GopherCon Racer

Make a Pitstop in Denver and visit 1Password at GopherCon

Each year, a bunch of us make the annual pilgrimage to GopherCon, the largest and most well attended Go developer conference in the world.

We take in the sights Denver has to offer, get the best coffee around from Denver Little Owl Coffee (If you think there’s better, please tweet us 😉), and most importantly learn all about the miraculous things people are creating with Golang.

This year things will be even more special as we are the headline sponsor of GopherCon 2018!

The GopherCon organizers have some amazing things planned this year, with the racing theme in full effect. As this is our first time sponsoring, make sure you visit the 1Password Pitstop while attending the conference!

1Password Pitstop Gophers

Visit the 1Password Pitstop

If you are attending GopherCon, come and get a checkup from our expert Passwordologists at the 1Password Pitstop, and find out the best ways to secure your business and family online. We also love to hear from customers already using 1Password, so do come on over and chat about your favourite 1Password productivity features.

Our Pitstop will have will have lots of surprises, and if you come by, you’ll get the chance to meet some of the amazing people behind 1Password. It’s a great opportunity to talk shop and maybe even pick up some stickers to pimp your ride and add some bling to your device!

1Password and Go

We use Go all over the place at 1Password!

Every 1Password account relies on our Go servers. Making everything work together is no easy feat and so we needed a strong (and fast!) language like Go to create the backbone that connects all our apps together. We also use Hugo for our many of our websites.

Sharing code between our six different apps across six platforms helps us provide a consistent experience and minimize bugs. Our filling engine “The Brain”, our new password generator, and a host of other features are already built in Go. Our command-line tool is also built entirely in Go.

For more sneak peaks of the exclusive 1Password GopherCon shirt and the 1Password Pitstop, follow us on Twitter. If you are in Denver between August 27th – 30th, I really hope to have the chance to meet you in person at the conference!

HaveIBeenPwned

Watchtower: we shall fight on the breaches

1Password’s Watchtower service has been helping users identify accounts that have been affected by breaches for years. Today we’re proud to announce an enhancement to how 1Password finds and identifies breached accounts.

1Password can now use Have I Been Pwned to find accounts that have been compromised based on the email address associated with the account. It can even do this without needing to share your email address with anybody.

Before we dive in to learn about the details, take a look at the awesome work Matt and Jasper did to bring this to life.

Breach Report

There’s actually a fair amount to unpack here, and it’s difficult to see detail on a video, so let’s break down the breach report in screenshot form.

Breach Report

The Breach Report is split into three sections.

The top most section is a list of websites where an account with your email address has been identified as having been compromised, but you don’t have any information about this website in 1Password.

That’s amazingly powerful as 1Password can help you identify breaches that impact you without you having actually added information to 1Password. In this case, you’re going to want to generate a unique strong password for that website, and while you’re at it you should consider adding it to 1Password.

If it’s a website for which you have no interest in having an account, you should delete the account as opposed to ignore it. Accounts often have additional data, such as a mailing address or maybe a phone number. You should be protecting that private information, and thanks to excellent pieces of legislation like the GDPR most websites have a way to request permanent deletion of your data.

The second section lists breached websites for which you’ve got an item in 1Password, but 1Password suspects that password to be compromised. You’ll definitely want to create a new password for that website.

The last section lists breaches for which you’ve got an item in 1Password, but you’ve already updated the password so there’s nothing more to do.

How Does It Work?

The Breach Report is based on a new service provided by Have I Been Pwned which allows 1Password to query for compromised accounts based on an email address. 1Password can achieve this without needing to share the email address with Have I Been Pwned because this new service functions much like its Pwned Passwords service, and uses the same K-anonymity model. This model allows 1Password to work with Have I Been Pwned to find breaches without needing to share sensitive information with Have I Been Pwned. Let’s take a look at how that works…

Have I Been Pwned has a database with over 5 billion compromised accounts obtained from the various data breaches around the internet over the last few years. This database contains the email address associated with the account as well as a SHA-1 hash of the password that was compromised. The new service allows 1Password to look up entries in that database based on the email address.

Email Hash Illustration

In order to perform a lookup, 1Password takes the email address associated with your account, and hashes that using SHA-1. Sending that full SHA-1 hash to the server would provide too much information and could allow someone to reconstruct your email address. Just like the Pwned Passwords service, this new service only requires the first few characters of the hash, six to be precise.

Similarly to Pwned Passwords, the process is completed within 1Password itself. Have I Been Pwned sends 1Password a list of possible matches based on the start of the hash that was sent, and 1Password needs to complete the search by looking for exact matches with the full hash that was created in the first step.

Bringing You More Info On Compromised Logins

When viewing items in the Compromised Logins section of Watchtower, you may notice that some of them have a slightly different banner at the top and include a “More Info” link.

