Blog header 2

The Today Show ❤️ 1Password 🎉

badge (1)We are having a little party over here at 1Password today, as 2017 has started with an awesome endorsement from The Today Show’s digital lifestyle expert Mario Armstrong!

In a roundup of the coolest apps to have in 2017, Mario includes us as the first app mentioned. He talks about how he personally uses 1Password to secure his digital life, and goes on to recommend 1Password to TODAY viewers.

The Today Show is the longest running breakfast show in the world and has over 4.3 million viewers a week, so we are really happy that so many people had the chance to find out about 1Password and can begin securing their digital lives!

Mario’s favourite features!

“The 1Password you need to remember”

With 1Password you only ever need to remember… one password.

All your other passwords and important information are protected behind your Master Password, which only you know.

“1Password remembers everything for you”

Don’t forget your passwords. Or your bank account routing number. Or the alarm code for your house. 1Password safely keeps track of them all.

Store everything from online accounts to social security numbers.

“Heavy encryption right here”

Every time you use 1Password, your data is encrypted before a single byte ever leaves your devices. Your encryption keys are protected by your Master Password, so only you have the keys to unlock your secrets.

But wait, there’s more!

Mario mentioned some of his favourite features, but here’s the other things he didn’t have time to mention when he was recommending 1Password on The Today Show:

  • All the apps on all your devices. Whether you use 1Password on Mac, Windows, iOS or Android, we have you covered. Your data is comes everywhere with you, on whichever device you are using.
  • Store everything. 1Password isn’t just for passwords. Use it to securely store your credit cards, passports, important documents – anything at all!
  • Secure the future! 1Password isn’t just about your existing passwords. Our strong password generator means that every new password needed can be super secure, and super easy to access.
  • Restore previous versions of items. If you accidentally changed or deleted an item, you can restore it on 1Password.com..
  • The most secure password manager available. There has never been a more secure way for you to store and access your passwords. Learn more about how 1Password protects your data.
  • Your data is yours. With 1Password, you are always in control. You can always view and export your data at any time.
  • Options for Individuals, Families and Teams. Easily share passwords with your family or team members, create vaults for your mum, dad, kids, gran – even the dog!

Mario wants you to be secure!

Mario uses 1Password to secure his digital life, and so can you! Find the version of 1Password that suits you best and sign up for a 30-day trial at 1Password.com

 

sgx-header

Using Intel’s SGX to keep secrets even safer

When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see. These include the various encryption keys that 1Password uses to encrypt your data. These are 77-digit (256-bit) completely random numbers.

You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.

Each item key’s encrypted with the master key
And the master key’s encrypted with the derived key
And the derived key comes from the MP
Oh hear the word of the XOR
Them keys, them keys, them random keys (3x)
Oh hear the word of the XOR

And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.

Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.

SGX support in 1Password isn’t ready for everybody just yet as there are a number of system requirements, but we are very happy to talk about what we have done so far and where we are headed. I would also like to say that we would not be where we are today without the support of many people at Intel. It has been great working with them, and I very much look forward to continuing this collaberation.

What does Intel’s SGX do?

Intel, as most of you know, make the chips that power most of the desktop and laptop computers we all use. Their most recent CPUs include the ability for software running on Windows and Linux to create and use secure enclaves that are safe from attacks coming from the operating system itself. It is a security layer in the chip that cryptographically protects regions of operating system memory.

SGX does a lot of other things, too; but the feature I’m focusing on now is the privacy it offers for regions of system memory and computation.

Ordinary memory protection

A program running on a computer needs to use the system’s memory. It needs this both for the actual program and for the data that the program is working on. It is a Bad Thing™ if one program can mess with another program’s memory. And it is a security problem if one program can read the memory of another program. We don’t want some other program running on your computer to peer what is in 1Password’s memory when 1Password is unlocked. After all, those are your secrets.

It is the operating system’s (OS’s) job to make sure that one process can’t access the memory of another. Back in the old days (when I had to walk two miles through the snow to school, up hill, both ways) some operating systems did not do a good job of enforcing memory protection. Programs could easily cause other programs or the whole system to crash, and malware was very easy to create. Modern operating systems are much better about this. They do a good job of making sure that only the authorized process can read and manipulate certain things in memory. But if the operating system itself gets compromised or if some other mechanism might allow for the reading of all memory then secrets in one program’s part of memory may still be readable by outsiders.

Extraordinary memory protection

One way to protect a region of memory from the operating system itself is to encrypt that region’s contents using a key that even the operating system can’t get to. That is a tricky thing to do as there are few places to keep the key that encrypts this memory region if we really want to keep it out of the hands of the operating system.

SGX memory access drawingSo what we are looking for is the ability to encrypt and decrypt regions of memory quickly, but using a key that the operating system can’t get to. Where should that key live?  We can’t just keep it in the the innards of a program that the operating system is running, as the operating system must be able to see those innards to run the program. We can’t keep the key in the encrypted memory region itself because that is like locking your keys in your car: Nobody, not even the rightful owner, could make use of what is in there. So we need some safe place to create and keep the keys for these encrypted regions of memory.

Intel’s solution is to create and keep those keys in the hardware of the CPU. A region of memory encrypted with such a key is called an enclave. The SGX development and runtime tools for Windows allow us to build 1Password so that when we create some keys and call some cryptographic operations those will be stored and used with an SGX enclave.

An enclave of one’s own

When 1Password uses certain tools provided by Intel, the SGX module in the hardware will create an enclave just for the 1Password process. It does a lot of work for us behind the scenes. It requests memory from the operating system, but the hardware on Intel’s chip will be encrypting and validating all of the data in that region of memory.

When 1Password needs to perform an operation that relies on functions or data in the enclave, we make the request to Intel’s crypto provider, which ends up talking directly to SGX portions of the chip which will then perform the operation in the encrypted SGX enclave.

Not even 1Password has full access to its enclave; instead 1Password has the ability to ask the enclave to perform only those tasks that it was programmed to do. 1Password can say, “hey enclave, here is some data I would like you to decrypt with that key you have stored” Or “hold onto this key, I may ask you to do things with it later.”

What’s in our enclave? Them keys, of course!

protected-keysWhen you enter your Master Password in 1Password for Windows, 1Password processes that password with PBKDF2 to derive the master key to your primary profile in the local data store. (Your local data store and the profiles within it are things that are well hidden from the user, but this is where the keys to other things are stored. What is important about this is that your master key is a really important key.)

When you do this on a Windows system that supports SGX the same thing happens, except that the the computation of the master key is done within the enclave.  The master key that is derived through that process is also retained within the enclave. When 1Password needs to decrypt something with that key it can just ask the enclave to perform that decryption. The key does not need to leave the enclave.

Answers to anticipated questions

What does (and doesn’t) this protect us from?

I must start out by saying what I have often said in the past. It is impossible for 1Password (or any program) to protect you if the system you are running it on is compromised. You need to keep your devices free of malware. But using SGX makes a certain kind of local attack harder for an attacker, particularly as we expand our use of it.

