1Password command-line tool 0.2: Tim’s new toys

Some of you may know Tim, our Beardless Keeper of Keys and Grounds here at AgileBits. Tim and his team keep everything running smoothly. The servers are serving happily and the networks are flowing gracefully. Tim is also the administrator of our company team on 1Password.com.

Tim can script and automate with the best of them, and from the moment he got a preview of op, the DevOps team began bombarding us with feedback. One of the first things he asked for was the ability to create vaults, so we added that right away. But we knew we could still do more for Tim – after all he was on the nice list this year – so we got him some new toys to play with. If you’re too excited to read more, you can just start playing with op 0.2 now. To find out more, read on.

Vault into the new year

Our first gift to Tim was more control over vault access. He can now use op to add users to vaults, remove users from vaults, and even delete vaults.

So when Dave told Tim about a new project (codenamed Honey Badger), it was easy to set things up.

Dave needed two developers, Chris and Betty, as well as one of our designers, Matt, involved in the project. With the command-line tool, Tim can switch to his terminal and do this right away. After he signs in, he can create the vault needed for the project:

op create vault "Honey Badger"

But this is old news! He’s been creating vaults for months now. What’s new is that he can now give everyone involved access to that vault:

op add "Chris Meek" "Honey Badger"
op add "Betty Da" "Honey Badger"
op add "Matt Davey" "Honey Badger"

Tim can even create a script to take a list of email addresses and add everyone to the vault at once:

#!/bin/bash
# Usage: add-everyone.sh "Honey Badger" < emailaddresses.txt
while read p; do
    op add $p $1
done

After Matt is done designing project Honey Badger, it’s just as simple to remove him from the vault:

op remove "Matt Davey" "Honey Badger"

When everyone is done with the project, Tim can use op delete vault "Honey Badger" and move on to his next gift.

New year, new groups

The next gift we gave Tim was control over group membership. He can now use op to create and delete groups and choose who belongs to them.

When Dave told Tim that Wendy was moving from the support team to the design team, Tim just casually sipped his cocoa. He knew this would be trivial. We already have groups set up for both teams, so he just ran two commands:

op remove "Wendy Appleseed" "Support"
op add "Wendy Appleseed" "Design"

Tim can also create and remove groups with op create group and op delete group if ever he needs to.

Resolve to level up your skills

The holidays may be over, but we have a feeling Tim will be playing with his new toys for many days to come. If you want to level up your own skills, head over to download this latest release and read the full documentation on our support site.

Level up with op 0.2!

Then pop in to the 1Password Support forum to let us know what you think. You’re all on our nice list, and we love hearing from you. Your feedback after the initial public beta was instrumental in shaping this release.

We’re incredibly excited to continue work on this tool, as it gives you access and control over your 1Password data in a way that’s never been possible before.

1Password keeps you safe by keeping you in the loop

This is a story with many beginnings and many threads coming together. The very short read of it is that 1Password’s browser extension has always been designed from the outset to keep you safe from some recently discovered browser based attacks on some password managers.

Researchers at Princeton University’s Web Transparency and Accountability Project were investigating tracking scripts on web pages, and discovered that several of them attack browser-based password managers and extract the email addresses, usernames and sites stored in the browser’s password manager. As I said, 1Password is designed in such a way as to not be vulnerable to the kinds of attacks those scripts used. The scripts that attempt this are from Adthink (audience insights) and OnAudience (behavioralengine).

Whether or not they make malicious use of the passwords they extract, they are certainly learning which sites you have records for in those password managers. I would like to add that we’ve designed 1Password so that we cannot know which sites and services you have logins for.

There is a huge amount to say about the contemptible behavior of these trackers, and I’m hopeful that others will say so clearly. Here, I want to talk more about what all of this illustrates about 1Password’s design and our approach to security.

Saying “no” to automatic autofill

A commonly requested feature is an option that that would have 1Password automatically fill in web forms as soon as you navigate to those pages in your browser. 1Password, instead, always requires that you take some action. Perhaps it is just hitting ⌘-\ or Ctrl-\ or using our Go and Fill mechanism or even setting up a 1Click Bookmark. But whatever of several mechanisms 1Password makes available, you have to tell it that you want it to fill material on the page.

