It’s not often in the life of an application that one gets the opportunity to draw inspiration from one of the greatest and most hilarious sci-fi stories of all time. Today, we are incredibly honoured and excited to present 1Password 4.2 for Android. With a custom keyboard; automatic filling in web browsers and third-party apps; and built-in support for viewing time-based, one-time passwords (TOTPs); our newest version of 1Password for Android promises to be approximately 420% more useful than a towel. Read more
Copy & Paste clipboards (or “pasteboards” as they are called on Mac and iOS) can be dangerous places for secrets if you have malicious software running on your device. On most operating systems – mobile and desktop alike – most running applications can read from the system clipboard. When you copy a secret to the system clipboard, a malicious process may be able to read and steal that secret.
This, by the way, is not news, but it is good that it has made the news. It helps people be aware of clipboard usage, and it gives me the opportunity to talk a bit about what we have been doing over the years about this.
We have always worked to reduce how much people need to depend on system clipboards when using 1Password. The details differ from system to system, and each operating environment gives us different ways to help reduce clipboard use. On the Mac and Windows PCs we have the 1Password Browser Extensions communicate with 1Password so that web form filling can avoid the clipboard. 1Password for Windows also uses auto-type to reduce clipboard activity. 1Password 5 on iOS offers 1Browser and integration with other apps through App Extensions
But today I will reveal a few things that our 1Password for Android beta testers know.
Aside: Before I get to that discussion, I should point out (as I often do), that the single best defense against a malicious program running on your machine or device is to keep your systems up to date with all software and system updates. It is also important to be careful in what you install on your system. 1Password can offer some significant defenses against malware on your system, but you have to help keep your systems free of malware.
1Password 4 for Android already has a simple built-in browser. This allows you to go directly from your Login item in 1Password to the web page, filling the data without the clipboard. Our iOS users are already familiar with 1Browser, and this is shaping up on Android.
Lollipop provides clipboardless sweetness
Of course, web pages aren’t the only thing that people need to fill passwords into, and sometimes people may wish to use something other than the browser built in to 1Password. In the current Beta release of 1Password for Android, we used the latest security and accessibility features in Android 5 (Lollipop) to allow 1Password to fill into other apps without making use of the clipboard.
Starting with Lollipop, we have a way to fill password data into other apps without using the clipboard. Perhaps it would be best to just quote what Nik, our Happiness Engineer, had to say in the beta newsletter just a couple of weeks ago:
Wondering why app and browser filling requires OS 5.0? Me too! So I asked our developers. It turns out that the only way for us to do this in earlier versions of Android OS was to use copy/paste accessibility APIs, meaning that any clipboard manager or malicious app could listen to clipboard events and collect login credentials as they were filled.
In Lollipop, 1Password can fill your information directly, without using the clipboard. Therefore, it isn’t possible for a third party to obtain your passwords by snooping on what 1Password’s doing.
Prior to Lollipop, it would be possible to get this kind of app-filling, but it would have relied on the clipboard under the hood. Because using the clipboard involves known risks, we feel that we should make it clear when copy/paste is being used and minimize it’s use wherever possible. As a result, we decided to focus on a Lollipop-only implementation of our filling feature
If you have an Android device with Lollipop installed and would like a sneak peek, I invite you to sign up for our Android beta.
Clipboards may always be with us
As you can see, we are working to reduce dependency on system clipboards when using 1Password. This is an on-going process. Browser integration on the desktops was something we started with back when the very first versions of 1Password was released for the Mac nearly eight years ago. Later, we introduced our own browser into 1Password for iOS, and much more recently encouraged 1Password integration for other iOS 8 apps using App Extensions. Along the way, we introduced auto-type in 1Password for Windows and a web browser into 1Password for Android. As you’ve learned here, we have in-app filling in our Android Beta, making use of the latest features of Android 5.0, Lollipop.
But while we are progressively reducing the need for copy and paste to a system clipboard, we are a long way from eliminating the need to use these. This is why I must repeat my advice to keep your system free of malicious software.
What I would like to see is a clipboard that could only be read when the user explicitly chooses to paste. This is something that has been suggested a number of times before, but has not be implemented on the most popular operating systems. I suspect that there is a reason for that, but if you know, I eagerly await your insights in the comments.
Since the release of the all-new 1Password 4 for Android, we’ve been thrilled with your feedback and our developers immediately got to work on our first free update. Now we’re back with version 4.1 (rolling out through Google’s servers as you read this!), which packs some powerful new features and our brand new freemium pricing so everyone can get secure, convenient security!
