1Password 7 for Windows is here!

1Password 7 for Windows: The Best Ever

Hot on the heels of last week’s 1Password 7 for Mac announcement, I’m pleased as punch to unveil the best version of 1Password for Windows ever: 1Password 7 for Windows is here! 🎉 👏

This is a massive release where quite literally everything has changed. Seriously, every bit and every pixel has been recreated from scratch using the latest and greatest technologies to make 1Password the best it can be.

From an incredible new design to having all your vaults in one place to a whole new architecture, 1Password 7 is the fastest, prettiest, and most powerful version of 1Password yet. In short, it’s simply the best. A bold claim but thankfully we can back it up. 😎

All new modern design

Our design team has been working their tails off reimagining every aspect of 1Password. We wanted to make it as powerful and beautiful as the Mac app while staying true to the Windows platform.

It all added up to a breathtaking new design that you’re going to love. And it all starts with the lock screen.

The steel doors look great and also symbolize the strong encryption that protects your data. And to would-be-attackers, our encryption design is far more secure than the strongest steel.

Once you unlock 1Password with your Master Password (or Windows Hello), you’ll be delighted by the stunning new layout protected behind those doors.

Beautiful! 😍

Everything has changed and not a single element of the design has been left untouched. Yet the heart and soul of 1Password remain, so you’re able to jump right in and find everything you need.

Your items have never looked better and with full support for time-based one-time passwords, logins really shine. They look so good that you’ll find yourself happily waiting for a new 2FA code simply so you can watch the countdown animation. 🙂

You can also zoom right in on the password using Large Type. This is perfect for those times you need to type it on another device or are asked for specific characters from your password.

Our new highlight feature while searching makes finding what you’re looking for super easy. And with the addition of search power-ups like title:, tag:, and file:, it’s never been easier to discover what you’re looking for.

And when you prefer to browse, the sidebar is great for navigating between your categories and tags. Along with support for nested tags you can take things to a whole new level by organizing your organization. 😉

Oh and the sidebar gets even better as your vaults live there, too.

All your vaults, all in one place

There’s more to the sidebar than meets the eye. Sitting just beneath the surface is a powerful new way to organize and securely share your items.

Simply click on the sidebar header and your categories will slide away, revealing your collection of vaults. Vaults allow you to group your items depending on their purpose and who needs access to them.

Vaults are so nice that you’ll find yourself adding lots of them. Between my AgileBits business and Teare family accounts, I now have over 50 vaults. Being able to switch between vaults and accounts makes it super simple to stay focused on the task at hand.

Together with a 1Password Families or 1Password Business account, vaults can be used to securely share passwords with your family and colleagues. Simply sign in to 1Password.com and choose who you want to share with and 1Password will do the rest.

My favourite part of sharing passwords this way is the ability to control everyone’s permissions, including making passwords read-only. For those with edit access, changes they make will be seen by everyone else right away.

1Password mini is always by your side

The new awesome carries over into 1Password mini as well, yielding a more powerful and beautiful experience. When you’re on a website and need to login, 1Password mini makes it super easy.

Selecting a login will automatically fill your username and password for you. And if you have two-factor enabled, the one-time password will be automatically copied to your clipboard so you have everything you need right at your Ctrl-V fingertips.

1Password mini will also help you create new logins as well. When you sign up for a new service or log in for the first time, 1Password mini will jump in and offer to save it for you.

In addition to naming your new login and assigning tags, you can also choose which vault to save it to. This is great for keeping things organized as well as choosing who to share with.

And if a website has been breached, mini will alert you so you know that you need to update the password.

Oh and then there’s also Open and Fill which automatically opens websites and fills passwords for you. When combined with the search and organization features of 1Password mini, it’s perfect for bookmarking your favourite sites.

Designed for everybody

We wanted to create 1Password 7 for everybody and be as inclusive as possible. That started with allowing you to sync your vaults yourself as well as using 1Password accounts on 1Password.com, 1Password.ca, and 1Password.eu.

1Password also speaks your language and has been localized to Français, Deutsch, Italiano, 日本語, 한국어, Português, Pyсский, 简体中文, 繁體中文, and Español.

Being able to use 1Password in your language is great and it’s even better on High-DPI displays. 1Password 7 has full support for HiDPI in Windows 10 so it looks incredible on 4K monitors and other high density screens.

