Watchtower keeps you safe on cloudy days

Cloudflare is a large internet technology provider used by millions of websites around the world. Last week they announced a vulnerability that potentially affected all their clients.

In many ways this is a “no news” report for us as your 1Password data was safe during this entire time, and remains so today. 1Password was designed with multiple layers of encryption, and your data is encrypted before it ever leaves your computer. In short, we anticipated the day when HTTPS (SSL/TLS) might fail, so we weren’t worried when that day came.

Even though your data is safe in 1Password, and you don’t need to change your Master Password, it’s important to pay attention to the websites you visit. Some of them may have been using Cloudflare, and you may need to change their individual passwords.

Thankfully 1Password can help with that!

Use Watchtower to find passwords you need to change

Watchtower tells you about password breaches and other security problems on the websites you have saved in 1Password. It’s included on Mac and iOS with every 1Password subscription, and we’ve already added sites that were affected by the issue last week.

It’s easy to get started! Check Watchtower to see if any of the sites you have saved in 1Password are vulnerable. If so, change your passwords for those sites. 1Password can generate strong passwords for you.

? Get started with Watchtower

To keep ahead of future problems:

  • Avoid reusing passwords. Always use unique, randomly generated passwords for each website.
  • Turn on item counts. Choose View menu > Show Item Counts, and you’ll be able to see at a glance if Watchtower is reporting any vulnerabilities.

We continually update Watchtower as security breaches are reported, so you can change your passwords right away. We do this without ever knowing what websites you have saved in 1Password. 1Password downloads Watchtower information to check your websites on your devices. Learn more about how Watchtower protects your privacy.

Introducing 1Password 6.6 for Mac

I’m happy to announce we just finished assembling a new version of 1Password! It’s working its way through the update engines around the world now and hopefully it’s ready for you by the time you finish reading this. ?

The biggest change in this release is a whole new setup experience. We’ll dive into that in a moment, but first I’d like to share a cool new feature for those of you lucky enough to have one of those sexy new MacBook Pros.

We’ve been experimenting with the new Touch Bar since the beginning and added Touch Bar support along with Touch ID back in November as soon as the new Macs were available.

Today we’re taking the next step tap and giving you the ability to customize your Strong Password Generator settings directly from your Touch Bar!

I always enjoy the feel of tapping actions on the Touch Bar but sliding your finger across it is even better! Trust me, you’ll have a hard time customizing your password length just once. ?

There’s several other changes in this release as well, but let’s dive right into the big one now.

New Setup Flow

The biggest change is one that most of you probably won’t see until the next time you’re setting up a new Mac. Those new MacBook Pros with Touch ID really are pretty sweet so hopefully this isn’t too far in your future! ?

Starting today we have a lovely new flow for the setup screens1. Like their little cousin on iOS did earlier, 1Password for Mac makes getting started much simpler.

Now when you launch 1Password on a new Mac you’ll be greeted with a lovely page asking you if you’ve used 1Password before:

opm6-6-setup-screen

Those of you who have already been rocking with 1Password can use your existing data, and everyone else who’s just getting started can begin their free trial.

Free Trials From Mac App Store

We’ve always wanted everyone to be able to try 1Password before needing to purchase. Our website version has supported free trials since the very beginning, but it wasn’t possible in the Mac App Store when we first published 1Password there way back in 2011.

Thankfully Apple gave us a wonderful present at their Worldwide Developers Conference last year that made this possible for Mac App Store users as well.

1Password now comes with a 30 day free trial in the Mac App Store. Those downloading 1Password for the first time will start their trial and be prompted to subscribe once their trial expires:

opm-6-6-subscribe

Your single subscription allows you to use 1Password on all your devices and always have access to the latest versions.

Those who previously purchased 1Password in the Mac App Store will continue to be able to use 1Password as before and are not required to subscribe to our 1Password membership. Although there are a lot of great reasons why you should…

Benefits of a 1Password Membership

introducingI’ve been a license holder since the beginning. In fact, I’m pretty sure I got the first license we ever made!

If you’re a longtime license holder of 1Password like I was, I’m sure you’re wondering what all the hullabaloo is over our new service. I’m glad you asked and I’m happy to unlock that mystery for you! ?

There are a lot of benefits to a 1Password Membership over a standalone license, but for me it boils down to convenience, security, and peace of mind.

convenience-updatesLet’s start with convenience. With a membership, all I do is log in on a new device and all my data is there. I can even organize my items in multiple vaults and they all appear instantly.

And the best part is my membership gives me access to the latest version of 1Password on all my devices so I don’t need to worry about managing any licenses. I’m really happy that I don’t need to say “1Password is sold on a per-person, per-platform basis, with paid upgrades for major new versions” anymore. ?

double-securityOn the security side of things, I absolutely love our new encryption design that leverages Galois/Counter Mode for efficient authenticated encryption and our ingenious Two Secret Key Derivation starring our unique Account Key.

I know I know, I’m a huge geek and love the details, but these and many other things all add up to better performance and a secure-er than ever way to protect your data. You can check out our security page for a nice high level review, along with a detailed White Paper for my fellow geeks reading this. ?

As for peace of mind, this one is priceless. I simply sleep better at night.

sleep-at-night

With my 1Password membership, I know that all my data is backed up automatically for me, and every change is remembered so I can go back in time and restore my precious items whenever I need to. And with our Family account I can securely share passwords with Sara so she has access to everything she needs.

In short, I’m absolutely loving my 1Password membership. It’s the best way to use 1Password.

love-1password

Becoming a 1Password Member

If these benefits excite you and you want to join me, becoming a 1Password member is super easy.

You can jump on board and migrate all of your data over in just a few short steps. We have a quick guide on how to setup a new account and move over your data, along with a nice video showing how easy it is to do.

I know you’re busy so I’m happy to say you can finish the entire process in just a few minutes. Start by creating your new account here:

Start Your Free Trial Today

Often it feels like I’ve been using all these great new features for a lifetime, but looking back we introduced 1Password Teams only 15 months ago, 1Password Families almost exactly one year ago, and 1Password Memberships just 6 months ago.

It’s amazing how quickly I came to rely on these benefits and how I was able to fall in love with 1Password all over again. I think you will, too.

