1Password inter-process communication: a discussion

Recently, security researcher Luyi Xing of Indiana University at Bloomington and his co-authors released the details of their research revealing security vulnerabilities in Apple’s Mac OS X and iOS that allow “a malicious app to gain unauthorised access to other apps’ sensitive data such as passwords and tokens for iCloud, Mail app and all web passwords stored by Google Chrome.”  It has since been described in the technology press, including an article in the Register with a somewhat hyperbolic title. I should point out that even in the worst case, the attack described does not get at data you have stored in 1Password.

The fact of the matter is that specialized malware can capture some of the information sent by the 1Password browser extension and 1Password mini on the Mac under certain circumstances.  But roughly speaking, such malware can do no more (and actually considerably less) than what a malicious browser extension could do in your browser.

For 1Password, the difficulty is in fully authenticating the communication between the 1Password browser extension and 1Password mini; however, this problem is not unique to 1Password. The difficulty of securing inter-process communication on the operating system is a problem system-wide. A recent paper, “Unauthorized Cross-App Resource Access on MAC OS X and iOS” (PDF),  by Luyi Xing (Li) and his colleagues shows just how difficult securing such communication can be. Since November 2014, we’ve been engaged in discussion with Li about what, if anything, we can do about such attacks. He and his team have been excellent at providing us with details and information upfront.

As always, we are limited in what we can do in the face of malware running on the local machine. It may be useful to quote at length the introduction of that article

I have said it before, and I’ll say it again: 1Password […] cannot provide complete protection against a compromised operating system. There is a saying […] “Once an attacker has broken into your computer […], it is no longer your computer.” So in principle, there is nothing that 1Password can do to protect you if your computer is compromised.

In practice, however, there are steps we can and do take which dramatically reduce the chances that some malware running on your computer [could obtain your 1Password data].

That was written more specifically about  keystroke loggers, and there are some things that set the new attack apart. Like superficial keystroke loggers it doesn’t require “admin” or “root” access, but they were able to sneak a proof of concept past Apple reviewers.

The threat

The threat is that a malicious Mac app can pretend to be 1Password mini as far as the 1Password browser extension is concerned if it gets the timing right. In these cases, the malicious app can collect Login details sent from the 1Password browser extension to the fake 1Password mini. The researchers have demonstrated that it is possible to install a malicious app that might be able to put itself in a position to capture passwords sent from the browser to 1Password.

Note that their attack does not gain full access to your 1Password data but only to those passwords being sent from the browser to 1Password mini. In this sense, it is getting the same sort of information that a malicious browser extension might get if you weren’t using 1Password.


1Password provides its own security. What I mean by this is that for the bulk of what we do, we don’t generally rely upon security mechanisms like sandboxing or iOS Keychain. So it doesn’t matter whether those sorts of security measures provided by the operating system fail.

The careful reader will note, however, that I used phrases like “for the bulk of what we do” and “don’t generally rely upon” in the previous paragraph. There are some features and aspects for which some of 1Password’s security makes use of those mechanisms, and so vulnerabilities in those mechanisms can allow for harm to us and our customers.

1Password mini listens to the extension

Application sandboxing is a good thing for security. But it limits how the 1Password browser extension can actually exchange data with 1Password itself. Indeed, the extension (correctly) has no direct access to your data. Keeping your data out of the browser (a relatively hostile environment) is one of our security design choices. But this does mean that the 1Password browser extension needs to find a way to talk to something that does actually manage your data. 1Password mini (originally the 1Password Helper) was invented for this purpose.

One of the few ways that a browser extension can communicate locally is through a websocket. Browser extensions are free to talk to the Internet as a whole, but we certainly don’t want our browser extension doing that; we only want it talking to 1Password locally. So we restrict the browser extension to only talking to 1Password mini via a local websocket.

Mutual authentication

Obviously we would want 1Password mini and the browser extension to only talk to bona fide versions of each other, so this becomes a problem of mutual authentication. There should be some way for 1Password mini to prove to the extension that it is the real one, and there should be a way for the browser extension to prove to 1Password mini that it is a real 1Password browser extension.

The difficulty that we face is that we have no completely reliable mechanism for that mutual authentication. Instead, we employ a number of separate mechanisms of authentication, but each has its own limitations. We have no way to guarantee that when the browser extension reaches out to 1Password mini it is really talking to the genuine one.