And for those of you who rely on assistive technologies, rest assured that 1Password 7 is fully accessible with out-of-the-box support for screen readers like Narrator.

Why hello there, Windows Hello

We also added support for Windows Hello so you can unlock 1Password using your fingerprint or simply your smile. This works great in the main app as well as in mini.

I love the “looking for you” animation with the eye looking back and forth, and can’t help but grin when I’m greeted with a smiling face along with the “Hello, dave!” message. 🙂

As for security, your data is protected by your Master Password as always. To keep things as secure as possible, the first time you unlock you will need to provide your Master Password and then Windows Hello will be able to unlock 1Password thereafter.

Strong foundations

1Password 7 is a completely new modern app built from the ground up to use the latest and greatest technologies available. This gave us a strong foundation and allowed us to push the envelope to make 1Password the best it could be.

In addition to fundamental enhancements like HiDPI and Unicode support, 1Password 7 comes with a whole new database layer that enabled us to make everything much, much, much faster.

And if you’re moving over to our new 1Password memberships, syncing your data is more secure than ever. With the addition of a Secret Key, Secure Remote Password, and Galois/Counter Mode, your data has never been safer. Oh, and to top things off, the speed and reliability is simply unparalleled.

All of these changes combine into the fastest, most secure, and best looking 1Password experience on Windows ever! Long story short: you’re in for an amazing treat! 🍪

How do I get it?

To start enjoying the best version of 1Password ever built, grab it here:

Download 1Password 7

1Password 7 is included free for everyone with a 1Password membership. Simply unlock 1Password after downloading and you’re good to go.

Those of you with a standalone license will be prompted to subscribe or purchase a license when 1Password 7 first opens. Licenses will cost $64.99 but are available during our launch special for only $49.99. Licenses are per-person, per-platform so you can use your single license on as many PCs as you have. 1Password 7 for Mac is a separate purchase.

I hope you enjoy 1Password 7 as much as we enjoyed making it for you. We couldn’t have done it without your help. ❤

Please join us in our discussion forums or in the comments below to share your experiences with us and help craft the future of 1Password. We always love hearing from you. 😘

Dave Teare Founder of AgileBits

Introducing 1Password 7 Beta for Windows

1Password 7 for Windows is almost here! 🎉🙌 Today marks our first beta and you’re invited to join in on the fun.

This is a massive release where quite literally everything has changed. And with support for local vaults, everyone can enjoy the awesomeness that is 1Password 7 for Windows.

Read on to see what all the hullabaloo is about and I think you’ll find our excitement is quite contagious. 🙂

Incredible New Design

Our design team has been working their tails off making 1Password 7 for Windows the best it can be, so it seems fitting that we start by showing how great 1Password 7 looks.

The awesome starts with the lock screen.

1Password 7 Beta for Windows Lock Screen

Once you unlock 1Password with your Master Password (or Windows Hello), you’re in for a delightful surprise. I’ll let 1Password speak for itself here.

Main window view from 1Password 7 Beta for Windows

From the typography to the rich icons to the layout, everything has changed. Yet the soul of 1Password remains, so you’re able to jump right in and find everything you need.

The new sidebar is not only gorgeous but it’s more powerful, too. It allows you to navigate between your categories and tags just like you always could, but now your vaults live there as well.

All your vaults, all in one place

Easily browse account vaults and standalone vaults with 1Password 7 Beta for Windows

Organizing your items into vaults is a great way to keep your items tidy and share them with those who need them.

Vaults are so nice that you’ll find yourself adding lots of them. Thankfully the sidebar makes it easy to see every vault you have at a glance. If you want to zoom in and see all the items in a vault or an account, just click on it. When you’re ready to zoom out again, click All Vaults to see all your items.

Between my AgileBits business and Teare family accounts, I now have over 50 vaults. Being able to switch between vaults and accounts makes it super simple to stay focused on the task at hand. Which is perfect for those days when I need to find my mom’s Pokémon password. 🙂

Small passwords. Large passwords!

If you spend as much time looking at computer screens as I do, your eyes will love our new Large Type. Passwords have never looked better!

Large Type Viewer in 1Password 7 Beta for Windows

This is great when you need to type a password into another app. But for browsers, 1Password mini will take care of this large task for you.

1Password mini is always by your side

To keep up with their bigger sibling, 1Password mini has a new design of their own and has learned some new tricks as well. As always, mini will automatically find the logins that are most relevant to the website you are on, making it super easy to sign in.