Enjoy! ❤️ ??


  1. Those with eagle eyes might be saying “again?” since 1Password 6.5 had a new setup experience for those who downloaded from our website. But we’ve iterated on the design and now everyone gets to join in on the fun, including those who install using the Mac App Store. 

Three layers of encryption keeps you safe when SSL/TLS fails

No 1Password data is put at any risk through the bug reported about CloudFlare. 1Password does not depend on the secrecy of SSL/TLS for your security. The security of your 1Password data remains safe and solid.

We will provide a more detailed description in the coming days of the CloudFlare security bug and how it (doesn’t) affect 1Password. At the moment, we want to assure and remind everyone that we designed 1Password with the expectation that SSL/TLS can fail. Indeed it is for incidents like this that we deliberately made this design.

No secrets are transmitted between 1Password clients and 1Password.com when you sign in and use the service. Our sign-in uses SRP, which means that server and client prove their identity to each other without transmitting any secrets. This means that users of 1Password do not need to change their Master Passwords.

UmbrellaBearYour actual data is encrypted with three layers (including SSL/TLS), and the other two layers remain secure even if the secrecy of an SSL/TLS channel is compromised.

The three layers are

  1. SSL/TLS. This is what puts the “S” in HTTPS. And this is what data may have been exposed due to the Cloudflare bug during the vulnerable period.
  2. Our own transport layer authenticated encryption using a session key that is generated using SRP during sign in. The secret session keys are never transmitted.
  3. The core encryption of your data. Except for when you are viewing your data on your system, it is encrypted with keys that are derived from your Master Password and your secret Account Code. This is the most important layer, as it would protect you even if our servers were to be breached. (Our servers were not breached.)

Certificates, Provisioning Profiles, and Expiration Dates: The Perfect Storm

As you may have read, this weekend was a little hectic for us and some of our app developer friends1. On Saturday we got word that users of 1Password for Mac were seeing the app fail to launch correctly. It took a few hours, but we diagnosed the problem and released an update that corrected the issue. This issue will only have affected users that downloaded 1Password for Mac directly from our website, so if you downloaded it from the Mac App Store you had a much more calm weekend than we did.

But alas, that story has already been told. Now it’s time for the nitty gritty technical details about all the forces that aligned against us that had us staring up a giant wall of crashing water like George Clooney and Mark Wahlberg.

Prologue: Not All Certificates Are Created Equal

There’s a lot of information to unpack in this post, but before I get started, I’d like to address an assumption I’m seeing far too many people making: that what happened to us was simply an issue of an expired certificate and that all we needed to do was create a new one, just like you do for SSL certificates.

That’s simply not true.

Developer certificates are much different than SSL certificates and serve a very different purpose. Unlike a simple SSL certificate, our developer certificate is used to sign 1Password and needs to be valid during build time. The expiry time of a certificate or provisioning profile should have no impact on whether or not macOS will allow an app to launch or not.
An analogy may be helpful here: if you think of the developer certificate as a carton of eggs, and 1Password as a cake, then it is important not to use expired eggs to make the cake. The fact that the eggs may expire a few days after making the cake should have no effect on the cake itself. After all, the cake is already made and delivered.

Jumping out of the galley and back into our developer world, an expired certificate typically doesn’t affect us until the next time we need to do a release, which would have been this week with our next betas. Certificates control our ability to sign new apps. They don’t affect existing released apps.

For example, we have some users still using 1Password 3 for Mac (hey there, if that’s you, you should really consider upgrading to a 1Password membership as soon as possible!). The first release of 1Password 3 was in 2009, around 8 years ago. Assuming a user is happy with 1Password 3, how long should they expect to be able to continue using the software they paid for? The only acceptable answer to that question is: as long as they feel like it.

Obviously there’s plenty of reasons for why a user would want to upgrade to newer versions, but the fact of the matter is that a user shouldn’t be reliant on us to keep providing updated builds of an unmaintained app just to keep it running. Unlike an SSL certificate, this isn’t something we can simply fix from our end. Fixing the issue we ran into this weekend is a matter of creating a new build of the app and having users update to the new version.

Taking a Tour of the Engine Room

iCloud Sync

To properly understand what happened, let’s take a step back and look at the different parts of this.

In Mac OS X 10.7 Apple introduced Gatekeeper. Gatekeeper is really quite awesome as it gives users control over what software is allowed to run on their system. The default is to allow software from verified and trusted developers: those apps that have been uploaded to the Mac App Store, or those signed with Developer ID certificates made available to the developer by Apple.

Gatekeeper ensures that apps that have been tampered with will refuse to run, and also provides Apple with a way to revoke certain certificates if a developer has been found to be doing harm (i.e. distributing Developer ID signed malware). These simple steps stop a wide variety of attack vectors and we think the world of Apple for having implemented this.

The next layer is the Provisioning Profile. Provisioning Profiles provide information about what the app can do, as well as who can run it. There are certain services on the Mac that require that the app include a Provisioning Profile. In our case, we needed to start using a Provisioning Profile when we added support for unlocking 1Password using Touch ID.

To be clear, Touch ID itself doesn’t necessitate the profile, but in order to unlock your vault we need to store a secret and we choose to store it the OS X keychain. The specific configuration we’re using for that requires declaring that we want access to a specific keychain access group, which needs to be declared in a provisioning profile. The provisioning profile is included in the app bundle and cannot be updated independently of the app.

Next up… XPC. We use XPC to communicate between the 1Password main app and 1Password mini – the little 1Password that runs in your menu bar – and it’s really quite awesome. 1Password mini acts as the brains of the whole operation, and the larger app is mostly just responsible for displaying information. The reason we love XPC so much is because it’s an inter process communication tool that actually provides us the building blocks we need to perform mutual authentication. What this means is that 1Password mini will refuse to communicate with the main app unless it can prove that it’s signed by us. The inverse is true as well.

Storm Clouds Gather

clouds-gathering@2xAt around 3pm EST on February 18th we started getting reports of failures in 1Password for Mac. Folks were seeing an error appear that 1Password was unable to connect to 1Password mini.

