1P Emergency Kit v3

Incredible 1Password users release 1Password Emergency Kit 3.0

The 1Password Emergency Kit is a clever PDF created by some of our brilliant users to help families and friends during unfortunate times. Invented by Mike Vardy at Productivityist a couple years ago, it recently reached version 3 and looks even more useful.

The idea behind this user-created Emergency Kit is simple: we create a will and place sensitive items in safe deposit boxes in case something happens to us. But with so much of our lives these days depending on the internet, many of us want a way to make 1Password part of these plans.

Thanks to Productivityist reader and 1Password user Charles Hamons, the 1Password Emergency Kit v3 is now a fillable PDF and includes space for even more useful information, such as locations of multiple vaults (and their Master Passwords) and even instructions for what to do with one’s social media accounts.

Admittedly, this isn’t quite a fun or exciting feature to boast about. But we are absolutely thankful for the work of Mike Vardy, Charles Hamons, and others in the community for building a useful 1Password tool that can help immensely during one of the most painful times in our lives.

App_Store_Best_of_2014

Apple lists 1Password among the App Store Best of 2014

App_Store_Best_of_2014

We are amazed, humbled, and absolutely thrilled that Apple has listed 1Password among the App Store Best of 2014 for iPhone and iPad!

We’re listed alongside some incredible peers, too, from Storehouse to Xcom: Enemy Within, Litely to NYT Now. Apple sure does know how to pick ‘em.

We are especially honored since v5 was both a major feature release and a huge step in taking 1Password for iOS freemium. We added some of our best features ever—like Touch ID and App Extension support for other apps— and we made 1Password 5 for iOS free to start using for new customers. Now, everyone can enjoy 1Password’s security and convenience, then unlock their full potential with a single, one-time in-app purchase.

We might be biased, but we agree that makes 1Password worthy of a Best App of 2014 spot. Thanks to you, our customers, for getting us here!

document_256px

Apps ❤ 1Password: Productivity

You’ve seen Apps that ❤ 1Password to help you stay secure while socializing and keeping up with the news, but now it’s time to get to work.

We’re seeing a great number of iOS Productivity apps add 1Password support, and we are truly thankful! Turns out our iPhones and iPads can’t just be for cat GIFs and Yo-ing each other. Apparently we actually have to, like, do stuff with them.

Now you can do stuff with these apps more quickly and securely by logging in and creating accounts with 1Password and Touch ID!

1P4 Android bot

Avoiding the clipboard with 1Password and Lollipop

Copy & Paste clipboards (or “pasteboards” as they are called on Mac and iOS) can be dangerous places for secrets if you have malicious software running on your device. On most operating systems – mobile and desktop alike – most running applications can read from the system clipboard. When you copy a secret to the system clipboard, a malicious process may be able to read and steal that secret.

This, by the way, is not news, but it is good that it has made the news. It helps people be aware of clipboard usage, and it gives me the opportunity to talk a bit about what we have been doing over the years about this.

We have always worked to reduce how much people need to depend on system clipboards when using 1Password. The details differ from system to system, and each operating environment gives us different ways to help reduce clipboard use. On the Mac and Windows PCs we have the 1Password Browser Extensions communicate with 1Password so that web form filling can avoid the clipboard. 1Password for Windows also uses auto-type to reduce clipboard activity. 1Password 5 on iOS offers 1Browser and integration with other apps through App Extensions

1Password Android browserBut today I will reveal a few things that our 1Password for Android beta testers know.

Aside: Before I get to that discussion, I should point out (as I often do), that the single best defense against a malicious program running on your machine or device is to keep your systems up to date with all software and system updates. It is also important to be careful in what you install on your system. 1Password can offer some significant defenses against malware on your system, but you have to help keep your systems free of malware.

1Password 4 for Android already has a simple built-in browser. This allows you to go directly from your Login item in 1Password to the web page, filling the data without the clipboard. Our iOS users are already familiar with 1Browser, and this is shaping up on Android.

Lollipop provides clipboardless sweetness

Of course, web pages aren’t the only thing that people need to fill passwords into, and sometimes people may wish to use something other than the browser built in to 1Password. In the current Beta release of 1Password for Android, we used the latest security and accessibility features in Android 5 (Lollipop) to allow 1Password to fill into other apps without making use of the clipboard.