Watchtower Notification Banner

Clicking it will bring up a panel with some information about the breach, letting you know what information in that account was made available.

Breach Info

This was made possible with the additional breach information that is provided by Have I Been Pwned.

Run, don’t walk, to change the password associated with this Login. And also change the password for any other Login item you might have that happens to share that password (you’re using strong unique passwords everywhere, right?).

Taking Watchtower Further

Have I Been Pwned allows us to push Watchtower further and do more to keep you safe online. The k-anonymity model used in both this service as well as Pwned Passwords ensures that your privacy is respected, which is incredibly important to us. We’re thrilled to be one of the first services using Have I Been Pwned in this way.

You can try it today by using Watchtower on 1Password.com, and we’re looking forward to bringing this feature to all of our apps.

Thank you Troy for building an excellent service that makes this feature possible.

 

Rick Fillion 1Password.com Lead

AG Conf 8

AGConf[8]

AgileBits Conference Travel Badge 2018

One of the many highlights of a job at AgileBits is our annual meetup, AGConf. Held in February, but anticipated year round, it’s a chance for the entire AgileBits family to get together and share a week of work and fun. For AGConf[8] this year, we sailed on Royal Caribbean’s Freedom of the Seas, from Fort Lauderdale in Florida, stopping at Costa Maya and Cozumel along the way.

New Friends 🎉

If you’ve read any of our previous AGConf blog posts, you’ll have seen that a common theme throughout is the growing size of our company. There was no sign of slowing over the last year, and in fact, I’m one of the new ones myself! It’s worth pointing out that most of us new ‘Bits were new to cruising, too – that explains the excited faces.

In fact, I remember a comment on our post last year, where a customer asked if we’d rented the entire ship to ourselves. We’re still not able to fill the 4,370 guest capacity, but we are getting closer every time. As long as we keep the family feeling that I love, new ‘Bits are certainly welcome!

Saying Hello 👋

AGConf[8] started on land for most of us. Since lots of ‘Bits work remotely, this involved travel from all over the world. After arriving, we checked Slack (which we use to communicate) for ‘Bits nearby. Very quickly, we were sharing breakfast and dinner, getting to know each other, and dreaming of the week to come.

Twelve stories up 🛳

As the morning sun rose the next day, ‘Bits staying in hotels around the port began heading to the ship. After handing our bags to the porters, we all moved towards deck 12, which appealed to us because of both the sun and drinks on offer. Once everyone had arrived, we took a team photo, had dinner, and finally went to the welcome party downstairs.

Off to work ✉

Keeping our customers happy is always a priority! Each morning, we made sure to reply to as many of you as possible – the entire AgileBits team were in the dining room sending help from sea. Being able to research answers by walking up to the right person and asking them face to face was a real luxury, and it definitely felt surreal.

There were also exciting meetings to be had, where we received support tips from Dene, and security lessons from Goldberg himself. We even looked back at 2017 and into the future. I am personally very excited about what’s to come, and I can’t wait to be able to share the details.

Brett’s the spy 🕵️‍♂️

As the cruise continued, there was lots of time for fun! I really enjoyed playing board games with the team, and Resistance was a popular choice (a game where the good guys work to identify a secret group of spies). Other cruise pastimes included karaoke, mini golf, and Isha’s scavenger hunt which I really want next year!

Fun away from the ship ☀

While there was plenty to do on the ship, there was no shortage of shore excursions on offer either! I remember the ziplining most fondly, along with the taco that I enjoyed at the beach. I’ll let the pictures do the talking, though, as I’d be here forever if I went through the adventure of choice for each Bit.

Sending birthday wishes 🎂

The final day of AGConf[8] overlapped with our Minister of Magic’s birthday. I’m glad it worked out that way – two birthday cakes were presented, and I can say with certainty that the chocolate one was delicious! Happy Birthday once again, Sara, and thanks for organising what I’d call the trip of a lifetime if I wasn’t already excited for AGConf[9].

WWDC18: Presents from Apple

Hello everyone! It’s WWDC week and a large portion of the 1Password development team is here in San Jose basking in the glow of this year’s Apple’s Worldwide Developer Conference. For me it’s my first time coming to WWDC since it was last held in San Francisco two years ago, and I absolutely love it. The conference center itself is gorgeous, and the surrounding area is wonderful. Somehow I’m finding it easier to run into folks I know, and I’ve already caught up with a bunch of old friends and made a number of new ones since I’ve arrived.

