Get to know 1Password Teams: Security Audit & Watchtower

You’ve moved over to 1Password Teams, invited your team, set up custom groups and laid out a recovery plan. Simply by using 1Password, your company is now far more secure than when you started. But how can you know your team is safe from online security breaches? Your teammates could go through their passwords one by one and make them stronger, but there’s a better way: Security Audit.

Save time with Security Audit

Security Audit is a powerful and essential tool designed to help your teammates take charge of their online safety. It’s available to all 1Password Teams customers.

Security Audit lives in the sidebar in the 1Password desktop apps. It highlights any passwords which are too weak or which have been reused in multiple places. When you see a password in this list, it’s probably time to change it.

Because everyone in your team has his or her own unique set of passwords, Security Audit looks different for each person. By asking your teammates to review their own Security Audit every once in a while, you can ensure they stay as safe as possible online.

Keep a watchful eye on Watchtower

Watchtower tells you about security breaches on the websites you have saved in 1Password. It’s included on Mac and iOS with every 1Password subscription.

Every day, Watchtower downloads a list of new vulnerabilities to your devices. It then checks this list against your logins—if any match, they’re flagged by Watchtower.

When you see the red “Vulnerability Alert” banner on a password, it’s definitely time to change it! Train your teammates to recognize this banner and respond appropriately.

How we use Security Audit and Watchtower

As a security company, we lead by example. It’s important to us that all our staff use unique, random passwords for each one of their accounts. When new team members join, they often have bad password habits that need fixing, so for them, Security Audit is a big help. Security Audit shows them exactly which accounts need their attention. They can tackle the list a chunk at a time, or change a password when they next log in to that account.

And, of course, whenever we see the red Watchtower banner, it’s all hands on deck!

Keep ahead of future problems

The overall security of your team depends on the security of each individual. It’s each person’s responsibility to keep their passwords strong and up-to-date. Security Audit and Watchtower help make this easy.

To get even more benefit out of these features, ask your teammates to:

  • Avoid reusing passwords. Always use the password generator when they sign up for for a new account.
  • Turn on item counts. Choose View menu > Show Item Counts, and you’ll be able to see at a glance if Watchtower is reporting any vulnerabilities.

By the way, while Security Audit is most useful on an individual level, it also works in shared vaults. If your team has a shared vault with lots of flagged passwords, you don’t need to tackle them alone. Why not get help from others? When someone changes a password in a shared vault, it will automatically update for everyone else. By making it a joint effort, you’ll have stronger passwords in no time.

Next steps

Customize permissions for your team members, so they have as much or as little control as they need. With Pro, you can elect managers for vaults and groups, and allow others to recover accounts. To upgrade, sign in to 1Password.com and go to the Billing page.

If you’re not using 1Password Teams, it’s time to start. Sign up for a free 30-day trial, or talk our sales team at sales@agilebits.com.

Get to know 1Password Teams: Vaults and sharing

What would 1Password be without vaults? They’re where you put your most important information to keep it safe, and they’ve been a core part of the 1Password experience since the beginning. In 1Password Teams, vaults are more useful than ever. Let’s look at how vaults can help you organize and share information within your team.
Read more

Get to know 1Password Teams: Custom groups and roles

As a 1Password Teams customer, you’re in charge of tens, hundreds, or even thousands of people, passwords, and files. Thankfully we have some fantastic tools that give you flexibility and control. Two such tools are custom groups and roles:

  • Custom groups let you organize your staff in a way that makes sense. You might want to put your IT team in one group, your accounts team in another, and sales in a third. Each group has access to the vaults it needs, so new members will have be able to see the right information as soon as they join.
  • Custom roles let you decide who can perform team-level responsibilities like invite people or recover accounts—-without giving them full admin privileges. You can also grant the ability to manage people and vaults, and a lot more. These roles supersede the built-in permissions, so you can give your team members more power, or take it away. It’s entirely up to you.

Read more

Get to know 1Password Teams: The Activity Log

In this series of posts we’ll be exploring 1Password Teams and the features that make it uniquely suited to the challenges faced by businesses. Today’s article is about the Activity Log, a rich overview of all the activity that takes place in your team.

0ae56d96-003c-11e7-89a4-575f0a89d428

What is activity logging?

Activity Logging is one of those features that you can’t live without once you try it. Simply put, it’s the ability to see, at a glance, anything done by anyone on your team.

Anything?