The most notable attacks that SGX can start to help defend against are attacks that exploit Direct Memory Access. Computers with certain sorts of external ports can sometimes be tricked in allowing a peripheral device to read large portions of system memory.

As we expand and fine tune our use of SGX we will be in a better position to be more precise about what attacks it does and doesn’t defend against, but the ability to make use of these enclaves has so much potential that we are delighted to have made our first steps in using the protections that SGX can offer.

What will be in our enclave in the future?

As we progress with this, we will place more keys and more operations involving those keys into the SGX secure enclave. What you see today is just the beginning. When the master key is used to decrypt some other key that other key should only live within the enclave. Likewise the secret part of your personal key set should also have a life within the enclave only. I can’t promise when these additions will come. We still need to get the right cryptographic operations functioning within the enclave and reorganize a lot of code to make all of that Good Stuff™ happens, but we are very happy to have taken the first steps with the master key.

We do not like promising features until they are delivered. So please don’t take this as a promise. It is, however, a plan.

Sealed enclaves?

Among the features of SGX that I have not mentioned so far is the ability to seal an enclave. This would allow the enclave to not just keep secrets safe while the system is running, but to allow it to persist from session to session. Our hope is that we can pre-compute secrets and keep them in a sealed enclave. This should (if all goes to plan) allow 1Password to start up much more quickly as most of the keys that it needs to compute when you first unlock it can already be in an enclave ready to go.

A sealed enclave would also be an ideal place to store your secret 1Password.com Account Key, as a way of protecting that from someone who gains access to your computer.

Is security platform-specific?

1Password can only make use of SGX on some Windows PCs running on CPUs with Intel’s Skylake CPUs and which have been configured to make use of SGX. Thus SGX support in 1Password is not going to be available to every 1Password user. So it is natural to ask whether 1Password’s security depends on the platform you use.

Well, there is the trivial answer of “yes”. If you use 1Password on a device that hasn’t been updated and is filled with dubious software downloaded from who knows where, then using 1Password will not be as secure as when it is running on a device which is better maintained. That goes without saying, but that never stops me from saying it. Really, the easiest and number one thing you can do for your security is to keep your systems and software up to date.

The nontrivial answer is that 1Password’s security model remains the same across all of the platforms on which we offer it. But it would be foolish to not take advantage of some security feature available on one platform merely because such features aren’t available on others. So we are happy to begin to offer this additional layer of security for those of our customers how have computers which can make use of it.

Upward and downward!

I’d like to conclude by just saying how much fun it has been breaking through (or going around) layers. People like me have been trained to think of software applications and hardware being separated by the operating system. There are very good reasons for that separation — indeed, that separation does a great deal for application security — but now we see that some creative, thoughtful, and well-managed exceptions to that separation can have security benefits of its own. We are proud to be a part of this.

blog_header

Fantastic Secrets and Where to Find Them: Pocket Watch Edition

Hello again, fine readers! It’s been a few weeks since the release of 1Password 6.5 for Mac and we figured it was time to bring 1Password 6.5 for iOS to the party as well. After our last release we got together and brainstormed our top goals for this update:

  • Refine and polish the very first interaction for everyone who launches 1Password on a new device.
  • Rebuild our Apple Watch app to take advantage of the speed and power of the modern watchOS.
  • Make it easier than ever to manage your items in bulk.

Just like its big brother, this update to 1Password for iOS is absolutely gigantic.

Let’s dive in, shall we?

opi-onboarding-hero-shot

A Whole New Way To Get Started

One of the biggest challenges for any app is how it introduces itself to new customers. In fact, there’s a whole cottage industry surrounding the analysis and breakdown of these “onboarding” experiences. The overwhelming advice is “the simpler the better”, and we took this to heart while reimagining ours.

In this release we’ve completely redesigned the onboarding experience to focus on our new 1Password.com service. Now when someone launches 1Password for the first time they will be guided directly into a new account that provides them with:

  • Built-in automatic sync across all devices
  • Data loss protection
  • Item History for restoring deleted or changed items
  • Access to 1Password on all platforms (Mac, Windows, iOS & Android)
  • Free upgrades to 1Password for the life of their subscription

And the best part is that all of this is enabled automatically with the creation of their account directly within 1Password. All new users need to do is download 1Password and get started.

A Whole New Way To Migrate

Of course we also have many customers with existing setups that are working great for them today. If this includes you, you’re free to continue using the standalone licensed version of 1Password – you simply need to choose Dropbox or iCloud during setup.

But if you’d like to take advantage of the simplicity of our new 1Password.com service, we now have an easy way to migrate all your existing data over.

Once you add your new 1Password account you will be asked if you’d like to migrate all your existing information over. Simply say yes and all your items will be copied over to your newly added 1Password account.

After your various bits and bobs have been securely moved you’ll be guided directly to your newly populated vault where you will feel right at home. 🙂

A Whole New Way To Love 1Password On Your Wrist

When Apple introduced Apple Watch back in 2015 we were there on day one with our brand new Apple Watch app. It was a great solution for accessing those small pieces of secure information you needed at a glance. Since then, however, two main issues have been on our to do list:

  1. The app was useful, but not exactly speedy.
  2. It only supported items stored in your Primary vault.

I’m happy to report that with 1Password 6.5 both of those issues have been tackled! 1Password for Apple Watch is now a native app, taking full advantage of the speed and performance enhancements afforded by running directly on Apple Watch hardware.

tattoo-arm

We’ve also opened up the gates and you can now add items from any vault to your Apple Watch, including items stored in your 1Password.com account vaults!

If you’ve been waiting for this Apple Watch update to move all your items to your 1Password.com account, wait no longer. Go ahead and select all your items and move them over. What’s that? There’s no way to move items en masse on iOS? Read on, dear friends!

magical-items

A Whole New Way To Manage Your Items

One trend we’ve been noticing more and more is many of you are opting into an iOS-only lifestyle, having an iPhone and perhaps an iPad, and that’s it. Truth be told it puts a bit of a damper on things when we ask you to “go to your Desktop” to perform a specific task.

As many of our customers continue to move their information over to 1Password.com accounts, the ability to select and move multiple items has become more important than ever.

Thankfully it’s now possible to move multiple items at once! All you need to do is pull down from the top of your item lists to reveal the “Select Items…” button. From there you can select any number of items (or tap on the selection circle at the top of the list to select all your items) and copy or move them to any other vault.

