because we love you sale, feature image

The Because We Love You Sale

Everything we do here at AgileBits is with you in our hearts & minds: whether it’s sharing tips & tricks to enhance your security, squashing bugs & implementing exciting new features, or answering your questions in our Support Forums, our focus is always on you.  And every once in a while we like to go all out and show how much we appreciate you by having a good old-fashioned sale.

We usually like to focus a sale around a holiday or a release from a certain California-based fruit company, but today we were searching for another reason to celebrate. So we gathered our crack marketing team around the MacBook and started brainstorming ideas:

  • Dinosaurs are awesome! Okay, maybe we’re just really excited for that new prehistoric blockbuster that’s coming soon to a theater near you.
  • Someone on the team had a birthday! It’s true, there’ve been a number of May birthdays here at AgileBits, but we’ve already overdosed on sugary frosting.
  • Baseball’s back! But really, we just wanted to sing “Take me out to the ballgame.”
  • Spring is here?  It’s been done a billion times before.  Boring.
  • We love you! Oh, there it is. What better reason do we need than just to simply say…

we love you. And to show how much we care, we’re knocking 30% off 1Password across the board on Mac, Windows, iOS, and Android.

While our love for you will last forever, this sale won’t. So if you or someone you love has been holding off on buying 1Password, now is the time to say, “I love you, too.”

You can pick up a Mac/Windows bundle (or grab them separately) on our AgileBits Store. 1Password for Mac is also available on the Mac App Store. And 1Password for iOS is on the iOS App Store, and 1Password for Android on Google Play.

Watch-on-wrist

1Password for Apple Watch: Putting Security Within Arm’s Reach

1Password for Apple Watch 01Today’s the day! A number of you (and a number of us) are finally going to be able to play with the latest and greatest addition to our gadget family: Apple Watch. No doubt, once you have sent your heartbeat to someone, put in your height and weight measurements for fitness tracking, and marveled at just how cool the haptic feedback is, you’re going to start playing with all the apps that have added support for Apple Watch. As you may have noticed from our latest iOS update, 1Password is one of those apps. We’re thrilled to introduce 1Password for Apple Watch and answer all of your burning questions about this handy little companion app to 1Password for iOS.

Is all of my 1Password data on my watch?

Add to Apple WatchNope! Much like Apple Watch is a companion device to your iPhone, 1Password for Apple Watch is a companion app to 1Password for iOS. After you enable Apple Watch functionality in 1Password’s settings, a new option will appear on the item detail screen which will allow you to “Add to Apple Watch”. You choose which pieces of information you want to make available on your Apple Watch. Logins, Passwords, Credit Cards, and Secure Notes are all fair game to add to Apple Watch.

What am I going to use this for?

When Apple Watch was announced, we immediately began brainstorming ways to bring 1Password to this incredibly personal device. Our first idea was a bit of a no-brainer: the small screen of Apple Watch, coupled with being able to access it quickly, made it the ideal place for one time passwords (TOTP). For a long time that was all our Apple Watch app did; however, after some more thought we realized it could be used for so much more.

As a recent blog post explains, 1Password can be used to store all kinds of information beyond website logins. Locker combinations, bike lock combinations, garage door codes, office keyless entry codes, banking PINs…. All of these pieces of information can be stored in 1Password, and with the introduction of Apple Watch they can now be stored on your wrist.

This is where 1Password for Apple Watch shines: Small pieces of secure data that you need throughout your day can literally be kept within arm’s reach at all times.

Store your locker combination on your Apple Watch.

Store your locker combination on your Apple Watch.

1Password for Apple Watch can ensure that your door's unlock code is always handy.

1Password for Apple Watch can ensure that your door’s unlock code is always handy.

Ok, I’m in! How do I get started?

We have a much more detailed User Guide that goes in-depth on how to set up 1Password for Apple Watch, but we’ll give you the 30,000 foot view of it here.

Step 0: Ensure you have set a device PIN code (or, preferably, a longer, more secure passphrase) and that you have purchased our Pro Features.

Step 1: Open 1Password for iOS and tap on Settings > Apple Watch > Enable Apple Watch. Set a PIN code for use on Apple Watch, and you’re good to go.

Step 2: Add an item to your Apple Watch by tapping on “Add to Apple Watch” in the item details screen.

There is no step three! (And no, we didn’t cheat by starting at zero).

Well this sounds lovely

We hope you love using 1Password on your Apple Watch as much as on all of your other devices! How will you use it to help keep all of your bits of information easily accessible? Leave a note in the comments and let us know.

1P iOS icon 1024

1Password 5.4 for iOS: The “Go Go Gadget Watch!” Edition

watchdrawn_2xYou’ve come to love 1Password as the handiest of multi-tools on all your gadgets: your computer, your phone, your tablet…and now, your watch.