Quickly fill logins using 1Password mini in 1Password 7 Beta for Windows

And if a website has been breached, mini will alert you so you know which of your logins need to have their passwords changed.

You can also open logins directly within your browser. And as an added bonus, your password will also be filled automatically after the page opens, making 1Password a great way to bookmark websites.

Designed for everybody

We wanted to create 1Password 7 for everybody and be as inclusive as possible. That started with allowing you to sync your vaults yourself as well as supporting 1Password accounts.

1Password also speaks your language and has been localized into 9 languages, including Français, Deutsch, Italiano, 日本語, 한국어, Português, Pyсский, and Español.

Localised 1Password 7 Beta for Windows speaks many languages

Being able to use 1Password in your language is great and it’s even better on High-DPI displays. 1Password 7 has full support for HiDPI in Windows 10 so it looks incredible on 4K monitors and other high density screens.

And for those of you who rely on assistive technologies, rest assured that 1Password 7 is fully accessible. Accessibility is near and dear to my heart and I’m looking forward to seeing your feedback on this beta.

Why hello there, Windows Hello

We also added support for Windows Hello so you can unlock 1Password using your fingerprint or simply your smile. This works great in the main app as well as in mini.

Windows Hello support with 1Password 7 Beta for Windows

To keep things as secure as possible, the first time you unlock 1Password you will need to provide your Master Password. Windows Hello will then be able to unlock 1Password afterwards.

Pricing

1Password 7 is included free with every 1Password membership. This includes individual accounts, as well as anyone who is part of a family or team. If this is you, you’re all set! Jump to the next section to get started with the beta.

For standalone license holders, 1Password 7 for Windows will be a paid upgrade. Once 1Password 7 for Windows is officially released later this year, a new license will be required and will cost $64.99.

If you join the beta you will get access to a special discount to show our thanks for helping us get the beta polished. The code hasn’t been written yet, but in the next few months an upgrade window will appear, giving you the opportunity to purchase your license for just $39.99.

So join the beta, give us your feedback, and save! Here’s how…

Join our beta family

Intrepid testers who enjoy being on the cutting edge can jump right in by downloading the beta today.

Download the 1Password 7 Beta for Windows

Please see our release notes for known issues and join us in our discussion forum to let us know what worked great and where we need to improve.

We wouldn’t be here without you so thanks again for all your help! 😘

1Password 7 for Windows (beta)

Dave Teare Founder of AgileBits

Fireside with Monty: 1Password 6.8 for Windows is here!

Monty and his fellow ‘Bits have been busy here getting ready for the holidays and just couldn’t wait to deliver the latest update – in fact, they decided to send it out on Monday! With over 100 changes, there is more inside our newest version than ever before, so let’s settle in with a warm cup of cocoa and review. 🎄 ☕

A place for everything and everything in its place

A picture is worth 1,000 words, and we think the new All Vaults view definitely fits that bill! Within Settings, you can now customize which vaults you want to appear. At the office PC? Have your work items front and center. At home? Keep those personal items right where you need them. Also, searching has never been easier with the new tag: option. Add tags to your items and make filtering simple, or use it by itself to display untagged items.

What’s on the menu(s)?

If you find yourself unwrapping a shiny new device over the holidays, you can unlock 1Password for Windows and set things up in a flash! 🎁 Use the Accounts Menu to copy your account credentials, or display your Setup Code right within the Windows app. You can also see the complete release notes from the Help menu (but here’s a link too 🙂). The Help menu also points you towards our support site, where you can find tons of articles and tips to help make the most of your 1Password experience. And if you need a personal hand, our Team is always here for you! 🤗

Shiny tinsel too!

There’s something about the sparkle from a new display… 🌟 We wanted to make sure we’re taking advantage of new screen resolutions and have given everything a fresh, new update. From a modern translucent sidebar, to revamped context menus, to new icons for your accounts and vaults within the Share menu, the new 1Password interface looks amazing! If you’re listening rather than watching, screen readers will now announce even more when navigating 1Password making it sound just as good as it looks.

Stocking stuffers

As you can tell, we’re super excited that we’ve been able to fill your 1Password for Windows stocking with so many treats! If you’ve been following along with the version numbers, you’ve noticed that we are getting closer and closer to version 7.0 – it is going to be a very exciting new year for us here and we’re happy to have you along! 🎉😊

Have a happy, safe and secure holiday and, as always, please let us know what you think on our support forum.