Unable to start 1Password

This initial failure occurred due to the fact that the provisioning profile embedded in 1Password mini had an expiration date. Expiration dates seem to be required, and due to the fact that the expiration date elapsed, Gatekeeper decided that 1Password mini was no longer safe to run. We’ve filed a bug with Apple as we feel that this shouldn’t be the case (rdar://30631939 for those of you reading along inside the Mothership).

Only 1Password mini contains the Provisioning Profile as all Touch ID operations happen within that process. This meant that Gatekeeper was deciding that our main 1Password app could launch. Upon launching, 1Password performs its start up sequence which includes asking the system to launch 1Password mini if it’s not already running. When doing so, the system would log the following to the console:

com.apple.xpc.launchd[1] (2BUA8C4S2C.com.agilebits.onepassword4-helper[11038]): Binary is improperly signed.
com.apple.xpc.launchd[1] (2BUA8C4S2C.com.agilebits.onepassword4-helper[11038]): removing service since it exited with consistent failure reason When validating /Applications/1Password 6.app/Contents/Library/LoginItems/2BUA8C4S2C.com.agilebits.onepassword4-helper.app/Contents/MacOS/2BUA8C4S2C.com.agilebits.onepassword4-helper:
Code has restricted entitlements, but the validation of its code signature failed.
Unsatisfied Entitlements:
com.apple.xpc.launchd[1] (com.apple.ReportCrash[11041]): Endpoint has been activated through legacy launch(3) APIs. Please switch to XPC or bootstrap_check_in(): com.apple.ReportCrash

The 1Password main app detected the failure and provided an error panel telling the user that it couldn’t connect to mini.

Due to the expired Provisioning Profile, 1Password mini wouldn’t launch. And without mini running, 1Password itself was unable to startup successfully. Both mini and 1Password itself were signed with the same Developer ID certificate. Gatekeeper allowed 1Password to run, but due to the different rules for apps with provisioning profiles, it would not allow mini to run.

As far as we can tell, the only way to correct this problem is to provide a new build of the app with an updated provisioning profile with a new expiration date. Within a few hours we were able to publish a new version which did exactly this. As of 6.5.4, we had an app that users could download and run again.

The Eye Of The Storm

eye-of-the-storm@2xAfter this initial bout of terror, death defying feats, and mad scrambles we figured the technical portion of this exercise was finished and had begun transitioning into customer support mode; helping allay the fear, uncertainty, and doubt that this event had caused.

Little did we know at the time, we were only in the eye of the storm – the calm center before things would get rough again.

1Password for Mac includes an updater within the app so that users can easily upgrade to the latest versions as they become available. This updater validates downloads before performing the update to ensure that the updated app is in fact from AgileBits. One of the steps taken during validation is looking at the code signature of the downloaded app and ensuring that it satisfies the following security requirement:

anchor apple generic and identifier com.agilebits.onepassword4 and certificate leaf[subject.CN] = “Developer ID Application: Agilebits Inc.”

This check has worked really well for us. It’s simple and does the trick.

This check is also extremely specific about the common name2 it looks for. When we generated our updated provisioning profile we also needed to generate a new Developer ID certificate. We didn’t realize it at the time, but the common name of newly created certificates now include the team identifier in addition to the company name;  “Developer ID Application: AgileBits Inc. (2BUA8C4S2C)” vs. “Developer ID Application: AgileBits Inc.”. Close. Super close. But we weren’t looking for a “close” match.

The result of this new common name was that even though our app would now launch, the automatic updater would never run successfully because as far as it was concerned the update being provided wasn’t valid and therefore needed to be rejected. This is what users who could still run 6.5.3 and tried to update to 6.5.4 saw.

Once we discovered this problem we had no choice but to pull the 6.5.4 update and issue a 6.5.5 update that included a modified security requirement check. Sadly this didn’t address the fact that users running 6.5.3 and earlier are not able to automatically update to 6.5.5.

Moving Forward and Heading Home

heading-home@2xThis was painful for everyone. We lost sleep over the weekend, but worse than that… our users temporarily lost access to some of their most important information. This is unacceptable to us and we want to make sure this doesn’t happen again.

We’ve reached out to Apple for help and guidance on what we can do to avoid this happening again in the future. Our new provisioning profile doesn’t expire until 2022, but we’ll make sure that this is resolved far before then so that you need not worry about that happening.

If you’re a developer of a Developer ID signed app, we recommend that you check to see if your app includes a provisioning profile. Since that’s mostly handled automatically by Xcode, it’s likely that there are apps out there whose developers aren’t even aware of the inclusion of the provisioning profile. Check the expiration date, and ensure that you release an updated build with an updated provisioning profile well before the expiration date is hit so your users have time to update.

We’ve also filed an enhancement request with Apple asking that developers be notified via email of impending distribution certificate or provisioning profile expirations with explanations of repercussions. This was filed as rdar://30631968.

If you have questions about any of this, please don’t hesitate to ask us in the comments below.

Love,
The 1Password Mac Team
❤️

P.S. Happy 5th Birthday to Gatekeeper! ? We were one of the first apps to sign with Developer ID certificates, use XPC, and leverage the entitlements required for Touch ID. It’s always exciting being on the cutting edge of technology but we wouldn’t have it any other way. ?

Further Reading

This was the second post in a three part series. See the exciting prequel and sequel here:

Part 1 : 1Password for Mac 6.5.5: Manual update required

Part 3 : PSA for macOS Developers: Renew Your Certificates & Provisioning Profiles


  1. The exact same perfect storm appears to caused our friends at Smile to hit the same rough seas that we had. You can see Adam Engst’s story in TidBITS for details on how this affected PDFPen. 
  2. The Common Name is the subject.CN part of the security requirement. As our Chief Defender of the Dark Arts often says of Common Names: they are often very uncommon. The name is inherited from older identify management systems. I don’t need to say much more as Jeff loves explaining things, so let’s all sit back and watch what he says in his comment that I’m sure he’ll be adding soon. 

Secure Your Whole Family with Our Special Family Day Special!

Happy Family Day week, everyone!

photosEvery year around Valentine’s Day we celebrate Family Day here in Canada. It’s a wonderful chance to spend some extra time with our families and harvest maple syrup. ?