Just about. Fire up the Activity Log and you’ll be able to find out about:

  • password changes
  • team members joining and leaving
  • device authorizations
  • vault creation and deletion
  • membership changes to groups and vaults

…and more.

For each action, you see exactly when it happened, who was involved, and who was responsible. You can sort the list by date or by person, and you can click on the names of people, vaults, and groups to go right to their details. It’s the simplest and best way to audit your team and improve security and accountability.

The best part? Like everything else in 1Password, the Activity Log is fully end-to-end encrypted. No one apart from your team administrators has access to it.

Read more

Get to know 1Password Teams: Account Recovery

We created 1Password Teams to solve long-standing challenges faced by businesses who need to protect their sensitive information. In this series of posts we’ll be exploring 1Password Teams and features that make it uniquely suited to these challenges. This first entry is all about account recovery, how we use it, and how to make a recovery plan.

Read more

Introducing 1Password Windows for Teams!

Today is a very big day in Windows land: 1Password Teams is now officially available on Windows!

Our Windows team has made amazing progress since we introduced the first beta for Teams earlier this summer and I’m super excited to be able to share the results of their incredible work with you now.

Let’s jump right in!

Beautiful new design

The first thing you’ll notice right off the bat is 1Password 6 has an amazing new design. From every bit to every last pixel, literally everything is completely new in 1Password 6!

opw6-locked

Once you unlock 1Password you’ll be greeted with a completely new overview and details screen.

main-empty

As much as there is to enjoy in this new design, my favourite has to be Large Type – I absolutely love how great my passwords look there:

large-type-windows

Large Type makes reading even the most complicated passwords a breeze – I can even read them without my glasses! And if you have a High-DPI screen, it looks even better ?

Oh, and then there’s our browser extensions. These were not available in the initial beta and they were dearly missed! They’re here now and they look great!

opw-browser

Beautiful new security design

1Password had an amazing security design already, but in 1Password Teams we didn’t rest on our laurels. Instead, we took everything we learned about security over the last 10 years and built a completely new security architecture that pushed the limits of modern technologies.

As has always been the case with 1Password, your information is encrypted end-to-end, so only you and your team have the keys to decrypt your information. What’s new is an even secure-er encryption design as well as some cool techniques like Secure Remote Password, which allows clients and the server to verify each other during communication.

tripleencryptThe most visual change is the addition of the Account Key. This is a unique 128bit key that is generated for every user and greatly increases the security of your account.

The Account Key might appear similar to two-factor authentication but it’s so much better because it plays a direct role in the encryption of your data. It strengthens and fortifies your Master Password so much that even a poorly-chosen Master Password will be infeasible for attackers to brute force. It’s also never sent to our servers so it cannot be reset, intercepted, or evaded.

For an illustrated overview of our new security design, check out our security page, as well as our Security White Paper, for fun details like these ones:

  • Tamper-proof, authenticated encryption using AES-GCM mode
  • Brute force protection using PBKDF2-HMAC-SHA256
  • Secure vault sharing using asymmetric cryptography

The most amazing thing about this new design is it’s not only secure-er, but it’s much faster, too! It’s one of the benefits we get for using the latest and greatest modern technologies ?

Beautiful organization and control

menu-trimmedOne of greatest features in 1Password Teams is how easy it makes organizing things into multiple vaults. When you’ve organized passwords in separate vaults, it makes finding things easier, and also makes it super simple to securely share with your teammates.

New vaults can be created from your Admin Console on 1Password.com and will automatically appear on all your devices. You can also add teammates to new vaults and they will receive the vault and everything within it immediately.

Your team admin can even control the permissions for each vault, allowing you to share read-only access to vaults, and control who can manage the vault.

Oh and you’re not limited to a single 1Password account. As you can see from the screenshot, in addition to multiple vaults you can also have multiple accounts added to 1Password. This is great for your teammates as it allows them to use 1Password in their private lives as well as their professional life.

Beautiful safety nets

When you change an item within 1Password for Windows it will sync automatically to 1Password.com and become available on all your other authorized devices instantly.

All these changes are remembered by 1Password just in case you ever need to revert to an earlier version. If you or your teammates ever delete or modify something by accident, you can simply sign in to 1Password.com and restore what you need from the Item History popup:

item-history

Item History is perfect for protecting individual items, but you and your teammates need safety nets for your accounts as well. In a team environment you just can’t afford to get locked out of critical systems every time someone forgets their password.

That brings us to the most beautiful and secure safety net of all: Account Recovery. We (AgileBits) have never been able to reset your password, and with 1Password Teams we still can’t. But now you can!