1Password living on the [Microsoft] Edge

I’ve long been curious about Microsoft Edge. It’s fast, light-weight, and much more secure than the Internet Explorer of my childhood. It had everything you look for in a browser … except 1Password support. Today that changes!

Thanks to the hard work of the Microsoft Edge and Windows Store teams, along with our own Windows team, I’m excited to announce that 1Password now has a lovely new home right on your Microsoft Edge toolbar. 🎉

Boldly go where no Login item has gone before

To bring your items with you to explore Microsoft Edge, first make sure you have 1Password 6.7 or later installed and set up. Then, head to the Windows Store and grab the 1Password extension. Open Microsoft Edge, enable the 1Password extension, and enjoy saving new Login items, opening and filling in Microsoft Edge from 1Password mini, filling addresses and credit card details, and easy access to the Strong Password Generator, just like you’ve come to know and love. If you’re still using an older version of 1Password, you can follow this handy guide to migrate your existing data to the latest version of 1Password to get ready to seek out new frontiers in Microsoft’s latest browser.

Hello dark mode, my old friend

As you’re working your own 1Password magic in Microsoft Edge, don’t forget to check out my favorite feature: its super-sleek dark mode. I love how it turns your 1Password extension icon into a lovely point of light on your toolbar and it’s perfect for late-night browsing.  Let the stars next to your favorites light up Microsoft Edge and help guide you to your most loved websites at the click of a Login item. Of course, if a different vision has been planted in your brain, the extension icon looks right at home in light mode too. 😉

To the Edge and beyond!

As stoked as we are about 1Password coming to Microsoft Edge, this is only the beginning and some finishing touches are coming in future releases. Support for keyboard shortcuts to fill logins and some tweaks to how mini lets you know you’re filling in Edge are included with the latest 1Password 6 for Windows beta. Additional improvements for filling on certain sites will also be addressed down the road.

Currently, the 1Password extension in Microsoft Edge requires 1Password 6.7 for Windows or later and a 1Password membership. We will be expanding Edge availability in future releases but if you’d like to enjoy using Edge sooner than later, now is a great time to give a 1Password membership a try. In addition to early access, there are many other benefits and it’s free for 30 days!

I hope you enjoy saving and filling in Microsoft Edge and, as always, we love seeing your feedback in our support forum. 😊

1Password 6.7 for Windows: a feature buffet

1Password 6.7 for Windows was meant to be a smaller update, but just like you always walk up to the buffet line with the best of intentions, we reached the end of the line with this update and ended up with three plates full of pastries. We have prepared a regular smorgasbord of 58 new features, improvements and fixes for you in this release. So grab a few extra plates and check out the latest Windows goodies. 🙂 Read more

Introducing native messaging for the 1Password extension

I’m really excited to announce a brand new way for 1Password to save and fill in browsers. It’s not a new feature, and chances are you won’t even notice it. It’s called native messaging, and it changes the way 1Password integrates with your browser. In fact, if you use 1Password with Google Chrome, you might already be using it.1

Native messaging makes the 1Password extension faster, more stable, and more compatible in more situations. It improves the performance and reliability of the 1Password extension, and it’s the end result of talking with thousands of 1Password users over the years.

Once upon a time…


When the 1Password extension made its debut for Chrome in 2012, the options for browser extensions to talk to apps were limited. We settled on an approach using WebSockets, which creates a network connection on your computer between 1Password and the browser. Although it’s technically a network connection, the data is only transmitted locally and never leaves your computer. This served us well in the vast majority of cases, but for a significant number people, this connection was unreliable. Proxies, antivirus, and other security software could interfere with the connection and prevent saving and filling. These conflicts caused a lot of pain, especially for Windows users. Over time, it became clear that we needed a better approach.

Enter native messaging

Thankfully, Google led the way and introduced that better approach. Native messaging is a more direct way for browser extensions to communicate with apps. Unlike WebSockets, it doesn’t rely on creating a network connection between your computer and itself.

