1Password 6.7 for Windows was meant to be a smaller update, but just like you always walk up to the buffet line with the best of intentions, we reached the end of the line with this update and ended up with three plates full of pastries. We have prepared a regular smorgasbord of 58 new features, improvements and fixes for you in this release. So grab a few extra plates and check out the latest Windows goodies. 🙂 Read more
I’m really excited to announce a brand new way for 1Password to save and fill in browsers. It’s not a new feature, and chances are you won’t even notice it. It’s called native messaging, and it changes the way 1Password integrates with your browser. In fact, if you use 1Password with Google Chrome, you might already be using it.1
Native messaging makes the 1Password extension faster, more stable, and more compatible in more situations. It improves the performance and reliability of the 1Password extension, and it’s the end result of talking with thousands of 1Password users over the years.
Once upon a time…
When the 1Password extension made its debut for Chrome in 2012, the options for browser extensions to talk to apps were limited. We settled on an approach using WebSockets, which creates a network connection on your computer between 1Password and the browser. Although it’s technically a network connection, the data is only transmitted locally and never leaves your computer. This served us well in the vast majority of cases, but for a significant number people, this connection was unreliable. Proxies, antivirus, and other security software could interfere with the connection and prevent saving and filling. These conflicts caused a lot of pain, especially for Windows users. Over time, it became clear that we needed a better approach.
Enter native messaging
Thankfully, Google led the way and introduced that better approach. Native messaging is a more direct way for browser extensions to communicate with apps. Unlike WebSockets, it doesn’t rely on creating a network connection between your computer and itself.
With native messaging, no longer is Chrome’s connection to 1Password subject to the vagaries of your network and computing environment. No matter how you’ve configured your computer, if you can run 1Password and Chrome, then native messaging will work for you. Last year, we began the transition to replace WebSockets with native messaging. In order for 1Password to use native messaging, we needed to update the extension and the apps. So in April, we released a version of the 1Password extension for Chrome with support for native messaging. Since then, all current versions of 1Password for Mac and Windows have been updated to use the new technology.
What will change?
If you notice any changes, they should only be positive. Communication is nearly instant, and you’ll be able to use the extension as soon as you open your browser. Native messaging removes entire classes of problems that have affected 1Password users for a long time. Conflicts with network proxies and firewalls in corporate computing environments, ad blocking software, and even productivity tools that lock you out of distracting sites should be a thing of the past. Security software that gets spooked by local network connections should relax down from red alert. And many less common scenarios will work much better with native mesaging as well.
How do I get it?!
The first thing to do is check for updates in 1Password to make sure you’re using the latest version available. The latest releases of 1Password all include native messaging. We even updated 1Password 4 for Windows to make sure everyone can take advantage of this advancement on both Mac and Windows. 1Password has built-in support for Google Chrome and many other browsers based on Chrome, like Opera. If you’re using a supported browser, 1Password will switch to native messaging immediately.
Some Chrome-based browsers are supported but require additional configuration to work with native messaging. See our support article for more details.
Native messaging is the future for the 1Password extension. For now it’s supported in Chrome, but support will be coming soon to other browsers like Firefox and Edge. We’ll let you know when native messaging arrives on new browsers — and stay tuned for more posts about the 1Password extension. There’s a lot of exciting stuff going on that I can’t wait to share with you. For now, I’d love to hear your thoughts about native messaging in the comments, and you can always connect with me and the rest of the extension team in the forum.
I will use Chrome as a shorthand for Chrome and browsers based on
Chromium such as Opera and Vivaldi throughout this post unless there are
specific differences to note. ↩
We’ve been hard at work on a major update for 1Password 6 for Windows and I’m so excited to finally share it with all of you. 1Password 6.6 for Windows is here and it is HUGE. I can’t possibly discuss every new feature here – there are 24 brand new features and 89 total changes made – but I’ll highlight a few that I’m most excited about. Read more
When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see. These include the various encryption keys that 1Password uses to encrypt your data. These are 77-digit (256-bit) completely random numbers.
You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.
Each item key’s encrypted with the master key
And the master key’s encrypted with the derived key
And the derived key comes from the MP
Oh hear the word of the XOR
Them keys, them keys, them random keys (3x)
Oh hear the word of the XOR
And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.
Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.