WWDC is much more than a place for me to stretch the wings of my social butterfly tendencies, however; it’s all about new tech, and boy oh boy did Apple hook us up this year. Many of us are already rocking iOS 12 and macOS Mojave on our main devices and computers and they are awesome. Not only that, but 1Password is running quite happily on iOS 12 and needs just a couple small tweaks on macOS Mojave.

iOS 12 and Password Autofill

On Monday afternoon, during Apple’s Platform State of the Union I sat down with my teammate Rudy and jumped into Apple’s newly announced Password Autofill API. By the time we were ready to grab some dinner we had a tweet-worthy demo all done:

This new capability is transformational in our ability to integrate with iOS. Starting in the next version of iOS, 1Password will be able to fill your credentials into every app that has opted into the Password Autofill functionality that Apple introduced with iOS 11 last year.

macOS Mojave and Dark Mode

After our incredibly successful launch of 1Password 7 a few weeks ago we’ve been waiting to see what Apple had in store for the Mac. On Monday we got our first glimpse of dark mode in macOS Mojave, which of course left our designer Dan itching to get back to his computer to start playing. Since then the mockups have been flowing like water:

Dan's Dark Mode Lock Screen Concept

Privacy and Security

Apple’s dedication to privacy and security are legendary and this year they introduced a whole host of new tools to help keep your computer safe. The biggest ones that we’re excited about are system integrity protection (SIP) for apps and notarized apps.

Apple’s documentation gives a concise definition of SIP at a high level:

System Integrity Protection is a security technology in OS X El Capitan and later that’s designed to help prevent potentially malicious software from modifying protected files and folders on your Mac.

SIP for apps allows us to opt in to these same protections for the 1Password app binary that resides on your computer. It gives you (and us!) peace of mind knowing that the app we built and shipped is the one running on your computer.

Notarized apps is the other thing that we’re really excited about. Apple is standing up a new service for developers where they can submit their app prior to release. The service will check the app, verify that it’s free of malware, and issue a certificate that will be “stapled” to the app. This certificate is then used by your Mac to verify that the version of 1Password you’re using has been screened and approved as being free of malware. Coupled with SIP, these two new technologies are going to be great for all apps, and 1Password in particular.

Wrapping it Up

While I can’t comment on rumor or speculation, you could use our previous track record to reasonably conclude that when iOS 12 and macOS Mojave ship later this year we’ll be there, on day one, with full support for both. In the meantime, make sure you sign up for the iOS beta, and opt-in to the betas of 1Password for Mac in Preferences:

1Password for Mac Beta Prefences

How about you? What was your favorite announcement from WWDC this year? Sound off in the comments below, I’d love to chat about it with you.

1Password 7 for Windows is here!

1Password 7 for Windows: The Best Ever

Hot on the heels of last week’s 1Password 7 for Mac announcement, I’m pleased as punch to unveil the best version of 1Password for Windows ever: 1Password 7 for Windows is here! 🎉 👏

This is a massive release where quite literally everything has changed. Seriously, every bit and every pixel has been recreated from scratch using the latest and greatest technologies to make 1Password the best it can be.

From an incredible new design to having all your vaults in one place to a whole new architecture, 1Password 7 is the fastest, prettiest, and most powerful version of 1Password yet. In short, it’s simply the best. A bold claim but thankfully we can back it up. 😎

All new modern design

Our design team has been working their tails off reimagining every aspect of 1Password. We wanted to make it as powerful and beautiful as the Mac app while staying true to the Windows platform.

It all added up to a breathtaking new design that you’re going to love. And it all starts with the lock screen.

The steel doors look great and also symbolize the strong encryption that protects your data. And to would-be-attackers, our encryption design is far more secure than the strongest steel.

Once you unlock 1Password with your Master Password (or Windows Hello), you’ll be delighted by the stunning new layout protected behind those doors.

Beautiful! 😍

Everything has changed and not a single element of the design has been left untouched. Yet the heart and soul of 1Password remain, so you’re able to jump right in and find everything you need.

Your items have never looked better and with full support for time-based one-time passwords, logins really shine. They look so good that you’ll find yourself happily waiting for a new 2FA code simply so you can watch the countdown animation. 🙂

You can also zoom right in on the password using Large Type. This is perfect for those times you need to type it on another device or are asked for specific characters from your password.

Our new highlight feature while searching makes finding what you’re looking for super easy. And with the addition of search power-ups like title:, tag:, and file:, it’s never been easier to discover what you’re looking for.

And when you prefer to browse, the sidebar is great for navigating between your categories and tags. Along with support for nested tags you can take things to a whole new level by organizing your organization. 😉

Oh and the sidebar gets even better as your vaults live there, too.

All your vaults, all in one place

There’s more to the sidebar than meets the eye. Sitting just beneath the surface is a powerful new way to organize and securely share your items.

Simply click on the sidebar header and your categories will slide away, revealing your collection of vaults. Vaults allow you to group your items depending on their purpose and who needs access to them.