With native messaging, no longer is Chrome’s connection to 1Password subject to the vagaries of your network and computing environment. No matter how you’ve configured your computer, if you can run 1Password and Chrome, then native messaging will work for you. Last year, we began the transition to replace WebSockets with native messaging. In order for 1Password to use native messaging, we needed to update the extension and the apps. So in April, we released a version of the 1Password extension for Chrome with support for native messaging. Since then, all current versions of 1Password for Mac and Windows have been updated to use the new technology.

What will change?

If you notice any changes, they should only be positive. Communication is nearly instant, and you’ll be able to use the extension as soon as you open your browser. Native messaging removes entire classes of problems that have affected 1Password users for a long time. Conflicts with network proxies and firewalls in corporate computing environments, ad blocking software, and even productivity tools that lock you out of distracting sites should be a thing of the past. Security software that gets spooked by local network connections should relax down from red alert. And many less common scenarios will work much better with native mesaging as well.

How do I get it?!


The first thing to do is check for updates in 1Password to make sure you’re using the latest version available. The latest releases of 1Password all include native messaging. We even updated 1Password 4 for Windows to make sure everyone can take advantage of this advancement on both Mac and Windows. 1Password has built-in support for Google Chrome and many other browsers based on Chrome, like Opera. If you’re using a supported browser, 1Password will switch to native messaging immediately.

Some Chrome-based browsers are supported but require additional configuration to work with native messaging. See our support article for more details.

Conclusion

Native messaging is the future for the 1Password extension. For now it’s supported in Chrome, but support will be coming soon to other browsers like Firefox and Edge. We’ll let you know when native messaging arrives on new browsers — and stay tuned for more posts about the 1Password extension. There’s a lot of exciting stuff going on that I can’t wait to share with you. For now, I’d love to hear your thoughts about native messaging in the comments, and you can always connect with me and the rest of the extension team in the forum.


  1. I will use Chrome as a shorthand for Chrome and browsers based on
    Chromium such as Opera and Vivaldi throughout this post unless there are
    specific differences to note. 

Introducing 1Password 6.6 for Windows

We’ve been hard at work on a major update for 1Password 6 for Windows and I’m so excited to finally share it with all of you.  1Password 6.6 for Windows is here and it is HUGE.  I can’t possibly discuss every new feature here – there are 24 brand new features and 89 total changes made – but I’ll highlight a few that I’m most excited about. Read more

Using Intel’s SGX to keep secrets even safer

When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see. These include the various encryption keys that 1Password uses to encrypt your data. These are 77-digit (256-bit) completely random numbers.

You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.

Each item key’s encrypted with the master key
And the master key’s encrypted with the derived key
And the derived key comes from the MP
Oh hear the word of the XOR
Them keys, them keys, them random keys (3x)
Oh hear the word of the XOR

And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.

Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.

SGX support in 1Password isn’t ready for everybody just yet as there are a number of system requirements, but we are very happy to talk about what we have done so far and where we are headed. I would also like to say that we would not be where we are today without the support of many people at Intel. It has been great working with them, and I very much look forward to continuing this collaberation.

What does Intel’s SGX do?

Intel, as most of you know, make the chips that power most of the desktop and laptop computers we all use. Their most recent CPUs include the ability for software running on Windows and Linux to create and use secure enclaves that are safe from attacks coming from the operating system itself. It is a security layer in the chip that cryptographically protects regions of operating system memory.

SGX does a lot of other things, too; but the feature I’m focusing on now is the privacy it offers for regions of system memory and computation.

Ordinary memory protection

A program running on a computer needs to use the system’s memory. It needs this both for the actual program and for the data that the program is working on. It is a Bad Thing™ if one program can mess with another program’s memory. And it is a security problem if one program can read the memory of another program. We don’t want some other program running on your computer to peer what is in 1Password’s memory when 1Password is unlocked. After all, those are your secrets.

It is the operating system’s (OS’s) job to make sure that one process can’t access the memory of another. Back in the old days (when I had to walk two miles through the snow to school, up hill, both ways) some operating systems did not do a good job of enforcing memory protection. Programs could easily cause other programs or the whole system to crash, and malware was very easy to create. Modern operating systems are much better about this. They do a good job of making sure that only the authorized process can read and manipulate certain things in memory. But if the operating system itself gets compromised or if some other mechanism might allow for the reading of all memory then secrets in one program’s part of memory may still be readable by outsiders.

Extraordinary memory protection

One way to protect a region of memory from the operating system itself is to encrypt that region’s contents using a key that even the operating system can’t get to. That is a tricky thing to do as there are few places to keep the key that encrypts this memory region if we really want to keep it out of the hands of the operating system.