That’s right, 1Password for Apple Watch is here, ready to save the world (and, more importantly, your time)!

You don’t need to be an intrepid inspector (or a precocious crime-solver in pigtails) to appreciate the awesomeness of having 1Password on your wrist. 1Password for Apple Watch helps you find the little pieces of secret info you need every day, quickly and easily. If you need the code to open your garage door, one of your one-time passwords, or to look up the Konami Code for those extra lives when playing Contra, 1Password is right there for you.

After a couple months of diligently attending the gym, you’ve earned a coveted private locker. Of course, remembering your locker combination is probably not a priority when you’re counting reps. But if you store that combination in 1Password, it only takes a couple of taps for you to see the combination in 1Password for Apple Watch when you’re back at your locker.watch-locker-use-case

You don’t have to be a secret agent on a mission to see how 1Password for Apple Watch is the best partner your wrist could ask for. No matter what you need to have with you, 1Password for Apple Watch is there.

We’d love to know what sort of items you’re most excited to add to your new Apple Watch! Let us know in the comments or in our discussion forums.

1Password for Apple Watch is included at no additional cost for owners of the Pro Features. If you don’t yet have the Pro Features you can find them in Settings > Pro Features for $9.99.

Hand-Polished 18-karat Cogs & Sprockets

1Password 5.4 for iOS isn’t all about Apple Watch. Our quartermasters have made some other refinements to the app as well. Based on your feedback, the Message Center now has a button to mark everything as read. We also added a toggle to remove the unread badge from the settings tab. We hope you enjoy the tips we’re sharing with you via the Message Center, but this improvement will ensure it’s not distracting you during important covert missions.

1Password’s memorization skills have been fine-tuned, and it will now remember whether you were viewing Favorites or Categories and take you back there when you reopen the app.

With the 5.4 update for 1Password for iOS, quickly accessing your secure information is easier than ever, whether on your wrist, or in your pocket.

Go Go Gadget Ears!

If you want to learn more about 1Password for Apple Watch, the Chief has a message for you. Don’t worry, this one won’t self-destruct! Sign up for our Apple Watch newsletter to get relevant communiques sent directly to your inbox!

Update 2015-04-15: Changed a use case example. 

1Password 4 for iOS icon

1Password 5.3 for iOS: The Extended Brainiac Edition is out!

This major, free update to 1Password for iOS is so awesome, we thought about pulling a Harry Potter and releasing it in two parts. But when Apple told us Daniel Radcliffe wasn’t available, and they didn’t even have his number in the first place, we just had to give it all to you at once.

A 400 percent better App Extension

1P iOS 5.3 App Extension CC Identities borderYou know how our App Extension can fill Logins into Safari, our own 1Browser, and hundreds of other apps with a single tap? Now it can also:

  • fill Identities
  • fill Credit Cards
  • create new Logins when you’re signing up for new services
  • show all Logins if none are found for the current app (App Extension only)

It’s all in the name of saving you even more time when logging in and now filling long forms and shopping carts.

A brand new Brain

We affectionately call 1Password’s under-the-hood tools and form-filling logic the “Brain,” and we gave it a huge upgrade in 5.3. It’s much smarter about matching websites and subdomains and fills forms even faster.

We need to talk

OPI 5.3 Message Center

There is so much great stuff going on with 1Password that we added a new Message Center to keep you in the know. It brings you 1Password news and tips right in our in-app Settings. Don’t worry, Push Notifications need not apply.

So, so much more

We added Large Type so you can view usernames and passwords in Jumbo Size, and we fixed a couple Zoom Mode bugs and a crash for iPhone 6 Plus users. Truly, there is a mountain of improvements you can check out in the full release notes.

Our free 1Password 5.3 for iOS update is now live in the App Store, so take it for a spin and let us know what you think on TwitterFacebook, and in our newly redesigned forums!

Workflow icon

Community Goodie: Workflow + Chrome for iOS + 1Password

Have you discovered Workflow for iOS yet? It joins Launch Center Pro and others in the category of Super Useful Apps that can save you a ton of time doing repetitive tasks or complicated things that span multiple apps. They can also just blow your mind with tasks you didn’t know iOS could pull off.

One of Workflow’s tricks is that it can make your workflows available inside other apps via its own App Extension. Harnessing the true power of this knowledge, 1Password user and Redditor papa-lozarou created a Workflow that searches 1Password for the domain of the current tab right within Chrome for iOS.

