1Password 7 for Mac: The Best Ever

Today is a momentous day! It’s time to take the wraps off something incredible that changes the world as we know it: 1Password 7 for Mac is here! 🎉🙌

There’s a ton of amazing features packed into this release and I couldn’t stop myself from writing a lot about them. If you’d like to start rocking right away, feel free to jump ahead and download 1Password 7 now. For everyone else, it’s my distinct pleasure to share with you the awesome that is 1Password 7.

Marvellous mini

1Password mini is how most of us use 1Password on a daily basis and for version 7 we wanted to make that experience the best it could be.

1Password mini has been completely reimagined and comes with so many features that we needed to give it its own window. When you bring up mini you’ll find it waiting for you with an incredibly powerful and beautiful new look.

While in your browser, mini will automatically suggest the items you’re most likely to need. Select the login you want to sign in with and 1Password will do the rest.

And mini doesn’t limit itself to just browsers. With our new app integration we’ll automatically suggest logins for the current app you’re using. Along with support for drag and drop, this is a real game changer.

You can also make edits, move items between vaults, and even add documents – all without ever leaving mini. Soon you’ll wonder how you ever lived without it. 🙂

Beautiful, bold design

The beauty you’ll find in mini continues throughout the rest of 1Password as well. It all starts with the newly designed lock screen and it looks incredible, especially with Touch ID.

As great as those vault doors look, they pale in comparison to what lies secured behind them.

The first thing that grabs you is the stunning new sidebar. It draws you in with its bold dark theme and delights you with its simplicity.

The new sidebar looks great without being overpowering and the high contrast between it and your content allows your eyes to focus on what’s most important: your items.

Detailing your items

Your items are able to join in on the fun as well with a new design and some lovely new touches. Each of your items now prominently show which vault they belong to and have their most important information highlighted.

If you caught yourself yelling What Are Those?! when looking at the formatted notes field, you’re not alone. You can now give your notes richly formatted text using Markdown! 🎉

Along with the improved layout and typography, we’ve added a beautiful custom font created specifically for 1Password called Courier Prime Bits (based on the lovely Courier Prime).

Alan Dague-Greene is the creative genius behind this font and it makes large type passwords look absolutely incredible.

Speaking of incredible, when you combine our new custom font with Markdown support, Secure Notes are now at an entirely new level of awesome.

Once you start using Markdown in your notes you’ll find yourself wanting to create a lot of them. And when you do, you can keep your notes and items organized using tags. You can even use nested tags if you want to be fancy.

Oh and if you need to copy fields between items or into another app, you can detach the item details view into its own separate window by clicking the button in the toolbar. This is incredibly useful although to be honest I often find myself clicking it for no other reason than to see the lovely animation. 🙂

Watching out for you

1Password 7 is doubling down on how it keeps you safe online. We have bundled together a suite of security tools that notify you of breaches, warn you of bad habits, and highlight vulnerable passwords. We call it Watchtower and it’s amazing.

Watchtower integrates with Troy Hunt’s haveibeenpwned.com service to see if any of your logins are vulnerable. 1Password securely checks your items against a collection of breached passwords (over 500 million and counting) and notifies you to change them.

And thanks to twofactorauth.org, Watchtower also knows which websites support two factor authentication and will alert you when it finds logins without 2FA enabled.

Watchtower will also alert you to logins that are using an insecure (HTTP) website address, weak passwords, and horror of horrors, reused passwords (seriously, don’t do that!). And finally it’ll even warn you if your credit cards or passports are expiring soon so you don’t miss out on your vacation. 😎

Organize & securely share your items

Let’s get back to that sidebar because there’s more there than meets the eye. Sitting just beneath the surface is a powerful new way to organize and securely share your items.

Simply click on the sidebar header and your categories will slide away, revealing your collection of vaults. Vaults allow you to group your items depending on their purpose and who needs access to them.

You can drag and drop items between vaults and even between accounts. Or, drop your items on the New Vault button and a new vault will be created for you right then and there. It’s so simple it’s like magic.

Once you have your new vault created, sharing it with your team or family couldn’t be easier. Select who you want to have access to your vault and 1Password will do the rest.

Best of all, any updates to the items appear automatically for everyone. It’s easier to share securely with 1Password than being insecure without it. 💪

Strong foundations

Along with all these new features and improvements, a lot of heavy lifting took place to make 1Password 7 faster and secure-er than ever.

It all began by combining 1Password and 1Password mini into a single process. This made items faster to load, reduced memory usage, and decreased launch times. The overall performance boosts made us smile as soon as we saw them and we think they’ll make you smile, too.

