1Password for Mac update featured image

1Password 6.1 for Mac: The Mini Delights Edition

From time to time, something most people overlook makes me really happy: pulling a perfect loaf of bread out of the oven, going for a run on a beautiful day, or writing a fantastic line of code. And sometimes, those small things happen close together and combine into something truly delightful. That’s what 1Password 6.1 is all about: little things that come together to make one great update.

Find the right Login

If you’re anything like me, you not only have a lot of Logins, you have many for the same site. We’ve made it easier to tell which Login is which when you’re using 1Password mini by displaying the Login’s username next to the title when you have duplicate titles.

mini-duplicate-title

1Password mini is also smarter when searching for words that contain accents or other diacritics. While watching the Oscars the other night, I was a little disappointed that The Revenant didn’t win Best Picture. I could at least send the director a consolation prize like a 1Password t-shirt or something (a more exclusive club, after all). I never remember how to exactly spell his last name though, I just remember that it starts with “Ina” with accents somewhere. 1Password makes it easy now, I can search without the accents and it’ll find it just fine.

mini-accents

Teams & Families

One of my favorite parts of 1Password for Teams is that Documents became first-class items. You can see a list of all Documents, and you can link as many items as you want to the same Document. In 1Password 6.1, Documents have become even better, as you can now add Notes and even custom fields, just like with other items. Want to store a password field to go along with that file? Go right ahead.

document-fields

Sync

Syncing your data across all of your devices is one of the greatest conveniences 1Password offers. As part of 1Password 6.1, we’ve rebuilt how syncing is scheduled at the core level. This means that sync now takes fewer resources, so that 1Password mini can be more responsive to the things you want to do.

We’ve also improved iCloud Sync in the AgileBits Store version of 1Password. It’s important to us that the iCloud experience in both versions our app is as good as we can make it.

Licensing

Setting up a new Mac is super exciting! That new Mac smell. swoon Then reality hits: all of those apps that you’re installing, they’re going to want licenses. Licenses that you’ll have to manually enter or drag and drop or double-click or whatever. We thought it would be amazing if we could make it a little bit easier for you to register 1Password for Mac, so 1Password 6.1 will recognize the license you previously saved in a Software License item. It will automatically register itself, without you needing to lift a finger.

1Password 6.1 for Mac: automatic licensing

Better Startup

In my last blog post, I mentioned steps we were going to take to improve the startup process of the 1Password app. 1Password is now a little smarter during startup, and it will do more to communicate with you about what’s going on. If something goes wrong, we’ve added ways for it to detect the problem and tell you about it.

And much more!

These are just a few of the changes we’ve been working on. 1Password 6.1 is available today for all users of the AgileBits Store version of the app, and has been submitted to the Mac App Store for review.

If you want to know all the details about this release, read the full release notes.

App Spotlight: Evernote featured image

App Spotlight: 1Password + Evernote = ❤

Evernote is a big part of my daily workflow. I use it every day and for almost everything: from taking notes while on a call to recording the steps I took to reproduce a bug I am tracking. Just like 1Password, Evernote has its spot on my iPhone home screen. I use it all the time and it lets me be 100% paper-free.

As a developer, I restore my iPhone more than the average user, so 1Password integration has become a deciding factor when adding new apps to my workflow. Now that I can log in to Evernote for iOS using the 1Password Extension, restoring my devices will be so much easier!

App Spotlight: Evernote - Sign In

If you don’t have an Evernote account yet, creating one is easier than ever now that the registration page supports 1Password. 1Password can generate a strong, unique password for you and save it automatically. Best of all, by using Password Recipes, 1Password can ensure the generated password meets Evernote’s password requirements.

Password Recipes

Sometimes, I go to a website and try to create an account, but they don’t accept my password. They have particular rules to follow, things like maximum length, disallowing specific symbols, etc. When they don’t tell me those rules up front, I have to keep trying passwords until I find one that works.

To make sure this doesn’t happen to you when creating your Evernote account, the Evernote team is making use of an awesome 1Password feature called Password Recipes. When asked to generate a new password, Evernote passes 1Password the details of what they need and 1Password makes sure the generated password matches the requirements. Perfect passwords, every time! No muss, no fuss, no frustration. I’m so happy that Evernote has implemented this feature, making sign-up even more simple for all of their customers.

Two-step verification

Right before I published this post, I found out that Evernote has implemented our extension’s TOTP feature, and I’m so excited to tell you about it!

In this day and age, it’s important to keep my accounts as secure as possible, so I was really happy when Evernote announced that two-step verification is available to all Evernote users. I enabled it immediately. Until now, I’ve had to switch back to 1Password to copy my one-time password and quickly switch back to Evernote to paste it before it expires! It’s very stressful. Now that Evernote supports the time-based one-time password (TOTP) feature of the 1Password extension, I don’t have to worry about it anymore. This is probably my favourite thing. Thanks, Evernote!

Just check out how great this is. After filling my email address and password, 1Password automatically enters the one-time password. So easy!