Vaults are so nice that you’ll find yourself adding lots of them. Between my AgileBits business and Teare family accounts, I now have over 50 vaults. Being able to switch between vaults and accounts makes it super simple to stay focused on the task at hand.

Together with a 1Password Families or 1Password Business account, vaults can be used to securely share passwords with your family and colleagues. Simply sign in to 1Password.com and choose who you want to share with and 1Password will do the rest.

My favourite part of sharing passwords this way is the ability to control everyone’s permissions, including making passwords read-only. For those with edit access, changes they make will be seen by everyone else right away.

1Password mini is always by your side

The new awesome carries over into 1Password mini as well, yielding a more powerful and beautiful experience. When you’re on a website and need to login, 1Password mini makes it super easy.

Selecting a login will automatically fill your username and password for you. And if you have two-factor enabled, the one-time password will be automatically copied to your clipboard so you have everything you need right at your Ctrl-V fingertips.

1Password mini will also help you create new logins as well. When you sign up for a new service or log in for the first time, 1Password mini will jump in and offer to save it for you.

In addition to naming your new login and assigning tags, you can also choose which vault to save it to. This is great for keeping things organized as well as choosing who to share with.

And if a website has been breached, mini will alert you so you know that you need to update the password.

Oh and then there’s also Open and Fill which automatically opens websites and fills passwords for you. When combined with the search and organization features of 1Password mini, it’s perfect for bookmarking your favourite sites.

Designed for everybody

We wanted to create 1Password 7 for everybody and be as inclusive as possible. That started with allowing you to sync your vaults yourself as well as using 1Password accounts on 1Password.com, 1Password.ca, and 1Password.eu.

1Password also speaks your language and has been localized to Français, Deutsch, Italiano, 日本語, 한국어, Português, Pyсский, 简体中文, 繁體中文, and Español.

Being able to use 1Password in your language is great and it’s even better on High-DPI displays. 1Password 7 has full support for HiDPI in Windows 10 so it looks incredible on 4K monitors and other high density screens.

And for those of you who rely on assistive technologies, rest assured that 1Password 7 is fully accessible with out-of-the-box support for screen readers like Narrator.

Why hello there, Windows Hello

We also added support for Windows Hello so you can unlock 1Password using your fingerprint or simply your smile. This works great in the main app as well as in mini.

I love the “looking for you” animation with the eye looking back and forth, and can’t help but grin when I’m greeted with a smiling face along with the “Hello, dave!” message. 🙂

As for security, your data is protected by your Master Password as always. To keep things as secure as possible, the first time you unlock you will need to provide your Master Password and then Windows Hello will be able to unlock 1Password thereafter.

Strong foundations

1Password 7 is a completely new modern app built from the ground up to use the latest and greatest technologies available. This gave us a strong foundation and allowed us to push the envelope to make 1Password the best it could be.

In addition to fundamental enhancements like HiDPI and Unicode support, 1Password 7 comes with a whole new database layer that enabled us to make everything much, much, much faster.

And if you’re moving over to our new 1Password memberships, syncing your data is more secure than ever. With the addition of a Secret Key, Secure Remote Password, and Galois/Counter Mode, your data has never been safer. Oh, and to top things off, the speed and reliability is simply unparalleled.

All of these changes combine into the fastest, most secure, and best looking 1Password experience on Windows ever! Long story short: you’re in for an amazing treat! 🍪

How do I get it?

To start enjoying the best version of 1Password ever built, grab it here:

Download 1Password 7

1Password 7 is included free for everyone with a 1Password membership. Simply unlock 1Password after downloading and you’re good to go.

Those of you with a standalone license will be prompted to subscribe or purchase a license when 1Password 7 first opens. Licenses will cost $64.99 but are available during our launch special for only $49.99. Licenses are per-person, per-platform so you can use your single license on as many PCs as you have. 1Password 7 for Mac is a separate purchase.

I hope you enjoy 1Password 7 as much as we enjoyed making it for you. We couldn’t have done it without your help. ❤

Please join us in our discussion forums or in the comments below to share your experiences with us and help craft the future of 1Password. We always love hearing from you. 😘

Dave Teare Founder of AgileBits

1Password 7 for Mac: The Best Ever

Today is a momentous day! It’s time to take the wraps off something incredible that changes the world as we know it: 1Password 7 for Mac is here! 🎉🙌

There’s a ton of amazing features packed into this release and I couldn’t stop myself from writing a lot about them. If you’d like to start rocking right away, feel free to jump ahead and download 1Password 7 now. For everyone else, it’s my distinct pleasure to share with you the awesome that is 1Password 7.

Marvellous mini

1Password mini is how most of us use 1Password on a daily basis and for version 7 we wanted to make that experience the best it could be.

1Password mini has been completely reimagined and comes with so many features that we needed to give it its own window. When you bring up mini you’ll find it waiting for you with an incredibly powerful and beautiful new look.