1p-bow

Putting a Bow On It

A brand new onboarding experience, a brand new Apple Watch app, the ability to move and copy multiple items at once; what else could we have possibly crammed into this release? As I mentioned at the outset, 1Password 6.5 for iOS is a mammoth update. In addition to the few things I touched upon above, we’ve carefully crafted and included nearly 100 additional improvements and bug fixes. It’s an impressive list so I couldn’t resist sharing it here:

New

  • 1Password now sports a brand new first-run experience! It is now easier than ever to get started with 1Password.
  • Our Apple Watch app is now a native app!
  • Items from 1Password.com accounts can be added to your Apple Watch!
  • Adding a 1Password.com account to your device will now prompt you to move your items to that account. {OPI-3561}
  • Added the ability to select, move, and copy multiple items! Just pull down from the top of the item list to expose the “Select Items…” button. {OPI-3266}
  • It’s now possible to create Documents in 1Password accounts! {OPI-1027}
  • 1Password can now fill additional text, email, and password fields for items created outside the browser extension. {BRAIN-111}
  • After migrating your items to a 1Password.com vault, you will now be prompted to delete your old Primary vault. {OPI-3720}
  • Added the ability to copy 1Password Documents across accounts. {OPM-3974}
  • You will now be prompted to enable Touch ID after completing the initial setup of 1Password. {OPI-3691}
  • You can now pay for your 1Password.com account subscription right from the app using automatically renewing in-app purchase subscriptions.

Improved

  • Primary vaults can now be removed when a 1Password.com account exists. {OPI-3608}
  • If 1Password fails to display an item from a Spotlight search, we now present an error message.
  • Warnings about frozen 1Password.com accounts now offer the option to “Subscribe Now” where possible. {OPI-3745}
  • The 1Password account sign-in screen now includes instructions on how to find your account details. {OPI-3761}
  • Migrating from a standalone Primary vault to a 1Password.com account now sets the Vault for Saving to your new Personal vault. {OPI-3734}
  • The Categories tab is now the default tab for fresh installs of 1Password. {OPI-3755}
  • Updated our translations with the latest from our incredible translators on Crowdin.
  • Updated to the latest 1Password brain for improved Login saving and form filling.
  • 1Password is now better at avoiding search and newsletter forms when filling. {BRAIN-289}
  • 1Password is now better at saving Logins on pages with search fields. {BRAIN-274}
  • 1Password is now better at avoiding search fields on Russian and German websites. {BRAIN-293}
  • 1Password is now better at handling sneaky password fields on Swedish websites. {BRAIN-310}
  • Updated the password generator minimum and maximum values. {OPI-3730}
  • Added mechanisms for strengthening communication with 1Password.com.
  • The setting that controls opening websites now lives in Settings > 1Browser. {OPI-3696}
  • Improved the parsing for certain improperly formatted web addresses. {OPM-4281}
  • Added a notification to update to the latest 1Password version when features aren’t compatible with the 1Password.com account server. {OPM-4177}
  • Better handling of invalid data brought in by importing.
  • The 1Password Apple Watch app no longer has its own PIN code. {OPI-3813}
  • Changed the naming of Wi-Fi sync to WLAN sync. {OPI-3633}
  • Empty address fields are now hidden when viewing items. {OPM-3902}
  • Updated Rich Icons for the Login creator. {AGW-314, OPI-3623, OPI-3625}
  • Added a help string to the footer of the Lock Now button in Settings > Security to indicate using it will require the Master Password to unlock next time. {OPI-3516}
  • Improved filling of credit card expiration years. {BRAIN-138}
  • Removed a few potentially offensive words that were present in the word list for our Word-based Strong Password Generator. {OPI-3129}
  • Improved the way we handle 1Password Pro’s in-app purchase receipt validation.
  • Removed several instances where “1Password Teams” or “1Password Families” language was used, and replaced them with “1Password account.”
  • Improved WLAN sync error handling to make it less annoying when the desktop is locked. {OPI-3314}
  • Personal and Shared vaults will now display the user or team avatars if they don’t have their own avatar. {OPM-4032}
  • Added better handling of 1Password accounts whose domains have changed. {OPM-4002}
  • Improved the launch time under certain circumstances. {OPM-4061}

Fixed

  • Removed a crash that could occur when processing changes to items. {OPI-3651}
  • Fixed a crash that could occur on iOS 10 immediately after unlocking 1Password. {OPI-3649}
  • Fixed an issue that could cause some network requests to 1Password.com to fail.
  • Dismissing Control Center no longer clears your search results. {OPI-3540}
  • Opening 1Password using a “search” shortcut from apps like Launch Center Pro no longer fails if 1Password isn’t running. {OPI-3708}
  • Using the “Search” Quick Action from the iOS Home Screen no longer fails if 1Password isn’t running. {OPI-3789}
  • Annihilated a bug that was causing the search field to be unresponsive if you tapped into it right after unlocking 1Password. {OPI-3789}
  • Successive searches now show the correct search results each time when leaving the app and coming back to it. Thank you to our awesome beta testers for helping us track this one down. {OPI-3740}
  • Fixed an issue that could cause 1Password to request the Master Password when tapping the Home button while unlocking with Touch ID. {OPI-3807}
  • Fixed an issue where displaying items from Spotlight could fail. {OPI-3658}
  • We now make sure that All Vaults is the selected vault when setting up the app for the first time with a 1Password.com account.
  • Fixed an issue where vault-added notifications were shown when initially setting up a device. {OPI-3771}
  • Selection controls no longer go missing if you leave selection mode shortly after entering it. {OPI-3748}
  • The Apple Watch app now requires an Apple Watch PIN code to be set. {OPI-3760}
  • We now allow importing of 1Password 3 backups from other sources. {OPI-3661}
  • Fixed a crash that could occur when syncing with AgileKeychain files. {OPI-3650}
  • 1Password would fail to fill sites that had previously saved fields 1Password ignores during filling. {BRAIN-299}
  • Fixed an issue where certain Favorites could cause issues while syncing with 1Password.com accounts. {OPM-4402}
  • Eliminated some instances where you would be mistakenly prompted to enter your Master Password.
  • Fixed two crashes that could occur when syncing via AgileKeychain. {OPI-3713, OPI-3714}
  • Fixed a crash that could occur when setting up sync. {OPI-3711}
  • Fixed a crash that would happen when editing a field on an item that has a menu of possible values. {OPI-3712}
  • Fixed a crash when re-authorizing a 1Password.com account after a password change. {OPI-3710}
  • Fixed a crash that could occur on iOS 10 during launch.
  • Fixed a crash that could occur when processing changes to items. {OPI-3651}
  • Fixed a crash that could occur on iOS 10 immediately after unlocking 1Password. {OPI-3649}
  • Fixed an issue that could cause some network requests to 1Password.com to fail.
  • Fixed an issue preventing two my.1password.com accounts from being added at one time. {OPM-4312}
  • Fixed an issue that would cause 1Password to authenticate twice with 1Password.com upon startup instead of just once. {OPM-4286}
  • Fixed an issue that could cause unnecessary reauthentication requests to be sent for 1Password.com accounts. {OPM-4285}
  • Fixed an issue where some unrecognized data in an item would be lost while saving. {OPM-4234}
  • Fixed autosubmit on fideliti.co.uk. {BRAIN-268}
  • Fixed an issue where the item detail view wasn’t respecting the changing of the Show Rich Icons setting. {OPI-2012}
  • Fixed an issue where a 1Password.com account administrator could be addressed as a user instead of as an Owner. {OPI-3545}
  • Fixed an issue that caused 1Password to stop syncing changes from iOS to other devices, but still allowed new changes from other devices to appear on iOS. {OPI-3606}
  • Fixed an issue that caused users with a single vault in their 1Password Account to see the welcome screen instead of their vault. {OPI-3534}
  • Fixed login filling on tecmarket.it. {BRAIN-254}
  • Resolved an issue where 1Password would incorrectly identify the designated username and password fields when saving a Login. {BRAIN-207}
  • Resolved an issue where 1Password would fill credit card month values into quantity fields when the field was of number type.
  • Resolved an issue where 1Password would attempt to fill into disabled or read-only fields. {BRAIN-263}
  • Resolved an issue where radio buttons were being improperly saved and restored. (Existing Logins will need to be resaved.) {BRAIN-74}
  • Resolved an issue where 1Password would not fill the same password value into more than one field. {BRAIN-83, BRAIN-84}