App Spotlight: Evernote - TOTP

Easy as pie

When Mike Greiner told me that he added the 1Password integration to Evernote I was jumping all over the place. Since developing the app extension is what I do here at AgileBits, I wanted to hear how the implementation went.

Here’s what Chuck Pletcher (Evernote iOS Product Manager) said about the experience:

AgileBits gave us a simple, well-documented API to add this powerful feature. The developer who worked on this project, Mike Greiner, budgeted about half a week for this project, but he had it completed before lunch the first day. It took longer to make a demo video than it took to build the integration.

I’m excited to be able to add Evernote to the list of Apps that love 1Password. We’re so happy to tell you that you can upgrade Evernote today to experience the 1Password integration. If you haven’t checked it out yet, today is the best day to start! 😉

Visit the Evernote website to download Evernote today.

We couldn’t make 1Password the awesome app that it is today without feedback from users like you. The same is true for every app out there: developers can make better apps if they know what users want. After experiencing 1Password support in Evernote, you’ll want it in all your favourite apps. Reach out to the developers and send them to our Developer Outreach page, so they can discover for themselves just how quickly and easily they can add 1Password support to their apps.

1Password Families featured images

Introducing 1Password for Families

I have some exciting news to share with you about families.

Last month I wrote about how I use 1Password for Teams with my family and the response was amazing. Many of you were excited to sign up your family and asked if we’d have special pricing available.

Families are near and dear to our hearts, so we wanted to find a way to make 1Password affordable and accessible for all families everywhere.

Today, I’m happy to announce that we succeeded! We’ve created a special plan with an amazing price just for families, and we went even further by making it easier than ever for families to use 1Password.

Protect your family for $5 a month

family-5-5

1Password for Families builds on our new Teams infrastructure to give you everything you need to protect your loved ones. And it’s only $5 a month for your family of 5.

It’s never been easier to share 1Password with your whole family. There’s no sync service to set up, vaults appear automatically, and there’s an Admin Console where you can invite people and manage sharing with your family.

Every family member gets their own copy of 1Password, and their own personal space to store private information. With this, you can give them the tools they need to stay safe without taking away their independence.

Best of all, 1Password for Families comes with all the 1Password apps at no extra charge. You can easily switch between Mac, iOS, and Android without worrying about licenses (Windows coming soon).

And guess what? You even get the first month free, so sign up now:

Sign up your family now

A Special Launch Special!

1Password for Families is a subscription service and costs $5 a month for up to 5 family members. We like to call it our $5 for 5 plan :)

We know lots of you are already using 1Password today, so we want to make it easy for you to get started. We have a special deal for you if you sign up before Spring springs.

If you create an account before March 21st April 14th, you will get the following early-adopter perks:

  • $10 added to your account (an extra 2 months free)
  • Twice the amount of secure storage for your documents (that’s 2 GB)
  • The ability to invite two more family members for free (a total of 7 family members!)

Sign up before Spring springs!

Best of all, these last two perks are permanent additions to your account. And hurry, because the Spring equinox will be here before you know it!

app

Why 1Password for Families?

Why should you sign up for 1Password for Families when you already have 1Password? The biggest reason is that it makes life so much easier.

Here are a few of the great things 1Password for Families can do:

  • It would be great if I didn’t have to purchase and manage licenses for everyone in my family.
  • When I change the Netflix password, it would be awesome if everyone in my family got it automatically in a secure fashion.
  • A simpler setup would help my uncle use 1Password as he’s not very technical and has trouble setting up sync.

1Password for Families makes all these things easy. I simply send my family an email to invite them. Sync is built in and just works. And my whole family can use 1Password on a single subscription.

And it’s not just about making life simpler. With Families, I can worry less. As a husband and father of two, here are some of the things I used to lose sleep over:

  • What if I share passwords with my family and they delete them by accident?
  • What if I set up my 7-year-old son on 1Password and he forgets his Master Password?
  • If something happens to me, how do I make sure Sara and my family have access to what they need?
  • My parents are getting older and I’m the executor of their estate. Will I have access to their accounts when the time comes?

Now I can start getting on top of these worries before they become real. 1Password for Families allows me to reset accounts, securely share items and documents, and delegate access to the people who need it.

For more details and to sign up your family, jump on over to our brand new Family page:

Sign up your family now

I hope your family loves 1Password for Families as much as mine. If you have any questions, please email us at families@1password.com or leave a comment below.

dave

 

Cheers!

Dave Teare – Founder of AgileBits

First Impressions header

Nexus 6P, meet 1Password 6

Last month I talked about how I’m using 1Password for Teams to keep my family organized and safe online. And earlier this week, Nik announced 1Password 6 for Android.

Today I thought it would be fun to talk about a combination of both and show you how I’m integrating the newest member of the Teare Family team: my new Nexus 6P :)

My New Nexus 6P

One of the best things about my job is that I get to test all the new devices from Apple, Microsoft, and Google. I need to be able to test 1Password on every platform, and of course, I require the latest devices for my testing. Well, that’s the reason I give Sara when I submit my expense reports anyway :)

When 1Password 6 for Android entered beta testing, I knew that I needed a new Android device. After a quick review I decided on the Nexus 6P in the Frost colour and placed my order. It arrived just a few days before we set sail for our 7th annual AgileBits conference, so I needed to get it set up quickly.