While in your browser, mini will automatically suggest the items you’re most likely to need. Select the login you want to sign in with and 1Password will do the rest.

And mini doesn’t limit itself to just browsers. With our new app integration we’ll automatically suggest logins for the current app you’re using. Along with support for drag and drop, this is a real game changer.

You can also make edits, move items between vaults, and even add documents – all without ever leaving mini. Soon you’ll wonder how you ever lived without it. 🙂

Beautiful, bold design

The beauty you’ll find in mini continues throughout the rest of 1Password as well. It all starts with the newly designed lock screen and it looks incredible, especially with Touch ID.

As great as those vault doors look, they pale in comparison to what lies secured behind them.

The first thing that grabs you is the stunning new sidebar. It draws you in with its bold dark theme and delights you with its simplicity.

The new sidebar looks great without being overpowering and the high contrast between it and your content allows your eyes to focus on what’s most important: your items.

Detailing your items

Your items are able to join in on the fun as well with a new design and some lovely new touches. Each of your items now prominently show which vault they belong to and have their most important information highlighted.

If you caught yourself yelling What Are Those?! when looking at the formatted notes field, you’re not alone. You can now give your notes richly formatted text using Markdown! 🎉

Along with the improved layout and typography, we’ve added a beautiful custom font created specifically for 1Password called Courier Prime Bits (based on the lovely Courier Prime).

Alan Dague-Greene is the creative genius behind this font and it makes large type passwords look absolutely incredible.

Speaking of incredible, when you combine our new custom font with Markdown support, Secure Notes are now at an entirely new level of awesome.

Once you start using Markdown in your notes you’ll find yourself wanting to create a lot of them. And when you do, you can keep your notes and items organized using tags. You can even use nested tags if you want to be fancy.

Oh and if you need to copy fields between items or into another app, you can detach the item details view into its own separate window by clicking the button in the toolbar. This is incredibly useful although to be honest I often find myself clicking it for no other reason than to see the lovely animation. 🙂

Watching out for you

1Password 7 is doubling down on how it keeps you safe online. We have bundled together a suite of security tools that notify you of breaches, warn you of bad habits, and highlight vulnerable passwords. We call it Watchtower and it’s amazing.

Watchtower integrates with Troy Hunt’s haveibeenpwned.com service to see if any of your logins are vulnerable. 1Password securely checks your items against a collection of breached passwords (over 500 million and counting) and notifies you to change them.

And thanks to twofactorauth.org, Watchtower also knows which websites support two factor authentication and will alert you when it finds logins without 2FA enabled.

Watchtower will also alert you to logins that are using an insecure (HTTP) website address, weak passwords, and horror of horrors, reused passwords (seriously, don’t do that!). And finally it’ll even warn you if your credit cards or passports are expiring soon so you don’t miss out on your vacation. 😎

Organize & securely share your items

Let’s get back to that sidebar because there’s more there than meets the eye. Sitting just beneath the surface is a powerful new way to organize and securely share your items.

Simply click on the sidebar header and your categories will slide away, revealing your collection of vaults. Vaults allow you to group your items depending on their purpose and who needs access to them.

You can drag and drop items between vaults and even between accounts. Or, drop your items on the New Vault button and a new vault will be created for you right then and there. It’s so simple it’s like magic.

Once you have your new vault created, sharing it with your team or family couldn’t be easier. Select who you want to have access to your vault and 1Password will do the rest.

Best of all, any updates to the items appear automatically for everyone. It’s easier to share securely with 1Password than being insecure without it. 💪

Strong foundations

Along with all these new features and improvements, a lot of heavy lifting took place to make 1Password 7 faster and secure-er than ever.

It all began by combining 1Password and 1Password mini into a single process. This made items faster to load, reduced memory usage, and decreased launch times. The overall performance boosts made us smile as soon as we saw them and we think they’ll make you smile, too.

Also new in 1Password 7, we’ve taken advantage of Apple’s Secure Enclave to protect your Master Password when Touch ID is enabled. This is incredibly cool because the keys used for encryption are protected by the hardware and not accessible to other programs or the operating system.

And if you’re moving over to our new 1Password memberships, syncing your data is more secure than ever. With the addition of a Secret Key, Secure Remote Password, and Galois/Counter Mode, your data has never been safer. And the speed and reliability is simply unparalleled.

And so much much much more!

I told you at the beginning that I was going to write a lot about 1Password 7 and I could keep going. But in the interest of getting you into 1Password 7 sooner, I’m curtailing the rest into this fancy bulleted list!