What we’ve created, and what is now available on the App Store, is the best version of 1Password to date. I can’t wait to hear what you think.

fantastic-release-header

1Password 6.5 for Mac: Fantastic Secrets and Where to Find Them

These past few months we’ve been toiling like house elves on an incredibly new and awesome version of 1Password for Mac and I am happy to report it is available now.

As development on 1Password 6.5 was winding down Apple made an announcement that presented us with an incredible opportunity: The arrival of a magical new MacBook Pro with Touch Bar and Touch ID. We were there on day one with Touch ID support on iOS and maintaining that tradition on macOS was a no brainer.

We have a lot of ground to cover in this marvellous story so open your textbooks to page 394 and let’s read on, shall we?

Unlocking with your fingerprint is as easy as swish and flick

So how about that new Touch ID support? There’s no need to utter any incantations to magically unlock 1Password with your fingerprint. Just enable the Touch ID setting in Security Preferences and you’ll be good to go.

Those of us with the new MacBook Pro here at AgileBits have been known to quietly whisper “Alohamora” under our breath as we perform this charm, and quite frankly, we recommend you do the same.

wizard-card

But Touch ID support is just the collectible wizard card that comes with the chocolate frog that is our massive 6.5 release.

Practice your wandless magic

Touch ID isn’t the only new piece of magic to which we’ve hitched our broomstick. The new Touch Bar is almost as awesome as picking up the latest offering at Weasley’s Wizard Wheezes (but without the fear factor).

We’ve only just begun to take advantage of all the cool capabilities the Touch Bar makes possible, and already it has improved the way we use 1Password every day. For me it’s a toss up between the beautiful menu of categories that appears when I create a new item or being able to switch vaults with a tap.

touch-bar

Other incantations you can conjure with the Touch Bar include:

  • Adding a new item
  • Choosing the category in which you want to create an item
  • Locking your vault easier than casting the “Colloportus” spell
  • Activating search (to find the game-winning golden snitch, of course)

All aboard on Platform 9 3/4!

Of all the work that went into this new version, I want to highlight a piece that many of you may never see. That piece is a brand new first-run experience that anyone setting up 1Password for the first time will encounter.

new-first-run
Setting up 1Password for the first time on a new Mac is now just like that first swig of Butterbeer: warm, inviting, and deliciously sweet! We’ve completely rewritten this experience from the ground up. You can now create a brand new 1Password account directly inside the app so it’s easier than ever to get up and running.

Accio your items from anywhere

Accio your items with Alfred and LaunchBar!
Speaking of 1Password.com, one of things we’ve all missed was the inability to access our 1Password.com items from our favorite productivity tools like Alfred and LaunchBar. For version 6.5 we worked closely with the fine folks at both Alfred and LaunchBar to correct this egregious shortcoming. As of this writing Alfred has released an update for this new integration and LaunchBar has an update coming soon!

More goodies than Bertie Bott’s has flavours!

1Password 6.5 truly is an enormous release, packed with over 100 new features, improvements, and fixes. Here’s the full list for your studies. Be sure to pay close attention to all these Bits and Botts as they may appear on your upcoming Ordinary Wizarding Level Examinations.

New

  • 1Password can now be unlocked with your fingerprint on the new Touch ID-capable MacBook Pro.
  • Touch Bar support has landed! While using 1Password you will see enhanced controls in the Touch Bar on your new MacBook Pro.
  • 1Password has a whole new first-run experience! Setting up 1Password has never been easier. {OPM-4200}
  • You can now scan 1Password Account codes using the FaceTime HD camera on your Mac!
  • 1Password can now fill additional text, email, and password fields for items created outside the browser extension. {BRAIN-111}
  • 1Password will now ask you to migrate items from your Primary vault to newly added Personal vaults when adding a 1Password.com Account. {OPM-4240}
  • 1Password will now offer to automatically add any 1Password.com account to 1Password for Mac after signing into that account in your web browser. {OPM-4236}
  • Added the ability to copy 1Password Documents across 1Password.com accounts. {OPM-3974}
  • Added a Download Local Copy item to the context menu for Document items. {OPM-3939}
  • Added the ability to manage your 1Password account subscription within the app (AgileBits Store Only). {OPM-4249}

Improved

  • Improved filling of credit card expiration dates. {BRAIN-138}
  • Updated our translations with the latest from our incredible translators on Crowdin.
  • Renamed the Start Over menu item to Reset All 1Password Data. {OPM-4069}
  • 1Password mini’s menu width is automatically resized to fit long browser extension names. {OPM-4112}
  • After migrating to a 1Password.com account, the new account vault becomes the default vault for saving. {OPM-4534}
  • Improved the wording in Add Account preferences. {OPM-4444}
  • Improved wording in Accounts Preferences regarding 1Password.com Accounts. {OPM-4306}
  • Improved handling of sync when Folder Syncing to a removable disk. {OPM-4414}\
  • Updated to the latest 1Password brain for improved Login saving and form filling.
  • 1Password is now better at avoiding “search” and “newsletter” forms when filling. {BRAIN-289}
  • 1Password is now better at saving Logins on pages with search fields. {BRAIN-274}
  • 1Password is now better at avoiding search fields on Russian and German websites. {BRAIN-293}
  • 1Password is now better at handling sneaky password fields on Swedish websites. {BRAIN-310}
  • Improved the wording of the macOS authentication prompt. {OPM-3768}
  • We now enter edit mode after converting a Password to a Login. {OPM-4284}
  • Updated the password generator minimum and maximum values. {OPM-4409}
  • Added mechanisms for strengthening communication with 1Password.com.
  • Improved the parsing for certain improperly formatted web addresses. {OPM-4281}
  • Improved network efficiency with 1Password.com accounts {OPM-4290}
  • Added a notification to update to the latest 1Password version when features aren’t compatible with the 1Password.com Account server. {OPM-4177}
  • Changed naming of Wi-Fi sync to WLAN sync. {OPM-3851}
  • Empty address fields are now hidden when viewing items. {OPM-3902}
  • Updated the way 1Password determines which URLs to match in the extension. {OPM-4078}
  • When merging vaults during sync setup the password hint is no longer truncated if it’s too long. {OPM-4053}
  • Removed some potentially offensive words that were present in the word list for our Word-based Strong Password Generator. {OPI-3129}
  • The error message for when 1Password mini is quarantined by the system is now less mysterious. {OPM-4102}
  • Added a hover button and Voice Over support to item attachments. {OPM-624}
  • Removed several instances where 1Password for Teams or 1Password for Families language was used and replaced with 1Password Account.
  • Made numerous improvements to the way text is handled throughout the app to make translation easier.
  • Improved WLAN sync error handling. {OPI-3314}
  • Personal and Shared vaults will now display the user or team avatars if they don’t have their own avatar. {OPM-4032}
  • Improved the first run experience when using onepassword://team-account links. {OPM-4019, OPM-3905}
  • Improved the custom icon display for 1Password.com account items in the main 1Password app. {OPM-4125}
  • Improved the experience when deleting the last 1Password.com account when no local vaults exist. {OPM-4033}
  • Decreased the delay in uploading custom icons for Teams and Families vaults. {OPM-4124}
  • The account details preference pane now shows when you’re in trial mode. {OPM-4562}