SGX support in 1Password isn’t ready for everybody just yet as there are a number of system requirements, but we are very happy to talk about what we have done so far and where we are headed. I would also like to say that we would not be where we are today without the support of many people at Intel. It has been great working with them, and I very much look forward to continuing this collaberation.
What does Intel’s SGX do?
Intel, as most of you know, make the chips that power most of the desktop and laptop computers we all use. Their most recent CPUs include the ability for software running on Windows and Linux to create and use secure enclaves that are safe from attacks coming from the operating system itself. It is a security layer in the chip that cryptographically protects regions of operating system memory.
SGX does a lot of other things, too; but the feature I’m focusing on now is the privacy it offers for regions of system memory and computation.
Ordinary memory protection
A program running on a computer needs to use the system’s memory. It needs this both for the actual program and for the data that the program is working on. It is a Bad Thing™ if one program can mess with another program’s memory. And it is a security problem if one program can read the memory of another program. We don’t want some other program running on your computer to peer what is in 1Password’s memory when 1Password is unlocked. After all, those are your secrets.
It is the operating system’s (OS’s) job to make sure that one process can’t access the memory of another. Back in the old days (when I had to walk two miles through the snow to school, up hill, both ways) some operating systems did not do a good job of enforcing memory protection. Programs could easily cause other programs or the whole system to crash, and malware was very easy to create. Modern operating systems are much better about this. They do a good job of making sure that only the authorized process can read and manipulate certain things in memory. But if the operating system itself gets compromised or if some other mechanism might allow for the reading of all memory then secrets in one program’s part of memory may still be readable by outsiders.
Extraordinary memory protection
One way to protect a region of memory from the operating system itself is to encrypt that region’s contents using a key that even the operating system can’t get to. That is a tricky thing to do as there are few places to keep the key that encrypts this memory region if we really want to keep it out of the hands of the operating system.
So what we are looking for is the ability to encrypt and decrypt regions of memory quickly, but using a key that the operating system can’t get to. Where should that key live? We can’t just keep it in the the innards of a program that the operating system is running, as the operating system must be able to see those innards to run the program. We can’t keep the key in the encrypted memory region itself because that is like locking your keys in your car: Nobody, not even the rightful owner, could make use of what is in there. So we need some safe place to create and keep the keys for these encrypted regions of memory.
Intel’s solution is to create and keep those keys in the hardware of the CPU. A region of memory encrypted with such a key is called an enclave. The SGX development and runtime tools for Windows allow us to build 1Password so that when we create some keys and call some cryptographic operations those will be stored and used with an SGX enclave.
An enclave of one’s own
When 1Password uses certain tools provided by Intel, the SGX module in the hardware will create an enclave just for the 1Password process. It does a lot of work for us behind the scenes. It requests memory from the operating system, but the hardware on Intel’s chip will be encrypting and validating all of the data in that region of memory.
When 1Password needs to perform an operation that relies on functions or data in the enclave, we make the request to Intel’s crypto provider, which ends up talking directly to SGX portions of the chip which will then perform the operation in the encrypted SGX enclave.
Not even 1Password has full access to its enclave; instead 1Password has the ability to ask the enclave to perform only those tasks that it was programmed to do. 1Password can say, “hey enclave, here is some data I would like you to decrypt with that key you have stored” Or “hold onto this key, I may ask you to do things with it later.”
What’s in our enclave? Them keys, of course!
When you enter your Master Password in 1Password for Windows, 1Password processes that password with PBKDF2 to derive the master key to your primary profile in the local data store. (Your local data store and the profiles within it are things that are well hidden from the user, but this is where the keys to other things are stored. What is important about this is that your master key is a really important key.)
When you do this on a Windows system that supports SGX the same thing happens, except that the the computation of the master key is done within the enclave. The master key that is derived through that process is also retained within the enclave. When 1Password needs to decrypt something with that key it can just ask the enclave to perform that decryption. The key does not need to leave the enclave.
Answers to anticipated questions
What does (and doesn’t) this protect us from?
I must start out by saying what I have often said in the past. It is impossible for 1Password (or any program) to protect you if the system you are running it on is compromised. You need to keep your devices free of malware. But using SGX makes a certain kind of local attack harder for an attacker, particularly as we expand our use of it.