And with the turkey hangover from the holidays long gone, it’s a great time to cook up a lovely family feast. After all, it’s important to keep our weight up so we can stay warm during the cold winter ?

No family gathering would be complete without our customers so we wanted to do something special for you and your family. So from our family to yours, we’re having a special 1Password Families celebration!

Special Family Day Special!

double-the-famWe introduced 1Password Families exactly one year ago today and it’s been awesome to see all the families who have signed up.

With 1Password Families, everyone in your entire family gets the security and convenience of 1Password. This includes free upgrades and access to 1Password everywhere, including Mac, Windows, iOS, and Android. And you get all of this for only $5 a month for a family of 5.

I was trying to decide how to make this even more special for our Special Family Day Special and I thought of the perfect thing. While inviting my family over for dinner I realized that 5 people is not always enough.

To celebrate Family Day, everyone who signs up their family this week will get an additional 5 family members for free! You can start by signing up here:

Special Family Day Special

maple-ham

Oh, and by the way, we’re also throwing in twice the storage! If you like ham and maple syrup as much as I do, you’ll wish your jeans had as much storage space as your 1Password account! ?

What is 1Password Families?

Quite simply, 1Password Families is the best way to protect your entire family. With your membership everyone in your family gets everything they need to stay safe online and preserve their privacy, including:

  • Their own vault for storing their personal items and passwords
  • All the 1Password apps, including Mac, Windows, iOS, and Android
  • Free upgrades to every new version
  • Item History for restoring accidentally deleted or changed items
  • 1 GB 2 GB of Secure Document storage

And since we take care of everything for you, every account has built-in data loss protection. There’s no need to worry about losing everything to accidental file deletion or leaving your laptop in the oven1.

securely-shareAs great as these benefits are, where 1Password Families really shines is how it allows you to work together as a family. Together your family can:

  • Invite additional family members quickly and easily
  • Create additional vaults to keep things organized
  • Share passwords & documents with each other securely
  • Manage exactly who can see and modify individual vault contents
  • Restore access for locked out family members using Account Recovery

These features allow you to be stronger together, just like any loving family.

As you can see, 1Password Families really is the best way to use 1Password with your entire family. And you don’t all need to live at the same household to enjoy these benefits. As great as having family over can be, it’s also nice to have your own space. ?

To get all these features and start protecting your entire family, sign up here:

Sign Up Now

Oh, and if you’re already using 1Password, you can easily move your existing items into your new 1Password Families account, so there’s no need to worry there.

Whether you celebrate Family Day or not, take care and have a wonderful week with your family. And don’t forget the maple syrup.

?? ❤️


  1. True story. My friend thought the oven was a great place to hide their laptop. It was found after preheating the oven. 

1Password for Mac 6.5.5: Manual update required

tl;dr

As a result of an expired provisioning profile and format change in the developer certificate, customers who downloaded 1Password for Mac directly from our site will need to manually update to the latest version. Those using 1Password from the Mac App Store are not affected.

For those who are interested, here are the events that conspired against us to make for an interesting Family Day weekend…

Fire at the office

I was out at the gym yesterday when I received a call from my wife. I thought she was calling about our belated Valentine’s dinner we had planned. Instead she rather alarmingly told me that “Sara called and said there is a fire at the office”.

Rushing home, I was expecting to hear that the hammocks and standing desks had gone up in flames. (Happily our servers are all virtual so I wasn’t too concerned). The “fire at the office” turned out to be a fire with 1Password for Mac. Customers were getting an error message when trying to start 1Password!

Unable to start 1Password

I urgently gathered our Mac team who were enjoying their holiday weekend to figure out what happened. We quickly recreated the issue and found this error in the logs: Binary is improperly signed. This seemed very strange to me as this version was released back in 2016.

We knew our developer certificate was going to expire on Saturday, but thought nothing of it because we believed those were only necessary when publishing a new version. Apparently that’s not the case. In reality it had the unexpected side effect of causing macOS to refuse to launch 1Password properly.

New certificate, new format

We renewed our certificate and released 1Password 6.5.4 thinking all would be well. And that’s when the other shoe dropped. When we created the new certificate it had a new format for the Common Name.

While this sounds like an inconsequential change, our built-in installer goes to great lengths to validate that every 1Password update is actually 1Password. Since our installer did not recognize the new certificate format it refused to update.

No problem can’t be solved without yet another build, so we created 1Password 6.5.5 ?

Long story short, 1Password 6.5.5 is now available and solves all these problems. The only catch is it requires you to install it manually.

Moving forward

As you might imagine, we have a whole new level of understanding of the importance of expiring provisioning profiles and certificates. Our new certificate expires in 2022 but I can guarantee you we will be renewing it far before then.

I do apologize for the inconvenience and extra work that this will cause you. I am sure you had better things to do on your long weekend too. If you have any problems with this update please let us know.

I also want to take a quick moment to say “Thank You”. The understanding that I’ve seen from the 1Password community is overwhelming. You never cease to amaze me. It has truly been a humbling experience.

Having spent all Saturday fighting this fire, I still owe Brenda the dinner we were supposed to have had. After missing Valentine’s Day dinners two weeks in a row, I kind of wish the actual office had been on fire ?

Further Reading

This was the first post in a three part series. The story continues here:

Part 2 : Certificates, Provisioning Profiles, and Expiration Dates: The Perfect Storm

Part 3 : PSA for macOS Developers: Renew Your Certificates & Provisioning Profiles

Having a blast at AGConf[7]

Every year since I joined the AgileBits family, I’ve looked forward to our annual reunion. It’s a rare opportunity to see the faces and hear the voices that only exist in my head and in text most of the time. AGConf gives us the chance to get together, discuss, plan, collaborate, joke, sing, dance, and occupy the same space for one glorious week.

Suffice it to say that AGConf[7] was a blast. We all met in Fort Lauderdale, Florida, where we boarded the Independence of the Seas for a five day Caribbean cruise. We visited Labadee, Haiti, and Falmouth, Jamaica, before making the return trip and parting ways.

Seeing the same old friendly faces

Most of us work remotely, and with the exception of the odd trip to the mothership (Toronto), we don’t get to see each other. The first day is filled with hellos and hugs–and an abundance of both. We always keep our eyes out for the official AGConf tees, and this year’s 007 themed one was a big hit!