Fixed

  • Fixed the layout of the Start Over dialog so that it worked better with more verbose languages. {OPM-4167}
  • Fixed an issue where custom icons would not upload to 1Password.com accounts. {OPM-4049}
  • Fixed an issue where vault switching in mini was not instantly mirrored in the main app if it was in the background. {OPM-3523}
  • Fixed a bug that could cause instability in the Preferences window. {OPM-3983}
  • Fixed a bug when removing an attachment file before saving the item with the attachment. {OPM-4057}
  • Fixed an issue that caused Reset iCloud Data to be enabled even though there weren’t any local vaults. {OPM-4104}
  • Fixed an issue that caused problems with VoiceOver navigating password values. {OPM-3343}
  • Fixed an issue that caused category sorting in All Vaults to not sort properly when only non-1Password Account vaults were present. {OPM-4131}
  • Fixed an issue that would cause WLAN sync to not activate after unlocking 1Password for Mac. {OPM-4129}
  • The anchored Large Type window no longer crops off the top of characters in a long password. {OPM-4135}
  • The tab key now cycles through fields properly again when editing an item. {OPM-4083}
  • Fixed an issue where some unrecognized data in an item would be lost while saving. {OPM-4234}
  • Fixed autosubmit on fideliti.co.uk. {BRAIN-268}
  • Fixed a layout issue in macOS Sierra when choosing fields while exporting CSV or tab-delimited files. {OPM_4241}
  • Fixed a layout issue with the Password Generator on macOS Sierra. {OPM-4304}
  • Fixed the multi-line height calculation for notes and tags in macOS Sierra. {OPM-4297}
  • Obliterated a hang that could be caused by Documents with missing metadata.
  • Fixed a rare crash when scanning a QR code when creating a one-time password or adding a 1Password.com account. {OPM-4351}
  • Fixed instance where logging into 1Password.com may not offer to add that account to 1Password when using Bartender. {OPM-4435}
  • Resolved a logic flaw that would result in a failure to properly load localized category names on macOS 10.12 {OPM-4433}
  • Fixed a crash that could happen when using custom icons. {OPM-4423}
  • Fixed a minor button alignment issue in account sign in setup screen. {OPM-4481}
  • Fixed issues introduced in a previous beta causing setup screen animations to fail in macOS 10.10 and 10.11 {OPM-4476, OPM-4477}
  • Fixed a crash that could occur when right clicking on 1Password mini. {OPM-4552}
  • Fixed a crash that could occur when scanning a QR Code for a TOTP field. {OPM-4500}
  • Resolved a height issue with the dialog window that appeared when enabling local vaults in the Preferences window. {OPM-4390}
  • Fixed a rare crash when syncing with iCloud. {OPM-4328}
  • 1Password would fail to fill sites that had previously saved fields 1Password ignores during filling. {BRAIN-299}
  • Fixed an issue where certain Favorites could cause issues while syncing with 1Password.com accounts. {OPM-4402}
  • Fixed a bug in the item selection logic. {OPM-4417}
  • Fixed an issue that could cause 1Password mini to hang while copying large numbers of items across vaults. {OPM-4395}
  • Fixed a crash that could occur during sync via AgileKeychain. {OPI-3713}
  • Fixed an issue preventing two my.1password.com accounts from being added at one time. {OPM-4312}
  • Fixed an issue that would cause 1Password to authenticate twice with 1Password.com upon startup instead of just once. {OPM-4286}
  • Fixed an issue that caused broken custom icons. {OPM-4314}
  • Fixed an issue that could create a username conflict when manually saving a login on some sites. {OPM-4156}
  • Fixed an issue where item counts were being squished on macOS Sierra. {OPM-4228}
  • Fixed an issue that caused problems reading scanned QR Codes. {OPM-4322}
  • Fixed a crash that could happen when removing the Primary vault on OS X 10.10 Yosemite. {OPM-4309}
  • Fixed a crash that could occur when disabling vaults outside of 1Password accounts. {OPM-4273}
  • Fixed the Large Type window so that it stays on screen after being anchored by dragging it. {OPM-4152}
  • Fixed an issue where the verify code signature setting wasn’t being consulted when 1Password was locked. {OPM-4165, OPM-4178}
  • Login filling failed on tecmarket.it. {BRAIN-254}
  • Resolved an issue where 1Password would incorrectly identify the designated username and password field when saving a Login. {BRAIN-207}
  • Resolved an issue where 1Password would fill credit card month value into quantity fields when the field was of number type.
  • Resolved an issue where 1Password would attempt to fill into disabled or read-only fields. {BRAIN-263}
  • Radio buttons were being improperly saved and restored. (Existing Logins will need to be resaved.) {BRAIN-74}
  • 1Password would not fill the same password value into more than one field. {BRAIN-83, BRAIN-84}
  • Fixed an issue that caused a crash when using the Strong Password Generator. {OPM-3676, OPM-4218}
  • Fixed issues that could occur while using your browser during 1Password’s setup {OPM-4565, OPM4569}
  • Fixed an issue where animations could get stacked and cause unintended view layout in the Setup and QR scanner windows. {OPM-4571}
  • Fixed an issue that prevented tabbing among the buttons in the Setup window. {OPM-4566}
  • Fixed a spacing issue with the Preferences window when viewing the security preferences with a 1Password.com account vault selected. {OPM-4570}
  • Fixed a crash with the QR scanning window in the Mac App Store version. {OPM-4572}
  • Fixed a crash when trying to unlock from the browser extension when still in setup mode. {OPM-4333}

This was an incredible release and we hope you love it as much as we loved creating it. So long for now and good luck on your Owls!

blog_header

Having fun with Touch ID and the Touch Bar in 1Password

Yesterday was the special Apple event and all activity at AgileBits stopped as our entire team watched the live stream to see what goodies would be coming our way. For me, the most exciting news by far was the announcement of the new MacBook Pro with its amazing Touch Bar and Touch ID.