The most notable attacks that SGX can start to help defend against are attacks that exploit Direct Memory Access. Computers with certain sorts of external ports can sometimes be tricked in allowing a peripheral device to read large portions of system memory.
As we expand and fine tune our use of SGX we will be in a better position to be more precise about what attacks it does and doesn’t defend against, but the ability to make use of these enclaves has so much potential that we are delighted to have made our first steps in using the protections that SGX can offer.
What will be in our enclave in the future?
As we progress with this, we will place more keys and more operations involving those keys into the SGX secure enclave. What you see today is just the beginning. When the master key is used to decrypt some other key that other key should only live within the enclave. Likewise the secret part of your personal key set should also have a life within the enclave only. I can’t promise when these additions will come. We still need to get the right cryptographic operations functioning within the enclave and reorganize a lot of code to make all of that Good Stuff™ happens, but we are very happy to have taken the first steps with the master key.
We do not like promising features until they are delivered. So please don’t take this as a promise. It is, however, a plan.
Among the features of SGX that I have not mentioned so far is the ability to seal an enclave. This would allow the enclave to not just keep secrets safe while the system is running, but to allow it to persist from session to session. Our hope is that we can pre-compute secrets and keep them in a sealed enclave. This should (if all goes to plan) allow 1Password to start up much more quickly as most of the keys that it needs to compute when you first unlock it can already be in an enclave ready to go.
A sealed enclave would also be an ideal place to store your secret 1Password.com Account Key, as a way of protecting that from someone who gains access to your computer.
Is security platform-specific?
1Password can only make use of SGX on some Windows PCs running on CPUs with Intel’s Skylake CPUs and which have been configured to make use of SGX. Thus SGX support in 1Password is not going to be available to every 1Password user. So it is natural to ask whether 1Password’s security depends on the platform you use.
Well, there is the trivial answer of “yes”. If you use 1Password on a device that hasn’t been updated and is filled with dubious software downloaded from who knows where, then using 1Password will not be as secure as when it is running on a device which is better maintained. That goes without saying, but that never stops me from saying it. Really, the easiest and number one thing you can do for your security is to keep your systems and software up to date.
The nontrivial answer is that 1Password’s security model remains the same across all of the platforms on which we offer it. But it would be foolish to not take advantage of some security feature available on one platform merely because such features aren’t available on others. So we are happy to begin to offer this additional layer of security for those of our customers how have computers which can make use of it.
Upward and downward!
I’d like to conclude by just saying how much fun it has been breaking through (or going around) layers. People like me have been trained to think of software applications and hardware being separated by the operating system. There are very good reasons for that separation — indeed, that separation does a great deal for application security — but now we see that some creative, thoughtful, and well-managed exceptions to that separation can have security benefits of its own. We are proud to be a part of this.
Today is a very big day in Windows land: 1Password Teams is now officially available on Windows!
Our Windows team has made amazing progress since we introduced the first beta for Teams earlier this summer and I’m super excited to be able to share the results of their incredible work with you now.
Let’s jump right in!
Beautiful new design
The first thing you’ll notice right off the bat is 1Password 6 has an amazing new design. From every bit to every last pixel, literally everything is completely new in 1Password 6!
Once you unlock 1Password you’ll be greeted with a completely new overview and details screen.
As much as there is to enjoy in this new design, my favourite has to be Large Type – I absolutely love how great my passwords look there:
Large Type makes reading even the most complicated passwords a breeze – I can even read them without my glasses! And if you have a High-DPI screen, it looks even better ?
Oh, and then there’s our browser extensions. These were not available in the initial beta and they were dearly missed! They’re here now and they look great!
Beautiful new security design
1Password had an amazing security design already, but in 1Password Teams we didn’t rest on our laurels. Instead, we took everything we learned about security over the last 10 years and built a completely new security architecture that pushed the limits of modern technologies.
As has always been the case with 1Password, your information is encrypted end-to-end, so only you and your team have the keys to decrypt your information. What’s new is an even secure-er encryption design as well as some cool techniques like Secure Remote Password, which allows clients and the server to verify each other during communication.
The most visual change is the addition of the Account Key. This is a unique 128bit key that is generated for every user and greatly increases the security of your account.