Also new in 1Password 7, we’ve taken advantage of Apple’s Secure Enclave to protect your Master Password when Touch ID is enabled. This is incredibly cool because the keys used for encryption are protected by the hardware and not accessible to other programs or the operating system.

And if you’re moving over to our new 1Password memberships, syncing your data is more secure than ever. With the addition of a Secret Key, Secure Remote Password, and Galois/Counter Mode, your data has never been safer. And the speed and reliability is simply unparalleled.

And so much much much more!

I told you at the beginning that I was going to write a lot about 1Password 7 and I could keep going. But in the interest of getting you into 1Password 7 sooner, I’m curtailing the rest into this fancy bulleted list!

  • Collapse the sidebar entirely so your items get all the love
  • Quickly find items with our new Spotlight integration
  • Use Handoff to view iOS items right from your Dock
  • Easily see your currently selected vault and account
  • Marvel at the monogrammed icons for tags and logins
  • Edit your vaults directly from the sidebar
  • Enjoy the new password strength meter
  • Remove duplicate items on a per-vault basis
  • Jump to items and vaults with ease using Quick Open
  • Opt in to automatic updates so you can always enjoy the latest and greatest 1Password has to offer

How do I get it?

To start enjoying the best version of 1Password ever built, grab it here:

Download 1Password 7

1Password 7 is included free for everyone with a 1Password membership. Simply unlock 1Password after downloading and you’re good to go.

Those of you with a standalone license for version 6 will be prompted to subscribe or purchase a license when 1Password 7 first opens. Licenses will cost $64.99 but are available during our launch special for only $49.99. Licenses are per-person, per-platform so you can use your single license on as many Macs as you have. 1Password 7 for Windows will be released next week as a separate purchase.

I hope you enjoy 1Password 7 as much as we enjoyed making it for you! We couldn’t have done it without your help. ❤

Please join us in our discussion forums or in the comments below to share your experiences with us and help craft the future of 1Password. We always love hearing from you. 😘

Dave Teare Founder of AgileBits

1Password at Google I/O

Just over a week ago, I was incredibly lucky to attend Google’s annual developer conference at the Shoreline Amphitheatre in Mountain View. I always look forward to this event because it showcases the latest and greatest technologies coming to Google’s platforms. And to make things even better, I was joined by Gene, Peri, Shiner and Michael – our largest group at I/O yet!

Google I/O 2018

After grabbing coffee and snacks, we took our seats and eagerly waited for the keynote to begin. Sundar Pichai opened the conference by revisiting the most pressing issue of last year: the hamburger and beer emoji fiasco! With the cheese now in the right place, he continued with the keynote and introduced one of the main themes of the conference: leveraging machine learning to solve both simple and complex problems in our daily lives.

The improvements to the Google Assistant such as “continued conversations” and the new voices are fantastic. I do worry that I may fall back asleep if John Legend’s soothing voice reads my daily briefing each morning! The Duplex demo was just incredible and I am amazed at how the Assistant was able to understand and deliver natural language conversations over the phone. I’ve shown the video to all of my family members… maybe even scared them a bit. But don’t worry mom, I promise it will be the real me calling. 😉

Android P (Popsicle?)

It wouldn’t be Google I/O without a strong focus on the next version of Android. Immediately after they announced the Android P beta, I installed it on my Pixel 2 XL and revelled in the beautiful controls, typography, and roundedness of its design. Android P is all about intelligently analyzing and adapting to our usage patterns. This is being used to drive powerful features such as the new Digital Wellbeing. I’m looking forward to using it to remind me to disconnect and focus on the real world sometimes.

Developing on a Pixelbook

One pleasant surprise that got Michael very excited was the announcement that Android Studio is coming to Chrome OS. He quickly got it running on his Pixelbook and then challenged me to a race to see who could build 1Password faster. We were both shocked to find that his Pixelbook came in only 7 seconds behind my MacBook Pro. That’s pretty impressive!

1Password on Chrome OS

As exciting as it is to build 1Password on a Pixelbook, it’s even more thrilling to run an optimized version of it on Chrome OS. We built 1Password 6.8 for Android with an emphasis on the desktop experience, and we’re incredibly proud to have been featured by Google during I/O as an example of doing this well.

One of my favourite desktop features added in 1Password 6.8 is using the arrow keys and the keyboard shortcuts to get around. I also find it extremely convenient using drag and drop to move text between Android apps. Now I can drag my credentials to sign into the Twitter app!

Give 1Password a try on your Chromebook and let us know what you think.