I remember how excited I was at the Apple developers conference when they first added Touch ID to iOS 8. I rushed back to the hotel, Xcode beta in hand, and added Touch ID to 1Password that very night. The joy of seeing 1Password unlock with just a tap was overwhelming.

Well, here I am again with that exact same feeling 🙂

Now that the new MacBook Pro’s have Touch ID we can bring that same great feeling you are used to on iPhone to your Mac, and it looks pretty darn cool too. Take a look for yourself and see!

As stunning as it looks in the Xcode simulator on my soon-to-be-obsolete late 2013, 15” 2.3 GHz Retina MacBook Pro, I can’t wait until my new Mac arrives so I can use it for real.

Oh, and then there’s the new Touch Bar. Wow! I was really excited seeing Phil demo this. The Touch Bar introduces a brand new world to the Mac and with it comes some wonderful opportunities to make 1Password even better. Dan, our designer extraordinaire, has begun to explore what the Touch Bar can bring to 1Password and I’d like to share some early designs.

Touch Bar for 1Password

What Dan has come up with is really exciting and I can’t wait to play with it. I think that switching between my work and home vaults with just a tap is going to be the most awesome, albeit sliding my finger across the Touch Bar to generate a strong password comes in a close second.

The possibilities with the Touch Bar are limitless and I am excited to hear how you see yourself using the new Touch Bar with 1Password.

Please share your thoughts in the comments below ❤️

windows-unveil-banner

Introducing 1Password Windows for Teams!

Today is a very big day in Windows land: 1Password Teams is now officially available on Windows!

Our Windows team has made amazing progress since we introduced the first beta for Teams earlier this summer and I’m super excited to be able to share the results of their incredible work with you now.

Let’s jump right in!

Beautiful new design

The first thing you’ll notice right off the bat is 1Password 6 has an amazing new design. From every bit to every last pixel, literally everything is completely new in 1Password 6!

opw6-locked

Once you unlock 1Password you’ll be greeted with a completely new overview and details screen.

main-empty

As much as there is to enjoy in this new design, my favourite has to be Large Type – I absolutely love how great my passwords look there:

large-type-windows

Large Type makes reading even the most complicated passwords a breeze – I can even read them without my glasses! And if you have a High-DPI screen, it looks even better 🙂

Oh, and then there’s our browser extensions. These were not available in the initial beta and they were dearly missed! They’re here now and they look great!

opw-browser

Beautiful new security design

1Password had an amazing security design already, but in 1Password Teams we didn’t rest on our laurels. Instead, we took everything we learned about security over the last 10 years and built a completely new security architecture that pushed the limits of modern technologies.

As has always been the case with 1Password, your information is encrypted end-to-end, so only you and your team have the keys to decrypt your information. What’s new is an even secure-er encryption design as well as some cool techniques like Secure Remote Password, which allows clients and the server to verify each other during communication.

tripleencryptThe most visual change is the addition of the Account Key. This is a unique 128bit key that is generated for every user and greatly increases the security of your account.

The Account Key might appear similar to two-factor authentication but it’s so much better because it plays a direct role in the encryption of your data. It strengthens and fortifies your Master Password so much that even a poorly-chosen Master Password will be infeasible for attackers to brute force. It’s also never sent to our servers so it cannot be reset, intercepted, or evaded.

For an illustrated overview of our new security design, check out our security page, as well as our Security White Paper, for fun details like these ones:

  • Tamper-proof, authenticated encryption using AES-GCM mode
  • Brute force protection using PBKDF2-HMAC-SHA256
  • Secure vault sharing using asymmetric cryptography

The most amazing thing about this new design is it’s not only secure-er, but it’s much faster, too! It’s one of the benefits we get for using the latest and greatest modern technologies 🙂

Beautiful organization and control

menu-trimmedOne of greatest features in 1Password Teams is how easy it makes organizing things into multiple vaults. When you’ve organized passwords in separate vaults, it makes finding things easier, and also makes it super simple to securely share with your teammates.

New vaults can be created from your Admin Console on 1Password.com and will automatically appear on all your devices. You can also add teammates to new vaults and they will receive the vault and everything within it immediately.

Your team admin can even control the permissions for each vault, allowing you to share read-only access to vaults, and control who can manage the vault.

Oh and you’re not limited to a single 1Password account. As you can see from the screenshot, in addition to multiple vaults you can also have multiple accounts added to 1Password. This is great for your teammates as it allows them to use 1Password in their private lives as well as their professional life.

Beautiful safety nets

When you change an item within 1Password for Windows it will sync automatically to 1Password.com and become available on all your other authorized devices instantly.

All these changes are remembered by 1Password just in case you ever need to revert to an earlier version. If you or your teammates ever delete or modify something by accident, you can simply sign in to 1Password.com and restore what you need from the Item History popup:

item-history

Item History is perfect for protecting individual items, but you and your teammates need safety nets for your accounts as well. In a team environment you just can’t afford to get locked out of critical systems every time someone forgets their password.

That brings us to the most beautiful and secure safety net of all: Account Recovery. We (AgileBits) have never been able to reset your password, and with 1Password Teams we still can’t. But now you can!

With our innovative new recovery feature, if one of your teammates forgot their Master Password, your team admins can restore their access and they’ll regain access to all their passwords.

Beautiful in so many other ways, too

In addition to our new amazing Windows app, your subscription to 1Password Teams gives you and your entire team access to many more awesome things:

  • You and everyone on your team get all our awesome apps for free, including Windows, Android, Mac, and iOS
  • Automatic syncing – no configuration or extra software required
  • Securely share items and documents across your whole team
  • Easily invite your entire team and control access using the Admin Console
  • Full web access from anywhere

Sign your team up today!

1Password 6 for Windows is available today for subscribers to 1Password Teams. If you have not yet subscribed, now’s a great time to sign up:

Sign up your team

Subscribers simply need to download 1Password 6 and add their account information during setup.

opw6-setup

Once logged in, all your data will sync automatically. And if you had any data stored in an earlier version of 1Password, you can migrate over all of your existing data.

Oh, and if you sign up before October 31, you will get all the features of the Pro plan for the low, low price of the Standard plan. And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add later on will still get the same awesome deal.

Be sure to sign up by October 31st before this window closes 🙂

Enjoy! ❤️

duo-banner

Send in the crowds (to hunt for bugs)

We unequivocally encourage security researchers to poke around 1Password. It is an extremely important part of the process that helps us deliver and maintain a more secure product to everyone. Finding and reporting potential security vulnerabilities is what we should all expect from bug hunters around the world; the hunters and yourself should expect that we address those vulnerabilities promptly.