Starting with Lollipop, we have a way to fill password data into other apps without using the clipboard. Perhaps it would be best to just quote what Nik, our Happiness Engineer, had to say in the beta newsletter just a couple of weeks ago:

Wondering why app and browser filling requires OS 5.0? Me too! So I asked our developers. It turns out that the only way for us to do this in earlier versions of Android OS was to use copy/paste accessibility APIs, meaning that any clipboard manager or malicious app could listen to clipboard events and collect login credentials as they were filled.

In Lollipop, 1Password can fill your information directly, without using the clipboard. Therefore, it isn’t possible for a third party to obtain your passwords by snooping on what 1Password’s doing.

Prior to Lollipop, it would be possible to get this kind of app-filling, but it would have relied on the clipboard under the hood. Because using the clipboard involves known risks, we feel that we should make it clear when copy/paste is being used and minimize it’s use wherever possible. As a result, we decided to focus on a Lollipop-only implementation of our filling feature

If you have an Android device with Lollipop installed and would like a sneak peek, I invite you to sign up for our Android beta.

Clipboards may always be with us

As you can see, we are working to reduce dependency on system clipboards when using 1Password. This is an on-going process. Browser integration on the desktops was something we started with back when the very first versions of 1Password was released for the Mac nearly eight years ago. Later, we introduced our own browser into 1Password for iOS, and much more recently encouraged 1Password integration for other iOS 8 apps using App Extensions. Along the way, we introduced auto-type in 1Password for Windows and a web browser into 1Password for Android. As you’ve learned here, we have in-app filling in our Android Beta, making use of the latest features of Android 5.0, Lollipop.

But while we are progressively reducing the need for copy and paste to a system clipboard, we are a long way from eliminating the need to use these. This is why I must repeat my advice to keep your system free of malicious software.

What I would like to see is a clipboard that could only be read when the user explicitly chooses to paste. This is something that has been suggested a number of times before, but has not be implemented on the most popular operating systems. I suspect that there is a reason for that, but if you know, I eagerly await your insights in the comments.

 

news icon

Apps ❤ 1Password: News

It can be tough to stay in touch with all the news outlets, blogs, and just plain great stuff that’s important to you. Thanks to these iPhone and iPad apps that ❤ 1Password, you can log in securely and get to reading, scrolling, and favoriting faster than ever before.

From podcast clients to information curators, bookmarking services to news readers, these are all great ways to stay informed. With their new 1Password integration on iPhone and iPad, you can stay safe online with strong, unique passwords, yet log in quickly thanks to 1Password, Touch ID, and a single tap.

1PW4 expand notes field

1Password for Windows Tips: The Incredible Expanding Notes

All 1Password items have a notes field where you can add any extra details you want. Some people add street addresses to items that have physical locations, others add device serial numbers to their maker’s Login items for quick reference.

A nice trick in 1Password 4 for Windows is the Notes field can expand when you need more room. If you simply mouseover the Notes field’s bottom bar (the one that separates it from Tags), you can click and drag to make it larger and add whatever you need.

Watchtower icon 1024

Viewing Drupal from the 1Password Watchtower

1Password WatchtowerWhen a large number of websites are discovered to have been vulnerable, as is the case with websites running recent versions of Drupal, people need clear and unambiguous advice that you can act on. And so, our clear and unambiguous advice is:

If you have a username and password on a site which has been using Drupal for its content management, you should change that password. You will need to change that password everywhere you use it, not just on the potentially affected sites.

Our Watchtower service within 1Password for Mac and Windows will recommend password changes for a number of sites that we detect as using Drupal. Here you can see what that will look like.

Drupal Watchtower example

We should also make it clear that none of our systems are affected by the Drupal vulnerability. We don’t use Drupal.

Site administrators know best

We don’t know the status of any particular site other than it appears to be running Drupal. Therefore, if our advice conflicts with advice you received from the administrators of a site, follow their recommendations.

We don’t know when a site gets fixed

Some vulnerable Drupal systems may have been fixed on October 15. Others may still not be fixed yet. Our tests are only capable of determining whether a website is using Drupal (and even that test is imperfect).

Merely patching Drupal is not sufficient for sites that may have been compromised. That is because an attacker using the vulnerability may have left a “backdoor” in a site allowing them back in even after the original vulnerability has been fixed. This makes it yet more difficult to determine whether a site remains vulnerable.