Plenty of you have written in over the years, saying that they would like 1Password to fill in web forms as soon as they get to a page, with no human intervention. We’ve even been told that it is a very popular feature of some other password managers.

It’s not a lot of fun saying “no” to feature requests. But that is what we have done for as long as I can remember. And for the rest of this article, I’m going to draw from something I wrote in our forums back in 2014.

Because of security concerns we are disinclined at this time to offer, even as an option, the feature you (and so many others) are asking for. […] but I do want to give you an overview of our reasoning for what might seem like an odd choice.

Automatically filling a web form with no user intervention other than visiting the page can, if combined with something that works around the anti-phishing mechanism [of 1Password], lead to an attack where lots your usernames and passwords are submitted to a malicious site in a way that is silent and invisible to you.

The longer answer

I will use the terminology adopted by David Silver and co-authors in Password Managers: Attacks and Defenses at the USENIX security conference (2014). In the terminology of that paper, this requested feature is “automatic auto-fill” instead of what 1Password does with “manual auto-fill”. That is, 1Password requires some user intervention before it will fill a form (such as you typing Ctrl-\), instead of simply filling when you visit a page.

Although I am citing material from 2014, this kind of attack had been discussed since at least 2006, noting that

It’s really not phishing, as it doesn’t actually require the user to believe anything, as the social engineering portion of the attack is not there. As such you can steal user information through any page, as long as the automatic form submission requires no user input to fill the form.

This isn’t new.

Why am I now going to talk about phishing?

One of the great security benefits of 1Password is that it helps you avoid phishing attacks. When you ask 1Password to fill information into a page, it will not fill into pages that don’t match the URL of the item.

1Password has a number of mechanisms to prevent filling into the wrong page. That is, if you go to a form at paypal.evil.com 1Password will not fill in a password saved for paypal.com because the domains don’t match correctly. Tricking a person into filling out something like their PayPal password to something that only masquerades as PayPal is called “phishing”. The idea is that it should be harder to trick a password manager than a person. And it usually is. This is one of the many ways in which 1Password keeps you safe.

For the kinds of attacks we’ve been talking about, the malicious web page content needs to trick or by-pass the password manager’s anti-phishing mechanism. If a malicious script on MyKittyPictures.example.com is going to try to grab PayPal credentials, then it is going to have to fool the password manager into thinking that it is filling in a place that matches paypal.com.

We work very hard to make 1Password do the right thing in such cases. 1Password’s anti-phishing mechanisms work very well at preventing it from filling into the “wrong” web forms. But because of the nature of the HTML, iFrames, protocols, javascript, iFrames, conventions, page designs, and iFrames, the defenses that we (and everyone) have to use are messy and involve a series of rules and exceptions and exceptions to those exceptions. (Did I mention that iFrames are a trouble spot?) It is exactly the kind of thing that we know can go wrong.

So the question we’ve had to ask ourselves is if the anti-phishing mechanisms are strong enough to mean that we never ever have to worry about 1Password in data to the wrong place. We needed to decide whether the tools available for that defense are strong enough to allow us to build a mechanism that meets our standards. Unfortunately they don’t, and so we insist on another line of defense.

Invisible forms

The fields in which usernames, passwords, credit card numbers, and so on get filled won’t always be visible to you. Any page could have a form on it that you don’t see. If the designer of the form is attempting to trick a form filling mechanism, there is no way that 1Password could actually check to see if the fields really are visible.

So if the anti-phishing mechanism can be tricked, then when you visit a malicious web page (including those that have malicious tracking scripts on them) you could have your private information silently and invisibly stolen if automatic auto-fill were in place.

Sweep attacks

The malicious form could be designed to reload itself spoofing a different password each time. So that is, a single malicious injection point could trick your automatically auto-filling password manager into giving up your passwords for many different sites. David Silver referred to these as “sweep attacks”, and that is what it appears that these advert trackers are doing.

At this point, I have not fully studied their scripts to know the precise mechanisms they used, but it certainly is some form of sweep attack.

Doing good and doing no harm

Here is where I go off on a bit of a philosophical abstraction. As I’ve said, I don’t believe that a password manager can offer 100% absolute protection against phishing. But suppose there is one attack out of a million in which it fails to protect against phishing. If you use 1Password, you are much safer against the other 999,999 attempts and you are no worse off than you would be without it. Even in that one in a million case, using 1Password doesn’t add to your risk.