Until next year!

We all had a fun and productive week at Google I/O. It was my first time listening to Justice and Phantogram at the concert, and my god, do I love them! I have “Fall in Love” playing on repeat right now. 🕺

Google I/O sparked some great ideas that we’re eager to explore in 1Password on both Android and Chrome OS. Which of the showcased technologies are you excited to see in 1Password? Let me know in the comments below!

Using Splunk with 1Password Business

1Password Business makes it easy to monitor events that happen on your team using the Activity Log, and you can take that to the next level by adding Splunk to the mix. Using the 1Password command-line tool, you can send your team’s 1Password activity to Splunk and keep track of it there alongside other happenings within your team.

One of Splunk’s most popular features is the ability to find events and trigger alerts based on them. For example, in your team you could set things up so the sysadmins are alerted whenever someone is added to the Owners group in 1Password. I’ll get into that example a bit more later in this post.

Set up the 1Password command-line tool

To kick things off, let’s set up the 1Password command-line tool, if you’re not using it already:

1Password command-line tool: Getting started

When setting up the tool, start by creating a custom group and giving it the View Admin Console permission so it can view the Activity Log, then add a user to that group. Once the tool is set up with that user’s account, get a session token:

$ op signin example

This will allow you to interactively enter the Master Password with secure input. Since you’re definitely putting this in a script, you’ll want to pass the Master Password through stdin to the op signin call to get your session token:

[password] | op signin example.1password.com wendy_appleseed@example.com A3-XXXXXX-XXXXXX-XXXXX-XXXXX-XXXXX-XXXXX

To make things simpler, you can omit the email address and Secret Key from op signin since they are saved in ~/.op/config. You can then simplify the whole sign in step to one line by piping the Master Password to it:

gpg -q --decrypt password.enc | op signin example

To automate all this, though, you can get the Master Password from a secure storage location and pipe it to sign in. A HashiCorp vault is a good place to securely store the account’s Master Password. I’m using GPG in this example, but you can use KMS or something else that you’re comfortable with – just avoid echo. 😉

Start fetchin’ those audit events

Now that we have our session token, we can start getting some audit events. Create a script that’s run by a job scheduler such as cron at regular intervals (every 10 minutes should suffice). That script needs to:

  1. Create the session like we just did above.
  2. Read the last processed event ID from disk.
  3. Fetch events newer than that ID.
  4. Send the events to Splunk.
  5. Save the latest event ID to disk.

To do this, we’ll be working with JSON, so JQ is a good idea if you’re working with bash; you could also use a scripting language that supports JSON, such as Python or Ruby.

You can fetch up to 100 events newer than $ID. To fetch them:

op list events $ID newer

To make sure you get all the events, you’ll need to run that until nothing is returned, since only 100 events are returned each time. This command will return a JSON array of event objects like this:

 {
 "eid": 392879,
 "time": "2018-01-23T15:50:49Z",
 "actorUuid": "YJTZ3RWWFRBNTF4M2YEEY3EPOQ",
 "action": "join",
 "objectType": "gm",
 "objectUuid": "hd22y2bob6qdpap2ge6d7nn4yy",
 "auxInfo": "A",
 "auxUUID": "YJTZ3RWWFRBNTF4M2YEEY3EPOQ"
 }

You can send all of the events in the array to Splunk at this point by using something like the Splunk universal forwarder.

Next, take the eid of the first object in that array and save it to disk so it can be used for the next fetch. If the array from op list events is empty, it means there are no newer events, and you’re done here — for now.

Get alerts about important actions in your team

Earlier I mentioned one such handy use for Splunk with 1Password Business would be to see when someone is added to the Owners group. To do this, you would find an event in the Activity Log that has:

  • action: join
  • objectType: gm (Group Membership)
  • objectUuid: your Owners group’s UUID, which you can get by opening https://start.1password.com/groups, signing in, and clicking Owners, then copying the UUID from the end of the address bar in your browser.

Every audit event comes with a actorUuid field. It’s a great identifier, but when perusing, we have no idea who YJTZ3RWWFRBNTF4M2YEEY3EPOQ is. To fix this up, let’s upgrade our script a bit. Before we fetch events, let’s get a user list with op list users. This will get us all users on the account along with some basic information like their name and email address. With that we can process each event object, look up the user by UUID, then add more descriptive information for when we send things to Splunk.

In this example case of sending an alert when someone is added to the Owners group, it’s probably nice to know who was added. The auxUUID field of the audit event will be the UUID of the user who was added to the group. You can do the same lookup that we did above for the actor. For many events, auxUUID will not be a user UUID, so make sure to fail gracefully there.