Features and Fun
1Password 4.1 for Android includes some big improvements:
- Create your 1Password datafile right within the app – You no longer need an existing agilekeychain file to enable sync
- Stay secure, whether you pronounce it asegurar, sichern, garantir or обеспечить. Version 4.1 has localizations for 17 languages – including Spanish, German, Portugese and Russian
- Freemium pricing – 1Password 4 for Android is now free for anyone to try with premium features unlockable via a one-time, in-app purchase. Read on for details!
- Full release notes with all the features, improvements and fixes are available via the Settings pane within the app
Choose your own adventure with the Freemium model
Do you just need quick access to a password on the go? Or are you a mobile security ninja adding passwords and organizing your data in exotic locations on your Android phone or tablet?
Either way, our new freemium pricing in 1Password 4.1 for Android has you covered. You can now get 1Password 4 for free in the Google Play Store, and everyone can try all premium features for 30 days.
1Password 4 for Android, the Reader version
As a free app, 1Password 4 for Android can:
- View all items in the vault
- Delete items from the vault
- Browse your favourite sites with 1Password’s built-in web view
- Access all options in Settings (including PIN code and Rich Icons)
- Configure sync with Dropbox or Folder Sync – both to an existing vault created with one of our other editions or by creating a brand-new vault
- A whole lot more!
1Password 4 for Android, the premium version
The paid edition unlocks the full power of 1Password for Android, right in your pocket:
- Create and add an unlimited number of new items
- Modify existing items
- Organize items into Folders
- Mark (and unmark) items as Favourites for quick access… or ‘Favorites’ for our friends south of the border
All 1Password 4 premium features are available for a single in-app purchase of $9.99 and will apply to all devices using the same Google Play Store account.
Did someone say “Sale!”? [Update: The sale is now over, thanks!]
For a limited time, you can unlock the premium features of 1Password for only $7.99 – a 20% discount! We do mean limited time, though, so snag those premium features, keep your 1Password data organized, and get simple, convenient security at an incredible price!
Over the past six weeks, we’ve seen a tremendous response to the all-new 1Password 4 for Android and our free trial experiment. Our team has been hard at work on a number of updates and great new features, and today we’re happy to say that v4.1 is coming soon, we extended the trial date, and we can now announce a price!
v4.1 for Android
Coming soon, 1Password 4.1 for Android will allow new users to create their first vault right on the device, no existing sync or vault required.
We added localizations for German, Spanish, Portuguese (European and Brazilian), Romanian, Russian, and Swedish. We are also finishing up translations into Chinese, Japanese, French, and Italian. Finally, we added some fixes and improvements that lay the groundwork for goodies that are on their way.
Free trial deadline extended, and a price!
Since our experiment is going so well, we extended the final day through Monday, August 18. Now everyone can have a few more weeks to check out 1Password 4 for Android and all its security awesomesauce.
On Tuesday, August 19, our Android version will switch to a freemium model. You can download it for free and use it as a 1Password reader, a great sync companion with 1Password for Mac or Windows, so you can take all your items on the go. To unlock all editing, organizing, and creating features, make a one-time, in-app purchase of just $9.99 USD to get the full power of 1Password right in your hands.
But wait there’s more
Since we’re just that excited about 1Password 4 for Android, we’ll start this off on August 19 with a $7.99 USD Awesome Android Launch Sale! This 20-percent-off sale will run for just two weeks, so when the sale starts mid-August, move fast.
For the v4 Android debut, Android Central, Boy Genius Report, Lifehacker, and PCMag were excited, with SlashGear saying it “does justice to its namesake.” The Next Web went in-depth with the new version, The Verge says “this is the password manager you should be using,” and then there’s Greenbot, Gotta Be Mobile, International Business Times, and plenty more.
On the Windows side, InfoWorld called v4 a “strong password manager” and lists it among the best. SlashGear and Engadget are excited, and TechCentral says it’s an “impressive password management tool”. Then there’s PC & Tech Authority, Softonic, Techgear, iPhoneclub… and that’s probably enough links for one day.
We are absolutely delighted to get these major releases out there, and the feedback to support and in our forums has been fantastic! We put “Agile” in our name for a reason, so there’s plenty more where this came from. To see what we have coming next, follow us on Twitter, Facebook, and our newsletter!
Well, ok, we haven’t added solar panels (yet), I meant the other green: 1Password 4 for Android is now rolling out for phones and tablets. It is a brand new app and should be available in Google Play soon as soon as Google’s servers update!