But now contrast that with a situation with a password manager that does allow automatic autofill. A password manager that can be subject to a sweep attack enables a kind of attack that wouldn’t be possible without the use of a password manager.


If you are using a password manager that allows for automatic autofill, turn that feature off. If you are using a password manager that doesn’t allow you to turn that feature off, switch password managers. And when you consider making such a switch, please remember that we’ve never allowed automatic autofill at any time in our more than 10 year history. We believe that you have to be in the loop when it comes to giving your secrets to anyone else. That design philosophy helps keep you safe and in control.

It ain’t over till it’s over

I’m sure that there will be more news to come over the next few days or weeks about the extent of these malicious trackers and precisely which password managers were affected. So please follow in comments for more information.

Fireside with Monty: 1Password 6.8 for Windows is here!

Monty and his fellow ‘Bits have been busy here getting ready for the holidays and just couldn’t wait to deliver the latest update – in fact, they decided to send it out on Monday! With over 100 changes, there is more inside our newest version than ever before, so let’s settle in with a warm cup of cocoa and review. 🎄 ☕

A place for everything and everything in its place

A picture is worth 1,000 words, and we think the new All Vaults view definitely fits that bill! Within Settings, you can now customize which vaults you want to appear. At the office PC? Have your work items front and center. At home? Keep those personal items right where you need them. Also, searching has never been easier with the new tag: option. Add tags to your items and make filtering simple, or use it by itself to display untagged items.

What’s on the menu(s)?

If you find yourself unwrapping a shiny new device over the holidays, you can unlock 1Password for Windows and set things up in a flash! 🎁 Use the Accounts Menu to copy your account credentials, or display your Setup Code right within the Windows app. You can also see the complete release notes from the Help menu (but here’s a link too 🙂). The Help menu also points you towards our support site, where you can find tons of articles and tips to help make the most of your 1Password experience. And if you need a personal hand, our Team is always here for you! 🤗

Shiny tinsel too!

There’s something about the sparkle from a new display… 🌟 We wanted to make sure we’re taking advantage of new screen resolutions and have given everything a fresh, new update. From a modern translucent sidebar, to revamped context menus, to new icons for your accounts and vaults within the Share menu, the new 1Password interface looks amazing! If you’re listening rather than watching, screen readers will now announce even more when navigating 1Password making it sound just as good as it looks.

Stocking stuffers

As you can tell, we’re super excited that we’ve been able to fill your 1Password for Windows stocking with so many treats! If you’ve been following along with the version numbers, you’ve noticed that we are getting closer and closer to version 7.0 – it is going to be a very exciting new year for us here and we’re happy to have you along! 🎉😊

Have a happy, safe and secure holiday and, as always, please let us know what you think on our support forum.

The 1Password Slack app makes administrators happy

Our all new 1Password app for Slack automatically posts messages in Slack when important events happen on your team. It also includes some new functionality that makes it easy for administrators to stay coordinated.

Let me tell you a story about how Slack can be so much more powerful than email.

Going crazy

 Once upon a time, there were three administrators: Jeff, Dave, and Roustem. Dave needed more help developing 1Password X, so he hired a new team member. You won’t be surprised to know that part of that process includes inviting the new hire to our 1Password team.

Once the new team member accepts their invitation and joins the team, their membership needs to be confirmed. To make this easier, 1Password sends a helpful email to all the administrators.


Jeff checked his mail the soonest and quickly confirmed the new team member. Dave was busy working on 1Password X, so he didn’t even have a chance to see the email. A few hours later, Roustem took a break from coding and saw the email. When he went to confirm the new team member, he saw that there were no team members to confirm. Did something go wrong? Or had someone else already beat him to it?

Roustem knew there had to be a better way and almost started to code the solution himself. Then he realized he was in the middle of five other things, so he let me take a crack at it. :)

Staying sane

Slack had all the tools we needed to create an intuitive system to keep all the administrators on a team in sync. The Slack API is really simple to work with, and I was able to have a shiny new Slack app up and running in about a week.

There are two kinds of messages that can be posted in your Slack workspace, and you can choose to post them in a single channel or separate ones.