There are a number of checks that we can (and do) perform to see if everyone is talking to who they think they are talking to, but those checks are not perfect. As a result, malware running on your Mac under your username can sometimes defeat those checks. In this case, it can pretend to be 1Password mini when talking to the browser extension and thus capture any information sent from the 1Password browser extension that is intended for the mini.

What can be done

Neither we nor Luyi Xing and his team have been able to figure out a completely reliable way to solve this problem. We thank them for their help and suggestions during these discussions. But, although there is no perfect solution, there are things that can be done to make such attacks more difficult.

What you can do

1. Check “Always Keep 1Password Mini Running” in Preferences > General

In the specific attack that Luyi Xing demonstrates, the malicious malware needs to be launched before the genuine 1Password mini is launched. By setting 1Password mini to always run, you reduce the opportunity for that particular attack.

keep mini running



2. Keep using the 1Password browser extension

Although what is described is an attack against the communication between 1Password mini and the browser extension through specialized malware, using the 1Password browser extension protects you from a more typical malware attack of pasteboard/clipboard sniffers. Likewise, the 1Password extension helps fend off phishing attacks because it will refuse to fill into pages that don’t match the domain for your saved Logins.

Quite simply, the 1Password extension not only makes life easier for you, but it is an important safety feature on its own.

3. Pay attention to what you install

As always be careful about what software you run and install on your system. On your Mac, open System Preferences > Security & Privacy > General. You’ll see an Allow apps downloaded from: setting there. We strongly recommend confirming that this setting is configured so that only apps from trusted sources can be opened. You can read more about the setting and its options on Apple’s support site.

Now Xing and his team point out that this isn’t a guaranteed way to prevent malware being installed. They were able to get a malicious app approved by the Mac App Store review process. However, I think it is reasonable to assume that now that Apple reviewers know what to look for, it will be much harder for that specific kind of malware to get through.

What we can do

There are additional (defeasible) mechanisms that we can add to our attempts at mutual authentication between the extension and 1Password mini. I will briefly mention a few that we’ve considered over the years.

Encryption with an obfuscated key

One option is to have a shared obfuscated key in both 1Password mini and the extension. (Remember that the browser extension never sees your Master Password so any secret it stores for authentication cannot be protected by your Master Password.)

Obfuscation only makes things harder for attackers until someone breaks the obfuscation, and every system designer should assume that obfuscation will be broken. See our discussion of Kerckhoffs’ Principle in our article, “You have secrets; we don’t,” for some background on why we tend to be reluctant to use obfuscation. Of course, it may be warranted in the absence of a more effective alternative, so this remains under consideration.

In anticipation of a likely suggestion, I should point out that even the magic of public key encryption wouldn’t save us from having to rely on obfuscation here; but I will save that discussion for our forums.

Using the OS X keychain

Another option would be to store authentication secrets in the OS X keychain, so that both our browser extension and 1Password mini would have access to it. This could be made to work for authenticating 1Password mini to the extension for those browsers that allow easy use of the OS X keychain.

This might solve half the problem for some browsers, but to date we’ve been focusing on solutions that work across all of the browsers we support.

An extreme solution

In the extreme case, we could have some explicit pairing (sort of like Bluetooth) between 1Password mini and the extension.  That is, the browser extension may display some number that you have to type into 1Password mini (or the other way around).  With this user intervention we can provide solid mutual authentication, but that user action would need to be done every time either the browser or 1Password mini is launched.

Quite frankly, there is no really good solution for this. To date, our approach has been to put in those authentication checks that we have and keep an eye out for any hints of malware that exploits the known limitations of what we do.

Is 1Password for iOS affected?

The research paper isn’t limited to discussing inter-process communication (IPC) that is done through websockets, but covers a wide range of mechanisms used on Apple systems. This includes some mechanisms that we may use for some features in 1Password for iOS.

Shared data security

1Password for iOS shares some of its data with the 1Password app extension. As most of that data is encrypted with your Master Password, it is not a substantial problem if that data becomes available to attackers. The exception, of course, is the TouchID secret.

As yet, we have not had a chance to test whether there is any exposure there, but watch this space for updates.


We truly are grateful for the active security community, including Luyi Xing and his team, who take the time to test existing security measures and challenge us to do better. Our analysis of the researchers’ findings will continue and we will post an update if further action is necessary.

Anniversary sale polaroids

9th Anniversary Sale-abration!