The Account Key might appear similar to two-factor authentication but it’s so much better because it plays a direct role in the encryption of your data. It strengthens and fortifies your Master Password so much that even a poorly-chosen Master Password will be infeasible for attackers to brute force. It’s also never sent to our servers so it cannot be reset, intercepted, or evaded.
- Tamper-proof, authenticated encryption using AES-GCM mode
- Brute force protection using PBKDF2-HMAC-SHA256
- Secure vault sharing using asymmetric cryptography
The most amazing thing about this new design is it’s not only secure-er, but it’s much faster, too! It’s one of the benefits we get for using the latest and greatest modern technologies ?
Beautiful organization and control
One of greatest features in 1Password Teams is how easy it makes organizing things into multiple vaults. When you’ve organized passwords in separate vaults, it makes finding things easier, and also makes it super simple to securely share with your teammates.
New vaults can be created from your Admin Console on 1Password.com and will automatically appear on all your devices. You can also add teammates to new vaults and they will receive the vault and everything within it immediately.
Your team admin can even control the permissions for each vault, allowing you to share read-only access to vaults, and control who can manage the vault.
Oh and you’re not limited to a single 1Password account. As you can see from the screenshot, in addition to multiple vaults you can also have multiple accounts added to 1Password. This is great for your teammates as it allows them to use 1Password in their private lives as well as their professional life.
Beautiful safety nets
When you change an item within 1Password for Windows it will sync automatically to 1Password.com and become available on all your other authorized devices instantly.
All these changes are remembered by 1Password just in case you ever need to revert to an earlier version. If you or your teammates ever delete or modify something by accident, you can simply sign in to 1Password.com and restore what you need from the Item History popup:
Item History is perfect for protecting individual items, but you and your teammates need safety nets for your accounts as well. In a team environment you just can’t afford to get locked out of critical systems every time someone forgets their password.
That brings us to the most beautiful and secure safety net of all: Account Recovery. We (AgileBits) have never been able to reset your password, and with 1Password Teams we still can’t. But now you can!
With our innovative new recovery feature, if one of your teammates forgot their Master Password, your team admins can restore their access and they’ll regain access to all their passwords.
Beautiful in so many other ways, too
In addition to our new amazing Windows app, your subscription to 1Password Teams gives you and your entire team access to many more awesome things:
- You and everyone on your team get all our awesome apps for free, including Windows, Android, Mac, and iOS
- Automatic syncing – no configuration or extra software required
- Securely share items and documents across your whole team
- Easily invite your entire team and control access using the Admin Console
- Full web access from anywhere
Sign your team up today!
1Password 6 for Windows is available today for subscribers to 1Password Teams. If you have not yet subscribed, now’s a great time to sign up:
Subscribers simply need to download 1Password 6 and add their account information during setup.
Once logged in, all your data will sync automatically. And if you had any data stored in an earlier version of 1Password, you can migrate over all of your existing data.
Oh, and if you sign up before October 31, you will get all the features of the Pro plan for the low, low price of the Standard plan. And best of all, you and your team will lock in the Standard price for as long as you’re subscribed. Even teammates you add later on will still get the same awesome deal.
Be sure to sign up by October 31st before this window closes ?
I’ve got some exciting news to share with you about 1Password for Windows.
We’ve been working on a brand new app that brings 1Password Teams and 1Password Families to all of our Windows users. Today, we’re ready to tell you more about it and invite you to try it out. If you’re using 1Password 4 and are syncing using Dropbox or Wi-Fi sync, sit tight for a future release which will have full OPVault and AgileKeychain support.
We love Windows 10. 1Password for Windows 10 beta was one of the earliest apps in the Windows Store using Microsoft’s newest app development platform, and we’re really excited about Windows 10 being active on over 200 million devices. But 47% of Windows users are still using Windows 7, and they weren’t able to use the new 1Password app, which made everyone very sad.
We wanted to bring 1Password Teams and 1Password Families to everyone. We wanted to make a beautiful app that offers a design and experience consistent with our other 1Password apps. We wanted to easily add features to the app without being limited by platform restrictions. Most of all, we wanted to benefit from all the hard work we put into 1Password beta for Windows 10. So, after many highly caffeinated days and lots of new code, we made an app that can be used by almost all Windows users.
