DevBits header

AgileCloudSDK: iCloud Sync Gets Its Wings

At the last WWDC, Apple announced some changes to CloudKit, the technology that enables an app to sync with iCloud. As many of you know, it was previously impossible for non-Mac App Store apps to sync with iCloud. The changes that Apple made to CloudKit have opened up some really exciting possibilities, and today, we’re happy to announce that we have been able to implement iCloud sync in the AgileBits Store version of 1Password.

1Password 6 for Mac Sync Preferences (iCloud)

Wait…what?

1Password uses the CloudKit API to sync your data with iCloud. In OS X 10.10 Yosemite, the CloudKit framework provided by Apple did all the heavy lifting by communicating with Apple’s servers for the app, but it was only available for apps that were codesigned by the Mac App Store. This meant that only the Mac App Store version of 1Password could sync with iCloud.

You can read more about this in the post that Roustem wrote last fall.

What’s changed?

CloudKit is still the way that developers access the iCloud database, but Apple has provided a brand new way of accessing their CloudKit servers: CloudKit web services. CloudKit web services allows apps to access CloudKit via a really nice web framework called CloudKit JS. When these changes were announced at WWDC, we were excited to start working with this new framework to see what possibilities it would present. Ultimately, CloudKit JS enabled us to support iCloud sync in our AgileBits Store version of 1Password.

[Update] If you are a Mac app developer, and would like to use AgileCloudSDK so that your app can sync with iCloud, your app must also be in the App Store. Your customers, however, will now be able to choose whichever version they want.

How did we do it?

To make sync as seamless and stable as possible we wanted to make very few changes to the existing sync code in 1Password. We felt the best way to do that was to make a framework that looks and acts like Apple’s native CloudKit framework, but uses the CloudKit web services. This means 1Password can use Apple’s native CloudKit framework in the Mac App Store version, and our new AgileCloudSDK framework in the AgileBits Store version.

There are a lot of internal differences between native CloudKit and CloudKit web services. CloudKit web services relies on JavaScript but native CloudKit uses Cocoa classes for data storage, so we knew that we couldn’t reuse the existing code without something to translate the requests and data back and forth.

In order to talk to Apple’s servers, we needed a mediator. Adam Wulf and I created a class that takes native CloudKit API calls, translates them to web service API calls, and translates the responses back to native Cocoa code. The 1Password sync code is now completely ignorant as to whether it’s connecting to native CloudKit or CloudKit web services. This means that 1Password can find your data in iCloud, whether you’re using the Mac App Store version or the AgileBits Store version. We’re extremely pleased with this outcome!

From our customers’ point of view, iCloud sync in the AgileBits Store version of 1Password will look a little bit different during the initial setup. CloudKit JS does not use the iCloud settings from OS X, so to authenticate with Apple, 1Password will prompt you to log in to your iCloud account by displaying the iCloud login page in your default web browser. Once you have logged in to your iCloud account, CloudKit web services sends an authentication token back to 1Password, which it then stores (securely, of course). This enables 1Password to sync with iCloud without having to reauthenticate each time. Since the iCloud login for CloudKit JS is completely separate from the iCloud settings in OS X System Preferences, you can even use a completely different iCloud account if you like!

1Password 6 for Mac iCloud auth

Share the knowledge

One of the challenges we faced when developing this framework was that no one else seemed to be working on this particular problem yet. We want AgileCloudSDK to continue to grow and improve and we can think of no better way to ensure that than to release it as open source. We are currently busy prepping it for release and plan to have more information (including a release date) soon. If you’re interested in learning more about this framework, reach out to us at support+agilecloudsdk@agilebits.com.

To everyone at Apple who worked hard to make this new functionality possible: thank you. You’re awesome.

1Password for iOS update featured image

1Password 6.2 for iOS: The Resolution Edition

It’s hard to believe that another year is upon us! Whether you bid adieu to 2015 with enthusiasm or reluctance, we hope 2016 will be a wonderful year for you. We’ve spent some time reflecting on the old year and planning for the new, always with one goal in mind: improving your life by making security as easy and enjoyable as we can. With that at heart, we present our latest release: 1Password 6.2 for iOS.