This is a fully operational, add-and-edit-all-your-items-able, one-tap Login-able new version of 1Password that has been rebuilt from the first line of code to the last icon.
It’s also free!
We don’t call ourselves AgileBits for nothing, so we’re trying something new with this release. 1Password 4 for Android is a free app, and through August 1, 2014, all features are unlocked and free for everyone to try. After that, it will switch to being a reader client for your vault, a perfect companion for syncing your data with 1Password for Mac and PC.
If you want all editing features of 1Password 4 for Android after August 1, you can unlock them with a one-time in-app purchase. We’re still figuring out what that price is going to be, but we’ll have details soon!
Available now-ish and full release notes
We just hit the big red button in Google Play, so 1Password 4 for Android is rolling out as a free upgrade to our previous Android edition. If you don’t see it yet, you should soon, and thanks for your patience.
For those who like to dig through the full release notes, they’re just below the gallery.
- Phone and Tablet UI – a true, modern app for both devices
- Rich and redesigned icons
- Free app
- All features free to try until August 1
- Turns into a reader on August 1, unlock all features with a one-time in-app purchase (price TBD)
- Manage your vault – add, edit, and delete items
- Support for viewing attachments added from Mac or PC
- Strong Password Generator
- Viewing custom fields
- Viewing web form details
- Mark items as Favorites for quick access
- Updated and expanded item categories
- Folders and sub-folders
- Built-in browser so you can log in with a tap
- Easily copy Login and other details to use in other apps
- Dropbox sync
- Folder sync
- Automatic sync
- Background sync
- Sync notifications (notification drawer and on-screen)
- Merge local data with an existing vault
- Lock all of your important items behind a secure Master Password
- Tamper-proof Authenticated Encryption using AES-256 using Encrypt-then-MAC
- Same solid foundation as 1Password for Mac and 1Password for iOS
- PIN code (not limited to 4 digits)
- Automatically clear clipboard
- Automatically lock vault when idle
[Major important update: it’s here!]
We’ve been busy. Not just busy—busy. A while ago we decided that we could rebuild 1Password Reader for Android. We have the technology. We have the capability to build the greatest 1Password for Android the world has ever seen. We then set out to do it.
Now it’s done.
1Password 4 for Android arrives on Tuesday, June 10. It is an entirely new and full-featured app, built for both phones and tablets!
It is also an experiment. All new features will be unlocked and free for everyone to use through August 1, 2014. After that, 1Password 4 for Android will go into a reader mode, and all features can be unlocked for an in-app purchase.
To be among the first to get the whole kit-n-kaboodle about the all-new 1Password 4 for Android, subscribe to our newsletter below (and be sure to respond to the confirmation email!). Press folks who want to give it a look, get in touch with me directly or via the bottom of our Press Room.
We’d like to thank our existing Android users and all 1Password customers for all the enthusiasm over the past year. We can’t wait to show you the incredible new 1Password 4 for Android.
You might have noticed that this summer a couple of interesting screenshots appeared in our Dropbox folder, and then here on the blog.
You also might have noticed that we ran a rather large beta test for our Mac version.
Now those two great tastes will taste great together! We’ve set up a shiny new (if I do say so myself) Android beta newsletter signup page.
If you ever sent us an email or a tweet asking about the future of 1Password on Android, now’s your chance to help shape that future.
It’s an opt-in newsletter, so we’ll send you a message with a confirmation link to click just to be sure you meant to sign up, and to make sure we got your address right.
Join us, won’t you?
With our release of the all-new 1Password 4 for Mac this month, the venerable Joe Kissell also wrote a whole book for the Take Control series called Take Control of 1Password (on sale for just $10!). It’s a great look into getting setup with 1Password 4 for Mac and even iOS and Android, as well as all the real-world ways 1Password can be useful for passwords and beyond.
Since Joe went so in-depth into getting the most out of 1Password, I figured we should go in-depth on Joe, the Take Control series, and his thoughts on 1Password and the future of security. I reached out for an interview, and he had some great responses.
AgileBits: First off, thanks for writing a whole book about 1Password, that’s pretty great of you. For our customers who aren’t familiar with the Take Control books, can you give a rundown on what the series is about?
Take Control is a series of ebooks that help ordinary, nontechnical people understand and make the best use of technology. The idea is that you have a professionally written and edited explanation of some technical topic that’s much more detailed than a magazine article could be (say, 100–150 pages instead of 2–6) but far more manageable than a 500+ page printed book. And, since they’re ebooks, we can treat them much like software: we offer minor updates for free and discounted upgrades on major new editions. You click a link to check for updates, download the new version, and that’s that. So the content can stay up to date as the technology changes, and you don’t end up with this huge chunk of paper that’s outdated before you even read it the first time. And all this comes at a modest price—most of our books are around $10–15.