Update: The 9th Anniversary Sale ended on June 20th, 2015.

Let me take you back in time to the days when AgileBits was known as Agile Web Solutions. About 10 years ago, Dave Teare and Roustem Karimov decided to spend a month writing a quick little password management app to help them share data more efficiently while they worked to build their Palm app empire. Response to the little tool was great, and soon the pair had made the app available for download in their store.

Our intrepid co-founders quickly realized that they had a Thing on their hands. A really Real Thing! At the same time, Dave & Roustem had begun a little love affair with the Mac, and decided it was the perfect platform for their ambitious application. And so, nine years ago, on June 18, 2006, 1Password 1.0 for Mac was born. (For a real blast from the past, check out the original 1Passwd website!)


Palm may be a thing of the past, but Dave and Roustem’s “hobby” has grown into a powerful and secure data management tool for most major desktop and mobile operating systems, including Mac OS X, Windows, iOS, and Android. What began as two coders and one support person has grown into a team of almost 60.

polaroidsWe’re so proud of how much 1Password has evolved over the past nine years, largely due to feedback and support from millions of customers just like you. To celebrate, we’re offering a 30% discount on 1Password for Mac and Windows. You can get both 1Password for Mac and Windows in the AgileBits Store, and 1Password for Mac is in available from the Mac App Store.

This is a limited-time offer, so take advantage of the celebration and get your 1Password license today!

DevBits header

Wi-Fi Sync in 1Password for Android: Design Overview

Today, I’m happy to tell you that Wi-Fi Sync is coming to 1Password for Android! In fact, it is already available in the latest beta, so you can join our beta family and try it out right now. In this edition of our DevBits series, I am going to talk about how we implemented Wi-Fi Sync in 1Password for Android.

Wi-Fi Sync in 1Password for Android uses only standard Android APIs. We don’t use any third-party libraries. All the required communication logic was written in-house (although inspirational ideas for WebSocket implementation were taken from elsewhere). Using Android APIs keeps the .apk file small and eliminates version incompatibility, licensing issues, or any other trouble that might arise when incorporating third-party code into the app.

Wi-Fi Sync in 1Password for Android consists of three parts: Network Service Discovery (NSD), Network Service Resolution, and the actual sync itself. Both the Network Service Discovery and Network Service Resolution are based on the NSD framework built in to Android. The sync is implemented using synchronous Websocket communication with a service provided by 1Password for Mac or 1Password for Windows.

Network Service Discovery

When you choose to sync using Wi-Fi in 1Password for Android, Network Service Discovery is launched asynchronously and continues to run in the background until you stop it. The service looks for all network services matching the type used by 1Password (in our case “_1password4._tcp.”).

This network service type matches the type used by the latest versions of 1Password on both Mac and Windows when Wi-Fi Sync is enabled. Any discovered Wi-Fi services are displayed in a list for you to select from in order to set up the initial sync. It is important to note that the service info found by NSD contains no information other than the service name and type.

Network Service Resolution

Once you have decided which service you want to use, the Network Service Resolution process is launched asynchronously for the chosen service. 1Password for Android is given the service credentials, including the IP address and port, so that communication with the server can be established. The service name is stored in 1Password preferences and used for subsequent communication sessions. This allows service discovery during incremental sync to automatically stop when a service matching the one stored in preferences is found.

Next, 1Password proceeds with service resolution. If the connection is successful, the actual sync process is launched using the provided service IP address and port. If service discovery is unable to discover the service in two seconds, or if the resolution is invalid, you will be asked to ensure that 1Password is running on the computer you are trying to sync with, and the sync attempt is aborted.

The actual sync

1Password for Android Wi-Fi logo

The actual sync process is handled by a subclass of Android’s AsyncTask that establishes synchronous communication with the server using the WebSocket protocol. In order to establish a connection, this task first requires valid service credentials (address and port) and a reference to the database manager. Once connected with the service, communication proceeds according to a proprietary JSON-based command protocol which is itself based on the WebSocket protocol.

Once 1Password for Android is successfully authenticated by the server it receives an item/folder list. Next, a request is made for items from the list which have been updated on the server, and these are then decrypted and saved in the 1Password for Android internal database.

In order to decrypt these items, your Master Password is requested during initial sync. Although the communication secret is stored in 1Password preferences, it should be noted that your Master Password is never stored in the system preferences or in the database.