Resolve to Search Smarter

You’re going to be delighted with the improvements we’ve made to Search! One of the first things you’ll notice is that you can now search from the Favorites and Organize tabs, in addition to the Categories tab.

If you want to speed things up and know the title of the item you’re looking for, make sure Search Titles is highlighted. If you need to look through all of your fields, start your search and tap on Search Everything. You can also clear what you’ve typed into the field or cancel your search altogether with a single tap.

1Password 6.2 for iOS: Search

Resolve to Stay Informed

I’m excited to tell you that Watchtower is now available in 1Password 6.2 for iOS! 1Password for Mac users will recognize this service, which monitors the latest security vulnerabilities from around the web and alerts you when your own accounts might need attention. To start using Watchtower, go to Settings > Security and tap the switch. If an item has a potential vulnerability, you’ll see it in the item’s details view.

1Password 6.2 for iOS: Watchtower

Resolve to Stay Organized

If you’re a 1Password for Teams customer or like to keep your items organized in more than one vault, you’ll love this one. Today’s release enables you to move or copy items across vaults! All you need to do is view the item’s details and tap Move and Copy button at the bottom. Then, select the vault to which you’d like to move or copy the item. Easy peasy!

Resolve to Work at Peak Peek Efficiency

This one’s for you lucky ducks with an iPhone 6s or iPhone 6s Plus. We proudly present: Peek and Pop, in glorious 3D (Touch)! Give the 1Password icon on your home screen a hard press to bring up the Quick Action Menu to add a new item, view your favorites, or bring up search in 1Password.

If you want quickly look at an item, find it as you normally would. Instead of tapping on it, give it a light 3D Touch to take a Peek, then press a little harder to Pop into its details view. Or, Peek at an item, then swipe up to to copy a field or open a login in 1Browser.

1Password 6.2 for iOS: Preview and Copy

We paid attention to a lot of little details to help you start your new year right, from updating our translations to tweaking our in-app icons; we’ve even added the Strong Password Generator to the PIN field of Credit Card items to make it easier to generate PIN codes! To find out what other goodies are waiting for you, check out our release notes.

1Password 6.2 for iOS is available now, and it’s a free update for all existing owners. Head to the Updates tab of the App Store to update to the latest version now! Have feedback? We’d love to hear from you. Add a comment here, check out our discussion forums, or start a conversation with us on Twitter or Facebook.

Holiday sale header

Happy Holidays from AgileBits

Rudolph

Hello Everyone!

With Santa almost here, I figured it was time to give Dave an early Christmas present and let him unwrap something new this year: a newsletter for everyone, written by someone new. ;)

And, since it has a few goodies in it, I decided that it would be even more fun to spread the joy and include a blog post too! Plus, I always enjoy the chance to talk with all of you!

Update on 1Password for Teams

Harold: Christmas 2015

1Password for Teams continues to move through our beta testing and we have seen a number of businesses, schools and families signing up and reserving their team name. Have you signed up yet?

Reserve your team name now!

I’m pretty sure Santa will find it much easier to check his list twice when it is a secured note that he can share with his top elves. Plus, sharing the login information with NORAD for his annual flight will be even easier!

An Extra Special Holiday Sale

Holiday sale 2015 tree ornament

Sharing over the holiday season is one of my favourite things – so much so that I am bringing back our holiday bonanza sale! 12 days of Christmas + 8 nights of Hanukkah + 7 days of Kwanzaa + 8 tiny reindeer for good luck = 35% off all platforms!

Much like the holidays, the sale will be over before you know it, so indulge in a bit of last-minute gifting before you enjoy a big meal. :)

Until next time, please give your loved ones a hug for me, and remember to leave a comment below or join us in the forums if you have any questions, or if there is anything we can do to help make your holidays more secure.

Sara snowman footer

1Password for iOS header

iOS 9.2 adds 1Password to many new apps

During WWDC this year, Apple announced SFSafariViewController. This was really exciting news for us. Just imagine: if a third-party app used Safari as its in-app browser, that would mean that 1Password could fill Logins automatically without developers doing any extra work!