SGX memory access drawingSo what we are looking for is the ability to encrypt and decrypt regions of memory quickly, but using a key that the operating system can’t get to. Where should that key live?  We can’t just keep it in the the innards of a program that the operating system is running, as the operating system must be able to see those innards to run the program. We can’t keep the key in the encrypted memory region itself because that is like locking your keys in your car: Nobody, not even the rightful owner, could make use of what is in there. So we need some safe place to create and keep the keys for these encrypted regions of memory.

Intel’s solution is to create and keep those keys in the hardware of the CPU. A region of memory encrypted with such a key is called an enclave. The SGX development and runtime tools for Windows allow us to build 1Password so that when we create some keys and call some cryptographic operations those will be stored and used with an SGX enclave.

An enclave of one’s own

When 1Password uses certain tools provided by Intel, the SGX module in the hardware will create an enclave just for the 1Password process. It does a lot of work for us behind the scenes. It requests memory from the operating system, but the hardware on Intel’s chip will be encrypting and validating all of the data in that region of memory.

When 1Password needs to perform an operation that relies on functions or data in the enclave, we make the request to Intel’s crypto provider, which ends up talking directly to SGX portions of the chip which will then perform the operation in the encrypted SGX enclave.

Not even 1Password has full access to its enclave; instead 1Password has the ability to ask the enclave to perform only those tasks that it was programmed to do. 1Password can say, “hey enclave, here is some data I would like you to decrypt with that key you have stored” Or “hold onto this key, I may ask you to do things with it later.”

What’s in our enclave? Them keys, of course!

protected-keysWhen you enter your Master Password in 1Password for Windows, 1Password processes that password with PBKDF2 to derive the master key to your primary profile in the local data store. (Your local data store and the profiles within it are things that are well hidden from the user, but this is where the keys to other things are stored. What is important about this is that your master key is a really important key.)

When you do this on a Windows system that supports SGX the same thing happens, except that the the computation of the master key is done within the enclave.  The master key that is derived through that process is also retained within the enclave. When 1Password needs to decrypt something with that key it can just ask the enclave to perform that decryption. The key does not need to leave the enclave.

Answers to anticipated questions

What does (and doesn’t) this protect us from?

I must start out by saying what I have often said in the past. It is impossible for 1Password (or any program) to protect you if the system you are running it on is compromised. You need to keep your devices free of malware. But using SGX makes a certain kind of local attack harder for an attacker, particularly as we expand our use of it.

The most notable attacks that SGX can start to help defend against are attacks that exploit Direct Memory Access. Computers with certain sorts of external ports can sometimes be tricked in allowing a peripheral device to read large portions of system memory.

As we expand and fine tune our use of SGX we will be in a better position to be more precise about what attacks it does and doesn’t defend against, but the ability to make use of these enclaves has so much potential that we are delighted to have made our first steps in using the protections that SGX can offer.

What will be in our enclave in the future?

As we progress with this, we will place more keys and more operations involving those keys into the SGX secure enclave. What you see today is just the beginning. When the master key is used to decrypt some other key that other key should only live within the enclave. Likewise the secret part of your personal key set should also have a life within the enclave only. I can’t promise when these additions will come. We still need to get the right cryptographic operations functioning within the enclave and reorganize a lot of code to make all of that Good Stuff™ happens, but we are very happy to have taken the first steps with the master key.

We do not like promising features until they are delivered. So please don’t take this as a promise. It is, however, a plan.

Sealed enclaves?

Among the features of SGX that I have not mentioned so far is the ability to seal an enclave. This would allow the enclave to not just keep secrets safe while the system is running, but to allow it to persist from session to session. Our hope is that we can pre-compute secrets and keep them in a sealed enclave. This should (if all goes to plan) allow 1Password to start up much more quickly as most of the keys that it needs to compute when you first unlock it can already be in an enclave ready to go.

A sealed enclave would also be an ideal place to store your secret 1Password.com Account Key, as a way of protecting that from someone who gains access to your computer.

Is security platform-specific?

1Password can only make use of SGX on some Windows PCs running on CPUs with Intel’s Skylake CPUs and which have been configured to make use of SGX. Thus SGX support in 1Password is not going to be available to every 1Password user. So it is natural to ask whether 1Password’s security depends on the platform you use.