Now that we’ve set things up, whenever Splunk finds an event matching this, it’ll be able to alert your sysadmins via Slack or another method and let them know that Lorraine added Bobby to the Owners group. From there, they can take action if they need to.

Try it out and tell us what you think

When it comes down to it, sending your team’s 1Password activity to Splunk gives you one place to audit any administrative action your team has been taking in 1Password, alongside all the other tools your company uses. There are a lot of things you can look out for, from the Owners group example I mentioned before to knowing when someone adds or removes a team member from a vault or changes their permissions.

We’d love to hear how you set things up, so feel free to comment below or send us a message at support+cli@agilebits.com or start a discussion in our forum with suggestions, questions, and anything else you’d like to chat about!

Getting 1Password 7 ready for the Mac App Store

1Password 7 has been in beta for 6 weeks now and the feedback has been fantastic. We are getting close to the official release date and have begun final preparations, including submitting 1Password 7 to the Mac App Store. 🎉

When 1Password 7 is released it will be available from the Mac App Store as well as our website, and will be available as both a subscription and a standalone license.

When adding 1Password 7 to the Mac App Store we needed to answer the following two questions:

  • Should it be a new app?
  • Should it support both subscriptions and licenses?

Ultimately we decided that 1Password 7 will be a new app in the Mac App Store, and available only as a subscription. I know that many of you will be curious about this, so I wanted to share with you why we decided on this approach.

Mac App Store and upgrades

The Mac App Store is one of the most convenient ways to purchase apps for your Mac. You can purchase with confidence, pay quickly in your local currency, and updates happen automatically. Overall it is a pretty sweet experience.

The App Store, for all it does well, struggles mightily when a paid upgrade is introduced because it does not allow developers to charge for an update to an existing app.

When considering a paid upgrade, developers have two choices: they can re-use their existing app or submit a new one. Both have their pros and cons.

Re-using an existing app

Developers are very creative and one approach that some have used to introduce paid upgrades is to re-use their existing app and offer an In-App Purchase to make the upgraded features available.

We actually went ahead and gave this an honest, if short-lived, try. Very quickly it became apparent that this would lead to a complete mess of spaghetti code as we tried to encapsulate new features. Worse yet, any significant UI updates (including the many we have in 1Password 7) were next to impossible to add as we’d have to keep the old UI around as well. Ultimately this proved infeasible and all my devs threatened to mutiny. 🙂

Submitting a new app

A new app avoids these issues, allowing us to keep our code base clean and my developers happy. It comes at a price though.

Introducing a new app means that everyone who wants the upgraded version needs to go back to the Mac App Store, find this new version, and download it.

We’ve done this before with 1Password 4 for iOS, and have the scars to prove it. Thousands of customers were confused when trying to update because their 1Password 3 app claimed to be up-to-date. To this day we have customers on 1Password 3 who do not realize a new version is out.

To be quite honest, one of the main reasons we haven’t had a paid upgrade on the Mac side for all these years is that we were dreading the pain this would cause us and our customers. However the time has come to bite the bullet and have a paid upgrade.

To avoid this pain in the future, this will be the last time we will be submitting a new app to the App Store. To make that possible, 1Password 7 will only be available as a subscription in the Mac App Store.

Mac App Store for subscriptions only

1Password subscriptions are eligible for free upgrades, meaning we can keep the same app in the App Store and seamlessly upgrade everyone to the new version as it comes out. This is just one of many the reasons why we love memberships.

If we were to sell standalone licenses in the Mac App Store we would have these same problems all over again when 1Password 8 is released. Ultimately this is why we decided not to sell licenses through the Mac App Store.

While still tough, this decision was easier to make as people looking for licenses will be able to download 1Password 7 directly from our website. I know this isn’t ideal for those who love the Mac App Store and prefer to purchase standalone licenses and I apologize for that. But overall I believe this was the correct decision to make.

I’ll be out at WWDC in a few weeks and would be more than happy to talk further if you have questions or are facing similar decisions with your own apps.

Learn how your business is using 1Password with reports

One of the top requests we’ve gotten from teams using 1Password over the past few years is a way to see what items their team’s been using. With 1Password Business, we’ve added item usage reports, a new tool for you to see how the people on your team are using 1Password.

Know what your team can access

An administrator or owner on your team can create a report for a team member to see what items they’ve used, how many vaults and items they have access to, and more. To create your first report for a team member:

  1. Sign in to your business account on 1Password.com.
  2. Click People in the sidebar.
  3. Click the name of a team member, then click Create Usage Report below their name.