Setting up my new phone

The most important thing I need on every new device is my passwords. Of course I have 1Password for that, so my first order of business was to install 1Password from the Google Play Store.

I wanted to be on the beta team so I first needed to sign up to the beta program. If you enjoy being on the bleeding edge as much as I do, be sure to join our 1Password beta before jumping over to Google Play.

Install 1Password 6 for Android from Google Play

With 1Password installed, normally I would simply enter my Master Password to get started; but many of my passwords are shared with other people, so I keep them organized separately using multiple vaults.

Historically, adding all these vaults was a bit of a pain as I needed to manually add each one individually every time I got a new device. I have over 10 vaults, so I’d often be lazy and only add my primary vault. Then Murphy’s Law would get me and I’d invariably need access to one of the passwords in one of the other vaults.

Now that I’m using 1Password for Teams, however, it’s super easy to add all my vaults. All I have to do is add my AgileBits and Teare Family teams and 1Password instantly adds all the vaults I have access to.

Adding Team Accounts

To add my teams, I first need to go to the Settings screen and tap on 1Password for Teams. From there I simply tap Add Account.

Now I could manually enter my team domain, email address, Account Key, and Master Password, but I prefer to select Scan QR Code and take a picture of my Get the Apps page instead.

Adding a team using the QR code scanner in 1Password 6 for Android

1Password finds the QR Code and prepopulates most of the account information (note that the QR Code above contains my Account Key which should not be shared; I was careful and used a sample test account in the screenshot). All I need to do is enter my Master Password and my team account will be added.

Add team in 1Password 6 for Android

Once the team account is added, 1Password will automatically download all the vaults that I have access to. I only needed to add my Teare Family and AgileBits teams and 1Password did the rest.

The best part is how blazingly fast this is. I went from nothing to almost twenty vaults containing 2400 items in just a few seconds. Here’s what my Vault Switcher looks like after adding my teams:

The Vault Switcher in 1Password 6 for Android

Once I had all my passwords on my new phone, I could start installing my other apps. I started with Kindle, Audible, Slack, MindBody, and Twitter. So far I have resisted the games as we have a lot of 1Password updates we need to finish first :)

1Password 6 Highlights

Now that I have my new Nexus 6P all set up, I thought I’d share a few screenshots of my favorite new features in 1Password 6.

First and foremost, I love the new material design. Here’s how my Category list looks for my Personal vault:

Categories view in 1Password 6 for Android

And here’s a look at how great the item details screen looks:

Item details view in 1Password 6 for Android

As much as I love the new design, I simply adore Fingerprint Unlock. Being able to unlock using my fingerprint is especially awesome given my new Master Password. When I set up my new teams accounts I used a 34-character Master Password1, so I don’t enjoy typing it often.

Now when I launch 1Password 6, I don’t need to type my Master Password! I just scan my fingerprint and I’m in.

Fingerprint Unlock in 1Password 6 for Android

Given how easy it is to unlock 1Password, I will likely add a few extra characters to my Master Password as I’m a geek and 50 characters sounds pretty cool :)

General Impressions of the Nexus 6P

I have to be up front and start by saying that I’m an iOS guy through and through. While there are a lot of things I love about my Nexus 6P, I expect I’ll be switching back to iOS after WWDC this year when Apple announces iOS 10.

With that disclaimer out of the way, I can honestly say that the Nexus 6P is the best Android device I have ever used. It feels good to hold, the Nexus Imprint scanner is accurate and super fast, and the reversible USB charger fixed my biggest complaint about my old Nexus.

As for Android itself, it has improved a lot over the last two years. Marshmallow feels polished and very fast. The Photos app is wonderful and I especially love how I can purchase books directly within Kindle and Audible.

My biennial switch to Android has been a great experience so far. And I’m incredibly proud of what our Android team has delivered in 1Password 6.

If you love 1Password 6 as much as I do, please leave a review. We’re sitting at 4.3 stars at the moment and now that we have these incredible new features I hope you’ll help us get to a solid 5 stars :)

1Password for Android update featured image

1Password 6 for Android: It’s time

Android family, today’s all about you! 1Password 6 for Android is here, and it’s available for immediate (and FREE) download from Google Play. Wait, come back! I have more to tell you. I’m so excited about the features in version 6, you’ve got to let me talk about some of them. =)

Material Design

An application’s interface—the way you interact with it—is one of the most important things. In 1Password 6, we’ve given our app a face lift. But Material Design means so much more than that. Material Design is the name of what Google describes as a “visual language” for application designers and developers. It’s not just about fonts and colours, it’s about various visual elements that help provide a more consistent experience for you.

You’ll find cleaner and more spacious layouts, a navigation drawer, toolbars, and umpteen other things, all focused on a simpler, clearer, more convenient user experience.