Well, there is the trivial answer of “yes”. If you use 1Password on a device that hasn’t been updated and is filled with dubious software downloaded from who knows where, then using 1Password will not be as secure as when it is running on a device which is better maintained. That goes without saying, but that never stops me from saying it. Really, the easiest and number one thing you can do for your security is to keep your systems and software up to date.

The nontrivial answer is that 1Password’s security model remains the same across all of the platforms on which we offer it. But it would be foolish to not take advantage of some security feature available on one platform merely because such features aren’t available on others. So we are happy to begin to offer this additional layer of security for those of our customers how have computers which can make use of it.

Upward and downward!

I’d like to conclude by just saying how much fun it has been breaking through (or going around) layers. People like me have been trained to think of software applications and hardware being separated by the operating system. There are very good reasons for that separation — indeed, that separation does a great deal for application security — but now we see that some creative, thoughtful, and well-managed exceptions to that separation can have security benefits of its own. We are proud to be a part of this.

Introducing 1Password Windows for Teams!

Today is a very big day in Windows land: 1Password Teams is now officially available on Windows!

Our Windows team has made amazing progress since we introduced the first beta for Teams earlier this summer and I’m super excited to be able to share the results of their incredible work with you now.

Let’s jump right in!

Beautiful new design

The first thing you’ll notice right off the bat is 1Password 6 has an amazing new design. From every bit to every last pixel, literally everything is completely new in 1Password 6!

opw6-locked

Once you unlock 1Password you’ll be greeted with a completely new overview and details screen.

main-empty

As much as there is to enjoy in this new design, my favourite has to be Large Type – I absolutely love how great my passwords look there:

large-type-windows

Large Type makes reading even the most complicated passwords a breeze – I can even read them without my glasses! And if you have a High-DPI screen, it looks even better ?

Oh, and then there’s our browser extensions. These were not available in the initial beta and they were dearly missed! They’re here now and they look great!

opw-browser

Beautiful new security design

1Password had an amazing security design already, but in 1Password Teams we didn’t rest on our laurels. Instead, we took everything we learned about security over the last 10 years and built a completely new security architecture that pushed the limits of modern technologies.

As has always been the case with 1Password, your information is encrypted end-to-end, so only you and your team have the keys to decrypt your information. What’s new is an even secure-er encryption design as well as some cool techniques like Secure Remote Password, which allows clients and the server to verify each other during communication.

tripleencryptThe most visual change is the addition of the Account Key. This is a unique 128bit key that is generated for every user and greatly increases the security of your account.

The Account Key might appear similar to two-factor authentication but it’s so much better because it plays a direct role in the encryption of your data. It strengthens and fortifies your Master Password so much that even a poorly-chosen Master Password will be infeasible for attackers to brute force. It’s also never sent to our servers so it cannot be reset, intercepted, or evaded.

For an illustrated overview of our new security design, check out our security page, as well as our Security White Paper, for fun details like these ones:

  • Tamper-proof, authenticated encryption using AES-GCM mode
  • Brute force protection using PBKDF2-HMAC-SHA256
  • Secure vault sharing using asymmetric cryptography

The most amazing thing about this new design is it’s not only secure-er, but it’s much faster, too! It’s one of the benefits we get for using the latest and greatest modern technologies ?

Beautiful organization and control

menu-trimmedOne of greatest features in 1Password Teams is how easy it makes organizing things into multiple vaults. When you’ve organized passwords in separate vaults, it makes finding things easier, and also makes it super simple to securely share with your teammates.

New vaults can be created from your Admin Console on 1Password.com and will automatically appear on all your devices. You can also add teammates to new vaults and they will receive the vault and everything within it immediately.

Your team admin can even control the permissions for each vault, allowing you to share read-only access to vaults, and control who can manage the vault.

Oh and you’re not limited to a single 1Password account. As you can see from the screenshot, in addition to multiple vaults you can also have multiple accounts added to 1Password. This is great for your teammates as it allows them to use 1Password in their private lives as well as their professional life.

Beautiful safety nets

When you change an item within 1Password for Windows it will sync automatically to 1Password.com and become available on all your other authorized devices instantly.