We’ve designed reports to focus on the vaults that matter to you, so you’ll see items from shared vaults in a person’s report.

Know what’s being used in your vaults

You can also create a report for a vault to see what people have been using in it. To create a report for a vault:

  1. Click Vaults in the sidebar.
  2. Click the name of a vault, then click Create Usage Report below its name.

The handy thing about creating a report for a vault is that you can see what has been used often in that vault. Sorting by item name gives you an organized list, and each item will be shown as a separate entry for each person who has used it.

Know what to do when someone leaves your team

When someone leaves your team, you can suspend their account to revoke their access to vaults and items, then create a report to get an idea of what passwords you might need to change. Then you can click the item in the report and use 1Password to quickly change the password.

Keeping passwords in a shared vault in your team means any changes made to them will be available to the people who can access that vault right away. Then you can change the password to keep those accounts secure, and through the magic of shared vaults, everyone who needs that password will automatically get the new one so they can use it right away.

Start using reports

Usage reports are centered on the best part of any company: the people. They focus on the vaults someone has access to, as well as important dates, like when they joined the team or last signed in. And the best part is only the admins and owners of your team know which items and websites your team is using: we can’t see any of that.

The goal of reports is to help you make better judgments about whether Emmett or Lorraine really need to keep access to those potentially high-value resources. And if they don’t, you change their access to something that better suits them.

Learn more about creating reports in 1Password Business

This is only the beginning — we’d love your feedback on what else you’d like to see in the reports. Comment below to start a discussion or send us a message at business@1password.com to share some feedback.

Introducing Watchtower 2.0: The turret becomes a castle

Introducing the all new Watchtower – it is absolutely gorgeous, and appears to be rather timely!

Twitter asked their 330 million users to change their password yesterday due to a security snafu, putting privacy and security at the forefront of everyone’s mind once again.

1Password includes Watchtower, with its suite of security tools, making it the easiest and most comprehensive way for you to check the security of all your passwords.

Watchtower report

With a click of a button, Watchtower audits your passwords against a wide range of security vulnerabilities giving you an easy to read report with simple steps on how to fix any issues it finds.

Let’s take a look at some of the defences.

On the lookout for breaches

Watchtower will automatically notify you if there’s been a security breach for a website you use. A bright red bar that’s pretty darn hard to miss will display across the top of the item, prompting you to change the password for that site.

Login showing a breach

Please excuse me while I hop away for a sec and go change that Twitter password. 😀

A vanguard for pwned passwords

Watchtower can check your passwords to see if any have been exposed in a breach. Integrating with Troy Hunt’s haveibeenpwned.com service, your passwords are checked against over 500 million exposed passwords, highlighting any that are found.

Watchtower showing vulnerable passwords

To keep your passwords private, Troy found a brilliant way to check if passwords have been leaked without ever sending your password to his service.

Strong, unique passwords are your greatest defence

Using strong, unique passwords for every website is your surest way to keep safe. When a website is breached and your password compromised, that password can be used to sign in to other websites that use the same one. If you’ve reused that password elsewhere, you’re putting all those sites at risk.

Watchtower not only shows you which of your passwords should be stronger, it also alerts you when you’re using the same passwords for more than one website.

Graph of password strengths

Now would be a great time to use Watchtower to see if you reused your Twitter password for your bank account 😱

A second line of defence

Enabling two-factor authentication (2FA) on websites is a great way to keep your accounts there safe. Watchtower will now let you know about websites you have saved in 1Password that support 2FA, but don’t have it enabled.

Alert showing missing 2FA

This gives you the chance to enable 2FA for those sites. When you enable 2FA, make sure to keep the one-time password in 1Password.

Don’t get caught off guard

Watchtower not only looks out for your passwords, but for you as well. It will now warn you if one of your credit cards, driver’s licenses, or passports are expiring soon, making sure you aren’t scrambling to make last-minute arrangements.

Alert showing expiring passport

Here in Canada you can’t travel internationally if your passport expires within 6 months, so this can be a real life saver if you have that long-planned vacation coming up soon.

Try today with your 1Password membership

Watchtower is available today, so it’s time to give it a try now!

Sign in to your 1Password.com account, select a vault, and click Watchtower in the sidebar to create your report. If you don’t have a 1Password membership, start a free 30-day trial to get started.

Oh, and don’t forget to change your Twitter password :)

Multi-Factor Authentication in 1Password

The more the merrier, my mother likes to say. And why shouldn’t that apply to authentication factors? You have your Master Password and Secret Key, and they’re combined to be one amazingly strong factor via Secure Remote Password. We’ve added two more to the guest list, and you get to invite whichever you’d like.