If your phone or tablet has access to the Google Play Store and is running Android OS 4.1 or newer, you’ve got everything you need to install 1Password 6.

Fingerprint Unlock

1Password 6 can be unlocked with your fingerprint, using the sensor on your phone! One of my friends recently got a Google Nexus 5X, which has a neat little circle on the back of the phone that reads her fingerprint. It’s so subtle, because it looks like she’s just picking up her phone in a natural way. It’s really cool to see how this natural motion quickly and securely unlocks 1Password.

Fingerprint Unlock works on devices that support this new Google technology and are running Android OS 6.0 Marshmallow.

1Password for Teams

Whether you are a team of 1 or 100, a family of 2 or 12, if you have information that you want to selectively share with others, 1Password for Teams is the safest and simplest way to do it.

If you’ve already set up your team, you’ll be happy to hear that 1Password 6 enables you to easily add your 1Password for Teams account using the built-in QR code reader. 1Password for Teams support is in beta, but we didn’t want to keep you waiting for this oft-requested feature!

If you’re new to 1Password for Teams, please join the public beta and create your team at teams.1password.com. You’ll need a phone or tablet running Android OS 5.0 or newer to access your Teams account in 1Password 6.

You mentioned that it’s time?

I did, didn’t I? Thanks for reminding me. =) It’s time for a bit of chest pounding. Time to dig deep and step up our game. It’s time for 1Password to exceed your expectations. We propose to do that with frequent-er updates and finely applied layers of polish on features that you already use and love.

Now that the new features have had their time in the spotlight, let’s talk about some significant fixes and improvements that are in version 6.0:

  • Fingerprint Unlock isn’t just for the main app—it also works on 1Password Keyboard!
  • Wi-Fi Sync is greatly improved, from the internal (database optimization) to the external (the notifications 1Password shows you).
  • There’s a toolbar everywhere now. Consistency means not having bits ‘n’ bobs poof in and out of view.
  • Icons for categories and settings have been refreshed.
  • There’s a floating button. I mean, it has a purpose: you can use it to add new items. But I think the more important thing here is that it’s a button that floats, like a magical blue orb.

For the full details on what’s new and wonderful in 1Password 6, be sure to check out the complete release notes.

Wait, version 6?

We’ve been focusing a lot on your 1Password experience. We want it to be delightful. Wherever possible, we want to simplify and clarify. So let’s talk for just a moment about the version number.

If you’ve been with us a while, you’ll note that we’ve skipped ahead a little bit. One small way of simplifying things is to use the same version number everywhere. Therefore, 1Password for Android is now version 6, aligning it with Mac and iOS (c’mon, Windows, we’re all cheering for you!).

1Password 6 for Android is a free download for everyone. It offers a one-time, in-app purchase to unlock its Premium features. If you’ve previously unlocked the Premium features, the version 6 upgrade is absolutely free. Thank you for your support!

We’d love to hear what you think about the new version, and invite you to join us in our discussion forums or leave a comment below. We’re also on Twitter and Facebook, if you prefer to chat with us there.

Oh, one more thing. If you’re the adventurous sort and want to jump on the beta train, we’d love to welcome you to our beta family! Simply sign up for the 1Password beta for Android newsletter to get started.

Thanks for choosing 1Password!

Security header

How 1Password calculates password strength

Password strength is a big deal. It is in fact one of the biggest deals. That’s why the Security Audit feature in 1Password pinpoints your weak passwords, so that you can go through and change them at your earliest convenience. But how does the strength meter actually calculate the strength of your password? What makes a password strong or weak? A recent conversation with a user inspired me to write down my thoughts on the subject. If you are going to trust 1Password to generate strong passwords for you, you should know how the strength meter works.

About Those Meters…

For a password strength meter to actually be accurate, it needs to know the system that was used to generate the password. When you generate a password using 1Password, we know that this newly generated password has been generated in a truly random fashion and can accurately calculate the password’s strength. However, when 1Password is evaluating the strength of a password that you have typed in manually, including a password which was generated in a truly random fashion on another device, the strength meter cannot know whether it is looking at a password that was created through a truly random process or created by a human.

Password strength: perfectly good

If our password strength meter sees something like “my dog has a bunch of fleas” or something like “gnat vicuna craving inclose”, it can’t tell that the first was probably made up by a human and that the second may have been generated by something smarter, like our password generator.

Password strength: not so good

Because it doesn’t know how the password was generated, it errs on the side of caution. The strength meter will mark “gnat vicuna craving inclose” (a perfectly good password) the same as it will mark “my dog has a bunch of fleas” (not a good password at all). Both have the same number of letters (27) and both contain only lowercase letters. It’s up to you to know where the password originated. Did it come from our random password generator, or is it something a person made up?

Randomness and Selection Bias

When we speak of “randomness”, we are referring to mechanisms which have been tested and determined to be truly random and not dependent on events which may be repeatable or subject to outside observation. The toss of a fair coin or die is a source of “random input”. The radioactive decay of a substance can be used as “random input”. Our own limited vocabularies and choices of words are not “random input”.