We have always welcomed security reports that arrive at security@agilebits.com, and over most of the past year we offered a more formal, invitation-only bug bounty program through Bugcrowd. We are pleased to now take that program public: https://bugcrowd.com/agilebits.

op-bugcrowd

Before I get into what the program offers, I’d like to remind you that there is always room to improve the security of any complicated system, 1Password included. As clever as we may think we are, there will be security issues that we miss and different perspectives help reveal them. Software updates that address security issues are part of a healthy product. This, by the way, is why it is important to always keep your systems and software up to date. Even in the complete (and unlikely) absence of software bugs, threats change over time, and defenses should try to stay ahead of the game.

Some words about Bounty

A bug bounty program offers payouts for different sorts of bugs. The first bug bounty that I recall seeing was Donald Knuth’s for the the TeX typesetting system, though I have since learned that he does this for most of his books and programs. It started out with $2.56 (256 US cents) for the first year, and doubled each year after that, reaching a final limit of $327.68.

Check from Donald Knuth made out to Richard Kinch.

A bounty check from Donald Knuth made out to Richard Kinch

Of course given Donald Knuth’s well-deserved fame and reputation, few people cashed the checks they received. Instead, they framed them.

Anyway, enough about me revealing my age. Let’s talk about today’s bug bounty program. There is a community of people who earn a portion of their income from bounties. (Whether or not it is enough for them to sail off to Tahiti or Pitcairn is not something I know.) Over the years they have developed skills and tools and scripts for examining systems. We want them to apply those skills and efforts testing the security of 1Password. Opening up this bug bounty program brings those people and their skills into the process of making 1Password more secure.

Our bounty

Unlike the example of Donald Knuth’s bug bounty, we are only offering payouts for security issues. Of course all bug reports are welcome, we just aren’t promising bounties for them. And because we are promising to pay for bugs, we’ve had to establish a bunch of rules about what counts. These rules help us draw the attention of researchers to the 1Password.com service, and they help us exclude payouts of things that are already known and documented. We don’t want those rules to discourage anyone from bug hunting; they are there to help focus attention on what should be the most fruitful for everyone.

1Password Security white paper cover

Your homework

We think that finding bugs in 1Password will be challenging — 1Password.com is not your typical web service. Our authentication system, for example, is highly unusual and specifically designed so we are never in a position to learn any of our customers’ secrets. Because we use end-to-end encryption, getting hold of user secrets may require breaking not just authentication but also cryptography. Of course, we’re inviting researchers to try out attacks that we haven’t considered to prove us wrong. I expect that successful bug hunters will need to do their homework, all the same.

Now, all that bragging about how challenging I think it’ll be to find serious issues with 1Password isn’t an attempt to stop people from trying — get out there and try! You can get bounty for it, and a thank-you as well. We’re excited to hear a resounding “challenge accepted!” from the research community.

How we help researchers

If there are security bugs, we want to know about them so we can fix them. (I know I keep repeating that point, but not everyone reading this is familiar with why we might invite people to look for security bugs.) We want to help researchers find bugs, because they’re helping us, and everyone who uses 1Password.

To help researchers understand and navigate 1Password (and reduce the amount of time they may need to reverse engineer protocols) we have set up a special 1Password Team that contains a bunch of goodies: internal documentation on our APIs, some specific challenges, and UUIDs and locations of items involved in some of the challenges. So researchers, please come and leave your mark on our Graffiti Wall. (No, not in this web page or the image below, the wall inside the aforementioned team account.)

Secure Note: "The Researchers vault grants read-only access to researchers. If you figure out how to get around read-only access, please put your name in here ..."

With a natural degree of trepidation, I look forward to what might appear there.

The kindness of strangers

A bug bounty program brings in a new group of researchers. And that’s why we’re launching it. We encourage independent research as well. We’re just as open to reports of security issues outside of the bug bounty program as we have always been.

So without further ado, let’s send in the crowds!

TeamSummerUpdate-5

Pro Features for 1Password Teams: Many Bells and Much Whistles

TL;DR: We’ve added some incredible new Pro features to 1Password Teams and we’re extending our Early adopter special that gives you all these Pro features at the Standard price! Sign up today or continue reading for more details.


We’ve been continually working on 1Password Teams since we introduced it last November and over the (Canadian) summer we finished putting the final touches on some awesome new Pro features.

I’d love to share these with you now while the weather is still nice. 🙂

Let’s start with our new advanced organizational features that give you even more control and customization for your team. From there we can jump to the new activity tracking feature and then we’ll button things up with some exciting pricing news.

Organize Your Team With Custom Groups

Since the beginning 1Password Teams has allowed you to assign teammates to be part of the Administrators, Owners, or Team Members groups.

This is great and provides enough organization for many teams, but larger teams need even more power and flexibility so we added the ability to create your own custom groups.

Using the Admin Console you can now organize your team into groups however you like. Once organized, you can easily share information securely with those who need it, allowing you to quickly control who has access to key information.

Organizing with Custom Groups

To create a new group, simply go to the Groups section of your Admin Console and click the blue plus button. You’re free to create as many groups as your heart desires ❤️

Grant Authority Using Custom Roles

The Owner, Administrator, and Team Member groups provide a great starting point for controlling who on your team can access the Admin Console, manage people, control access, recover accounts, and more.

But companies with advanced business needs will require more flexibility than these predefined roles allow.

That’s no problem whatsoever as it’s now super easy to designate which permissions each of your groups have. By picking and choosing from 9 predefined permissions, you can tailor the perfect role to suit your specific business needs.

For example, let’s say we wanted to allow managers to create vaults, manage their employees, and restore access to those who forget their Master Password. To do that, we could create a custom Managers group and assign their permissions as follows:

Granting authority using custom roles

As great as this is for managers, the real joy comes from knowing they no longer need to bug you every time someone joins their team 😀

Using Activity Log to Review & Track Events

In short, you can now easily see who has changed what where and when. That’s a bit of a tongue twister, so let me try saying it again with a few more words 🙂

With our new Activity Log, you can now see a detailed history of changes made to your Vaults, Groups, and Team Members.

When a member of your team adds an item, creates a group, grants access to a vault, or makes other changes, each action is recorded and can be seen in the Activity Log.

This is super handy when you want to see what a particular user has been up to or review what changes have been made to a vault. All you need to do is go to the detail page for a particular person or vault and review the Activity Log to see what changes have been made and when.

For example, this screenshot shows the Activity Log for the Production Servers vault. You can see that I gave Jeff access and he then proceeded to update items in the vault and granted access to the Sysadmins group.

Activity Log

It’s great being able to see this history on each details page as it allows you to zero in, but you can also drink from the firehose 🚒 by going to the Activity Log in the Admin Console where you can see the full list of all changes within your team.

Extending Earl’s Early Deal!

When we released 1Password Teams we launched with Earl’s early deal, giving away all the features of the Pro plan for the low, low price of the Standard plan.

With all these new bells and whistles I thought it would be awesome to extend Earl’s special launch special until October 15th so everyone could enjoy these new features.

Sign up your Team now and lock in Earl’s special deal

And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add after October 15th will still get the same awesome deal.