The majority of our books focus on Apple (Mac and iOS) technologies. But we’re increasingly covering topics that apply across platforms, such as online privacy, Dropbox, and (of course) 1Password. We’ve even had a few books in the series that weren’t about computers at all, including one I wrote about how to prepare Thanksgiving dinner!
This month is actually the 10th anniversary of Take Control Books. Ten years ago this spring, I got a call from Adam Engst, who is well-known in the Apple community as the publisher of TidBITS and the author of numerous books. I’d known Adam for a long time—I’d written some TidBITS articles and Adam had written a foreword to one of my books and so on. He said he had an idea for an experiment in electronic publishing, and wanted to know if I’d be interested in joining a small group of other authors and editors in trying out this new model. I said sure, and the first book I wrote in the series was “Take Control of Upgrading to Panther,” which came out the same day Panther (Mac OS X 10.3) did, in October 2003. It sold a bazillion copies, and the rest is history. (And, this month, in keeping with tradition, we shipped “Take Control of Upgrading to Mavericks“!
What about your Take Control of 1Password book, in particular? Is there an overall approach or theme you had in mind while writing it?
Earlier this year I wrote a general-purpose book on password security, “Take Control of Your Passwords“. That book was all about understanding password security generally—why you need to have excellent, strong, unique passwords; what makes one password better than another; and what strategies you can use to keep from being overwhelmed by passwords. Of course, using a password manager like 1Password is one aspect of that, although I take pains to say it’s not a complete solution in and of itself.
In the 1Password book, I wanted to say, OK, if you’ve chosen 1Password (which happens to be my favorite password manager) for that aspect of your password strategy, then here are all the details about doing the stuff you care about doing with it. It’s no good to just say, “Go out and buy this app” if a reader isn’t sure what to do with it, how to use it most effectively, how to solve problems, and so on. So that’s what I was trying to do with this book.
For whom did you write this book? Was there a type of user or skill level in mind?
Well, I was thinking of people like my wife (hi, honey!), who may have had 1Password for a long time but never quite grokked it. People who aren’t technophobic but also don’t wear propeller beanies, if you know what I mean. Ordinary folk who just want to get things done and appreciate a bit of patient, systematic hand-holding but don’t want to be talked down to.
It’s not that 1Password has such a steep learning curve, but you kind of have to get on board conceptually with its way of handling things. And I think the best way to do that is to walk through all the steps of creating, storing, and using passwords a few times, with the sites you use most frequently, so it’s not just a vague idea about what should happen but the actual experience of making it happen. I try to walk users through both the theory and the practice so that, hopefully, after a few tries the process clicks and they go, “Aha! Now I see how much better this is than the old way.”
So, as with all my books, I’m writing for an intelligent reader who just isn’t an expert in this particular thing. And I try to focus more on real-world tasks than on features. In other words, I don’t think that by simply cataloguing what every button and menu command does, I’d be teaching someone how to use the product. Instead, I frame it as, “You probably need to accomplish x, y, and z with this app. How do you go about doing that?”
Besides stronger passwords, do you have another favorite use or some tricks for getting more out of 1Password?
I keep all my software licenses in 1Password. At the moment, I have—let’s see—373 of them! I find, especially at times like these when a new OS version is coming out, that I’m reinstalling apps quite a bit and I have to say, I’ve kind of fallen in love with 1Password mini for quickly retrieving license codes. I launch an app and it asks for the code, and now I just press Command-Option-\, type a few letters of the app’s name to find it, arrow over and down to the password field, and press Return to copy the code. Click back in the app, paste, and I’m done. So much simpler than it used to be!
Another thing I suggest in my book is to include not only textual data, such as your credit card, driver’s license, and passport numbers, but scanned images of the items themselves, as attachments. If you ever lose one of these items, a scanned copy can be very helpful in getting it replaced (and also provides some supporting evidence that you are who you say you are).
What do you think are some of the challenges for the security software space in general?
Wow, where to even begin? Well, I’ll focus on a couple of issues. First is the actual security part—making products and services robustly hack-resistant. Some of the folks who want to break into people’s accounts and steal their data, money, or identity are extremely smart and, shall we say, dedicated. Staying ahead of them requires even more smarts and dedication. I’ve seen some pretty scary security products—I’m thinking of a couple of password managers in particular—where it’s evident that the developers didn’t have a deep understanding of things like entropy, encryption algorithms, and exploits, but just threw something together that seemed to basically work. Most users won’t know the difference—until they get hacked.