When creating unique, strong, random passwords, what is required is a Cryptographically Secure Pseudorandom Number Generator (CSPRNG) to ensure that no one value or sequence of values will be preferred over all other values. The values from the CSPRNG may then be used to select from some alphabet or word list to create unique, strong, random passwords having the appropriate construction and length.

Selection Bias refers to preferences for specific values over others, whether by using an unfair coin, a loaded die, or a random number generator which does not produce a uniform and unbiased set of values. Inappropriate math performed on valid CSPRNG produced numbers may also lead to biases for certain values in favor of others. A common error is the use of modulo (remaindering) arithmetic which results in smaller values being used preferentially over larger values — there are more instances of values between 0 and 5535 (66 for each value) than between 5536 and 9999 (only 65 for each value) when using modulo-10000 on an unsigned 16-bit CSPRNG generated number.

Password strength: happy synonyms

For human-generated passwords, common causes of selection bias include the use of a small and limited vocabulary (list all of the synonyms for “happy” you don’t use on a regular basis) and reuse of words (“cool”, “okay”) and avoidance of others (“groovy”, “hip”).

Pre-generated word lists avoid this type of selection bias by randomly selecting words which are common enough that the user should be able to spell the word from memory without being biased by personal preferences or regional differences in word choices.

Password Construction and Strength

The format of a password — the rules which are used to select characters or words — influences the strength of a password, but does not limit its possible strength, except to the extent that length limitations may be imposed on the result.

As an extreme example, consider a password that consists only of the letters “H” and “T”, and that you generate by repeatedly flipping a fair coin. If you make this password long enough it can have any strength desired — you only need to keep flipping a fair coin. But “long enough” in this case is actually unreasonably long. If you want a password that is as strong as a 10-character, mixed-case letter and digit password generated by our Strong Password Generator, your “H” and “T” password would have to be 60 characters long!

Memorizable Passwords

Shorter passwords from truly random sources can be stronger than longer passwords from biased sources even if they draw from the same character sets. For example, an 8-character, mixed-case letter and digit password produced by our generator is going to be a much better password than the longer (10-character) “Abcde12345” password that a human might come up with. There is reason to believe that the more “strength requirements” (use a digit, use mixed case, add a special character, etc.) we impose on people, the worse the passwords that they create may get. Part of this has to do with alphabet reduction: users may choose to limit mixed alphanumeric passwords to more alpha and less numeric, or more lowercase and less uppercase.

There is reason to believe that the more “strength requirements” we impose on people, the worse the passwords that they create may get.

For example, the rule “at least 8 characters, 1 uppercase letter and 1 digit” will produce approximately 80 billion (109) passwords (6 lowercase, 1 upper case, 1 digit: (26 * 26 * 26 * 26 * 26 * 26) * 26 * 10, or about 36 bits) if the uppercase letter appears first, followed immediately by a digit. But again, that assumes that the password was created by something that had a good random number generator and knew how to use it, and that the password isn’t simply a capitalized 8-character word with a single vowel replaced by a digit, such as “B3musing” (possibly as few as 14 bits). If the uppercase character and digit are allowed to be in any of the 8 possible positions, that increases the number to approximately 4,500 billion possible passwords (or about 42 bits).

This is a classic example of alphabet reduction where the complete rule should have been expressed as “at least 8 characters, 1 uppercase, 1 lowercase, 1 digit, and the remaining 5 chosen completely at random from the set of uppercase and lowercase letters, and digits”. When this revised rule is used, and a CSPRNG is used to select the characters, the number of possible passwords increases to ((62 * 62 * 62 * 62 * 62) * 26 * 26 * 10 * (8 * 7 * 6)), a total of about 2 million billion possible passwords (or about 50 bits). Each additional alphanumeric character, chosen completely at random by a CSPRNG, adds about 5.9 bits of additional strength.

Truly random length-limited passwords are hard for human beings to generate and memorize because people tend to choose less randomness in favor of greater memorizability. Using 1Password to generate and store passwords ensures that strong, unique, random passwords can be used without worrying about forgetting them.

Memorizable Passphrases

Choosing multiple words from a suitably large dictionary of words may result in stronger passwords even if all of the words appear in dictionaries, are spelled with lowercase letters, and no punctuation is used. Assuming a dictionary size of 20,000 common words (about 14.3 bits per word), chosen entirely at random, all of which are lowercase, the number of possible 4-word passwords increases to 160 million billion (about 57 bits.)

Studies of our ability to easily remember information have shown that we have limits to our ability to memorize seemingly random information, unless we have a useful mnemonic device or the information is grouped in a particular manner. This is why telephone numbers and postal codes tend to be grouped as they are, and why mnemonic devices are popular, such as “My Very Educated Mother Just Served Us Nine Pizzas”.