Alerts that require action

1Password Teams can now post alerts in Slack for things that need your attention, so you can take action right away. But the main problem we wanted to solve was having some way to let administrators know what didn’t need their attention anymore.

After an action is completed, the message is automatically updated to let everyone else know. You’ll immediately know when someone else has already completed the action.

Notifications that let you know what’s up

Every day stuff happens on your team that doesn’t necessarily require you to take action. But it’s handy to have it all in one place. Notifications are informational messages that allow you to keep tabs on important activity, so there are no surprises.

For example, seeing that everyone is signing in from locations that you expect can help ease an otherwise stressful day for an administrator.

Happy administrators

The 1Password Slack app is easy to set up. You can get started today in your account settings:

Use the 1Password Slack app

Roustem couldn’t be more pleased. We hope you are too. Let us know what you think in the comments.

If you’re curious about some of the technical aspects of how we securely authorize with Slack, check out our post on the Slack Platform Blog.

Administrators: Get to know 1Password Teams

Hey, guys! It’s your buddy Khad from AgileBits. I’m not a system administrator, but I play one on YouTube. If your friends need a password manager, they’ll get just what the doctor ordered with 1Password. For your colleagues and team, you need the admin tools in 1Password Teams. For the challenges admins have. With the tools admins need.

The good news is that you don’t need a dedicated IT department to make the most of 1Password Teams. Everything you need to help manage your team – and let your team manage themselves – is built right in.

The tools you need

Using 1Password with a team requires more power and flexibility than using it at home or with your family. That’s why we designed 1Password Teams specifically with the needs of administrators in mind. In fact, it’s so easy to use, I’m starting to believe I really am an administrator.

Every team has different needs, so everything is completely customizable. But I haven’t met an administrator yet who doesn’t value efficiency. To help with that, we created a dedicated section for 1Password Teams on our support site where you can find everything you need in one place. Learn how to:

If you prefer a video tour, you’re in luck. I’ll show you how to:

  • add vaults
  • manage team members
  • create and manage groups
  • recover accounts
  • and more

In less than 10 minutes, you’ll have a team that functions like a well-oiled machine. (Well, I can’t stop Rick from stealing Laura’s sandwiches from the office fridge, but they’ll both always have access to all the passwords they need.)

The support you deserve

You can continue to learn at your own pace with the tutorials on 1Password Support and the 1Password Teams videos on YouTube. Or you can reach out to talk with us directly.

Whether you’re already a customer or are curious about getting started, if you have any questions or need assistance with a custom solution get in touch. Our dedicated support team is always here to help your team.

1Password X: A look at the future of 1Password in the browser

“Wouldn’t it be cool if 1Password could do X?” is a question we often ask ourselves. The values for X are always changing, but some ideas come up again and again. Wouldn’t it be cool if…

  • When you log in to a site, 1Password is right there on the page ready to fill?
  • You could use 1Password without downloading the app?
  • Linux users and Chrome OS users could join in on the fun?

Now 1Password can do all these and more. We call it 1Password X, and it’s our brand new, full-featured experience that runs entirely in your browser.

It’s super easy to set up, deploy, and use. It works everywhere Chrome works, including Linux and Chrome OS. And it’s a re-imagination of how 1Password works on the web.

X is for extension

Before we jump in, I want to address one thing you may be thinking: our X is a letter, not a version number. Our X is a hat tip to one of the most beloved features of 1Password, namely our 1Password extension.

The extension is what allows us to have the little 1Password icon in your browser toolbar. I call it our bread and butter, and I couldn’t live without it. 😊

1Password X builds on this experience and takes it to the next level. The most visible change you just saw above – your logins are now available directly within the webpage you are viewing!

It’s smart, too. 1Password anticipates what you need and shows you the options that are most relevant to your current task. If you are signing up for a new site, 1Password suggests a generated password for you right then and there.

You can also save your new login, name it, and pick which vault to store it in.

X is for Linux

One of the most popular requests of all time has been Linux support. In fact, the forum thread asking for Linux has over 75,000 views. That’s a lot of cold penguins. 🙂

Because 1Password X is a Chrome extension, it works everywhere Chrome is available, including Linux. In fact, we initially shared 1Password X exclusively with Linux users as we wanted to make sure we nailed it.