 

Picture this: you’re groovin’ along in Chrome for iOS, and you have to log into a thing to do a thing. Instead of switching to 1Password to unlock, manually search, copy, switch back over, and paste your password, you can now simply trigger Workflow right inside of Chrome. From there you can invoke 1Password’s in-app extension, which then automatically searches for the URL of your current tab.

You’ll still have to tap into the item to copy your password, but you’re still in Chrome where you can easily paste it and get on with your bad self.

Let’s give a shout out to Redditor papa-lozarou and Workflow for being just great. On an iOS device, you can download the Chrome workflow here.

Extension-960

Apps ❤ 1Password: They really, really do

The number of apps adding support for our 1Password App Extension for iOS 8 is growing briskly. I know of dozens of apps that are gaining support as you read this, and we are at nearly 100 shipping apps right now.

We are deeply grateful to every developer adding support, and thankful to our users for helping us to spread the word. If you haven’t checked out the apps that are making it easier to create accounts, log in with a tap, and stay secure online, here are some of the latest categories gaining new entries from developers and businesses all around the world.

Finance

Business

Lifestyle

Social Networking

1P Pro features

TOTP for 1Password users

1P Pro features1Password 5.2 for iOS and 1Password 4.1.0.538 for Windows are out, and they provide support for using Time-based One Time Passwords (TOTP) in your Logins (note: in iOS, it’s part of our Pro Features). Note that this is not for unlocking 1Password itself, but to aid with logging into sites for which you may be using TOTP, such a Dropbox and Tumblr.

To learn how to have 1Password help you manage your TOTP Logins, go straight to our user guide. If you would like to better understand when and why TOTP is useful for 1Password users, and what to do if you truly want two-factor security, continue reading here.

TOTP countdownI’ve previously written (at excessive length, in some cases) about TOTP in general, but in each instance pointed out that it is of limited utility to 1Password users. This is because such schemes are of most use to those people who have weak or reused passwords. If you are using a strong and unique password for a site, then many of the gains of two-step (or multi-step) verification are not relevant for you.

But “most” is not the same as “all”. There still are some cases where multi-step verification is useful to people using 1Password.

Sometimes you must use TOTP

Sometimes a site or service will simply require that TOTP always be used along with your regular password. Patty (one of my dogs) is working with a research group analyzing the structure of heart worm DNA. When she connects to the lab’s server, she is required to use TOTP.

TOTP example in 1Password for Windows

TOTP example in 1Password for Windows

She has set up an app on her laptop that just constantly displays the current TOTP code. It’s sitting there ticking away all the time her laptop is running. Ideally, it should only be visible when she actually needs it, but she is understandably just trying to save time. Clearly, she could use TOTP more securely if it were available for the Login item within 1Password.

One-timeness? Yes

One-time passwords (the “OTP” in “TOTP”) are useful over insecure networks. Normally, when you submit a password to a site or service, you send the same password each time. Ideally, that connection is well encrypted so that the password cannot be captured when it is in transit. This is why it is very important to:

  • use HTTPS instead of HTTP when doing anything sensitive
  • pay attention to the lock icon in your browser’s address field (indicating HTTPS)
  • heed browser warnings about such connections

But networks are easy to compromise. Recently Molly (my other dog) was at the Barkville Airport. When she connected to Wifi, she saw several open wifi IDs. One was BVT-access, and the other one was “Airport Free Wifi”. As it turned out, BVT-access was the legitimate one, but she connected to Airport Free Wifi. Airport Free Wifi was actually a laptop operated by Mr Talk, our neighbor’s cat.

Mr Talk is using SSL-strip on his rogue wifi hotspot. If Molly isn’t paying close attention to the HTTPS status of her browser’s connection, she can send things unencrypted over Mr Talk’s network while thinking it is a secure connection. I should probably point out that Molly lacks the discipline to pay close attention to anything other than a squirrel or rabbit. This way, Mr Talk can capture Molly’s passwords in transit to the servers and save them for later use.

That is one of several ways that passwords can be captured in transit. The point of one-time passwords is that they are not reusable even if they are captured in transit. In this way, TOTP provides a meaningful defense against plausible attacks even though there is nothing “second factor” about how it is being used.

Second factor? No

We need to make the distinction between one time passwords and second factor security. One time passwords are often part of second factor security systems, but using one time passwords doesn’t automatically give you second factor security. Indeed, when you store your TOTP secret in the same place that you keep your password for a site, you do not have second factor security.

However, you still have the benefits of the one-timeness of TOTP codes.

Systems like TOTP are sometimes used as part of second (or multi) factor authentication systems. But this is far from their only usage. To be truly second factor, the TOTP secret (from which the one time password is generated) must not be stored on the same device that you use the regular password on.