Seeing the shiny new faces

In addition to seeing our old friends and colleagues, it’s always fun to meet the new Bits on the team! It seems like we’re growing exponentially these days, and by some wonderful Agilemagic, everyone fits in just right. I’m already looking forward to meeting more new Bits next year!

Getting some work done

Getting such great minds together always makes for some interesting discussion. It’s fun to put our heads together to help customers, solve problems, and make plans for the future. It’s also one of the few times during the year where we can have face to face discussions. Any big plans we’ve been working on in secret can finally be revealed. Any questions we’ve been wanting to ask get answered, sometimes with a full lecture.

Beyond all of the enlightening and productive internal discussion, we also spend a lot of time supporting our customers. At AgileBits, we take customer support very seriously, and everyone takes part in it. On the high seas, we all have each other to bounce ideas off of, or help with tricky issues we may not be too sure about. Need a developer? Just grab one. Have a security question? Goldberg’s got you covered. Working during AGConf almost doesn’t feel like work at all.

Having lots of fun

And of course, when we get together, we have fun. We play games, soak in the hot tubs, drink Labadoozies and rum punches galore, get dressed up fancy for dinner, sing karaoke, eat lots of dessert, get late night pizza, do yoga, watch the sun rise and set…I could go on. There’s so much to do, and so many people to see, it’s hard to make sure to get enough sleep! For a bunch of computer geeks, we’re a pretty rad crew.

 

Parting is such sweet sorrow

Like all other good things, AGConf, too, must come to an end. We came, we saw, we conquered, and we did some other stuff too. Now it’s time to get back to developing software we’re passionate about, and supporting customers we love. Until next time, Bits!

The Today Show ❤️ 1Password 🎉

badge (1)We are having a little party over here at 1Password today, as 2017 has started with an awesome endorsement from The Today Show’s digital lifestyle expert Mario Armstrong!

In a roundup of the coolest apps to have in 2017, Mario includes us as the first app mentioned. He talks about how he personally uses 1Password to secure his digital life, and goes on to recommend 1Password to TODAY viewers.

The Today Show is the longest running breakfast show in the world and has over 4.3 million viewers a week, so we are really happy that so many people had the chance to find out about 1Password and can begin securing their digital lives!

Mario’s favourite features!

“The 1Password you need to remember”

With 1Password you only ever need to remember… one password.

All your other passwords and important information are protected behind your Master Password, which only you know.

“1Password remembers everything for you”

Don’t forget your passwords. Or your bank account routing number. Or the alarm code for your house. 1Password safely keeps track of them all.

Store everything from online accounts to social security numbers.

“Heavy encryption right here”

Every time you use 1Password, your data is encrypted before a single byte ever leaves your devices. Your encryption keys are protected by your Master Password, so only you have the keys to unlock your secrets.

But wait, there’s more!

Mario mentioned some of his favourite features, but here’s the other things he didn’t have time to mention when he was recommending 1Password on The Today Show:

  • All the apps on all your devices. Whether you use 1Password on Mac, Windows, iOS or Android, we have you covered. Your data is comes everywhere with you, on whichever device you are using.
  • Store everything. 1Password isn’t just for passwords. Use it to securely store your credit cards, passports, important documents – anything at all!
  • Secure the future! 1Password isn’t just about your existing passwords. Our strong password generator means that every new password needed can be super secure, and super easy to access.
  • Restore previous versions of items. If you accidentally changed or deleted an item, you can restore it on 1Password.com..
  • The most secure password manager available. There has never been a more secure way for you to store and access your passwords. Learn more about how 1Password protects your data.
  • Your data is yours. With 1Password, you are always in control. You can always view and export your data at any time.
  • Options for Individuals, Families and Teams. Easily share passwords with your family or team members, create vaults for your mum, dad, kids, gran – even the dog!

Mario wants you to be secure!

Mario uses 1Password to secure his digital life, and so can you! Find the version of 1Password that suits you best and sign up for a 30-day trial at 1Password.com

 

Using Intel’s SGX to keep secrets even safer

When you unlock 1Password there are lots of secrets it needs to manage. There are the secrets that you see and manage such as your passwords and secure notes and all of the other things you trust to 1Password. But there are lots of secrets that 1Password has to juggle that you never see. These include the various encryption keys that 1Password uses to encrypt your data. These are 77-digit (256-bit) completely random numbers.

You might reasonably think that your data is encrypted directly by your Master Password (and your secret Account Key), but there are a number of technical reasons why that wouldn’t be a good idea. Instead, your Master Password is used to derive a key encryption key which is used to encrypt a master key. The details differ for our different data formats, but here is a little ditty from our description of the OPVault data format to be sung to the tune of Dry Bones.

Each item key’s encrypted with the master key
And the master key’s encrypted with the derived key
And the derived key comes from the MP
Oh hear the word of the XOR
Them keys, them keys, them random keys (3x)
Oh hear the word of the XOR

And that is a simplification! But it is the appropriate simplification for what I want to talk about today: Some of our intrepid 1Password for Windows beta testers can start using a version of 1Password 6 for Windows that will have an extra protection on that “master key” described in that song. We have been working with Intel over the past few months to bring the protection of Intel’s Software Guard Extensions (SGX) to 1Password.

Soon (some time this month) 1Password for Windows customers running on systems that support Intel’s SGX will have another layer of protection around some of their secrets.

SGX support in 1Password isn’t ready for everybody just yet as there are a number of system requirements, but we are very happy to talk about what we have done so far and where we are headed. I would also like to say that we would not be where we are today without the support of many people at Intel. It has been great working with them, and I very much look forward to continuing this collaberation.

What does Intel’s SGX do?

Intel, as most of you know, make the chips that power most of the desktop and laptop computers we all use. Their most recent CPUs include the ability for software running on Windows and Linux to create and use secure enclaves that are safe from attacks coming from the operating system itself. It is a security layer in the chip that cryptographically protects regions of operating system memory.

SGX does a lot of other things, too; but the feature I’m focusing on now is the privacy it offers for regions of system memory and computation.