We don’t know if a site has been compromised

Drupal icon 400pxJust because a site has been vulnerable doesn’t mean that it has been compromised. However, it appears that automated attacks have been systematically breaking into vulnerable sites and planting “back doors” that would allow the attacker a way back in at any time in the future. So we should assume that most Drupal sites which weren’t patched very quickly on October 15 have been compromised.

A password compromised anywhere must be changed everywhere

If you reuse the same password on more than one site, you will have some extra work cut out for you. Let me explain why.

Suppose that Molly (one of my dogs) has used the same password on Bark Book as she does on Sprayed By a Mink Anonymous, and let’s also suppose that Bark Book gets compromised by Mr Talk (the neighbor’s cat).  Molly will need to change her password on both the compromised site (BarkBook.com) and on the uncompromised site (SprayedByMinkAnon.org) . That is because Mr Talk can use what he has learned from Bark Book against all of the sites and services that he thinks that Molly may be using. I must also report that Mr Talk, along with everyone down wind, can easily guess that Molly may well be visiting SprayedByMinkAnon.org.

Molly should take this opportunity to work towards having a unique password for each and every service. 1Password will remember those for her. The closer she gets to having a unique password for each site, the less of a headache the next big incident will be.

1P iOS icon 1024

Apps ❤ 1Password: Social Networking

Our Apps ❤ 1Password page is growing by the week, so it’s about time we start highlighting these fantastic apps! Developers are adding support to their apps so you can quickly log in and, in more and more cases, even sign up for a new account with 1Password and Touch ID!

For our inaugural post I’d like to get social. It’s one of our most popular categories so far and has something from and for everyone, including Twitter clients, crowdfunding, and an app for meeting people to, you know, actually get social!

Check out the Social Networking Apps that ❤ 1Password category, and give them some love in the App Store!

1P5 1P mini me

1Password for Mac Tips: meet 1Password mini and its not-so-mini list of shortcuts

1P5 1P mini me

What might seem like one of the smallest new features in 1Password 5 for Mac is actually one of its biggest. We completely redesigned it so you can find what you need more easily, but we also gave it a huge dose of keyboard shortcuts so you can work faster and keep important items at your fingertips.

If you want to impress friends and family and save even more time with 1Password, give these 1Password mini shortcuts1 a try:

  • Open 1Password mini: ⌥-⌘-\ (Option-Command-backslash by default)
  • Open 1Password mini’s preferences: ⌘-comma (Command-comma)
  • Select a category or item: ↑ ↓
  • Open item detail window: →
  • Close item detail window: ←
  • Copy selected field: ⏎ (Return key)
  • Copy the password value for the selected Login item: ⌘-⇧-C
  • Switch vaults: ⌘-1 through 9
  • Edit an item: ⌘-E (Command-E)
  • Save an item: ⌘-S (Command-S)
  • Anchor button (to open an item in its own window): ⌘-O (Command O as in the word “open”)
  • Reveal password field: Hold ⌥ (Option key)

Keep 1Password items on screen while you work

You can even pin 1Password items on-screen in order to reference or copy their details to other apps. Just click the Anchor button (or press ⌘-O) to open an item in a separate, free-floating window. The item detail window remains open until you click the red close button. Plus, you can anchor as many items as you like.

Naturally, there’s a bonus tip here: To close multiple anchored windows all at once, hold ⌥ when you close a window using the red button.

We hope you like these shortcuts, so let us know what you think of them and if we should add any more!

  1. Naturally, these all require that, in 1Password > Preferences > General, the setting to “Always keep 1Password mini running” is enabled.
1P icon 200

1Password 4.1 for Windows puts more control at your fingertips

1P icon 200I have to say, 1Password 4 for Windows has been our 1Passwordiest yet. You’ve given us a ton of great feedback, so we’re back with our first big, free update.

To put it simply, you get more control over some of 1Password’s little details that make a big difference. In v4.1, you can enable rich icons for an even prettier view of your items (View > Show Rich Icons) and lock 1Password when you close your browser (check File > Preferences (Ctrl+P) > Security).

For those who often have many Logins for a particular site, check File > Preferences (Ctrl+P) > Logins > Show X more items… to see more of them at a time.

We also made a ton of improvements across the board to everything from keyboard shortcuts to icon display, linking our fantastic new help guides, adding attachments to items and support for the Comodo Dragon browser, and much more. Check out our full v4.1 release notes for the quite the list of details.

The latest version of 1Password 4.1 for Windows is available now via our built-in automatic updater.