With our innovative new recovery feature, if one of your teammates forgot their Master Password, your team admins can restore their access and they’ll regain access to all their passwords.

Beautiful in so many other ways, too

In addition to our new amazing Windows app, your subscription to 1Password Teams gives you and your entire team access to many more awesome things:

  • You and everyone on your team get all our awesome apps for free, including Windows, Android, Mac, and iOS
  • Automatic syncing – no configuration or extra software required
  • Securely share items and documents across your whole team
  • Easily invite your entire team and control access using the Admin Console
  • Full web access from anywhere

Sign your team up today!

1Password 6 for Windows is available today for subscribers to 1Password Teams. If you have not yet subscribed, now’s a great time to sign up:

Sign up your team

Subscribers simply need to download 1Password 6 and add their account information during setup.

opw6-setup

Once logged in, all your data will sync automatically. And if you had any data stored in an earlier version of 1Password, you can migrate over all of your existing data.

Oh, and if you sign up before October 31, you will get all the features of the Pro plan for the low, low price of the Standard plan. And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add later on will still get the same awesome deal.

Be sure to sign up by October 31st before this window closes ?

Enjoy! ❤️

Send in the crowds (to hunt for bugs)

We unequivocally encourage security researchers to poke around 1Password. It is an extremely important part of the process that helps us deliver and maintain a more secure product to everyone. Finding and reporting potential security vulnerabilities is what we should all expect from bug hunters around the world; the hunters and yourself should expect that we address those vulnerabilities promptly.

We have always welcomed security reports that arrive at security@agilebits.com, and over most of the past year we offered a more formal, invitation-only bug bounty program through Bugcrowd. We are pleased to now take that program public: https://bugcrowd.com/agilebits.

op-bugcrowd

Before I get into what the program offers, I’d like to remind you that there is always room to improve the security of any complicated system, 1Password included. As clever as we may think we are, there will be security issues that we miss and different perspectives help reveal them. Software updates that address security issues are part of a healthy product. This, by the way, is why it is important to always keep your systems and software up to date. Even in the complete (and unlikely) absence of software bugs, threats change over time, and defenses should try to stay ahead of the game.

Some words about Bounty

A bug bounty program offers payouts for different sorts of bugs. The first bug bounty that I recall seeing was Donald Knuth’s for the the TeX typesetting system, though I have since learned that he does this for most of his books and programs. It started out with $2.56 (256 US cents) for the first year, and doubled each year after that, reaching a final limit of $327.68.

Check from Donald Knuth made out to Richard Kinch.

A bounty check from Donald Knuth made out to Richard Kinch

Of course given Donald Knuth’s well-deserved fame and reputation, few people cashed the checks they received. Instead, they framed them.

Anyway, enough about me revealing my age. Let’s talk about today’s bug bounty program. There is a community of people who earn a portion of their income from bounties. (Whether or not it is enough for them to sail off to Tahiti or Pitcairn is not something I know.) Over the years they have developed skills and tools and scripts for examining systems. We want them to apply those skills and efforts testing the security of 1Password. Opening up this bug bounty program brings those people and their skills into the process of making 1Password more secure.

Our bounty

Unlike the example of Donald Knuth’s bug bounty, we are only offering payouts for security issues. Of course all bug reports are welcome, we just aren’t promising bounties for them. And because we are promising to pay for bugs, we’ve had to establish a bunch of rules about what counts. These rules help us draw the attention of researchers to the 1Password.com service, and they help us exclude payouts of things that are already known and documented. We don’t want those rules to discourage anyone from bug hunting; they are there to help focus attention on what should be the most fruitful for everyone.

1Password Security white paper cover

Your homework

We think that finding bugs in 1Password will be challenging — 1Password.com is not your typical web service. Our authentication system, for example, is highly unusual and specifically designed so we are never in a position to learn any of our customers’ secrets. Because we use end-to-end encryption, getting hold of user secrets may require breaking not just authentication but also cryptography. Of course, we’re inviting researchers to try out attacks that we haven’t considered to prove us wrong. I expect that successful bug hunters will need to do their homework, all the same.

Now, all that bragging about how challenging I think it’ll be to find serious issues with 1Password isn’t an attempt to stop people from trying — get out there and try! You can get bounty for it, and a thank-you as well. We’re excited to hear a resounding “challenge accepted!” from the research community.