Introducing 1Password 6
1Password 6 is our newest Windows app and we can’t wait for you to take it for a spin! If you are running Windows 7, 8, or 10, you can download the beta today.
1Password 6 includes many fantastic features you’re going to love, such as:
- A beautiful new design with High-DPI support now out of the box.
- Support for 1Password Families and 1Password Teams.
- Support for multiple vaults and the handy All Vaults view.
- Basic support for browser extensions.
- Out-of-the-box support for screen readers like Narrator.
- Unicode support, enabling us to translate 1Password into Chinese, Russian, and other languages.
- Import existing data from OPVault or AgileKeychain formats (read-only).
- Large Type, for easily viewing passwords.
Download 1Password 6 beta
To get started using your 1Password Family or Teams account with the beta of 1Password 6, all you need is Windows 7, 8, or 10, and .NET 4.6.
If you’re not subscribed to one of our subscription services, we do not suggest trying 1Password 6 just yet. Full OPVault and AgileKeychain support will be coming later in the year and we’ll have another announcement when we’re ready for you.
Our target is to officially release the stable version of 1Password 6 in August. Here are the main things remaining to reach that goal:
- Improved browser extension integration
- Increase stability and reliability
- Polish the app’s design, and turn up the pretty
We’re really proud of the beta but we also know we have a long ways to go. Please share your feedback to help us prioritize what we have left to do before the official release. Please share your thoughts with us in the 1Password beta for Windows forum. Together, we’ll make this the best version of 1Password for Windows ever!
Over the weekend Dale Myers wrote a blog post that examined our .agilekeychain format. The post featured a good discussion and analysis of our older data format, but it raised some questions among 1Password users and the wider technology community.
Dale states that he plans to continue using 1Password and has no concerns over the safety of his passwords themselves, but his main concern was how the AgileKeychain handles item URLs. While we widely documented this design decision and shared it publicly, Dale was surprised to find out that we didn’t encrypt URLs within the keychain. We want to reassure users that rely on AgileKeychain that their password data is safe and secure, and take the time to walk through our data formats to explain the issue completely.
AgileKeychain & OPVault Data Formats
Back in 2008, we introduced the AgileKeychain as a way to help our users better synchronize data across platforms and devices. At this time, 1Password had significantly less processing power to draw from for tasks like decryption, and doing something as simple as a login search would cause massive performance issues and battery drain for our users. Given the constraints that we faced at the time, we decided not to encrypt item URLs and Titles (which resembled the same sorts of information that could be found in browser bookmarks).
In December 2012, we introduced a new format that encrypted much more of the metadata. OPVault, our newer and stronger data format, provided authenticated encryption as well as many other improvements for 1Password users.
This format worked well in situations where we didn’t need to worry about backwards compatibility, including iCloud and local storage on iOS and Mac. For Windows, Android, and Dropbox syncing, however, we needed to decide if we should migrate to the new format or provide compatibility with older versions of 1Password.
We decided to take a conservative approach and not automatically migrate everyone over to OPVault because many users depend upon older versions of 1Password and they wouldn’t be able to log into their accounts. We knew we could trust the security of the AgileKeychain to protect confidential user data so we didn’t want to rush into something that would disrupt people’s workflows.
Switching to OPVault
Despite the security of AgileKeychain remaining intact, Dale reminded us that its time to move on. The OPVault format is really great in so many ways and we should start sharing it with as many users as possible.
We’ve already started making changes to use OPVault as the default format. In fact, the latest beta of 1Password for Windows does this already. Similar changes are coming to Mac and iOS soon, and we’re planning on using the new format in Android in the future. Once all of these things are complete, we will add an automatic migration for all 1Password users. For users who would like to switch to OPVault sooner than this, here’s how you can get started immediately:
- If you use 1Password for Mac, our knowledgebase will help you.
- If you use 1Password for Windows, we’ve posted instructions in our discussion forums.
- If you use only 1Password for iOS, sync with iCloud.
- If you use 1Password for Android, use Wi-Fi sync.
To avoid losing access to your data, be sure to back up your 1Password data beforehand, and only follow these instructions if you are NOT using any legacy versions of 1Password. If you have any questions or concerns, or would like to migrate but aren’t sure if your version of 1Password is affected, our knowledgebase, forums and support team are here to help.
