither your Master Password nor your Account key is ever sent to our servers over any network. This means that we do not actually have the ability to decrypt your data. That is because decrypting your data requires all three of the following:

If you use 1Password, you are already very familiar with the Master Password and its role in protecting your data. Let’s talk about the other two pieces of the puzzle: the Account Key and the Secure Remote Password.

The purpose of the Account Key is to protect your data from being decrypted by someone who might access or compromise our servers. It ensures that a password-guessing attack against your data is useless: even if an attacker were to correctly guess the Master Password, the vault would not unlock.

The Secure Remote Password (SRP) is a way for both the client and the server to authenticate each other without either revealing any secrets. The SRP encrypts all traffic over the network and verifies the authenticity of the remote server before sending your information over TLS/SSL.

In Math We Trust

These three pieces of information work together to symbiotically protect your data. The Account Key strengthens your Master Password exponentially. And since it never gets sent over the network, it can’t be reset, intercepted, or evaded. In fact, I would be happy to print out a 2D barcode of all of the information in my 1Password for Teams personal vault and tape it to my front door. And if you knew me, you would know that this is a very big deal.

Still have questions? You can read all of the details of how we secure your data and why we made the decisions we did by reading our White Paper (PDF). Please also leave us a comment below or join the conversation in our discussion forums. We love hearing from you!

1Password for iOS header

1Password 6.1 for iOS: The Unity Edition

It’s been an incredibly exciting week for us. We finally shared a secret project that we’ve been working on for ages! But that’s not all we’ve been doing. Our developers have been burning the candle at both ends to ensure that the 1Password apps you know and love continue to be awesome and powerful.

Today we’ve got a great update to 1Password for iOS for you. Version 6.1 not only integrates Teams features into the app, but adds a handy All Vaults view and all sorts of polish.

You get a Team, and you get a Team…
Everyone gets a Team!

1Password for Teams in iOS: Add a new account

1Password 6.1 for iOS is our first official release with support for 1Password for Teams. Once you’ve signed up and created your team on the 1Password for Teams website, you’ll be able to pop over to the Settings tab in 1Password for iOS and add your team right to the app by using the handy QR code found on your team’s Get the Apps page.

Any vaults you add to your team will show up automatically on your iOS device (and will get added to the awesome new All Vaults view – more on that later!) Best of all, you can still use the same one password you’ve been using all along to unlock 1Password for iOS – no muss, no fuss.

As an added bonus, activating your 1Password for Teams account unlocks the Pro Features in 1Password, just for you!

Unify your life with All Vaults

1Password 6.1 for iOS: All Vaults

You already know how easy it is to share you items by using multiple vaults. 1Password for Teams makes it even easier, which for us has resulted in a number of additional vaults. While this feature is fantastic for organizing our items, it does present a challenge: Where did I save that one item? Hopping around between vaults isn’t the most fun we could be having, so we decided to do something about it: we built an All Vaults view.

The shiny new All Vaults view enables you to see all of your items, no matter which vault they’re stored in. But wait!, you say. I don’t want to see all my vaults at once!, you say. No worries, we’ve got you covered. The Settings screen now has a vault selector to let you easily choose which vaults should be included in the All Vaults view. Careful now, toggling those switches is pretty addictive! =)

Bessere Leistung! (Better performance)

Not only have we improved our translations, but we’ve also sent 1Password to the gym to handle those bigger vaults with grace and ease. There are a lot of other great refinements, as well; see our release notes for the full details.

1Password 6.1 for iOS is available now as a free update for all existing owners. Head to the Updates tab of the App Store to update to the latest version now! Got feedback? We’d love to hear from you. Add a comment here, check out our discussion forums, or visit us on Twitter or Facebook.

1Password for Teams: Getting Started (Admin)

Starting your admin adventure with 1Password for Teams

Whew! Tuesday was an exciting day for the AgileBits family. In case you missed our big announcement, we’ve been working on a great new solution that makes it super simple to share secrets securely with your team. (Say that three times fast!)

We hope you’ve already signed up to reserve your team name. We’re letting people into the beta just as fast as we can. If you’ve already gotten your golden ticket, you’re probably pretty excited to get 1Password for Teams set up. So many new and exciting things to play with, but where to start? Let’s start at the very beginning. A very good place to start.

After you’ve signed in to your 1Password for Teams account, your adventure begins on the Home page. This is where you will find the vaults you can access. Initially, you will see Your Vault and the Everyone Vault on this page. Let’s get things rolling by creating a new vault for your team.