All these changes are remembered by 1Password just in case you ever need to revert to an earlier version. If you or your teammates ever delete or modify something by accident, you can simply sign in to 1Password.com and restore what you need from the Item History popup:

item-history

Item History is perfect for protecting individual items, but you and your teammates need safety nets for your accounts as well. In a team environment you just can’t afford to get locked out of critical systems every time someone forgets their password.

That brings us to the most beautiful and secure safety net of all: Account Recovery. We (AgileBits) have never been able to reset your password, and with 1Password Teams we still can’t. But now you can!

With our innovative new recovery feature, if one of your teammates forgot their Master Password, your team admins can restore their access and they’ll regain access to all their passwords.

Beautiful in so many other ways, too

In addition to our new amazing Windows app, your subscription to 1Password Teams gives you and your entire team access to many more awesome things:

  • You and everyone on your team get all our awesome apps for free, including Windows, Android, Mac, and iOS
  • Automatic syncing – no configuration or extra software required
  • Securely share items and documents across your whole team
  • Easily invite your entire team and control access using the Admin Console
  • Full web access from anywhere

Sign your team up today!

1Password 6 for Windows is available today for subscribers to 1Password Teams. If you have not yet subscribed, now’s a great time to sign up:

Sign up your team

Subscribers simply need to download 1Password 6 and add their account information during setup.

opw6-setup

Once logged in, all your data will sync automatically. And if you had any data stored in an earlier version of 1Password, you can migrate over all of your existing data.

Oh, and if you sign up before October 31, you will get all the features of the Pro plan for the low, low price of the Standard plan. And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add later on will still get the same awesome deal.

Be sure to sign up by October 31st before this window closes ?

Enjoy! ❤️

1Password 6 beta for Windows opens the door to 1Password Families and 1Password Teams

I’ve got some exciting news to share with you about 1Password for Windows.

We’ve been working on a brand new app that brings 1Password Teams and 1Password Families to all of our Windows users. Today, we’re ready to tell you more about it and invite you to try it out. If you’re using 1Password 4 and are syncing using Dropbox or Wi-Fi sync, sit tight for a future release which will have full OPVault and AgileKeychain support.

1Windows

We love Windows 10. 1Password for Windows 10 beta was one of the earliest apps in the Windows Store using Microsoft’s newest app development platform, and we’re really excited about Windows 10 being active on over 200 million devices. But 47% of Windows users are still using Windows 7, and they weren’t able to use the new 1Password app, which made everyone very sad.

We wanted to bring 1Password Teams and 1Password Families to everyone. We wanted to make a beautiful app that offers a design and experience consistent with our other 1Password apps. We wanted to easily add features to the app without being limited by platform restrictions. Most of all, we wanted to benefit from all the hard work we put into 1Password beta for Windows 10. So, after many highly caffeinated days and lots of new code, we made an app that can be used by almost all Windows users.

Introducing 1Password 6

1Password 6 beta for Windows

1Password 6 is our newest Windows app and we can’t wait for you to take it for a spin! If you are running Windows 7, 8, or 10, you can download the beta today.

1Password 6 includes many fantastic features you’re going to love, such as:

  • A beautiful new design with High-DPI support now out of the box.
  • Support for 1Password Families and 1Password Teams.all vaults
  • Support for multiple vaults and the handy All Vaults view.
  • Basic support for browser extensions.
  • Out-of-the-box support for screen readers like Narrator.
  • Unicode support, enabling us to translate 1Password into Chinese, Russian, and other languages.
  • Import existing data from OPVault or AgileKeychain formats (read-only).
  • Large Type, for easily viewing passwords.

largeType

Download 1Password 6 beta

To get started using your 1Password Family or Teams account with the beta of 1Password 6, all you need is Windows 7, 8, or 10, and .NET 4.6.

Download 1Password 6 beta

If you’re not subscribed to one of our subscription services, we do not suggest trying 1Password 6 just yet. Full OPVault and AgileKeychain support will be coming later in the year and we’ll have another announcement when we’re ready for you.

Looking forward

Our target is to officially release the stable version of 1Password 6 in August. Here are the main things remaining to reach that goal:

  • Improved browser extension integration
  • Increase stability and reliability
  • Polish the app’s design, and turn up the pretty

We’re really proud of the beta but we also know we have a long ways to go. Please share your feedback to help us prioritize what we have left to do before the official release. Please share your thoughts with us in the 1Password beta for Windows forum. Together, we’ll make this the best version of 1Password for Windows ever!