Or, If you’re living on the bleeding edge, expect some paper cuts.
The Chromium team (the open-source project behind Google Chrome) is doing an amazing job of constantly moving the web forward and making the web a safer place for users of Google Chrome.
Recently, many users of the latest pre-release versions of Google Chrome have notified us that the 1Password extension refuses to work in OS X and Windows, showing the following error message:
What is going on?
The Google Chrome developers have started implementing changes to the types of connections extensions are allowed to establish. These changes are part of a larger and more complex plan to harden Google Chrome against certain kinds of web-based attacks (like cross-site request forgery attacks), in which a malicious website or extension attempts to compromise internal network devices and processes listening on the localhost IP address.
Unfortunately, in the process of implementing these new security measures, something was broken in a way that results in many Chrome extensions, including 1Password, not working anymore in the Canary build and the dev channel of Chrome.
What seems to be the issue?
The 1Password web browser extension needs to communicate with a helper process that runs in the background to access your 1Password data (1Password mini in OS X and 1Password Helper in Windows). This is facilitated by establishing WebSocket protocol connections at the localhost address of a computer. WebSocket connections are similar to the typical HTTP requests your web browser performs when visiting a website.
The way we understand the current situation is this:
- An extension tries to open a ws:// (WebSocket) connection.
- Chrome recognises the chrome-extension protocol and checks whether the connection attempt has a secure origin.
- If Chrome determines that the connection is not secure, it rejects the attempt and any further connection requests are never even attempted beyond that.
In the case of 1Password, this results in the extension thinking that the 1Password application does not exist on the PC/Mac in the first place or that something is blocking the WebSocket connection.
What is going to happen?
This is an ongoing issue that we’re still investigating but so far it is clear that the Chromium development community has recognised that many extensions communicate with host applications using WebSocket and other protocols. To our current knowledge, they are treating this issue as a regression in need of fixing, but any fix requires careful consideration in light of their efforts to increase security.
There are various active discussion threads and bug reports related to this situation in the Chromium project. To name only a few:
- WebSockets initiated in Chrome extensions has null Origin header in their handshake
- Block sub-resource loads from the web to private networks and localhost
- Allow url::SchemeHostPort to hold non-file scheme without port
What to do now?
Testing pre-release software can be fun and is incredibly useful for the developers of that software and the developers of apps that interact with it — seriously, we love our beta testers. 1Password supports the latest stable builds of Safari, Chrome, Firefox, and Opera. While we make every effort to maintain compatibility with Beta, Dev, Nightly, Canary builds or other birds or browsers, we can’t guarantee that 1Password will always work as browsers go through their various development and release cycles.
If 1Password is as essential to your daily life as it is to ours, our suggestion is to temporarily return your browser to the stable version and check out the new Canary build/dev channel releases in a week or two — did I mention how much we appreciate beta testers sending in feedback? If you do want to live on the bleeding edge, please be aware of the potential for bugs in development and public beta versions of browsers and software in general and be patient with the developers of browsers, apps, and extensions as they negotiate a shifting landscape. We’ve added the article, “Prerelease (beta, dev, nightly) browser builds,” to our knowledge base to keep you apprised of any issues with unfinished versions of browsers.
As with any other questions regarding 1Password, please sound off about any issues you run into when using 1Password with pre-release versions of browsers in our discussion forums.
With the release of Microsoft’s latest operating system, you might be asking yourself, “Self, am I ready for Windows 10?” And while we at AgileBits wouldn’t presume to answer that question for you, we’re pleased to announce that 1Password is ready when you are!
Using Windows 10
A number of us have already been using Windows 10 regularly—and loving it. And it turns out that 1Password loves Windows 10 too! But while you’ll be able to hit the ground running and use 1Password as you always have, just be sure that your other hardware and software are ready to make the leap. And back up, back up, and back up some more.
Livin’ on the Edge
One significant change in Windows 10 that will be of interest to 1Password users is the addition of Microsoft’s latest and greatest web browser, Edge. Previously known as “Spartan,” we’ve found it to be fast, stable, and rather pleasant to use.
However, there’s a catch: Edge does not yet support extensions, so at this time there is no way to use the 1Password extension in Edge as you do in Firefox, Chrome, and Internet Explorer.