Two-Factor Authentication

Two-factor authentication in 1Password is implemented with Time-based One-Time Passwords. Time-based One-Time Passwords is a mouthful, so forgive me for abbreviating it to TOTP from here on out. TOTP is a widely adopted standard and it’s a great way of adding a familiar additional factor to your authentication process.

When setting up two-factor authentication, you’ll be provided with a TOTP secret that you can store in an authenticator app of your choosing. 1Password has been a TOTP authenticator for years now and storing it there is very convenient, but we recommend also storing it in an authenticator app like Authy. Ideally you’d store it in both so you have access to it when needed. When it comes to backups, the more the merrier, just like Mom said! 🙂

Any time you sign in to your account from a new device you’ll be prompted for a one-time password. Use the authenticator app to get the current one time password, punch it in and you’re off to the races.

Turning on two-factor authentication is a breeze. All you need to do is go to My Profile, choose ‘More Actions’ on the action bar on the left, then ‘Turn On Two-Factor Authentication’. From there instructions will have you set up in no time. Just make sure that you keep your TOTP secret safe as it’s going to be required any time you sign in from a new device.

Duo Security

Duo Security is a slightly different approach to protecting accounts and has been available as a beta feature in 1Password for a number of months. The feedback we’ve gotten from it has been unanimously positive, and Duo is now available for anyone using 1Password Teams or 1Password Business. The best part of Duo is that once configured by an administrator it will automatically apply to all members of the team.

When you sign in to 1Password, you’ll be prompted to send a push notification to your mobile device where you can either allow or deny the request to sign in.

Duo + 1Password for Mac

Duo is a great option if you’re looking to enforce the use of an additional factor across a whole team.

Another Layer of Protection

The awesome part about these additional factors during authentication is that they get to stand on the shoulders of Secure Remote Password. The SRP handshake needs to occur and all additional factor requests get the benefits of that secure channel. Without SRP the same attacks that could disclose your password to an attacker eavesdropping on a connection could also disclose your additional authentication factor. SRP protects both your password and the additional factor. This also means that enabling two-factor authentication or Duo does not mean that you can have a weaker Master Password. They protect against very different things, and your Master Password is ultimately what’s protecting your data.

Supported Across All 1Password Apps

We’ve rolled out support for both Duo and TOTP in all of our apps. Windows, Mac, iOS, Android, Web, and Chrome. We’ve even added both to our 1Password CLI tool, and it’s pretty amazing to have a terminal emulator trigger a push notification to my iPhone. Just make sure that you’re using the latest versions of our apps and you’ll be set.

 

Introducing 1Password Business

Since 2015, over 30,000 businesses have signed up for 1Password Teams and discovered how 1Password can help them be secure while also increasing their productivity.

We’ve learned a lot by working with these companies and found that what works for a team of 20 doesn’t necessarily work for a company of 20,000. So we got to work.

Today, I am thrilled to announce the results of that work: 1Password Business. 🎉

1Password Business

1Password Business provides the features you need as a larger team. It gives you the tools to protect your employees, secure your most important data, and stay compliant. Your administrators will love it for the control it gives them, and your employees will love how easy it is to use.

Control access and be compliant

GDPR, HIPAA, SOC2, PCI, PIPEDA… man, there’re enough compliance requirements to make your head spin.

Thankfully, 1Password helps by keeping you in control of who has access to what. Each employee gets a place to store their private, work-related passwords. But there are times when passwords need to be shared. For those times, it’s easy to share passwords with only the people who need them.

Fine-grained permissions – give employees exactly the access they need.
Custom Groups and Roles – organize your staff and their access.
Device Restrictions – limit where access is granted.
Managed Travel Mode – restrict employee access when travelling.

Control access and be compliant

We ourselves are growing quickly and long gone are the days where everyone worked on every project. We are looking to hire another 100 people this year, and 1Password helps us stay compliant with our SOC2 regulations as we grow.

Automated provisioning

Sometimes you are growing so fast, or have gotten so large, that no matter how simple the onboarding steps, they just aren’t fast enough. In these cases automation comes to your rescue.

Active Directory Integration – automate provisioning and de-provisioning.
Okta Integration – allow Okta to manage your team for you.
Command line Integration – integrate 1Password into your custom business flows.

Automated provisioning

Now that we are starting to use Azure AD ourselves, onboarding those next 100 people should be a breeze. 😉

Adding a second third factor

1Password protects your passwords behind both your Master Password and your Secret Key. Now you can add yet another layer of protection with our multi-factor authentication (MFA) support.