  • Collapse the sidebar entirely so your items get all the love
  • Quickly find items with our new Spotlight integration
  • Use Handoff to view iOS items right from your Dock
  • Easily see your currently selected vault and account
  • Marvel at the monogrammed icons for tags and logins
  • Edit your vaults directly from the sidebar
  • Enjoy the new password strength meter
  • Remove duplicate items on a per-vault basis
  • Jump to items and vaults with ease using Quick Open
  • Opt in to automatic updates so you can always enjoy the latest and greatest 1Password has to offer

How do I get it?

To start enjoying the best version of 1Password ever built, grab it here:

Download 1Password 7

1Password 7 is included free for everyone with a 1Password membership. Simply unlock 1Password after downloading and you’re good to go.

Those of you with a standalone license for version 6 will be prompted to subscribe or purchase a license when 1Password 7 first opens. Licenses will cost $64.99 but are available during our launch special for only $49.99. Licenses are per-person, per-platform so you can use your single license on as many Macs as you have. 1Password 7 for Windows will be released next week as a separate purchase.

I hope you enjoy 1Password 7 as much as we enjoyed making it for you! We couldn’t have done it without your help. ❤

Please join us in our discussion forums or in the comments below to share your experiences with us and help craft the future of 1Password. We always love hearing from you. 😘

Dave Teare Founder of AgileBits

1Password at Google I/O

Just over a week ago, I was incredibly lucky to attend Google’s annual developer conference at the Shoreline Amphitheatre in Mountain View. I always look forward to this event because it showcases the latest and greatest technologies coming to Google’s platforms. And to make things even better, I was joined by Gene, Peri, Shiner and Michael – our largest group at I/O yet!

Google I/O 2018

After grabbing coffee and snacks, we took our seats and eagerly waited for the keynote to begin. Sundar Pichai opened the conference by revisiting the most pressing issue of last year: the hamburger and beer emoji fiasco! With the cheese now in the right place, he continued with the keynote and introduced one of the main themes of the conference: leveraging machine learning to solve both simple and complex problems in our daily lives.

The improvements to the Google Assistant such as “continued conversations” and the new voices are fantastic. I do worry that I may fall back asleep if John Legend’s soothing voice reads my daily briefing each morning! The Duplex demo was just incredible and I am amazed at how the Assistant was able to understand and deliver natural language conversations over the phone. I’ve shown the video to all of my family members… maybe even scared them a bit. But don’t worry mom, I promise it will be the real me calling. 😉

Android P (Popsicle?)

It wouldn’t be Google I/O without a strong focus on the next version of Android. Immediately after they announced the Android P beta, I installed it on my Pixel 2 XL and revelled in the beautiful controls, typography, and roundedness of its design. Android P is all about intelligently analyzing and adapting to our usage patterns. This is being used to drive powerful features such as the new Digital Wellbeing. I’m looking forward to using it to remind me to disconnect and focus on the real world sometimes.

Developing on a Pixelbook

One pleasant surprise that got Michael very excited was the announcement that Android Studio is coming to Chrome OS. He quickly got it running on his Pixelbook and then challenged me to a race to see who could build 1Password faster. We were both shocked to find that his Pixelbook came in only 7 seconds behind my MacBook Pro. That’s pretty impressive!

1Password on Chrome OS

As exciting as it is to build 1Password on a Pixelbook, it’s even more thrilling to run an optimized version of it on Chrome OS. We built 1Password 6.8 for Android with an emphasis on the desktop experience, and we’re incredibly proud to have been featured by Google during I/O as an example of doing this well.

One of my favourite desktop features added in 1Password 6.8 is using the arrow keys and the keyboard shortcuts to get around. I also find it extremely convenient using drag and drop to move text between Android apps. Now I can drag my credentials to sign into the Twitter app!

Give 1Password a try on your Chromebook and let us know what you think.

Until next year!

We all had a fun and productive week at Google I/O. It was my first time listening to Justice and Phantogram at the concert, and my god, do I love them! I have “Fall in Love” playing on repeat right now. 🕺

Google I/O sparked some great ideas that we’re eager to explore in 1Password on both Android and Chrome OS. Which of the showcased technologies are you excited to see in 1Password? Let me know in the comments below!

Using Splunk with 1Password Business

1Password Business makes it easy to monitor events that happen on your team using the Activity Log, and you can take that to the next level by adding Splunk to the mix. Using the 1Password command-line tool, you can send your team’s 1Password activity to Splunk and keep track of it there alongside other happenings within your team.

One of Splunk’s most popular features is the ability to find events and trigger alerts based on them. For example, in your team you could set things up so the sysadmins are alerted whenever someone is added to the Owners group in 1Password. I’ll get into that example a bit more later in this post.