The good news is that Internet Explorer is still around, and 1Password works great in IE 11, along with our other favourite browsers. Word on the street is that Microsoft Edge will support extensions in the near future; we’re looking forward to seeing if that will enable us to provide 1Password extension support in the new browser.
Wi-Fi Sense, and the cost of convenience
One thing that you should know about is a new feature called Wi-Fi Sense. This feature has been present on Windows Phone for a while now, but it’s a new addition to the desktop OS. Wi-Fi Sense shares Wi-Fi network access between you and your Outlook, Skype, and Facebook contacts. While this may be convenient (even magical) for some, it also presents some security fodder for your consideration. With Windows 10 now unleashed, it’s especially important to understand how Wi-Fi Sense works, and then make an informed decision.
Wi-Fi Sense can share most of your saved Wi-Fi connections. Windows keeps your saved Wi-Fi connections when you upgrade, so if you’ve been using Windows for a while, this might be a lengthy list. All the networks to which you’ve previously connected have the potential to be shared using Wi-Fi Sense.
It’s also important to note that Wi-Fi Sense doesn’t let you individually choose with whom you share your Wi-Fi connections; rather, they’re available to all of your contacts on a service (Outlook, Skype, Facebook) if that service is enabled.
One aspect of Wi-Fi Sense that is easy to overlook is that sharing is a two-way street: not only are you sharing your saved Wi-Fi connection information with your contacts, they’re also sharing theirs with you. Additionally, open hotspots are crowdsourced; unless you opt out, your Windows 10 devices will automatically connect to many unsecured Wi-Fi networks. Since these can be compromised or spoofed, we definitely recommend using protection (such as VPNs and encryption) any time you connect to Wi-Fi networks you don’t control.
The more you know…
If you’ve only ever used a wired connection, Windows won’t have a Wi-Fi connection saved, and therefore won’t be able to give it away to Facebook Guy and the rest. You can disable Wi-Fi Sense in Windows 10 by going to Wi-Fi > Network settings > Manage Wi-Fi settings and flipping the switch to turn it off. If you add “_optout” to end of your SSID (network name), your Wi-Fi network will be opted out of Wi-Fi Sense.
Microsoft’s Wi-Fi Sense FAQ contains a lot of information to help you decide whether to keep this feature enabled. Here are some highlights:
- When using Express setup, many of the Wi-Fi Sense options are enabled by default
- Your contacts don’t see your Wi-Fi network password
- You choose which Wi-Fi network connections you want to share
- Network connections are shared only with contacts who also have Wi-Fi Sense enabled
- Network connections are shared with your contacts, but not their contacts
If you’re a Windows Insider or early adopter, we hope you’re enjoying Windows 10. If you have any questions or feedback about 1Password, please share your thoughts in our discussion forums. We love hearing from you.
I’m not sure what it’s like where you are, but it’s been HOT lately, here in Germany. Recent days have had many on the team wishing they could work in their underwear. (Spoiler alert: I believe many already do.)
And just like fine-tuning an air conditioner in the house can make the difference between melting like ice in the sunshine and constantly looking like a plucked goose, we’re using version 4.6 of 1Password for Windows to make some useful improvements and fix a few bugs, to make things extra comfy for you.
Here’s the new coolness:
1Password + Yandex = best pals
The 1Password extension now works nicely in the privacy-focused Yandex browser. To install it, simply visit our browser extensions page in Yandex. Yandex will identify itself as Google Chrome (it’s based on the Chromium project) and from there you can install the extension like you usually would in Google Chrome.
Usernames column in the Logins category
You asked for it, we’ve listened. Now you can have a username column in the Logins category. To enable it, select View > Columns > Show Username in Logins in the menu bar.
New custom field type: Phone
Once you add a custom phone field to an item, clicking the phone number will allow you to dial it with your favorite VoIP application or hand off the call to your smartphone by using a remote phone app for Android or Windows Phone.
More cool stuff…
- The reliability of 1Click Bookmarks in Internet Explorer has been vastly improved.
- The date picker in all categories now includes month digits next to the month name.
- Our translators have further refined the localization of the app.
You can find the entire list of new features, improvements, and bug fixes in the release notes.
1Password 4.6 for Windows is available now as a free update for all existing owners. Choose Help > Check for New Version in the menu bar, or grab the new version from our downloads page.