Ordinary memory protection

A program running on a computer needs to use the system’s memory. It needs this both for the actual program and for the data that the program is working on. It is a Bad Thing™ if one program can mess with another program’s memory. And it is a security problem if one program can read the memory of another program. We don’t want some other program running on your computer to peer what is in 1Password’s memory when 1Password is unlocked. After all, those are your secrets.

It is the operating system’s (OS’s) job to make sure that one process can’t access the memory of another. Back in the old days (when I had to walk two miles through the snow to school, up hill, both ways) some operating systems did not do a good job of enforcing memory protection. Programs could easily cause other programs or the whole system to crash, and malware was very easy to create. Modern operating systems are much better about this. They do a good job of making sure that only the authorized process can read and manipulate certain things in memory. But if the operating system itself gets compromised or if some other mechanism might allow for the reading of all memory then secrets in one program’s part of memory may still be readable by outsiders.

Extraordinary memory protection

One way to protect a region of memory from the operating system itself is to encrypt that region’s contents using a key that even the operating system can’t get to. That is a tricky thing to do as there are few places to keep the key that encrypts this memory region if we really want to keep it out of the hands of the operating system.

SGX memory access drawingSo what we are looking for is the ability to encrypt and decrypt regions of memory quickly, but using a key that the operating system can’t get to. Where should that key live?  We can’t just keep it in the the innards of a program that the operating system is running, as the operating system must be able to see those innards to run the program. We can’t keep the key in the encrypted memory region itself because that is like locking your keys in your car: Nobody, not even the rightful owner, could make use of what is in there. So we need some safe place to create and keep the keys for these encrypted regions of memory.

Intel’s solution is to create and keep those keys in the hardware of the CPU. A region of memory encrypted with such a key is called an enclave. The SGX development and runtime tools for Windows allow us to build 1Password so that when we create some keys and call some cryptographic operations those will be stored and used with an SGX enclave.

An enclave of one’s own

When 1Password uses certain tools provided by Intel, the SGX module in the hardware will create an enclave just for the 1Password process. It does a lot of work for us behind the scenes. It requests memory from the operating system, but the hardware on Intel’s chip will be encrypting and validating all of the data in that region of memory.

When 1Password needs to perform an operation that relies on functions or data in the enclave, we make the request to Intel’s crypto provider, which ends up talking directly to SGX portions of the chip which will then perform the operation in the encrypted SGX enclave.

Not even 1Password has full access to its enclave; instead 1Password has the ability to ask the enclave to perform only those tasks that it was programmed to do. 1Password can say, “hey enclave, here is some data I would like you to decrypt with that key you have stored” Or “hold onto this key, I may ask you to do things with it later.”

What’s in our enclave? Them keys, of course!

protected-keysWhen you enter your Master Password in 1Password for Windows, 1Password processes that password with PBKDF2 to derive the master key to your primary profile in the local data store. (Your local data store and the profiles within it are things that are well hidden from the user, but this is where the keys to other things are stored. What is important about this is that your master key is a really important key.)

When you do this on a Windows system that supports SGX the same thing happens, except that the the computation of the master key is done within the enclave.  The master key that is derived through that process is also retained within the enclave. When 1Password needs to decrypt something with that key it can just ask the enclave to perform that decryption. The key does not need to leave the enclave.

Answers to anticipated questions

What does (and doesn’t) this protect us from?

I must start out by saying what I have often said in the past. It is impossible for 1Password (or any program) to protect you if the system you are running it on is compromised. You need to keep your devices free of malware. But using SGX makes a certain kind of local attack harder for an attacker, particularly as we expand our use of it.

The most notable attacks that SGX can start to help defend against are attacks that exploit Direct Memory Access. Computers with certain sorts of external ports can sometimes be tricked in allowing a peripheral device to read large portions of system memory.

As we expand and fine tune our use of SGX we will be in a better position to be more precise about what attacks it does and doesn’t defend against, but the ability to make use of these enclaves has so much potential that we are delighted to have made our first steps in using the protections that SGX can offer.

What will be in our enclave in the future?

As we progress with this, we will place more keys and more operations involving those keys into the SGX secure enclave. What you see today is just the beginning. When the master key is used to decrypt some other key that other key should only live within the enclave. Likewise the secret part of your personal key set should also have a life within the enclave only. I can’t promise when these additions will come. We still need to get the right cryptographic operations functioning within the enclave and reorganize a lot of code to make all of that Good Stuff™ happens, but we are very happy to have taken the first steps with the master key.

We do not like promising features until they are delivered. So please don’t take this as a promise. It is, however, a plan.

Sealed enclaves?

Among the features of SGX that I have not mentioned so far is the ability to seal an enclave. This would allow the enclave to not just keep secrets safe while the system is running, but to allow it to persist from session to session. Our hope is that we can pre-compute secrets and keep them in a sealed enclave. This should (if all goes to plan) allow 1Password to start up much more quickly as most of the keys that it needs to compute when you first unlock it can already be in an enclave ready to go.

A sealed enclave would also be an ideal place to store your secret 1Password.com Account Key, as a way of protecting that from someone who gains access to your computer.

Is security platform-specific?

1Password can only make use of SGX on some Windows PCs running on CPUs with Intel’s Skylake CPUs and which have been configured to make use of SGX. Thus SGX support in 1Password is not going to be available to every 1Password user. So it is natural to ask whether 1Password’s security depends on the platform you use.

Well, there is the trivial answer of “yes”. If you use 1Password on a device that hasn’t been updated and is filled with dubious software downloaded from who knows where, then using 1Password will not be as secure as when it is running on a device which is better maintained. That goes without saying, but that never stops me from saying it. Really, the easiest and number one thing you can do for your security is to keep your systems and software up to date.

The nontrivial answer is that 1Password’s security model remains the same across all of the platforms on which we offer it. But it would be foolish to not take advantage of some security feature available on one platform merely because such features aren’t available on others. So we are happy to begin to offer this additional layer of security for those of our customers how have computers which can make use of it.

Upward and downward!

I’d like to conclude by just saying how much fun it has been breaking through (or going around) layers. People like me have been trained to think of software applications and hardware being separated by the operating system. There are very good reasons for that separation — indeed, that separation does a great deal for application security — but now we see that some creative, thoughtful, and well-managed exceptions to that separation can have security benefits of its own. We are proud to be a part of this.