Set up the 1Password command-line tool

To kick things off, let’s set up the 1Password command-line tool, if you’re not using it already:

1Password command-line tool: Getting started

When setting up the tool, start by creating a custom group and giving it the View Admin Console permission so it can view the Activity Log, then add a user to that group. Once the tool is set up with that user’s account, get a session token:

$ op signin example

This will allow you to interactively enter the Master Password with secure input. Since you’re definitely putting this in a script, you’ll want to pass the Master Password through stdin to the op signin call to get your session token:

[password] | op signin example.1password.com wendy_appleseed@example.com A3-XXXXXX-XXXXXX-XXXXX-XXXXX-XXXXX-XXXXX

To make things simpler, you can omit the email address and Secret Key from op signin since they are saved in ~/.op/config. You can then simplify the whole sign in step to one line by piping the Master Password to it:

gpg -q --decrypt password.enc | op signin example

To automate all this, though, you can get the Master Password from a secure storage location and pipe it to sign in. A HashiCorp vault is a good place to securely store the account’s Master Password. I’m using GPG in this example, but you can use KMS or something else that you’re comfortable with – just avoid echo. 😉

Start fetchin’ those audit events

Now that we have our session token, we can start getting some audit events. Create a script that’s run by a job scheduler such as cron at regular intervals (every 10 minutes should suffice). That script needs to:

  1. Create the session like we just did above.
  2. Read the last processed event ID from disk.
  3. Fetch events newer than that ID.
  4. Send the events to Splunk.
  5. Save the latest event ID to disk.

To do this, we’ll be working with JSON, so JQ is a good idea if you’re working with bash; you could also use a scripting language that supports JSON, such as Python or Ruby.

You can fetch up to 100 events newer than $ID. To fetch them:

op list events $ID newer

To make sure you get all the events, you’ll need to run that until nothing is returned, since only 100 events are returned each time. This command will return a JSON array of event objects like this:

 {
 "eid": 392879,
 "time": "2018-01-23T15:50:49Z",
 "actorUuid": "YJTZ3RWWFRBNTF4M2YEEY3EPOQ",
 "action": "join",
 "objectType": "gm",
 "objectUuid": "hd22y2bob6qdpap2ge6d7nn4yy",
 "auxInfo": "A",
 "auxUUID": "YJTZ3RWWFRBNTF4M2YEEY3EPOQ"
 }

You can send all of the events in the array to Splunk at this point by using something like the Splunk universal forwarder.

Next, take the eid of the first object in that array and save it to disk so it can be used for the next fetch. If the array from op list events is empty, it means there are no newer events, and you’re done here — for now.

Get alerts about important actions in your team

Earlier I mentioned one such handy use for Splunk with 1Password Business would be to see when someone is added to the Owners group. To do this, you would find an event in the Activity Log that has:

  • action: join
  • objectType: gm (Group Membership)
  • objectUuid: your Owners group’s UUID, which you can get by opening https://start.1password.com/groups, signing in, and clicking Owners, then copying the UUID from the end of the address bar in your browser.

Every audit event comes with a actorUuid field. It’s a great identifier, but when perusing, we have no idea who YJTZ3RWWFRBNTF4M2YEEY3EPOQ is. To fix this up, let’s upgrade our script a bit. Before we fetch events, let’s get a user list with op list users. This will get us all users on the account along with some basic information like their name and email address. With that we can process each event object, look up the user by UUID, then add more descriptive information for when we send things to Splunk.

In this example case of sending an alert when someone is added to the Owners group, it’s probably nice to know who was added. The auxUUID field of the audit event will be the UUID of the user who was added to the group. You can do the same lookup that we did above for the actor. For many events, auxUUID will not be a user UUID, so make sure to fail gracefully there.

Now that we’ve set things up, whenever Splunk finds an event matching this, it’ll be able to alert your sysadmins via Slack or another method and let them know that Lorraine added Bobby to the Owners group. From there, they can take action if they need to.

Try it out and tell us what you think

When it comes down to it, sending your team’s 1Password activity to Splunk gives you one place to audit any administrative action your team has been taking in 1Password, alongside all the other tools your company uses. There are a lot of things you can look out for, from the Owners group example I mentioned before to knowing when someone adds or removes a team member from a vault or changes their permissions.

We’d love to hear how you set things up, so feel free to comment below or send us a message at support+cli@agilebits.com or start a discussion in our forum with suggestions, questions, and anything else you’d like to chat about!

Getting 1Password 7 ready for the Mac App Store

1Password 7 has been in beta for 6 weeks now and the feedback has been fantastic. We are getting close to the official release date and have begun final preparations, including submitting 1Password 7 to the Mac App Store. 🎉

When 1Password 7 is released it will be available from the Mac App Store as well as our website, and will be available as both a subscription and a standalone license.

When adding 1Password 7 to the Mac App Store we needed to answer the following two questions:

  • Should it be a new app?
  • Should it support both subscriptions and licenses?