XKCD

XKCD comic 936 is a perfect example of how easy it may be to memorize the random four-word password “correct horse battery staple”. As our Chief Defender Against the Dark Arts Jeffrey Goldberg will tell you, you may even add your own rules to that password to make it easier to memorize — “Correct! Horse: Battery staple.” Now you have a nice story to help you memorize a strong, random, unique password.

What It Means to You

Our strength meter (along with every other strength meter ever designed) has to guess how the password it is evaluating was created, unless you are actively generating the password in 1Password at that very moment. This means that you may see a big mismatch between “actual” and reported strength for our generated passwords.

The good news is that our password generator does a really good job of generating truly random passwords, so when you generate a secure, random, and unique password with 1Password, you know that it was generated just for you, right there on your device and it is as strong as can be for the length and rules you requested. So, let’s hear it for “paddle shrill sonorant palazzi ravioli” and “8dUaYolTJu82DDG9” — so happy to meet you, secure, random, and unique passwords that you are!

Additional Reading

For a more comprehensive discussion of generated password strength, please read the Geek Edition of our guide to creating better master passwords.

You’ll also find an article in our knowledge base that discusses password strength meters, chicken entrails, and assorted feats of strength.

Security header

More Watchtower, still no watching

1Password WatchtowerThere are some great new features in the 1Password for iOS 6.2 update that hit the App Store last week. One of them is that we’ve added Watchtower (a feature that has been available on Mac and Windows for some time now) to 1Password for iOS.

Watchtower warns you if a site or service has been compromised in a way that would make it a good idea for you to change your password for that site. Watchtower in 1Password looks at the most recent time a password change was recommended for a site and it looks at the time that your password for an item was last modified. If, like Molly (one of my dogs), you haven’t updated your Adobe password since the 2014 breach, you might see something like this:

Watchtower warning in 1Password on iPhone

Molly hasn’t changed her Adobe password since the breach a couple of years back

Preserving your privacy

I want to talk about a far less visible feature of Watchtower: We’ve added Watchtower support in a way that still preserves your privacy. We don’t want to know what sites and services you have in your 1Password vaults, so when 1Password checks to see if one of your Logins is listed in Watchtower, it does not make a query to our servers asking about it.

Enable Watchtower in iOS

Turning on Watchtower in iOS. “Your website information is never transmitted to the 1Password Watchtower service.”

Querying Watchtower without querying you

Our Watchtower people are continually watching reports of site breaches and updating our database of such sites regularly. This is how 1Password knows that a password change is recommended for some site.

The “obvious” way for 1Password on your computer (and now iOS device) to alert you, would be to go through your 1Password items and ask our database on some server about the status of those items. The problem with this “obvious” way of doing things is that it means that any server your copy of 1Password queries would then be able to know your IP address and what sites you have in your 1Password data.

If 1Password on some device were to ask our server, “Do you have Watchtower information about ISecretlyHateStarWars.org?” then our server will know that someone at your Internet address may have a very nasty secret. You certainly wouldn’t like us to know such things about you, and we don’t want to know such things either.

The road less travelled

So we don’t do things the obvious way. Instead, we send the same stripped down version of our Watchtower database to everyone who turns on the feature. You have a local copy of the Watchtower data on your device, and 1Password just checks against that copy of the local data. All we can know (if we chose to log such information) is which IP addresses have enabled Watchtower. We are never in a position to know what sites you have in your 1Password data.

Baked-in privacy

It may take a bit of extra work from us to design Watchtower in a way that preserves your privacy, but we think it is worth it.

Your privacy must be protected by more than mere policy (a set of rules we make on how we behave with respect to data about you); instead, we aim to bake privacy protection into the very structure of what we build. We design 1Password in a way that would make it hard for us to violate your privacy.

You can read more about this approach to privacy in our support article, Private by Design.

Get Productive Sale header

Getting Productive

Update: The Get Productive Sale ended on January 30th, 2016.

Hello Everyone!

2016 iconHave you gotten 2016 off to a good start? I hope so! Getting organized is often at the top of the list of resolutions, and 1Password can help get you there!

As you may have seen in our most recent newsletter, we’ve been busy working away on our latest updates for 1Password for Mac and 1Password for iOS. Dave and I also spent some time going over 1Password for Teams, and how it could be used for our Family. You can read more about that in his blog post.

Our newsletters have lots of great things, including a look into what we are working on next. We hear from customers all the time that our newsletter is something special. I just know you’ll love it, and I encourage you to sign up today.

Get Productive sale title

Almost as nice as getting productive and being organized is finding out that what you’ve been looking for is on sale! We’ve placed 1Password for Mac and 1Password for Windows on sale for 50% off their regular price! This is a limited time offer, so act fast:)

We love hearing from all of you. Did you know that you can follow us on Twitter and Facebook to keep up with all the latest information? We like to run the occasional contest for 1Password swag, so following along is a great way to join in the fun. We’ve also got Instagram if you want to get a closer look at things happening around our office.

394 labyrinth

And remember, if you ever feel like you are stuck in a Labyrinth, turn to page 394 and see our discussion forums. Our team is always ready to turn on the light!