Fantastic Secrets and Where to Find Them: Pocket Watch Edition

Hello again, fine readers! It’s been a few weeks since the release of 1Password 6.5 for Mac and we figured it was time to bring 1Password 6.5 for iOS to the party as well. After our last release we got together and brainstormed our top goals for this update:

  • Refine and polish the very first interaction for everyone who launches 1Password on a new device.
  • Rebuild our Apple Watch app to take advantage of the speed and power of the modern watchOS.
  • Make it easier than ever to manage your items in bulk.

Just like its big brother, this update to 1Password for iOS is absolutely gigantic.

Let’s dive in, shall we?

opi-onboarding-hero-shot

A Whole New Way To Get Started

One of the biggest challenges for any app is how it introduces itself to new customers. In fact, there’s a whole cottage industry surrounding the analysis and breakdown of these “onboarding” experiences. The overwhelming advice is “the simpler the better”, and we took this to heart while reimagining ours.

In this release we’ve completely redesigned the onboarding experience to focus on our new 1Password.com service. Now when someone launches 1Password for the first time they will be guided directly into a new account that provides them with:

  • Built-in automatic sync across all devices
  • Data loss protection
  • Item History for restoring deleted or changed items
  • Access to 1Password on all platforms (Mac, Windows, iOS & Android)
  • Free upgrades to 1Password for the life of their subscription

And the best part is that all of this is enabled automatically with the creation of their account directly within 1Password. All new users need to do is download 1Password and get started.

A Whole New Way To Migrate

Of course we also have many customers with existing setups that are working great for them today. If this includes you, you’re free to continue using the standalone licensed version of 1Password – you simply need to choose Dropbox or iCloud during setup.

But if you’d like to take advantage of the simplicity of our new 1Password.com service, we now have an easy way to migrate all your existing data over.

Once you add your new 1Password account you will be asked if you’d like to migrate all your existing information over. Simply say yes and all your items will be copied over to your newly added 1Password account.

After your various bits and bobs have been securely moved you’ll be guided directly to your newly populated vault where you will feel right at home. ?

A Whole New Way To Love 1Password On Your Wrist

When Apple introduced Apple Watch back in 2015 we were there on day one with our brand new Apple Watch app. It was a great solution for accessing those small pieces of secure information you needed at a glance. Since then, however, two main issues have been on our to do list:

  1. The app was useful, but not exactly speedy.
  2. It only supported items stored in your Primary vault.

I’m happy to report that with 1Password 6.5 both of those issues have been tackled! 1Password for Apple Watch is now a native app, taking full advantage of the speed and performance enhancements afforded by running directly on Apple Watch hardware.

tattoo-arm

We’ve also opened up the gates and you can now add items from any vault to your Apple Watch, including items stored in your 1Password.com account vaults!

If you’ve been waiting for this Apple Watch update to move all your items to your 1Password.com account, wait no longer. Go ahead and select all your items and move them over. What’s that? There’s no way to move items en masse on iOS? Read on, dear friends!

magical-items

A Whole New Way To Manage Your Items

One trend we’ve been noticing more and more is many of you are opting into an iOS-only lifestyle, having an iPhone and perhaps an iPad, and that’s it. Truth be told it puts a bit of a damper on things when we ask you to “go to your Desktop” to perform a specific task.

As many of our customers continue to move their information over to 1Password.com accounts, the ability to select and move multiple items has become more important than ever.

Thankfully it’s now possible to move multiple items at once! All you need to do is pull down from the top of your item lists to reveal the “Select Items…” button. From there you can select any number of items (or tap on the selection circle at the top of the list to select all your items) and copy or move them to any other vault.

1p-bow

Putting a Bow On It

A brand new onboarding experience, a brand new Apple Watch app, the ability to move and copy multiple items at once; what else could we have possibly crammed into this release? As I mentioned at the outset, 1Password 6.5 for iOS is a mammoth update. In addition to the few things I touched upon above, we’ve carefully crafted and included nearly 100 additional improvements and bug fixes. It’s an impressive list so I couldn’t resist sharing it here:

New

  • 1Password now sports a brand new first-run experience! It is now easier than ever to get started with 1Password.
  • Our Apple Watch app is now a native app!
  • Items from 1Password.com accounts can be added to your Apple Watch!
  • Adding a 1Password.com account to your device will now prompt you to move your items to that account. {OPI-3561}
  • Added the ability to select, move, and copy multiple items! Just pull down from the top of the item list to expose the “Select Items…” button. {OPI-3266}
  • It’s now possible to create Documents in 1Password accounts! {OPI-1027}
  • 1Password can now fill additional text, email, and password fields for items created outside the browser extension. {BRAIN-111}
  • After migrating your items to a 1Password.com vault, you will now be prompted to delete your old Primary vault. {OPI-3720}
  • Added the ability to copy 1Password Documents across accounts. {OPM-3974}
  • You will now be prompted to enable Touch ID after completing the initial setup of 1Password. {OPI-3691}
  • You can now pay for your 1Password.com account subscription right from the app using automatically renewing in-app purchase subscriptions.