SFSafariViewController was introduced to everyone in iOS 9. Immediately, we began receiving reports from customers about 1Password disappearing from their favourite apps! It turns out that the JavaScript we were using couldn’t be executed in SFSafariViewController. We did some work on our end to address this issue and also reported it to Apple. Then, we waited.

Patience is a virtue

A Very Rad Holiday

One day in late October, while I was on vacation in a place where Internet access was scarce, Slack exploded with mentions from my colleagues about 1Password automatically working in many new apps when using the new iOS 9.2 beta. There I was, with an Internet connection barely good enough to check my email, and with no way to download the new iOS and Xcode beta goodies. All I could do was wait. And wait. And wait. It was the first time I ever wished that my vacation would end sooner!

Yay! Thank you, Apple!

Finally I returned home and was able to verify the amazing news: the 1Password App Extension API will simply appear in all Safari View Controllers in any app! After spending weeks working on this, I was ready to buy everyone at Apple a beer.

Let’s have a look at how this actually works. In the following example, you can see how easy it is to use 1Password to add your account to Tweetbot, one of the most popular Twitter clients.

What’s even more awesome is that Paul (the developer of Tweetbot) didn’t need to do anything to enable this feature. It just works! If you are an app developer, users of your app simply have to make sure that the 1Password App Extension is enabled.

To enable 1Password in apps, simply set up 1Password. It will then appear as an option on the share sheet, where it can be toggled on and rearranged. For illustrated, step-by-step instructions, please see our user guide.

1Password ❤ App Developers

The 1Password App Extension offers iOS app developers the opportunity to provide a simple and secure login experience. If your favourite iOS app prompts you to log in and doesn’t display the 1Password icon, reach out to the developer and direct them to our Dev Outreach page. They’ll be amazed by how easy it is to integrate 1Password into their app.

If you’re a developer and have already added the 1Password app extension to your iOS app, thank you; you’re awesome! Please don’t forget to submit your app to our Apps ❤ 1Password directory.

1Password developer newsletter

iOS app developers are invited to subscribe to our 1Password App Extension Developers newsletter. We’ll send you an occasional newsletter containing 1Password App Extension news, updates, and tricks, to help you realize the full potential of the 1Password Extension API in your iOS apps.

If you have any questions, you can comment on our GitHub project or email support+appex@agilebits.com. I look forward to talking to you!

Security header

1Password and your browsing habits: What we don’t know can’t hurt you

1Password blueprintThere are some things that we would love to know about people who use 1Password. Some of that information would be useful in improving 1Password, some might just be interesting statistics about our users. Here are a few things we might want to know:

  • What sites are among your 1Password data
  • When, how often, and from which IP address you use 1Password to log in to particular websites
  • Which new Logins you save
  • How often and where you fill credit card data

Knowing such things about our customers would help us focus our development efforts on the things that people want to use most. But here is the point of this article: We do not have that information and we have built 1Password so that it would be hard to even collect that information. Our principle of Private By Design means that we don’t know many things. This is for your benefit.

We have no such data

Despite our curiosity and the usefulness of such data, we have designed 1Password so that we can never see that information. We’ve written before about how our security architecture protects your privacy (see Private By Design and the opening sections of our 1Password for Teams white paper [PDF]), but I will highlight some of its points below.

The importance of knowing nothing

One of our design principles is based on the fact that we cannot lose, use, or abuse data that we never have. We believe that you should be in control of your data and that your use of your data is your business. To the extent possible, we have built 1Password in such a way that not only do we not retain data about your use of 1Password, but we make it hard to even obtain such data.  We have also chosen not to include any in-app analytics tools within 1Password.

Some of this is basic security design. Our design principle isn’t radical in theory, but it can be difficult to implement. For example, our underlying data synchronization system would be much simpler if we allowed ourselves to know which sites you are logging in to when you log in to them. But because we do not want to ever know that information, we have had to put in more intricate machinery.

I should also acknowledge that some of our design principle is motivated by cowardice. We do not want our servers and systems to be heavily attacked, so we have designed our systems such that we have little worth stealing. Our cowardice here works to protect your privacy and your security. Cowardice can be a virtue.