Tim, our chief sysadmin and “beardless keeper of keys and grounds” is a hardcore Linux evangelist who, until now, has had no other choice than to use Wine to run 1Password. Tim has been our toughest critic over the years for our lack of Linux support, and so far he’s been thrilled.

There’s still lots of work to do, but we have thousands of happy Linux users already enjoying 1Password X. And we can’t wait to invite all of the other penguins in out of the cold! 😘

X is for exceedingly powerful

1Password X has all of the power of a full-featured app. And because it connects directly to your 1Password account, everything you expect from 1Password is there – your vaults, your items, and all their details.

And we’ve sprinkled in some additional features to absolutely delight you:

  • Keyboard navigation: We know this is a big one for power users, so we made sure everything can be done without lifting your fingers from the keyboard.
  • Smart search: Just start typing to find exactly what you need – ideal for when you have multiple logins for a site.
  • Perfect memory: 1Password remembers what you were doing last, whether you were in the middle of a search or looking at an item’s details.
  • One-time password filling: Your two-factor authentication codes are filled just like usernames and passwords.
  • Authentication dialog filling: If you ever see one those old-school HTTP authentication prompts, rest assured that 1Password can fill them.

My personal favourite has to be our amazing new search – I just start typing and my matching items appear automatically. I love it so much that filling one-time passwords had to take second factor place. It was close, though – only 30 seconds behind! 😃

X is for extra easy setup

Historically, we’ve needed to teach people how to first install and set up the app, and then take them out of the app to install the extension. With 1Password X, they’re one and the same. Just install it, enter your Master Password, and you’re in.

Because there’s no need to install a separate desktop app, deployment within team environments is as simple as can be. And by using multiple Chrome profiles, your team members can share the same machine while having access to their own 1Password data.

1Password X can even be installed on Chrome OS, which makes me super excited as now I can finally buy one of those lovely new Pixelbooks. 🤘

X is for Excelsior!

1Password X is a radical new way of using 1Password, but it’s not (yet) for everyone. It’s still in its early stages so some features are not yet available. For example, it’s not yet possible to customize generated passwords or use browsers like Safari, Firefox, and Edge.

But it is an exciting new way to use 1Password on the web, and for me, that outweighs any drawbacks. I’ve been using 1Password X exclusively for the last 6 months, and I couldn’t be happier.

So is 1Password X for you? If you’re running Linux or Chrome OS, you should jump right in. Or if you’re adventurous and enjoy the thrill of discovering new things while being on the cutting edge, then 1Password X is for you – it runs fine alongside the 1Password apps and extension you already use.

1Password X was designed for our hosted 1Password service and connects directly to your account. It is available in English, French, German, Italian, Russian, and Spanish and can be installed from the Chrome Web Store:

Install 1Password X

I hope you’re as excited about 1Password X as I am! Learn how to get started with 1Password X and join the discussion in the 1Password Support forum to let us know what you think! ❤️

Now let’s all go join Harold in that rocket ship and explore what’s possible! 😃 🚀

1Password 7 for iOS: Efficiency Abounds

Hello and happy November, everyone! We’ve long anticipated this day here at AgileBits. After months of hard work, 1Password 7 for iOS is now available on iOS 11.

The very first step in the journey that brought us to this point was taken back in June, shortly after the Apple Worldwide Developers Conference. Before a single line of code was written, before a single new screen was designed, we set a single goal for this update: efficiency. Along the way, we also added a few more features, like support for iPhone X and Face ID, and we’re excited to finally share it all with you.

As our release notes say, this is the greatest version of 1Password for iOS we have ever shipped, so let’s dive in, shall we?

iPhone X and Face ID

On September 12th, like many of you, everyone here at AgileBits was glued to their screens watching Apple’s keynote from the beautiful Steve Jobs Theater at the new Apple Park campus. The announcement of iPhone X was already exciting, but the introduction of Face ID was like Christmas for us. We knew right away that we’d move heaven and earth to be there on launch day with Face ID support.

We began working immediately to make sure that 1Password worked perfectly on iPhone X. Apple was smart and made Face ID work wherever Touch ID already does, so technically we didn’t need to do anything. But that’s not the way we roll.

We completely optimized the lock screen for Face ID. Matt Davey, who led the design effort, blew the doors off with this one. 🙂

My iPhone X is set to arrive tomorrow, and I can’t wait to install 1Password and step into the future.