Once the initial sync is complete and an incremental sync has begun, you may notice some minor differences between syncing with 1Password for Mac and 1Password for Windows. These differences are the result of architectural differences between the two versions, namely that 1Password for Windows doesn’t rely on an internal database. This results in slightly faster syncing with 1Password for Windows and the need to enter your Master Password on each incremental sync.

When the Wi-Fi Sync server has transmitted all of its updated items to 1Password for Android, and it has transmitted all of its updated items back to the Wi-Fi Sync server, the communication session is terminated and the network socket is closed. Detailed sync results of the latest session are written to the Diagnostics Report, which you can generate from the Settings > Advanced screen and review at any time.

At present, Wi-Fi Sync is designed to work between one computer and one or more mobile devices. We do not recommend switching between multiple desktops when syncing using Wi-Fi. Note that the sync method cannot be changed once it has been selected. For example, if your initial sync uses Wi-Fi, you cannot later switch to Dropbox. Because 1Password for Android supports sync with only the primary vault at this time, it is not possible to switch to a different vault once the Wi-Fi Sync connection to the chosen server has been established.

The addition of Wi-Fi Sync to 1Password for Android furthers our goal of placing you in control of your data. In addition to local storage and sync with Dropbox, you now have a third option for syncing your vault from your Android devices to your other devices. We hope you enjoy using it and welcome your feedback in our beta forums.

DevBits header

Filling with 1Password for Android

1Password is all about bringing convenience to security. Of course, there are always challenges to overcome. On Android, one particular challenge we have been working on is how to make it both secure and convenient for you to use your login credentials. Until recently, your options for filling these credentials were limited to either using the 1Browser built into 1Password or using the clipboard to copy and paste.

While 1Browser helps you fill your login credentials into your favorite sites, it probably isn’t as fully featured as your favorite browser. 1Browser also isn’t much help when you want to use your login credentials to sign into an app. In these situations, you were previously limited to using copy and paste to get your login information out of 1Password and into that browser or app. Unfortunately, using the clipboard for this purpose is not at all convenient, and as we have mentioned before, not particularly secure.

Something better

When evaluating ways to provide a Login filling solution, we wanted to address the following concerns:

  • It needed to be more secure and more convenient than using the clipboard.
  • It needed to provide login filling for both third-party apps and browsers.

In order to make this happen, we needed to implement a service that could detect login fields when displayed in apps and browsers, and insert text directly into those fields. So, we split this functionality across two different services: the 1Password Automatic Filling service detects login fields and gives them focus when appropriate, while the 1Password Keyboard displays the interface for selecting the right Login and sends the credentials for that Login to the appropriate text fields.

Login detection

Twitter Login PageThe first step in filling your credentials is determining when there is a login form on screen that 1Password can fill into. To do this, we take advantage of the Accessibility APIs included in Android to get information about the elements displayed on screen in the form of an AccessibilityEvent.

Our implementation of the 1Password Automatic Filling service starts with this callback:

 public void onAccessibilityEvent(AccessibilityEvent event) {
 // Insert magic here

The onAccessibilityEvent callback is fired whenever a user interface event occurs for which we have registered. In our case, we are interested in events which indicate that the elements on the screen have changed. In particular, we register to receive typeViewFocused, typeWindowStateChanged, and typeWindowContentChanged events. By monitoring these events, we can keep an eye out for potential login screens or other opportunities for 1Password to fill.

When the callback is fired for one of these events, our next step is to see if we can identify login fields on the updated screen. We can determine which user interface elements are displayed on screen by invoking AccessibilityEvent.getRootInActiveWindow(). From the root AccessibilityNodeInfo object returned by this method, we can obtain information about all the user interface elements displayed in the active window. In particular, we look for arrangements of text fields matching the pattern for login entry. Once login fields have been identified, the 1Password Keyboard is notified that automatic filling is available. The keyboard is also passed the package name of the application or the URL of the website in which the login fields were detected.

Login selection

1Password keyboard Login sectionKeyboards on Android are built upon the InputMethodService APIs provided by the OS and, in this sense, the 1Password Keyboard is similar to other third-party keyboards. However, the benefit of creating a custom keyboard is that it can be tweaked to do a whole lot more than simple text entry. In the case of 1Password, our keyboard also allows you to view and select the Login items contained in your vault. When you tap the 1Password button on the keyboard, we expand the keyboard to full screen in order to display a list of relevant Logins.