So I love reading the security posts on the AgileBits blog by Jeff Goldberg and Roustem, because they demonstrate an extensive, thorough knowledge of cryptography that shows you guys really do know the score.
The other side of that is usability. You could ask users to enter a password, type a code from an SMS message, and do a fingerprint scan every time they go to a new Web site, and that might be super secure, but it’s an unreasonable amount of effort for what you’re trying to accomplish. Tools like password managers have to not only be easy to use but to respect varied workflows. If a tool requires you to throw out all your habits to adapt to the one way it knows how to do things, or if it imposes unreasonable restrictions (like forcing you to use just one browser), it’s not being kind to users.
Now, it does make me a bit sad that 1Password has had to remove or alter certain useful features over the years in order to remain compatible with all browsers and platforms. I understand why that is—you have to work within what browser developers, and especially Apple, permit you to do, and those restrictions have gotten tighter. But man, I miss the time when I could visit a new Web site that asked me to generate a password and then, with a single click, create, fill in, submit, and memorize that password. Those were the days! And I’ve been lobbying for an option to fill in and submit a default set of credentials automatically when you load a page, no clicks or keystrokes required. I would love to see 1Password take that next step in usability.
You have a section called ‘Glimpse the future of 1Password.’ Care to offer a glimpse of that glimpse for your potential readers?
Part of the reason for that section was to reassure users who upgrade to version 4 and have a moment of “Hey, wait a minute! What happened to (my favorite feature)?!” During the version 4 beta testing, AgileBits staffers were constantly reminding everyone that, because it was a total rewrite as well as a redesign, a few of the elements people were used to in version 3 aren’t quite there yet, but will be soon—and there are big new features in the works too. I think one of the most important changes in version 4 is that 1Password was rethought in such a way that adding new features will be easier, and significant updates should be more frequent.
So, based on my discussions with AgileBits staff and what I read on the beta discussion boards, I expect to see things like more view options (not just the single-column list) and editing directly in 1Password mini, without having to open the full app. And I know that some bugs—er, design challenges—such as getting 1Password mini to work correctly on multiple displays are being addressed too.
One of the other things I mention there is that the Windows and Android versions of 1Password, which haven’t seen a lot of love lately, are actively being worked on to bring them to feature parity with the Mac and iOS versions.
Do you remember when you first found 1Password? Who or what got you into it?
I looked through my email archives, and the first mention of 1Passwd—it didn’t have the “or” in the name back then—was in July 2006, about a month after its version 1.0 release. I got a copy of version 1.3 to review for TidBITS, although for reasons I can no longer recall, that review didn’t appear until nearly a year later: 1Passwd Eases Password Pain in June 2007. My very first impression was one of puzzlement: I couldn’t figure out why someone would need an extra program to do something that any Web browser can do on its own. But the proverbial lightbulb went on as soon as I started using 1Passwd, and as early as October 2006, when Macworld was asking contributors for nominees for that year’s Editors’ Choice awards, I wrote to my editor, “I’m really jazzed about 1Passwd, which has quickly become indispensable for me.”
So, I’m proud to say I’ve been a user almost since the very beginning of the product. That year, 2006, was also when I wrote my first Take Control book about passwords (which was replaced with a much more modern title earlier this year). I’ve written an awful lot about passwords in the intervening years, and 1Password has been a faithful companion the whole time.
Thanks a lot Joe!
As you can see, Joe knows his stuff and we’re honored that he’s been with us since way back when the “1Password” name was missing a vowel. The Take Control series really is wonderful, so check out Take Control of 1Password and their other books to learn how to get more out of your apps.
I couldn’t help but notice the other day that our team Dropbox folder is getting huge. I mean, we’re a 25-person company now, y’know? Loootta folders within folders going on.
This all started when I wanted to get a better look at a slide our CEO used during his guest keynote speech at Dropbox’s first-ever DBX conference last week. Notice anything weird in it? I did.
So, I’m rooting around in our Dropbox to get a closer look at that shot, right? And I stumble across two screenshots that, if I didn’t know any better, look a little Android-y. Now, I could be wrong, but let’s be real here. I’m probably not. I put in a word with one of our designers, Matt Davey, to see what’s going on.
It seems he’s a hard man to catch, though. Probably on account that he’s so busy right now.
Working on what, I don’t know.
But there it is. You’ll know more when I do.