Anything that has to do with managing your 1Password for Teams account is done in the Admin Console. Head over there by clicking the Team menu in the top right corner and selecting the Admin Console menu option.

1Password for Teams Home: Admin Console menu option

Go ahead, seize the day and create a new vault now: while in the Admin Console, click the Vaults tab. On the Vaults page, click the + button to create a new vault. There’s no limit to the number of vaults you can create, and vaults can be shared with some or all of your teammates.

1Password for Teams Admin Console: Vaults

Every excellent adventure needs a crew, so click the Invitations tab in the Admin Console to invite your team members aboard. Send out email invitations to everyone, or use the special link that 1Password for Teams generates for you.

To add a teammate to a vault, two things need to happen: they must accept the invitation you sent them, and you must approve them. Once a user has accepted their invite, you can return to the Admin Console and confirm their membership.

1Password for Teams Admin Console: Invitations

Now you’ve got your vaults and your team. You’re almost ready to take off. All you need to do is decide who gets access to which vault. On the Vaults page, select the vault you want to share and click on Manage Access. Simply select the people you would like to add to this vault and it will show up immediately on their Home page.

1Password for Teams Admin Console: Manage vault access

I hope you’ve enjoyed the guided tour so far. Continue the adventure on your own by reading the Getting Started guide for admins, and stay tuned for more posts.

If there is something in this flow that could be improved to work better for you, please let us know in the forums. These beta days are the best days to get in your bug reports and suggestions for improvement. Thanks so much for trying out 1Password for Teams Beta!

Shield Security header

When a Leak Isn’t a Leak

Over the weekend Dale Myers wrote a blog post that examined our .agilekeychain format. The post featured a good discussion and analysis of our older data format, but it raised some questions among 1Password users and the wider technology community.

Dale states that he plans to continue using 1Password and has no concerns over the safety of his passwords themselves, but his main concern was how the AgileKeychain handles item URLs. While we widely documented this design decision and shared it publicly, Dale was surprised to find out that we didn’t encrypt URLs within the keychain. We want to reassure users that rely on AgileKeychain that their password data is safe and secure, and take the time to walk through our data formats to explain the issue completely.

AgileKeychain & OPVault Data Formats

Back in 2008, we introduced the AgileKeychain as a way to help our users better synchronize data across platforms and devices. At this time, 1Password had significantly less processing power to draw from for tasks like decryption, and doing something as simple as a login search would cause massive performance issues and battery drain for our users. Given the constraints that we faced at the time, we decided not to encrypt item URLs and Titles (which resembled the same sorts of information that could be found in browser bookmarks).

In December 2012, we introduced a new format that encrypted much more of the metadata. OPVault, our newer and stronger data format, provided authenticated encryption as well as many other improvements for 1Password users.

This format worked well in situations where we didn’t need to worry about backwards compatibility, including iCloud and local storage on iOS and Mac. For Windows, Android, and Dropbox syncing, however, we needed to decide if we should migrate to the new format or provide compatibility with older versions of 1Password.

We decided to take a conservative approach and not automatically migrate everyone over to OPVault because many users depend upon older versions of 1Password and they wouldn’t be able to log into their accounts. We knew we could trust the security of the AgileKeychain to protect confidential user data so we didn’t want to rush into something that would disrupt people’s workflows.

Switching to OPVault

Despite the security of AgileKeychain remaining intact, Dale reminded us that its time to move on. The OPVault format is really great in so many ways and we should start sharing it with as many users as possible.

We’ve already started making changes to use OPVault as the default format. In fact, the latest beta of 1Password for Windows does this already. Similar changes are coming to Mac and iOS soon, and we’re planning on using the new format in Android in the future. Once all of these things are complete, we will add an automatic migration for all 1Password users. For users who would like to switch to OPVault sooner than this, here’s how you can get started immediately:

To avoid losing access to your data, be sure to back up your 1Password data beforehand, and only follow these instructions if you are NOT using any legacy versions of 1Password. If you have any questions or concerns, or would like to migrate but aren’t sure if your version of 1Password is affected, our knowledgebase, forums and support team are here to help.

1Password 5 for Mac logo

1Password 5.4 for Mac: The Convenience Edition

Picture this. You’re on your Mac, and this website is asking you to enter particular characters from your password. But your password is 50 characters of 1Password-generated gibberish; how are you supposed to find the 5th, 14th, and 32nd characters without losing your place? Wouldn’t it be amazing if 1Password could make it just a little bit easier for you?