Quick Copy

In a perfect world, every developer would be as awesome as these folks and take five minutes to add support for 1Password to their app. But because we don’t live in a perfect world, signing in to another app sometimes used to mean you needed to:

  1. Open 1Password.
  2. Find the Login you need.
  3. Copy your username.
  4. Switch back to the app where you need it.
  5. Paste your username.
  6. Switch back to 1Password.
  7. Copy your password.
  8. Switch back to the app where you need it.
  9. Paste the password.

And if you needed the one-time password for that app, there were four more steps after that. Yeesh!

In 1Password 7, copying is now done automatically. After you copy your username and paste it in another app, switching back to 1Password will automatically copy your password. And it’s the same with one-time passwords. Switch back one more time, and they’re copied automatically, too.

You can learn more about Quick Copy on our lovely support site.

Favorites

There’s no faster way to access an item than by adding it as a favorite. At least, that’s what we used to think. In 1Password 7, I’m happy to say that we’ve done better. Way better.

Now, when you tap an item in Favorites, you’ll see all the details you want to copy in a beautiful array of bubbles. Simply tap on any one of the bubbles to copy its value to the clipboard. Not only that, but items on the Favorites list participate in Quick Copy as well!

The Key to a Great App

iOS has wonderful support for external keyboards, and I’m happy to report that now 1Password does, too. If you’re one of our keyboard warriors, make sure you give it a try. 1Password 7 includes keyboard shortcuts for searching, switching tabs, opening and filling items, and more.

Go Speed Racer

Big, new features are awesome, but we didn’t stop there. We dug deep to unearth some truly fantastic perfomance increases for this update as well. 1Password now unlocks 33% faster and has seen a 400% increase in stability throughout. We also made some improvements to our password generator to make it much more responsive and easier to use.

Wrapping It Up In a Pretty Package

No major update would be complete without a fresh coat of paint on the user interface. 1Password 7 sports a beautiful new icon with a gorgeous gradient on the lock ring. That color scheme carries through to the lock screen where, if you let it sit for a few seconds, you’ll notice a gentle “happiness vortex” animation take place as the colors go for a spin.

Many of you use the 1Password extension to sign in to websites directly in Safari or other third-party apps. The next time you do, you’ll see the extension received a fantastic visual update as well!

We’ve also overhauled the navigation bar at the bottom of the screen with some new iconography and a better layout. Coupled with the aforementioned new look for Favorites, our beloved iOS app has never looked better.

And the Hits Keep Coming

Check out the 1Password for iOS release notes for a full account of everything we’ve crammed into 1Password 7, but I wanted to close out with a few more of my top picks:

  • If you register a new fingerprint with Touch ID, 1Password will require your Master Password the next time you open it.
  • You can now delete multiple items at once. Swipe down from the top of an item list, select the items you want to remove, then tap Delete.
  • Recently used items appear in Favorites for easy access.
  • Saving a new Login now informs you that the password for that Login has been copied to the clipboard.
  • An advanced security setting allows you to use a PIN code to unlock 1Password, even on devices that support Touch ID or Face ID.

Whew! Are you still with me? If so, well done! If you haven’t already done so, go download 1Password 7 now and tell us what your favorite new feature is.

Until next time!

Integrate 1Password into your Android apps

Account sign-up and sign-in is a critical piece of your app, but it’s also the part that is most likely to create friction for new users. It might be necessary for your app to collect information such as an email address and password, but let’s face it, those details are rather tedious to type out.

Here’s something that happens far more often than it should. I’m out with a friend and they’ve just told me about this fantastic new app. I get fired up and download it to my phone, only to be confronted with a wall of text fields. I need to register for a new account before I can continue, and that seems like a lot of work. So I tell myself that I’ll do it when I get home and of course, I forget all about it. By the time I look at the app again, I’ve lost that initial excitement and more often than not, I just delete the app.

If I do give the app another chance, I still need to go through the hassle of creating a new account. Of course, I have 1Password to help me here, but I still need to switch between apps, copying and pasting the values as I go. Wouldn’t it be so much better if the app could just ask 1Password to create my credentials and then sign me in?