Example: We can’t watch from the Watchtower

1Password WatchtowerA relatively simple example of our privacy mechanism is how Watchtower works in 1Password for Mac and Windows. 1Password does not send a query to our server to ask, “Is site X in the Watchtower database? What does it report?” If we had built it that way, our server logs would be able to determine exactly which sites are in your 1Password data. Instead, 1Password fetches all of the information needed by Watchtower on your computer. Every instance of 1Password is fetching the same data file in a way that does not depend on which Logins you have.

Security designs matter

I would like to step back and look at a picture that is perhaps even bigger than the privacy matters discussed here. Please indulge me in my musings.

We are proud of the overall security design of 1Password, and we certainly like to talk about it. Yet very understandably most people are not going to look at the subtleties of the design and its implications. As a consequence, some of the things that we think are the biggest security benefits of 1Password are invisible to users, and so we occasionally hit you with articles like this.

Sometimes our security design makes certain “features” irrelevant and inapplicable. See Authentication v Encryption for a discussion of one such feature. Sometimes, as in the example of Watchtower described above, it means that we have to work harder to put a feature in place than we would have if we’d used a different security design. But even when we have to work harder, we believe that our security design is the better choice. To maintain a privacy-preserving security architecture we are happy to do the extra work.

More than just passwords header

Secure all the things in Secure Notes

The more I use 1Password, the more uses I think of for it. Of course, all my usernames and passwords are stored in the app, and I can’t tell you how much I love signing in to an iOS app that has enabled the 1Password app extension. It’s downright magical. If that’s all 1Password ever did for me, I’d be more than satisfied. But as 1Password has grown and developed, it’s given me so many wonderful options for keeping all kinds of data secure and sorted. For a girl who loves organization, it’s a dream come true!

One of my favourite improvements to 1Password is the Secure Notes category. With custom fields (and custom icons!), I’ve got my very own customizable database for any type of information I want to keep secure yet easily available. I want to share with you just how awesome this category can be, so here are a few of my favourite uses for Secure Notes.

Family medical history

Secure Notes: Medical info

Do you remember your complete medical history? How about your partner’s, your child’s, or your pet’s? I store information about each family member’s allergies, prescriptions, previous surgeries and other important details in a Secure Note shared in my family vault. Custom fields help me keep all the details nicely sorted, and the custom icons make these entries easy to recognize! I hope it’s never necessary, but it’s great to know that it’s available there, just in case.

Taxes

Secure Notes: Taxes

Thankfully, we only have to deal with taxes once a year. But that infrequency can lead to a lot of forgetfulness. There are all sorts of identifying numbers associated with filing taxes, even more if I want to file online. In years past, I have had to dig through my not-so-awesome paper filing system to locate all those details. Now I’m building a Secure Note with all my tax information, including a list of charitable donations and other relevant deductions I know I’ll want to remember. I can even attach PDFs of previous tax returns and necessary forms for reference. I’m dreading tax season less already!

Insurance Policies

While we’re talking about fun stuff, do you know your insurance policy details? Whether it’s for your home, car or health, this is the sort of information that you don’t really need—until it’s really, really necessary. In my mind, this is exactly what the Secure Notes category in 1Password was designed for. Knowing that this data is secure and available when I need it gives me a whole lot of peace of mind.

Hardware database

Secure Notes: Hardware

It’s the age of technology, and we all have a wonderful collection of gadgets and gizmos to help us do our jobs and entertain us throughout the day. And each of those gadgets comes with warranty information, user guides and an array of important details. If that information gets stored in my “filing cabinet” (ok, it’s just a box with a bunch of loose papers at this point) it may as well go in the recycling bin. Now 1Password is my go-to database for all my hardware information from cameras and iDevices to game consoles and home appliances. Very neat and tidy.

Where is that thing?

I work with some really smart people. A while back, Mitch shared an awesome idea for Secure Notes. In his blog post, he talks about training 1Password to remember where you’ve stored physical things that are hardest to find when you need them, like a passport or winter gloves. I’m still geeking out over it!