Enjoy! ❤️

1Password update for Android featured image

1Password 6.4 for Android: Mmm, Nougat-y goodness

As you may have heard, Google released the latest version of Android last week. Like you, we’ve been eagerly awaiting the arrival of Nougat (although some of us thought it would be named after a certain hazelnut cocoa spread). Being a developer, I’m fortunate in that I get early access to the latest updates. I’ve been using Nougat for a while and now that the final version is out, I have to say that it is every bit as sweet as its dessert-themed name suggests.

nougat-logo

The first thing that I noticed was that my devices ran faster than they had previously on Marshmallow. In fact, Nougat makes a lot of things faster. Double tapping the app overview button allows me to quickly switch back and forth between two apps. I can whip off a speedy reply to a Slack message without leaving my current app thanks to the convenience of Direct Reply. The configurability of Quick Settings means that the settings that matter to me are only a single swipe away. Even rebooting my device feels faster!

One thing in particular is thankfully slower and that’s the drain on my battery. The improvements to Doze really seem to be paying off as I often arrive at the end of the day with plenty of battery to spare.

But, erm…this was supposed to be a post about our latest release for Android. Apparently I let myself get distracted by touting the awesomeness that is Nougat.

1Password 6.4 is Nougat ready!

We’ve been testing 1Password with the Nougat Preview on our devices for a while and, as with any new OS version, we’ve been working out the kinks. I am thrilled to say that we are now ready to share this goodness with you.

split-screen-credit-card

One of my favourite additions in 1Password 6.4 is our support of Nougat’s split-screen feature. It makes using 1Password even easier than before. No more flipping back and forth between apps in order to enter my credit card info. Instead, I can have 1Password open right next to my browser for easy access to all of my important details.

And if you’re among the majority that are still waiting for Nougat, don’t worry. 1Password 6.4 will continue to work on devices running Jelly Bean or later.

Plenty of sweetness to spare

1Password 6.4 is about so much more than just being compatible with Nougat. This update contains more than 20 new features, improvements, and fixes! In addition to multi-window support on Nougat, here are a few of the ones we’re most excited about…

  • Our new setup flow allows you to sign into your 1Password account from first launch.
  • You can now add multiple individual 1Password accounts.
  • We’ve cured the Strong Password Generator’s amnesia! It now remembers your preferences from the previous use.
  • Changes to your vaults are reflected immediately in the navigation drawer.

And of course, we managed to squash a few bugs along the way. For more details, feel free to browse the full list of changes in our release notes.

I hope you enjoy this update as much as we enjoyed building it for you. Please let us know what you think in the comments or in our discussion forums. If you would like to join our beta family and help us shape the future of 1Password, please join our 1Password for Android beta team.

1Password new hosted service featured image

Introducing our new 1Password subscription service — get 6 months free!

Today is a very exciting day in the world of passwords! We have not one, not two, but three(!) incredible things to announce:

  1. An awesome new state-of-the-art hosted service to protect you and your data
  2. The most affordable way to purchase 1Password on all your devices
  3. A launch special that’s so amazing it’s kinda scary

Read on to see why this is the best time to try 1Password and start protecting yourself online. 🎉

A new, revolutionary hosted service

hosted-service

Earlier this year, we released two amazing new services: 1Password Families and 1Password Teams. Both rely on our new hosted platform to bring awesome new features that weren’t possible when 1Password was just a standalone app.

The response has been amazing and many of you asked for a special plan so you could also enjoy these benefits. We now have the perfect answer: our new service made for individuals!

Our new individual hosted service comes with everything you expect from 1Password, along with these new features:

  • Built-in automatic sync across all devices
  • Data loss protection
  • Web access to your data on 1Password.com
  • Item History for restoring deleted or changed items
  • Secure Document storage
  • Brand new multi-factor security model

Using our new service provides the simplest and most feature-packed way to use 1Password. And with our new purchase option, it’s easier than ever to get started.

Our new super-affordable plan

To get the benefits of our new hosted service, you simply need to subscribe to our new plan on 1Password.com.

In addition to all the new features, the biggest benefit of a 1Password subscription is that you get all the 1Password apps for every platform, along with Pro Features, free updates, and free upgrades to every new version of 1Password.

One of the things people love most about our Families and Teams plans is not needing to worry about licenses or paid upgrades. And with our new plan for individuals, everyone can get in on the fun.

At just $2.99 a month, it’s the simplest and most affordable way to start using 1Password. See our pricing page for full details.

Oh, and our subscription service will never lock you in! You can cancel at any time and if your subscription ever lapses, you will still be able to view and export all your data.

An amazing (and scary!) launch special

1Password Accounts launch special

It’s no fun having a launch without having a special launch special so we went looking for one and we found a doozy!

Sign up today and receive your first 6 months free! No ifs, ands, or buts (or ads!). There’s no fine print and no strings attached. You don’t even need to add your credit card to get this amazing deal!

To get in on this incredible deal, all you need to do is sign up for an individual 1Password account before September 21st, 2016.

Sign up for your 1Password account now

Given how excited we are, you might be wondering why this is a little bit scary for us as well. The thing is, we’re a 100% customer-funded company and have refused to accept any venture capital money. As such it’s scary to give away our one and only product.

But we’re more excited than scared as we really want everyone to try out our new service and see how awesome it is. So sign up now, before Fall falls 😉

Security and Privacy

Secure Foundation

We built 1Password from the start on a foundation of Security and Privacy, and our new 1Password accounts have once again taken things to the next level.

First and foremost, our end-to-end encryption security model ensures all your information is encrypted before it ever leaves your device. The encryption keys are only accessible to you so we are never able to decrypt any of your data.

Your Master Password (which only you know) is a key player in this encryption, but 1Password accounts also come with a new concept called the Account Key to make our encryption even stronger.

The Account Key is a randomly generated 128-bit key that is used in combination with your Master Password to encrypt your data using tamper-proof, authenticated 256 bit AES encryption.

Only you have your Account Key and like your Master Password it never leaves your devices. Along with your Master Password this ensures that no one but you will be able to access your 1Password data.

See our security page for details and all the things we did beyond just enabling TLS/SSL (we did that, too, by the way 😉).

Great for new and long-time users alike

1Password Accounts - great for new and long-time users alike

If you know anyone who’s not practicing safe passwords, now is a great time to introduce them to 1Password!

Simply link your friends to the signup page and gently remind them how important it is to use strong, unique passwords for every site:

Sign up now and get 6 months free

If you are a long-time user but don’t own 1Password for all your devices, haven’t upgraded to the newest version, or if you want to take advantage of the new features in our hosted service, now’s the perfect time to sign up.

After signing up you’ll be able to easily migrate your existing data over to your new 1Password account. We have a great guide along with a video that walks you through the process.

This launch special is too good to leave running for long so I needed to pick a cutoff date. Be sure to sign up before September 21st to get this awesome deal!

I hope you and your friends love our new 1Password hosted service as much as we loved making it for you. 😘