Picture this. You’ve just found out about the great Multiple Vaults feature and excitedly set up a vault to share with your family. Awesome. But sometimes, secondary vault passwords need to be changed. Wouldn’t it be cool if 1Password made it easy for you to do that?

As of today, it can. And it does. You’ll find these and other new convenience and security features in 1Password 5.4 for Mac: The Convenience Edition, ready to download right now in the Mac App Store and from our website. Read on for the lovely details, then sally forth and download—for the low, low price of free, if you’ve already bought 1Password 5 for Mac.

Large type option now available for passwords

Easily enter specific characters from your password with the new Large Type feature. Selecting this option for your password will display it in big, friendly, colour-coded letters on your screen.

1Password 5.4 for Mac: Large Type

You already know that you can hover over a password in an item’s detail view to copy or reveal it. You’ll see the new large type option in that same menu, always within easy reach.

1Password 5.4 for Mac: Large Type menu option

This feature is also great if you need to enter your Apple ID password on the Apple TV across the room or give guests access to your home Wi-Fi network.

Change the password of a secondary vault

Since your 1…Password (that never gets old around here) unlocks your primary vault and your secondary vaults, it’s very easy to create a secondary vault and never think about its password again. Until now, changing that secondary vault password meant basically recreating the vault.

We’ve made things much more convenient for you in 5.4: you can now change the secondary vault password at will. While you’re at it, don’t forget that it’s a good idea to save this password in your primary vault; since you don’t use it all the time, it’s easy to forget! If you’ve already done that, fantastic! Don’t forget to update that item when you change the secondary vault’s password. =)

A view from the top

Did you know that 1Password for Mac offers multiple layouts? The default is a three-column view, but there’s also a “top” layout option. If you’re a fan of the classic layout, you’ll like this one. You can try it out by selecting the View > Item List Layout > Top menu option. We’ve made some improvements to this view in 5.4, all based on your feedback. Thanks for your help!

A new layer of security

We all rely on 1Password to keep our secrets secure. In the 5.4 update for 1Password for Mac, our developers have made 1Password securer than ever by adding a new secret agent to safeguard the communication between 1Password and your web browser.

Safari 9 in Yosemite and El Capitan includes important security updates that address the XARA vulnerability, so please update to the latest Safari and to El Capitan as soon as possible. Our 1Password update works hand in hand with Apple’s OS X security updates to ensure that cross-process communication between 1Password and the web browser in OS X remains secure and properly authenticated.

Because this is a brand new way for the various bits of 1Password to talk to each other, it currently requires the beta browser extension. We’d love your help in ensuring that we didn’t break anything. It’s easy: simply use 1Password in your web browser as you normally do, and let us know if something unexpected happens. If you’re interested in helping us out, please install the 1Password beta extension in your web browser and let us know how things are working in our forums. Thanks very much!

We thank Apple for giving us the tools we need to keep 1Password secure. We’ll have a blog post coming later today explaining the details of this important fix.

But wait, there’s more!

You can find the entire list of new features, improvements, and bug fixes in the release notes.

1Password 5.4 for Mac is available now as a free update if you already have a 1Password 5 for Mac license (or downloaded 1Password 5 from the Mac App Store). Choose the 1Password 5 > Check for Updates menu option, or grab the new version from our downloads page. If you are a Mac App Store customer, the update will download automatically or appear on the Updates tab in the App Store app, depending on your settings.

Got feedback? We’d love to hear from you. Add a comment here or in our discussion forums, or start a conversation with us on Twitter, ADN, or Facebook.

DevBits header

1Password App Extension API and time-based, one-time passwords

The App Extension API was released as a companion to 1Password 5 for iOS last year. Now that 1Password 6 is out, I’m sure some of you are curious to learn about what’s new in the API. To celebrate the App Extension API’s first anniversary, I’d like to tell you about one of its best-kept secrets: Time-based, One-time Passwords (TOTPs).

TOTP + 1Password extension = 🔐

Did you know that our App Extension API supports one-time passwords? In fact, it’s been there since version 1.5 of the API. If you haven’t already, I recommend that you upgrade to the latest version, 1.6.1. Not only can your users fill their usernames and passwords in your app with a few simple taps, their one-time passwords can be filled just as easily.