I’m amazed by how powerful custom fields have made the Secure Notes category. I use them so much that I could probably talk to you about them all day. But I’d rather hear from you. Have you used this feature to simplify your life? Please share your story in the comments.

Security header

How 1Password for Teams protects your secrets

Since this is my first AgileBits byline, allow me to introduce myself. Last month, I joined the awesome security team here at AgileBits. I’m super excited to work with Jeffrey Goldberg, our Chief Defender Against the Dark Arts, and Jessy Irwin, our resident Security Evangelist. I aim to review product security and keep bad things from happening to good people. In addition, I write readable things: I’ve got a number of blog posts on deck that I look forward to sharing with you fine folks.

With pleasantries exchanged, let’s talk about 1Password for Teams, and about how your privacy and the security of your data are of the utmost importance to us. We are able to offer the great new features of 1Password for Teams by providing it as a service. If you are using 1Password but don’t have a 1Password for Teams account, your existing vaults remain unchanged, whether you sync them using Wi-FI, Dropbox or iCloud. While we have made some significant changes to how your data is stored in 1Password for Teams, our commitment to security and privacy has not changed.

How 1Password for Teams keeps your data safe

When we set out to build 1Password for Teams, our first concern was that our cryptography and security be absolutely top notch. I mention them both because they work hand in hand to keep your data secure. We opted for security that is enforced by cryptography instead of software or personnel policy.

Cryptography is what makes your data completely worthless to hackers. It is our cryptography that ensures that even if someone were to hack into our servers they would be able to access nothing more than a bunch of random numbers.

Security is what ensures that there are no back doors or vulnerabilities in the code. Security has to do with the assurance that certain policies are enforced by the operating system. Specifically, that there are no workarounds or back doors into our servers.

Private by Design

We take the “privacy by design” approach because we believe that we can best protect your secrets by not knowing them. It is impossible to lose, use or abuse data one doesn’t possess. Therefore, we designed systems that reduce the amount of sensitive user data we can access or acquire.

Triple-Layer Cake

1Password for Teams stores your encrypted data on our servers, but neither your Master Password nor your Account key is ever sent to our servers over any network. This means that we do not actually have the ability to decrypt your data. That is because decrypting your data requires all three of the following:

If you use 1Password, you are already very familiar with the Master Password and its role in protecting your data. Let’s talk about the other two pieces of the puzzle: the Account Key and the Secure Remote Password.

The purpose of the Account Key is to protect your data from being decrypted by someone who might access or compromise our servers. It ensures that a password-guessing attack against your data is useless: even if an attacker were to correctly guess the Master Password, the vault would not unlock.

The Secure Remote Password (SRP) is a way for both the client and the server to authenticate each other without either revealing any secrets. The SRP encrypts all traffic over the network and verifies the authenticity of the remote server before sending your information over TLS/SSL.

In Math We Trust

These three pieces of information work together to symbiotically protect your data. The Account Key strengthens your Master Password exponentially. And since it never gets sent over the network, it can’t be reset, intercepted, or evaded. In fact, I would be happy to print out a 2D barcode of all of the information in my 1Password for Teams personal vault and tape it to my front door. And if you knew me, you would know that this is a very big deal.

Still have questions? You can read all of the details of how we secure your data and why we made the decisions we did by reading our White Paper (PDF). Please also leave us a comment below or join the conversation in our discussion forums. We love hearing from you!

1Password for iOS header

1Password 6.1 for iOS: The Unity Edition

It’s been an incredibly exciting week for us. We finally shared a secret project that we’ve been working on for ages! But that’s not all we’ve been doing. Our developers have been burning the candle at both ends to ensure that the 1Password apps you know and love continue to be awesome and powerful.

Today we’ve got a great update to 1Password for iOS for you. Version 6.1 not only integrates Teams features into the app, but adds a handy All Vaults view and all sorts of polish.

You get a Team, and you get a Team…
Everyone gets a Team!

1Password for Teams in iOS: Add a new account

1Password 6.1 for iOS is our first official release with support for 1Password for Teams. Once you’ve signed up and created your team on the 1Password for Teams website, you’ll be able to pop over to the Settings tab in 1Password for iOS and add your team right to the app by using the handy QR code found on your team’s Get the Apps page.