Improved

  • Primary vaults can now be removed when a 1Password.com account exists. {OPI-3608}
  • If 1Password fails to display an item from a Spotlight search, we now present an error message.
  • Warnings about frozen 1Password.com accounts now offer the option to “Subscribe Now” where possible. {OPI-3745}
  • The 1Password account sign-in screen now includes instructions on how to find your account details. {OPI-3761}
  • Migrating from a standalone Primary vault to a 1Password.com account now sets the Vault for Saving to your new Personal vault. {OPI-3734}
  • The Categories tab is now the default tab for fresh installs of 1Password. {OPI-3755}
  • Updated our translations with the latest from our incredible translators on Crowdin.
  • Updated to the latest 1Password brain for improved Login saving and form filling.
  • 1Password is now better at avoiding search and newsletter forms when filling. {BRAIN-289}
  • 1Password is now better at saving Logins on pages with search fields. {BRAIN-274}
  • 1Password is now better at avoiding search fields on Russian and German websites. {BRAIN-293}
  • 1Password is now better at handling sneaky password fields on Swedish websites. {BRAIN-310}
  • Updated the password generator minimum and maximum values. {OPI-3730}
  • Added mechanisms for strengthening communication with 1Password.com.
  • The setting that controls opening websites now lives in Settings > 1Browser. {OPI-3696}
  • Improved the parsing for certain improperly formatted web addresses. {OPM-4281}
  • Added a notification to update to the latest 1Password version when features aren’t compatible with the 1Password.com account server. {OPM-4177}
  • Better handling of invalid data brought in by importing.
  • The 1Password Apple Watch app no longer has its own PIN code. {OPI-3813}
  • Changed the naming of Wi-Fi sync to WLAN sync. {OPI-3633}
  • Empty address fields are now hidden when viewing items. {OPM-3902}
  • Updated Rich Icons for the Login creator. {AGW-314, OPI-3623, OPI-3625}
  • Added a help string to the footer of the Lock Now button in Settings > Security to indicate using it will require the Master Password to unlock next time. {OPI-3516}
  • Improved filling of credit card expiration years. {BRAIN-138}
  • Removed a few potentially offensive words that were present in the word list for our Word-based Strong Password Generator. {OPI-3129}
  • Improved the way we handle 1Password Pro’s in-app purchase receipt validation.
  • Removed several instances where “1Password Teams” or “1Password Families” language was used, and replaced them with “1Password account.”
  • Improved WLAN sync error handling to make it less annoying when the desktop is locked. {OPI-3314}
  • Personal and Shared vaults will now display the user or team avatars if they don’t have their own avatar. {OPM-4032}
  • Added better handling of 1Password accounts whose domains have changed. {OPM-4002}
  • Improved the launch time under certain circumstances. {OPM-4061}

Fixed

  • Removed a crash that could occur when processing changes to items. {OPI-3651}
  • Fixed a crash that could occur on iOS 10 immediately after unlocking 1Password. {OPI-3649}
  • Fixed an issue that could cause some network requests to 1Password.com to fail.
  • Dismissing Control Center no longer clears your search results. {OPI-3540}
  • Opening 1Password using a “search” shortcut from apps like Launch Center Pro no longer fails if 1Password isn’t running. {OPI-3708}
  • Using the “Search” Quick Action from the iOS Home Screen no longer fails if 1Password isn’t running. {OPI-3789}
  • Annihilated a bug that was causing the search field to be unresponsive if you tapped into it right after unlocking 1Password. {OPI-3789}
  • Successive searches now show the correct search results each time when leaving the app and coming back to it. Thank you to our awesome beta testers for helping us track this one down. {OPI-3740}
  • Fixed an issue that could cause 1Password to request the Master Password when tapping the Home button while unlocking with Touch ID. {OPI-3807}
  • Fixed an issue where displaying items from Spotlight could fail. {OPI-3658}
  • We now make sure that All Vaults is the selected vault when setting up the app for the first time with a 1Password.com account.
  • Fixed an issue where vault-added notifications were shown when initially setting up a device. {OPI-3771}
  • Selection controls no longer go missing if you leave selection mode shortly after entering it. {OPI-3748}
  • The Apple Watch app now requires an Apple Watch PIN code to be set. {OPI-3760}
  • We now allow importing of 1Password 3 backups from other sources. {OPI-3661}
  • Fixed a crash that could occur when syncing with AgileKeychain files. {OPI-3650}
  • 1Password would fail to fill sites that had previously saved fields 1Password ignores during filling. {BRAIN-299}
  • Fixed an issue where certain Favorites could cause issues while syncing with 1Password.com accounts. {OPM-4402}
  • Eliminated some instances where you would be mistakenly prompted to enter your Master Password.
  • Fixed two crashes that could occur when syncing via AgileKeychain. {OPI-3713, OPI-3714}
  • Fixed a crash that could occur when setting up sync. {OPI-3711}
  • Fixed a crash that would happen when editing a field on an item that has a menu of possible values. {OPI-3712}
  • Fixed a crash when re-authorizing a 1Password.com account after a password change. {OPI-3710}
  • Fixed a crash that could occur on iOS 10 during launch.
  • Fixed a crash that could occur when processing changes to items. {OPI-3651}
  • Fixed a crash that could occur on iOS 10 immediately after unlocking 1Password. {OPI-3649}
  • Fixed an issue that could cause some network requests to 1Password.com to fail.
  • Fixed an issue preventing two my.1password.com accounts from being added at one time. {OPM-4312}
  • Fixed an issue that would cause 1Password to authenticate twice with 1Password.com upon startup instead of just once. {OPM-4286}
  • Fixed an issue that could cause unnecessary reauthentication requests to be sent for 1Password.com accounts. {OPM-4285}
  • Fixed an issue where some unrecognized data in an item would be lost while saving. {OPM-4234}
  • Fixed autosubmit on fideliti.co.uk. {BRAIN-268}
  • Fixed an issue where the item detail view wasn’t respecting the changing of the Show Rich Icons setting. {OPI-2012}
  • Fixed an issue where a 1Password.com account administrator could be addressed as a user instead of as an Owner. {OPI-3545}
  • Fixed an issue that caused 1Password to stop syncing changes from iOS to other devices, but still allowed new changes from other devices to appear on iOS. {OPI-3606}
  • Fixed an issue that caused users with a single vault in their 1Password Account to see the welcome screen instead of their vault. {OPI-3534}
  • Fixed login filling on tecmarket.it. {BRAIN-254}
  • Resolved an issue where 1Password would incorrectly identify the designated username and password fields when saving a Login. {BRAIN-207}
  • Resolved an issue where 1Password would fill credit card month values into quantity fields when the field was of number type.
  • Resolved an issue where 1Password would attempt to fill into disabled or read-only fields. {BRAIN-263}
  • Resolved an issue where radio buttons were being improperly saved and restored. (Existing Logins will need to be resaved.) {BRAIN-74}
  • Resolved an issue where 1Password would not fill the same password value into more than one field. {BRAIN-83, BRAIN-84}

What we’ve created, and what is now available on the App Store, is the best version of 1Password to date. I can’t wait to hear what you think.