1Password for Mac update featured image

Trouble with Mac App Store updates? We can help.

Last week we released 1Password version 6 for Mac on both our website and in the Mac App Store. Major version updates are always a little scary for us, but we were hopeful because our last update went so smoothly for our customers. This time? Not so much. A small percentage of our users are experiencing issues after updating 1Password via the Mac App Store.

Some of you dutifully updated and discovered that 1Password would not respond upon launching, eventually telling you that it failed to connect to 1Password mini. This is obviously no good. We know how important 1Password is to you, and we must do whatever is in our power to make sure this kind of thing doesn’t happen.

If you were affected by this, I’m really sorry.

Rebooting Helps… Even on OS X

The good news is that the fix is super easy: A reboot will likely resolve the issue. If it doesn’t, please email us at support@agilebits.com so that we can help you get up and running again as quickly as possible.

mban4505_hi_1024

We don’t know why this just started happening in this release. We’ve had many updates over the last few years and this is the first time that we’ve seen this happen like this.

You may be wondering why rebooting helps. Historically OS X hasn’t been known for needing reboots to solve issues, so this advice may sound peculiar. Read on to learn why.

A Tale of Two Apps

Let’s go over what we think is going on with this update and why we believe the update has gone as poorly as it has, and what we’re going to try to do about it.

1Password for Mac consists of two apps, bundled together as one: 1Password (what we like to call the Main app) and 1Password mini, which lives in your menu bar. The Main app does very little on its own; it’s dependent on 1Password mini for everything, which is why it’s critical for the main app to be able to connect to mini on launch. The vast majority of users opt to have mini always running in the background, which is the recommended approach.

Unfortunately, the mechanism that 1Password uses to talk to 1Password mini isn’t quite perfect. Both apps are bundled together, and you would think that we could have 1Password tell the system that it’d like to communicate with the version of 1Password mini that’s bundled within itself. Instead, 1Password can only say, “I’d like to communicate with the app whose unique identifier is onepassword-helper.” The operating system will then find 1Password mini (whose unique identifier looks like onepassword-helper), and if it’s not launched already, the system will launch it. This works nicely almost all of the time.

It’s…Complicated

Often times, 1Password mini is running when the Mac App Store is updating 1Password. 1Password mini includes code to detect when it has been trashed, and when that happens it attempts to terminate itself. It understands that either an update is coming and old mini should make way for new mini, or that the user is uninstalling the app—in which case it should get out of their hair. From what I’ve seen so far, it looks like this code was failing. Either the Mac App Store didn’t trash our app first, or we didn’t catch the event as we should, or we didn’t react as we should. What matters is that the old version of 1Password mini was still around.

Having an old mini running isn’t a big problem for you as a user. You’ll still be able to use mini just fine, and keep filling forms in your browser. The problems don’t start to appear until you run the main 1Password app. 1Password will ask the system to communicate with mini and the system will say “here’s a connection to [old] mini”. 1Password will say hello to mini and include a version number. 1Password mini is smart enough to compare the version numbers and refuse to communicate with a newer main app. What it should do in this situation is terminate itself. The operating system should then re-launch the new mini, and the main app should connect to it. It seems that in this case, the operating system continually relaunched the old mini, which put us into a loop.

So then why does rebooting help? Rebooting should cause the operating system to rebuild its list of apps on the system and forget that the old version of 1Password exists. It should then launch the new mini instead of the old and get us out of the loop.

Making It Better

This issue seems to have affected a small percentage of users, but that’s still more than we’re comfortable with. Let’s look at how we’re going to try to make this better in upcoming releases of 1Password for Mac.

Better Trash Detection

We have to do more research and understand why 1Password mini didn’t detect that it was going be upgraded and then terminate itself properly.

Better Communication With the User

As the 1Password main app was in this loop with the wrong mini, users were given no indication of what was going on. We need to do better here. 1Password should explain what’s going on to the user. Even just explaining that it’s attempting to connect to 1Password mini, and showing the countdown to giving up (60 seconds) would give some indication of what’s happening.

Better Detection of Multiple Instances of 1Password mini

In 1Password 5.4.3, we added code to detect multiple installations of 1Password during updates of our AgileBits Store version of 1Password. This greatly reduced the number of issues encountered while upgrading that version of the app. I think it’s time for us to run this kind of detection upon starting the main app, to catch these kinds of issues even before we ask the operating system to connect us to a mini.

We’re Here to Help

If ever you have trouble updating 1Password to a new version, or have any other kind of problem with the app, please reach out to us. We love hearing from you, and we’re here to help.

1Password for Teams beta announcement header

Update on 1Password for Teams

Whew! I can barely believe that it has only been 3 months since the 1Password for Teams announcement back in November. It feels like it happened last year! ;)

Since then, 1Password for iOS has seen multiple, huge updates, 1Password 6 for Mac was released, and 1Password for Windows entered beta testing. We also have an amazing update for Android that we’ll be sharing with you soon.