Ultimately we decided that 1Password 7 will be a new app in the Mac App Store, and available only as a subscription. I know that many of you will be curious about this, so I wanted to share with you why we decided on this approach.

Mac App Store and upgrades

The Mac App Store is one of the most convenient ways to purchase apps for your Mac. You can purchase with confidence, pay quickly in your local currency, and updates happen automatically. Overall it is a pretty sweet experience.

The App Store, for all it does well, struggles mightily when a paid upgrade is introduced because it does not allow developers to charge for an update to an existing app.

When considering a paid upgrade, developers have two choices: they can re-use their existing app or submit a new one. Both have their pros and cons.

Re-using an existing app

Developers are very creative and one approach that some have used to introduce paid upgrades is to re-use their existing app and offer an In-App Purchase to make the upgraded features available.

We actually went ahead and gave this an honest, if short-lived, try. Very quickly it became apparent that this would lead to a complete mess of spaghetti code as we tried to encapsulate new features. Worse yet, any significant UI updates (including the many we have in 1Password 7) were next to impossible to add as we’d have to keep the old UI around as well. Ultimately this proved infeasible and all my devs threatened to mutiny. 🙂

Submitting a new app

A new app avoids these issues, allowing us to keep our code base clean and my developers happy. It comes at a price though.

Introducing a new app means that everyone who wants the upgraded version needs to go back to the Mac App Store, find this new version, and download it.

We’ve done this before with 1Password 4 for iOS, and have the scars to prove it. Thousands of customers were confused when trying to update because their 1Password 3 app claimed to be up-to-date. To this day we have customers on 1Password 3 who do not realize a new version is out.

To be quite honest, one of the main reasons we haven’t had a paid upgrade on the Mac side for all these years is that we were dreading the pain this would cause us and our customers. However the time has come to bite the bullet and have a paid upgrade.

To avoid this pain in the future, this will be the last time we will be submitting a new app to the App Store. To make that possible, 1Password 7 will only be available as a subscription in the Mac App Store.

Mac App Store for subscriptions only

1Password subscriptions are eligible for free upgrades, meaning we can keep the same app in the App Store and seamlessly upgrade everyone to the new version as it comes out. This is just one of many the reasons why we love memberships.

If we were to sell standalone licenses in the Mac App Store we would have these same problems all over again when 1Password 8 is released. Ultimately this is why we decided not to sell licenses through the Mac App Store.

While still tough, this decision was easier to make as people looking for licenses will be able to download 1Password 7 directly from our website. I know this isn’t ideal for those who love the Mac App Store and prefer to purchase standalone licenses and I apologize for that. But overall I believe this was the correct decision to make.

I’ll be out at WWDC in a few weeks and would be more than happy to talk further if you have questions or are facing similar decisions with your own apps.

Learn how your business is using 1Password with reports

One of the top requests we’ve gotten from teams using 1Password over the past few years is a way to see what items their team’s been using. With 1Password Business, we’ve added item usage reports, a new tool for you to see how the people on your team are using 1Password.

Know what your team can access

An administrator or owner on your team can create a report for a team member to see what items they’ve used, how many vaults and items they have access to, and more. To create your first report for a team member:

  1. Sign in to your business account on 1Password.com.
  2. Click People in the sidebar.
  3. Click the name of a team member, then click Create Usage Report below their name.

We’ve designed reports to focus on the vaults that matter to you, so you’ll see items from shared vaults in a person’s report.

Know what’s being used in your vaults

You can also create a report for a vault to see what people have been using in it. To create a report for a vault:

  1. Click Vaults in the sidebar.
  2. Click the name of a vault, then click Create Usage Report below its name.

The handy thing about creating a report for a vault is that you can see what has been used often in that vault. Sorting by item name gives you an organized list, and each item will be shown as a separate entry for each person who has used it.

Know what to do when someone leaves your team

When someone leaves your team, you can suspend their account to revoke their access to vaults and items, then create a report to get an idea of what passwords you might need to change. Then you can click the item in the report and use 1Password to quickly change the password.

Keeping passwords in a shared vault in your team means any changes made to them will be available to the people who can access that vault right away. Then you can change the password to keep those accounts secure, and through the magic of shared vaults, everyone who needs that password will automatically get the new one so they can use it right away.

Start using reports

Usage reports are centered on the best part of any company: the people. They focus on the vaults someone has access to, as well as important dates, like when they joined the team or last signed in. And the best part is only the admins and owners of your team know which items and websites your team is using: we can’t see any of that.

The goal of reports is to help you make better judgments about whether Emmett or Lorraine really need to keep access to those potentially high-value resources. And if they don’t, you change their access to something that better suits them.

Learn more about creating reports in 1Password Business

This is only the beginning — we’d love your feedback on what else you’d like to see in the reports. Comment below to start a discussion or send us a message at business@1password.com to share some feedback.