I’m very happy to say that this is no longer just wishful thinking! We’ve been working closely with Google and other leading password managers on a protocol for Android called OpenYOLO. This new protocol provides the kind of seamless integration that would have saved me so much of the frustration above. The best part is that implementing the protocol is simple, and you can get started on integrating it into your Android app today!

Getting started with OpenYOLO


You Only Login Once (YOLO) is Google’s internal code name for their Smart Lock for Passwords API on Android. OpenYOLO is its open-source successor that enables client apps to communicate directly with supported providers like 1Password. Using OpenYOLO, your app can ask 1Password to create, save, retrieve, or delete its user credentials.

It’s almost effortless to integrate 1Password with your app using OpenYOLO! Let me show you just how easy it is to get started…

Import the library

Add this line to your app’s build.gradle file to import the OpenYOLO API:

dependencies {
    compile 'org.openyolo:openyolo-api:0.3.1'
}

Get the client

You’ll need an instance of CredentialClient in order to interact with OpenYOLO. It provides convenience methods for sending requests and retrieving responses.

mCredentialClient = CredentialClient.getInstance(this);

Prepare the request

For each operation, your app needs to prepare a request and retrieve an Intent for handling it. You can then hand off the request to OpenYOLO with startActivityForResult(). OpenYOLO will take the request and determine if there are any credential providers like 1Password available to handle it. If multiple providers are available, the user will be prompted to select which one to use to complete the request.

Handle the response

Once the chosen provider has completed the request, a response will be returned to your app in onActivityResult(). You can use CredentialClient to pull the relevant information from the response.

Working with 1Password to simplify users’ experiences

Signing up new users

To avoid another story like mine above, you can assist users with new account registration in your app. Before prompting me to manually enter my email address and choose a unique password, your app can make a request to have those credentials generated.

HintRetrieveRequest request = HintRetrieveRequest.fromAuthMethods(AuthenticationMethods.EMAIL);

Intent hintIntent = mCredentialClient.getHintRetrieveIntent(request);

startActivityForResult(hintIntent, HINT_REQUEST_CODE);

In my case, 1Password will prompt me to confirm that I want to create new credentials and OpenYOLO will return details to your app’s onActivityResult().

if (requestCode == HINT_REQUEST_CODE) {
    HintRetrieveResult result = mCredentialClient.getHintRetrieveResult(data);

    if (result.isSuccessful()) {
        Hint hint = mCredentialClient.getHintRetrieveResult(data).getHint();

        signUpUser(hint.getIdentifier(), hint.getGeneratedPassword());
    }
}

Saving user credentials

My account details are all filled in, and I’m ready to start exploring the app, but of course I want to make sure those new account details are stored in 1Password. This will come in handy the next time I need to sign in to your app. You can help here too with a simple save request to OpenYOLO.

Credential credential = new Credential.Builder(mEmail, AuthenticationMethods.EMAIL,
AuthenticationDomain.getSelfAuthDomain(this))
.setPassword(mPassword)
.build();

Intent saveIntent = mCredentialClient.getSaveIntent(CredentialSaveRequest.fromCredential(credential));

startActivityForResult(saveIntent, SAVE_REQUEST_CODE);

Now I am ready to go! Only a couple of seconds after downloading your app, I am all signed up for an account and more importantly, I can begin using it!

Signing in with existing credentials

Okay, now the fun part! My brand new and shiny Pixel 2 XL arrives and I download all of my favourite apps to it. I still need to sign in to my apps, but you’ve gone and saved me all the hassle by once again using OpenYOLO.

CredentialRetrieveRequest request = CredentialRetrieveRequest.fromAuthMethods(AuthenticationMethods.EMAIL);

Intent retrieveIntent = mCredentialClient.getCredentialRetrieveIntent(request);

startActivityForResult(retrieveIntent, RETRIEVE_REQUEST_CODE);

In response to this request, 1Password will prompt me to select my sign-in credentials and OpenYOLO will return them to your app in onActivityResult():

if (requestCode == RETRIEVE_REQUEST_CODE) {
    CredentialRetrieveResult result = mCredentialClient.getCredentialRetrieveResult(data);

    if (result.isSuccessful()) {
        Credential credential = mCredentialClient.getCredentialRetrieveResult(data).getCredential();

        signInUser(credential.getIdentifier(), credential.getPassword());
    }
}

Less noise, more fun!