While we’ve been busy updating the apps, we’ve also been hard at work on 1Password for Teams. Since the announcement, we’ve had over 30 updates with several awesome improvements and new features.

I thought it would be fun to go through the highlights of what’s new. Let’s jump right in!

Safari and Edge Support for New Teams

When we launched 1Password for Teams, it required Google Chrome or Firefox. Safari support wasn’t available as it didn’t (and still doesn’t) support all the WebCrypto bells and whistles we need (Apple friends: please see Radar 23379153).

Roustem worked hard to find a way to shim up Safari’s WebCrypto support and now newly created teams are able to use Safari!

1Password for Teams: The Teare Family Admin Console in Safari

Teams that signed up before December 3rd are not able to use Safari just yet. We are working on a migration tool for these teams so they can gain Safari support, but it will take time. We hope to include an automatic migration tool for these teams in a future update.

Awesome(er) Vault Mode

The vault viewer has had an incredible number of improvements since we talked last.

For one thing, you can now edit your items! Directly within the web interface! Yeah, it never gets old seeing this. So much so that I begged Dan to make an animated GIF to show it off :)

Editing an item in 1Password for Teams

As cool as that animated image is, it’s even cooler once you look closer: it’s from a Linux machine! That’s right, you can now access and edit your data on Linux.

Those who have Two Factor Authentication-enabled Logins will enjoy knowing that you can view your One-Time Passwords directly in the browser:

One-time passwords in 1Password for Teams

I just love watching the timer go around, turn red, and then start over with a lovely blue. Repeat. Good times! :)

I saved the best for last: You can now view previous versions of your items and restore them!

1Password for Teams: View and restore a previous version of an item

This feature is incredibly handy if you or anyone on your team accidentally make changes that you need to revert.

Get the Apps

The Get the Apps page now includes a link to our new Windows app! It also does a better job of explaining that all the apps are included for free with your 1Password for Teams account.

1Password for Teams: Get the Apps page

Android is coming soon. And by soon, I mean a lot sooner than the last time I said soon. Seriously. It’s really close now but I can’t spill the beans just yet so I’m forced to simply say “soon”. Soon I’ll be able to say something else :)

Groups

The Owners, Administrators, and Recovery groups are now more visible throughout the Admin Console. You can now see which groups a teammate belongs to, and see which groups have access to which vaults.

1Password for Teams: Group membership

Improved Home Page

The home page has had many enhancements, ranging from little tweaks to whole new features. There’s a new Team Overview in the top right, allowing you to see your team at a glance and quickly know if there are any outstanding tasks you need to perform.

We also added an All Vaults card so you can quickly jump to Vault mode with all your items shown. And those with the allowed access control permissions can now click the vault’s Edit icon to manage who can access it, without needing to jump to the full-powered Admin Console view.

1Password for Teams Home page

My favorite part of that screenshot is how the Quests are nestled right below the overview. What are Quests? I’m glad you asked…

Conquer All the Quests for Thy Reward

1Password for Teams has several innovative security features to ensure that your data stays yours and is never seen by anyone unless you give them explicit access.

These features are great, but they are real security features that rely on true cryptography without any backdoors and therefore we cannot help you if you ever forget your Master Password or Account Key. But you and your teammates can help each other by setting up a Recovery Group and ensuring everyone has their Emergency Kit.

We designed a set of Quests to help all users and team owners find these safety nets. The Quests are fun and easy to complete.

1Password for Teams: Quests conquered

Who doesn’t want to be a hero? Be sure to conquer all your quests and then contact us for your reward. I have searched the kingdom and consulted with the high council, and hast found thy perfect reward! I can’t wait to give it to you—er, I mean, I cannot wait to bestow it upon thee, gallant and intrepid adventurer! :)

Newly Designed Setup Screens

We have completely redesigned the setup process for team members and owners. When creating an account we’re now highlighting how the Account Key greatly improves your security and how to store it, as well as many other enhancements. Here’s a glimpse of this new awesomeness:

1Password for Teams setup

All new team members you invite will see this new setup flow, but team owners will need to create a new team to see it firsthand. If you have a family team, now’s a great time to set up a company team. If you’re using 1Password for Teams at your company or work environment, there’s never been a better time to create a family team.

If you’d like more information on setting up your family, you should checkout my previous post on using 1Password for Teams with your family. There I walk through how I setup my Teare Family team, all while keeping my wife happy :)

And much much more!

As the old cliche goes, that’s not all! There were a ton of other changes and improvements that I just don’t have the space to write about.

Here are just a few of the things that jumped out during a quick run through the changelog: users can now change their email addresses, we have fancy progress indicators for longer running tasks, improved notifications for automatic refreshing, invitation emails are now more personal and come directly from team administrators, and several changes to our infrastructure to make it faster and more robust.

It’s been incredibly busy but we’ve been having a blast bringing all these new features to you. Many of these features and enhancements came directly from awesome users like you, so please continue to reach out and let us know what’s on your mind. You can leave a comment below or join us in our 1Password for Teams Discussions Forum.

I hope to talk to you soon! :)