How we help researchers

If there are security bugs, we want to know about them so we can fix them. (I know I keep repeating that point, but not everyone reading this is familiar with why we might invite people to look for security bugs.) We want to help researchers find bugs, because they’re helping us, and everyone who uses 1Password.

To help researchers understand and navigate 1Password (and reduce the amount of time they may need to reverse engineer protocols) we have set up a special 1Password Team that contains a bunch of goodies: internal documentation on our APIs, some specific challenges, and UUIDs and locations of items involved in some of the challenges. So researchers, please come and leave your mark on our Graffiti Wall. (No, not in this web page or the image below, the wall inside the aforementioned team account.)

Secure Note: "The Researchers vault grants read-only access to researchers. If you figure out how to get around read-only access, please put your name in here ..."

With a natural degree of trepidation, I look forward to what might appear there.

The kindness of strangers

A bug bounty program brings in a new group of researchers. And that’s why we’re launching it. We encourage independent research as well. We’re just as open to reports of security issues outside of the bug bounty program as we have always been.

So without further ado, let’s send in the crowds!

Pro Features for 1Password Teams: Many Bells and Much Whistles

TL;DR: We’ve added some incredible new Pro features to 1Password Teams and we’re extending our Early adopter special that gives you all these Pro features at the Standard price! Sign up today or continue reading for more details.


We’ve been continually working on 1Password Teams since we introduced it last November and over the (Canadian) summer we finished putting the final touches on some awesome new Pro features.

I’d love to share these with you now while the weather is still nice. ?

Let’s start with our new advanced organizational features that give you even more control and customization for your team. From there we can jump to the new activity tracking feature and then we’ll button things up with some exciting pricing news.

Organize Your Team With Custom Groups

Since the beginning 1Password Teams has allowed you to assign teammates to be part of the Administrators, Owners, or Team Members groups.

This is great and provides enough organization for many teams, but larger teams need even more power and flexibility so we added the ability to create your own custom groups.

Using the Admin Console you can now organize your team into groups however you like. Once organized, you can easily share information securely with those who need it, allowing you to quickly control who has access to key information.

Organizing with Custom Groups

To create a new group, simply go to the Groups section of your Admin Console and click the blue plus button. You’re free to create as many groups as your heart desires ❤️

Grant Authority Using Custom Roles

The Owner, Administrator, and Team Member groups provide a great starting point for controlling who on your team can access the Admin Console, manage people, control access, recover accounts, and more.

But companies with advanced business needs will require more flexibility than these predefined roles allow.

That’s no problem whatsoever as it’s now super easy to designate which permissions each of your groups have. By picking and choosing from 9 predefined permissions, you can tailor the perfect role to suit your specific business needs.

For example, let’s say we wanted to allow managers to create vaults, manage their employees, and restore access to those who forget their Master Password. To do that, we could create a custom Managers group and assign their permissions as follows:

Granting authority using custom roles

As great as this is for managers, the real joy comes from knowing they no longer need to bug you every time someone joins their team ?

Using Activity Log to Review & Track Events

In short, you can now easily see who has changed what where and when. That’s a bit of a tongue twister, so let me try saying it again with a few more words ?

With our new Activity Log, you can now see a detailed history of changes made to your Vaults, Groups, and Team Members.

When a member of your team adds an item, creates a group, grants access to a vault, or makes other changes, each action is recorded and can be seen in the Activity Log.

This is super handy when you want to see what a particular user has been up to or review what changes have been made to a vault. All you need to do is go to the detail page for a particular person or vault and review the Activity Log to see what changes have been made and when.

For example, this screenshot shows the Activity Log for the Production Servers vault. You can see that I gave Jeff access and he then proceeded to update items in the vault and granted access to the Sysadmins group.

Activity Log

It’s great being able to see this history on each details page as it allows you to zero in, but you can also drink from the firehose ? by going to the Activity Log in the Admin Console where you can see the full list of all changes within your team.

Extending Earl’s Early Deal!

When we released 1Password Teams we launched with Earl’s early deal, giving away all the features of the Pro plan for the low, low price of the Standard plan.

With all these new bells and whistles I thought it would be awesome to extend Earl’s special launch special until October 15th so everyone could enjoy these new features.

Sign up your Team now and lock in Earl’s special deal

And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add after October 15th will still get the same awesome deal.

Enjoy! ❤️

1Password for Teams Launch!

I introduced 1Password Teams back in November when it first entered beta. It has been an incredible ride and we’ve had over 130 releases since launch. We even released a sister service for families aptly named 1Password Families.