Team members can turn on two-factor authentication to further protect their 1Password accounts. Or, if your company uses Duo, you can require its use for your entire team.

Multi-factor authentication

Advanced auditing and reporting

In 1Password Business, we’ve created some super useful reports for you and your administrators. It’s never been easier to keep track of everything happening on your team.

Employee Access Report – see which shared passwords an employee has used.
Shared Password Report – audit shared passwords to see who has used them.
Activity Log – review administrative actions taken by your team.
Action Dashboard – view activities that are awaiting your action.

Advanced auditing and reporting

Free family accounts

Worth more than $50 per user

Your business data is only as safe as your employees’ habits. If anyone brings unsafe password habits from home into your work environment, they put your entire business at risk. Now, you can protect your business by keeping those you work with safe at home.

With 1Password Business, each employee on your team gets a free 1Password Families membership. This way they can learn the habits they need to protect themselves and your company.

Try 1Password Business today

Sign up today for a free 30 day trial and see for yourself how 1Password can help your company. Your data will be more secure and your employees more productive than ever.

Sign up for 1Password Business

If you have any questions or would like to schedule a demo, contact our business team. We’ll be happy to show you how 1Password can work for your business. After using 1Password for a few weeks at your company I promise you’ll wonder how you ever lived without it!

MyFitnessPal Shows How to Handle a Breach

We all witnessed something refreshing last week when MyFitnessPal announced their data breach. They were open and honest about what happened and they should be congratulated.

Many companies hide from the truth and make things much worse for themselves and their customers. Instead, MyFitnessPal did it right. Not only did they handle the disclosure with finesse, they also had excellent systems in place to limit the exposure of the leak.

MyFitnessPal provides a great case study on how to handle a data breach and protect customer information. Let’s start with the announcement itself.

The Announcement

First it needs to be said that it was awesome that there actually was an announcement and that it was published in a timely manner. This is a very good thing!

There was an in-app notification, direct emails, and a pinned Twitter post.

They also posted Frequently Asked Questions that were excellent and when I emailed their support team with some questions for this post, their automated reply included information about the breach and what they were doing to protect their customers.

MyFitnessPal was incredibly open and transparent about everything and at no point did they try to hide details from their users, myself included! That allowed me to update my password and get on with my life.

I wasn’t overly attached to qdd84b7UayEwM9J6dZV anyway so I didn’t mind changing it. And since I only used this password on myfitnesspal.com I didn’t need to update any other websites.

Strong unique passwords FTW! 🙂

Secure Handling of Passwords

Equally commendable was how MyFitnessPal stored passwords in their systems. Or more to the point, how they didn’t store passwords.

Many sites choose to store the plain text password, which is bad. The fact that Have I Been Pwned? now has over a half a billion plain text passwords in their database shows how prevalent this horrible bad practice is.

MyFitnessPal was much smarter than that as they never stored the actual password. Instead they stored a hash of the password, most of which were created using bcrypt. Our Chief Defender Against The Dark arts wrote at length about bcrypt and how it can be used to protect user passwords.

It’s possible to go even further than bcrypt and avoid sending passwords to the server by using Secure Remote Password. We use this in 1Password and are quite smitten with it.

Avoiding Other Sensitive Information

The other smart thing MyFitnessPal does that should be commended is collecting and storing the minimum amount of data. From their FAQ:

The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers) because we don’t collect that information from users. Payment card data was not affected because it is collected and processed separately.

The easiest way to protect data is to not have it in the first place! We follow a similar mentality in 1Password and it’s refreshing to see other companies taking security and privacy seriously.

MyFitnessPal made some excellent design choices and quickly organized an effective response to a bad situation.

For those looking to learn more about the MyFitnessPal breach, Troy Hunt started his Weekly Update 80 with a full discussion on the subject that I found very intriguing, especially the strategy on how to migrate from a SHA-1 hash to using bcrypt.

P.S. A great deal of this post was inspired by an incredible letter I received from Benjamin Fox about how unique passwords helped him quickly recover from the MyFitnessPal breach. Thank you for the inspiration, Benjamin! ❤️

Hi Dave,

I know you get hundreds of emails but I can’t help but send this email. I received an email from MyFitnessPal today and of course the news-breaking headlines.

In reading the email, I simply smiled. Headed to my 1password vault and checked the password.

Sure enough, there was a 40 character, numbers + symbols password. I smiled smugly and thought of you.