Any vaults you add to your team will show up automatically on your iOS device (and will get added to the awesome new All Vaults view – more on that later!) Best of all, you can still use the same one password you’ve been using all along to unlock 1Password for iOS – no muss, no fuss.

As an added bonus, activating your 1Password for Teams account unlocks the Pro Features in 1Password, just for you!

Unify your life with All Vaults

1Password 6.1 for iOS: All Vaults

You already know how easy it is to share you items by using multiple vaults. 1Password for Teams makes it even easier, which for us has resulted in a number of additional vaults. While this feature is fantastic for organizing our items, it does present a challenge: Where did I save that one item? Hopping around between vaults isn’t the most fun we could be having, so we decided to do something about it: we built an All Vaults view.

The shiny new All Vaults view enables you to see all of your items, no matter which vault they’re stored in. But wait!, you say. I don’t want to see all my vaults at once!, you say. No worries, we’ve got you covered. The Settings screen now has a vault selector to let you easily choose which vaults should be included in the All Vaults view. Careful now, toggling those switches is pretty addictive! =)

Bessere Leistung! (Better performance)

Not only have we improved our translations, but we’ve also sent 1Password to the gym to handle those bigger vaults with grace and ease. There are a lot of other great refinements, as well; see our release notes for the full details.

1Password 6.1 for iOS is available now as a free update for all existing owners. Head to the Updates tab of the App Store to update to the latest version now! Got feedback? We’d love to hear from you. Add a comment here, check out our discussion forums, or visit us on Twitter or Facebook.

1Password for Teams: Getting Started (Admin)

Starting your admin adventure with 1Password for Teams

Whew! Tuesday was an exciting day for the AgileBits family. In case you missed our big announcement, we’ve been working on a great new solution that makes it super simple to share secrets securely with your team. (Say that three times fast!)

We hope you’ve already signed up to reserve your team name. We’re letting people into the beta just as fast as we can. If you’ve already gotten your golden ticket, you’re probably pretty excited to get 1Password for Teams set up. So many new and exciting things to play with, but where to start? Let’s start at the very beginning. A very good place to start.

After you’ve signed in to your 1Password for Teams account, your adventure begins on the Home page. This is where you will find the vaults you can access. Initially, you will see Your Vault and the Everyone Vault on this page. Let’s get things rolling by creating a new vault for your team.

Anything that has to do with managing your 1Password for Teams account is done in the Admin Console. Head over there by clicking the Team menu in the top right corner and selecting the Admin Console menu option.

1Password for Teams Home: Admin Console menu option

Go ahead, seize the day and create a new vault now: while in the Admin Console, click the Vaults tab. On the Vaults page, click the + button to create a new vault. There’s no limit to the number of vaults you can create, and vaults can be shared with some or all of your teammates.

1Password for Teams Admin Console: Vaults

Every excellent adventure needs a crew, so click the Invitations tab in the Admin Console to invite your team members aboard. Send out email invitations to everyone, or use the special link that 1Password for Teams generates for you.

To add a teammate to a vault, two things need to happen: they must accept the invitation you sent them, and you must approve them. Once a user has accepted their invite, you can return to the Admin Console and confirm their membership.

1Password for Teams Admin Console: Invitations

Now you’ve got your vaults and your team. You’re almost ready to take off. All you need to do is decide who gets access to which vault. On the Vaults page, select the vault you want to share and click on Manage Access. Simply select the people you would like to add to this vault and it will show up immediately on their Home page.

1Password for Teams Admin Console: Manage vault access

I hope you’ve enjoyed the guided tour so far. Continue the adventure on your own by reading the Getting Started guide for admins, and stay tuned for more posts.

If there is something in this flow that could be improved to work better for you, please let us know in the forums. These beta days are the best days to get in your bug reports and suggestions for improvement. Thanks so much for trying out 1Password for Teams Beta!

1Password for Teams beta announcement header

Introducing 1Password for Teams

Today I am happy to announce 1Password for Teams, an exciting new way to use 1Password within a team environment!
Read more