That’s it! With a few changes to your code, your app now integrates with 1Password using OpenYOLO. This decreases noise from your app and more importantly saves your users time and effort so that they can get to the really important part – using your app.

If a solution like this is in place the next time my buddy gets me to try out your app, I would be able to create an account with a few taps, and they would have the opportunity to show me why they love the app!

DroidCon London 2017

At DroidCon London today, Google announced that OpenYOLO is now ready for developers like yourself to leverage its powers and bring it into the hands of users. If you are also attending the conference, send a wave at my colleague, Michael Verde! He will be available for a hands-on session to help integrate OpenYOLO into your apps.

Reach out to us

For further details on integrating OpenYOLO into your Android app, take a look through the open-source project available on Github. The repository also includes a handful of sample apps to help with development. If you’re curious about the protocol itself, you can read all about it in the OpenYOLO for Android specification.

If you have any questions, feedback or want to let us know that your Android app supports integration with 1Password through OpenYOLO, please reach out to us at support+android@agilebits.com. We look forward to hearing from you!

1Password living on the [Microsoft] Edge

I’ve long been curious about Microsoft Edge. It’s fast, light-weight, and much more secure than the Internet Explorer of my childhood. It had everything you look for in a browser … except 1Password support. Today that changes!

Thanks to the hard work of the Microsoft Edge and Windows Store teams, along with our own Windows team, I’m excited to announce that 1Password now has a lovely new home right on your Microsoft Edge toolbar. 🎉

Boldly go where no Login item has gone before

To bring your items with you to explore Microsoft Edge, first make sure you have 1Password 6.7 or later installed and set up. Then, head to the Windows Store and grab the 1Password extension. Open Microsoft Edge, enable the 1Password extension, and enjoy saving new Login items, opening and filling in Microsoft Edge from 1Password mini, filling addresses and credit card details, and easy access to the Strong Password Generator, just like you’ve come to know and love. If you’re still using an older version of 1Password, you can follow this handy guide to migrate your existing data to the latest version of 1Password to get ready to seek out new frontiers in Microsoft’s latest browser.

Hello dark mode, my old friend

As you’re working your own 1Password magic in Microsoft Edge, don’t forget to check out my favorite feature: its super-sleek dark mode. I love how it turns your 1Password extension icon into a lovely point of light on your toolbar and it’s perfect for late-night browsing.  Let the stars next to your favorites light up Microsoft Edge and help guide you to your most loved websites at the click of a Login item. Of course, if a different vision has been planted in your brain, the extension icon looks right at home in light mode too. 😉

To the Edge and beyond!

As stoked as we are about 1Password coming to Microsoft Edge, this is only the beginning and some finishing touches are coming in future releases. Support for keyboard shortcuts to fill logins and some tweaks to how mini lets you know you’re filling in Edge are included with the latest 1Password 6 for Windows beta. Additional improvements for filling on certain sites will also be addressed down the road.

Currently, the 1Password extension in Microsoft Edge requires 1Password 6.7 for Windows or later and a 1Password membership. We will be expanding Edge availability in future releases but if you’d like to enjoy using Edge sooner than later, now is a great time to give a 1Password membership a try. In addition to early access, there are many other benefits and it’s free for 30 days!

I hope you enjoy saving and filling in Microsoft Edge and, as always, we love seeing your feedback in our support forum. 😊

Face it, The iPhone X Looks Amazing

Wow, what an incredible Apple event today! As you may have guessed the entire team here at AgileBits cozied up to their computers, iPads, Apple TVs, and iPhones to watch as the good folks at Apple took to the stage in the newly minted Steve Jobs Theater and proceeded to bring the house down. A new Apple Watch, a brand new 4K Apple TV, a new iPhone 8, the iPhone X! The hits just kept coming.

As blown away as we were by today’s product announcements we were even more blown away by our inclusion in the festivities. To see Phil Schiller on stage showing 1Password on the new iPhone X was magical. In case you missed it, here’s a screen grab we captured for posterity:

We truly can’t wait to get these new phones in our hands and into the hands of our customers. 1Password will be there on November 3rd with the new iPhone X and full support for Face ID.

It’s obvious what our favorite part of today’s announcements was, how about you? Sound off in the comments below and let’s nerd out together about this super cool new future.