Your amazing product keeps my data safe every single day. I have not one single duplicated password. Back about 4 years ago I spent the entire weekend updating 200 plus sites with a unique password ( MyFitnessPal being one of them ).

I have recommended so many people to your platform knowing that you have an amazing product and just as importantly, a fantastic support team.

Take care my friend and I send you a warm-hearted thanks from Darwin, Northern Territory, Australia!

Keep doing what you’re doing!
Benjamin Fox.

We really do have the best users in the world. 😘

The 1Password 7 Beta for Mac Is Lit and You Can Be, Too

Guess what, Mac fam? 1Password 7 for Mac is on its way! 🎉👏

This first beta is just a taste of what’s to come and it’s already packed full of new features and improvements. Here’s what we have so far.

Beta bling

The awesome starts with the lock screen but the real magic happens when those doors open.

Enhanced sidebar

1Password 7 comes at you fast with its bold, beautiful sidebar. The sidebar shows more information than ever, but the dark theme and monochrome icons allow you to focus your attention on what matters most: your items.

Drag and drop

You can now see all your vaults in the sidebar. This makes it easy to drag and drop items between vaults to organize them. You can even drag them between two different accounts. And if you drag items onto New Vault, a vault will be created for you right there and then. It’s never been easier to share and organize your information.

Easily edit vaults

With the new sidebar it seemed fitting to allow you to manage your vaults directly from there. So that’s what we did. Edit vault names, change their descriptions, choose an avatar or upload your own. All without ever leaving 1Password.

Rich formatting in notes

Are you feeling bold? How about emphatic? You can now express your emotions in secure notes. Use Markdown in any of your notes to add clickable links, ordered and unordered lists, and eye catching styles.

Nested tags

Tag fanatics rejoice! Not only can you organize your items with tags but you can also organize your tags. There’s an Inception joke here somewhere; while you wait for me to find it, add a forward slash to your tag names and 1Password will do the rest.

Pop-out items

If you use lots of different apps on your Mac or enjoy viewing multiple items at once, you’re going to love this: click the icon on the toolbar and your item details are whisked away into a new sticky window that will stick around until you dismiss it.

Our own font: Courier Prime Bits

No design is ever complete without finding the perfect font. We’ve added a beautiful custom font created specifically for 1Password called Courier Prime Bits (based on the lovely Courier Prime). Alan Dague-Greene is the creative genius behind this font and it makes your passwords look alive.

Finding pwned passwords 🕵🏼‍♀️

Troy Hunt has collected more than 500 million passwords from various breaches in his Have I Been Pwned? database. Easily check if your password is among them.

Secure Enclave for Touch ID

Secure Enclave protects your Master Password when Touch ID is enabled. This greatly improves your security when using Touch ID because the encryption keys are protected by the hardware in your Mac and are not accessible to any other programs or the operating system.

Safari App Extension

Our Safari extension now comes built in to 1Password 7. There’s no need to manage it separately, it updates whenever 1Password updates, and it’s more secure to boot!

Single process architecture

We completely rearchitected 1Password 7 to run within a single process. This eliminates connection issues between the main app and mini, greatly speeds up loading, and improves performance everywhere.

Grab bag of lit-ness

The changelog for beta 1 is huge. Coming in at nearly 100 additional features and improvements, it’s literally too much to read. Here are the CliffsNotes (or Coles Notes if you’re reppin’ Canada):

  • Collapse the sidebar entirely so your items get all the love
  • Share vaults directly from the sidebar
  • Easily see your currently selected vault and account
  • Login details now highlight one-time passwords
  • Tags are monogrammed with their initials
  • Select which vaults to focus on right from the sidebar
  • Quickly find items with our new Spotlight integration
  • Use Handoff to view iOS items right from your Dock
  • Login icons have never looked better

Get it now

Getting lit with beta 1 is easy!

Download 1Password 7 Beta For Mac

1Password 7 is included free for everyone with a 1Password membership. Simply unlock 1Password after downloading and you’re good to go.

Those of you with a standalone license for version 6 will be prompted to subscribe or purchase a license when the beta first opens. Licenses will be available for $64.99 when we launch later this year, but are available now for only $39.99. You can also try a membership and start enjoying 1Password 7 today with your first month free.

We’re looking forward to sharing more surprises with you on our journey towards 1Password 7. In the meantime, please join us in our beta forums and help craft the future of 1Password. We always love hearing from you. 😘

P.S. This post was heavily inspired by asking the question that we should all ask ourselves from time to time: what would Drake say? I think I got close but if you know Drake, please ask and let me know. 🙂