Best of all, it’s an absolute cinch to implement: simply check whether the one-time password exists in the login dictionary from findLoginsForURLString:

@IBAction func findLoginFrom1Password(sender:AnyObject) -> Void {
        OnePasswordExtension.sharedExtension().findLoginForURLString("", forViewController: self, sender: sender, completion: { (loginDictionary, error) -> Void in
            // Fill the username and password into the fields
            self.usernameTextField.text = loginDictionary?[AppExtensionUsernameKey] as? String
            self.passwordTextField.text = loginDictionary?[AppExtensionPasswordKey] as? String

            // Check if the user has a One-Time Password for the selected 1Password Login
            if let generatedOneTimePassword = loginDictionary?[AppExtensionTOTPKey] as? String {
                self.oneTimePasswordTextField.text = generatedOneTimePassword

                // Important: It is recommended that you submit the TOTP to your validation server as soon as you receive it, otherwise it may expire.

That’s all it takes to make your users’ lives much simpler.

1Password ❤ App Developers

If you have already added the 1Password app extension to your iOS app, thank you; you’re awesome! This new functionality gives you the ability to make security even more convenient for your users, and I can’t wait to see how you use it. Please don’t forget to submit your app to our Apps ❤ 1Password directory.

A newsletter just for you

You can also subscribe to our 1Password App Extension Developers newsletter. We’ll send you an occasional newsletter containing 1Password App Extension news, updates, and tricks, to help you realize the full potential of the 1Password Extension API in your iOS apps.

If you have any questions, you can comment on our GitHub project or email I look forward to talking to you!

1Password tips

Quick Tip: iOS 9 Spotlight search and 1Password

Some of the geekiest arguments I’ve ever heard have been over the way people organize apps on their iPhones and iPads. I keep my most heavily used apps on my main screen, then shove almost everything else into folders on my other screens.

The reason I can do this is because of the wonders of Spotlight search. It’s easy for me to search for and launch the app I want to use, so I don’t have to spend my mental energy trying to remember where I’ve put things.

Apple opened up Spotlight to third-party developers like us in iOS 9. My searches are now supercharged! I’ve gotta say, I love being able to find my 1Password items right from my iPhone’s home screen. I enabled Spotlight search in 1Password by going to Settings > General > Enable Spotlight Search. Now I can just pull down, type in part of the item’s title, then tap on its name in the search results. 1Password opens right to that item.

iOS 9 Spotlight search

You might have questions about the new Spotlight search and how it works with 1Password, so I put together some answers for you. If your question isn’t addressed, please let me know; I’ll be sure to update it in response to your feedback.

I’m also curious: what are your favorite iOS 9 features? Let me know in the comments!

1Password tips

Quick Tip: 1Password 6 and Slide Over

Slide Over Happy Chris

It’s been just over a week since I received my delightfully thin and light iPad mini 4. I got the orange Smart Cover, and it looks fantastic. The primary reason I decided to upgrade my iPad mini this year was to take full advantage of everything iOS 9 has to offer.

iOS 9 has a metric ton of new features, but by far my favorite is Slide Over. Combining 1Password with Slide Over is a game changer for saving time and using every bit of power 1Password has to offer.

Logging into third-party apps doesn’t get any easier than using the 1Password Extension, which is supported by many apps. However, there is the occasional app that doesn’t (yet) support the extension, and this is where Slide Over shines.

Slide Over is a new iOS 9 feature for the iPad1 that lets you swipe from the right edge of the display to bring up another app on top of the one you are currently using. Multitasking has never been faster or easier.

Let’s say I’m using my banking app, which sadly hasn’t added the 1Password extension. In iOS 8, my workflow would have looked like this: close the banking app, launch 1Password, copy the password, switch back to the banking app, and then paste.

With the combined power of iOS 9, Slide Over, and 1Password 6, I can simplify the process.

Swipe left to right in your item list to reveal the Copy Password option

Swipe left to right in your item list to reveal the Copy Password option

While in my banking app, I can swipe in from the right, unlock 1Password, slide from left to right on the bank’s Login item in the list to copy the password, and slide 1Password away. It’s that simple.

If you have an iPad that supports Slide Over, give it a shot the next time you find yourself in an app without 1Password support. And then be sure to write a nice note to the developer of that app and ask them to integrate the 1Password app extension for iOS.

We always love hearing from you. Start a conversation with us on our Support Forums, Twitter, or Facebook.

1 Supported on iPad mini 2, 3, and 4; iPad Air and Air 2; iPad Pro