Today I’m super stoked to announce that the beta has completed and 1Password Teams is now officially released!

To celebrate we are launching with a special deal.

1Password Teams Pricing

1Password Teams Pricing

You can’t have a special launch deal without special pricing, so let’s start there! :)

1Password Teams Pricing

You’ll see that we have two plans available. The Standard plan gives you everything you need to secure and manage your team, while Pro is designed for teams with advanced business needs.

Earl’s Early Deal

Earl the Early Adopter otter

Earl is our Early adopter otter and has a special plan for all of you who subscribe by July 31st. With Earl you will receive all the Pro features for the low price of the Standard plan.

Once you create your team you will be able to subscribe to the Pro plan and get all the extra features for the Standard price.

Sign up your team today

The best part is that once you’re subscribed, you’ll lock in Earl and his special pricing forever. Even new teammates you add later will get the same deal!

Award Winning Apps

1Password Teams Vault Selector

Your 1Password Teams subscription includes all the 1Password apps for you and your entire team.

We have already added support for 1Password Teams to our Mac, iOS, and Android apps. You can add all your 1Password Accounts to have easy access to your data on all your devices.

1Password will also enforce the permissions that you configured for your team. For example, you can define Read-only vaults so team members who need access to something can have it without you worrying about unexpected changes.

As great as all this is, Windows users will want to know when they can play as well.

1Password Teams for Windows

1Password 6 for Windows 10 has been in beta for a few months now with support for 1Password Teams and 1Password Families.

We are getting closer to the final release and the latest beta has added support for Windows 7 and 8, along with browser extensions.

1Password 6 sports a beautiful new design and much improved accessibility! There’s a lot to love here so I invite you to read more about it:

1Password 6 for Windows enters beta testing

1Password 6 will be released for Windows in August of this year for 1Password Teams and 1Password Families subscribers. Support for AgileKeychain and OPVault will come later in the year.

Even though 1Password 6 for Windows is not ready for the official launch party, the good news is that Earl’s special will be available for all teams created by July 31st.

Sign Up Today

Whether you’re a team of 2, 20, or 200, 1Password Teams is the 1Password flavour you’ve been waiting for. Sign up your team today for a free 30-day trial and taste it for yourself.

Sign up your team today

It takes just a few minutes to set up and after using it for a few weeks you and your team will wonder how you ever lived without it. I know I certainly feel that way :)

Flipping his way to Texas

I suspect that I am like every other parent alive, always happy to talk your ear off about the latest incredible thing that my son (and only child) Austin, has done.

Austin upside down in Texas

Austin is 15, and a trampoline gymnast. He trains at Skyriders Trampoline Place, the home of Canada’s gold medal-winning Rosie MacLennan. He is Canada’s current Level 5, age 16 and under National champion. So yeah, I am a pretty proud dad.

A few weeks ago Austin was invited to spend a week out in Texas to train at the USA Gymnastics National Team Training Center. This was going to be his first international trip without Brenda and me. Sure, he’d be going out there with a couple of other athletes and a coach, but we were still a bit nervous about it.

So, we started to get things ready for his trip. There were consent forms to fill out, travel and health insurance to purchase, flights to arrange and more. As parents, we also wanted to provide him with any and all information he could potentially need while away. Now, if only there was somewhere that I could put all of this info. :)

As it turns out, we have just the right place: 1Password Families of course! Using our 1Password Families account, I created a Texas Trip vault, and shared it with both Brenda and Austin.

Flipping to Texas: Texas Trip vault

I added our passports, contact info and a credit card for emergencies (new headphones are not an emergency). In went the flights, insurance policies, consent forms, and all the rest. Finally, I added passwords for all the ways he could reach us, from Skype to FaceTime to Zoom; although, trying to get a 15-year-old to actually talk to his parents was another matter.

Flipping to Texas: Austin sign

It was really quite reassuring to know that all of that information was there for him to easily access on either his Mac or his iPhone (which never, ever leaves his side—except when he’s jumping!). Better yet, if we had forgotten anything, we could easily add it to the vault from home, and it would instantly show up for him in Texas.

Austin had a great time out in Texas. He came back with some pretty awesome memories and indications that “he was just fine without us”. :) I’m pretty excited to say that he’s qualified for the Canadian finals again this year, and who knows, maybe in 4 years he’ll be headed to the Olympics.

I created this Texas Trip vault for his trip and found it to be tremendously useful, so thought I’d share it with you. I’d love to hear your thoughts and ideas on how an event- or activity-based vault would be useful to you.