Let’s consider an example. Molly has a Tumblr where she posts pictures of the squirrels she is after. So far, she has been using the Authy app on her phone to manage TOTP. If she never logs into to Tumblr on the same phone, then she is using her phone as a second factor. But if she is also using Tumblr from her phone and has had to use her one time password from there, then there is no second factor.

In general, there is a reason why many services that offer TOTP refer to it as “two-step verification” instead of as “second factor authentication”. The security that such sites seek to gain from this is not in the second-factorness; it is in the one-timeness. In particular, many of the sites and services that offer or require two-step verification with one time passwords are doing so because many of their users have weak or reused passwords. Although that should not apply to 1Password users, there are other benefits to one time passwords as I discussed above.

If you really want true two factor

If you would like to turn a site’s offering of TOTP into true two-factor security, you should not store your TOTP secret in 1Password (or in anything that will synchronize across systems). Furthermore, you should not use the regular password for the site on the same device that holds your TOTP secret.

Put simply: the device that holds your TOTP secret should never hold your password if your aim is genuine two factor security.

Personally, I don’t think that following that practice would be worthwhile for anything but a very small number of special circumstances, in which case, you should probably be using a specialized second factor device instead of something like a phone. But not everyone shares my opinion on this, and if you have a need for true second-factor security for some particular site or service, you should take that into account before adding a TOTP secret to 1Password.

For everyone else, if you find the one-timeness of TOTP worthwhile on its own (or are required to use it), 1Password’s new support in v5.2 for iOS and v4.1.0.538 makes it easier to use than ever.

1Password 4 for iOS icon

1Password 5.2 for iOS: The Awesomesauce Edition is here

OPI 5.2 jar of AwesomesauceThe holiday season may be over, but we saved your best present for last! Well, at least the best present with ‘AgileBits’ printed on it somewhere. 1Password 5.2 for iOS is now making its way to the App Store, and we even saved you the time to unwrap it.

(Get it? Because software is digital and therefore impossible to wrap with paper.)

This free update goes out to our new customers and Pro feature owners. To start, we added our first-ever Login Creator, a really slick new tool that makes it easy, dare I even say fun, to add your existing Logins to 1Password and get a feel for how much time it can save you.

Login Creator has a polished workflow for hundreds of sites and services, and we hope it makes getting started with 1Password even easier.

1P iOS Login Creator

For our Pro feature owners, let’s start with a new One-Time Password tool. This helps you sign into a growing number of services (like Amazon and Tumblr) that support a secondary, randomized password for that extra… je ne sais quoi. You can learn more about One-Time Passwords at TwoFactorAuth.org.

1P iOS OTP

Pro owners can now also delete attachments from the item editor and add many new custom field types like addresses, dates, and month/year.

Rounding up this release are plenty of additions in the 1Password App Extension, design, sync, Accessibility, and translation departments. You can check out the full iOS changelog if you want all the details or skip straight to the App Store and pick up the latest and greatest 1Password for iOS!

While you’re there, please take a minute to give us a great review—it helps more than you may know! Finally, let us know what you think of this release on Twitter and Facebook, and stay in touch with the Agile Newsletter.

Homescreen icon

Check out the other apps on 1Password user #Homescreens!

Homescreen iconA little while ago, the fine folks at Betaworks released a clever app called #Homescreen. With a tap, you can share a screenshot and list of apps on your homescreen with your Twitter pals, then check out everyone’s apps at homescreen.is.

But #Homescreen’s cleverness runs much deeper. Not only can you click each app and check it out in the App Store, you can see some really cool stats (like 1Password is on 23 percent of homescreens!) and even all the other apps used by, say, the 1Password community.

Turns out 1Password is in some great company! Of course, Facebook and Twitter are there, and so are great apps (and favorites among AgileBits staff) like Fantastical, Day One, and Reeder. There’s also Slack (which we love for office chat), Launch Center Pro, Workflow, and Mailbox, and the list goes on. It’s also dynamically generated as more people share their homescreens, so it might even change over time.

Check out the full list of apps your 1Password comrades use, there are plenty of gems to discover! Give #Homescreen a try too—it’s a smart, simple way to learn more about your fellow homescreens.

iMore Best 2014 Awards

iMore names 1Password 5 for iOS an App of the Year for 2014!

It isn’t every day that we have a chance at winning a best-of-the-year award from iMore. In fact, I am told that the opportunity comes only once a year.

And this year we won!

We are thrilled and thankful and just plain touched that iMore named 1Password 5 as the iOS Utility App of the Year for 2014, and 1Password 5 for Mac as a runner-up for Mac Utility App of the Year!

iMore reviewed and listed a ton of stuff for its awards this year, from apps to accessories for both iOS and the Mac. It’s a great list from a bunch of smart folks, so be sure to give the entire thing a look!