If the 1Password Keyboard has been notified that automatic filling is available, it will look at the package name or URL provided by the 1Password Automatic Filling service and attempt to match it with the Logins contained in your vault. We display any matching Logins and offer the ability to browse for additional logins when appropriate. From here, you can tap on a Login to select it for filling.

Login filling

1Password keyboard filling completeOnce you have selected the appropriate Login for filling, the 1Password Keyboard exits fullscreen mode and once again shows the keyboard keys. You will now see two buttons displayed above the keyboard for filling the username and password corresponding to the selected Login. These buttons provide the ability to manually fill Login credentials in those instances when the 1Password Automatic Filling service isn’t enabled or when it doesn’t correctly identify the login fields in question.

However, when the 1Password Automatic Filling service is enabled and has detected the login fields, the 1Password Keyboard will do all of that work for you. The keyboard asks the 1Password Automatic Filling service to select the appropriate login fields by invoking:


Once each login field has been focused by the 1Password Automatic Filling service, the 1Password Keyboard is notified. It then inputs the username or password text directly into that field. Once this is done, all that is required of you is to tap the “Sign In” button.

Security and convenience

By combining the 1Password Keyboard with the 1Password Automatic Filling service, we are able to provide a filling solution that avoids use of the clipboard entirely and doesn’t rely on passing your credentials through a third party. Whether you use the 1Password Keyboard as your main keyboard or in addition to your favorite keyboard, securely filling Logins into apps and browsers is only a couple of taps away.

If you would like to read more about enabling the 1Password Keyboard and Automatic Filling service on your Android device, please see our helpful documentation.

1Password tips

Quick Tip: Migrate your details between 1Password items

We all have our own ways of keeping things neat and tidy, and having something out of place can just throw your whole day out of whack. Luckily, 1Password mini can help you keep things organized just the way you like them.

Let’s say someone sends you the details for the Wi-Fi router at their house, but it’s in a Secure Note instead of the Wireless Router template for 1Password.

Wireless network data stored in a Secure Note

If you’re like me, this is the kind of thing that could make you a bit, well…


So, let’s move the relevant data over to a new Wireless Router item and set things right with a few simple steps:

1. Create the new item

In 1Password, create a new item in the proper category. Launch 1Password, and choose File > New Item > Wireless Router. This is the new item where the previous Secure Note’s content will go. Leave this new item in edit mode.

Create a new Wireless Router item

2. Open the original item in 1Password mini and anchor it

Click the 1Password mini icon in the toolbar and search for or browse to the Secure Note containing the details you want to migrate to the new entry. Click the anchor button in the bottom left of the detail view to keep the item on screen.

Copy and paste the details

3. Copy and paste

At this point, you can copy and paste the relevant information from the original item. You can also create new sections and fields for any important information that doesn’t fit elsewhere. When you’re finished, save the new item.

4. Delete the original item

At this point, the original item is no longer needed and can be safely deleted.

5. Bonus points: share!

Share the new entry with the person who sent you the Secure Note version using the item’s Share button.

Share the item

This use case comes up for me more often than I would have thought in the past. The Wireless Router example is a real one from a recent trip to visit the team in our Toronto office. Beyond that, I have quite a few items I exported from Yojimbo long ago, and those only exported as plain text files. I imported those text files as Secure Notes in 1Password and I have been migrating them to proper 1Password entries here and there over time. Instead of switching back and forth between items in 1Password, using 1Password mini’s anchored windows helps to make the process of migrating data between categories a lot simpler.

1Password for Android header

Fingerprint unlock coming to 1Password for Android [Update: Sneak peek!]

A strong Master Password is critical to keeping your 1Password vault secure. It’s also not the easiest thing to type out on a mobile device. What if you had another way to unlock your vault, in addition to your master password? One that is both convenient and secure?

For some time now, we’ve been wanting to give you the ability to unlock 1Password for Android using your fingerprint. The challenge has been that there was no standard way for us to implement it that would work across a variety of devices made by different manufacturers. And so we waited, and you waited.

Now, our wait is over.

The Android M Developer Preview was just announced at Google I/O, Google’s annual developer conference going on right now in San Francisco. For us, one of the most exciting new features is the standardized fingerprint support that is coming to the Android platform. This means that we have some awesome news for you:

We will be adding support for fingerprint unlock to 1Password for Android when Android M launches later this year!

Fingerprint unlock (1Password for Android)

We don’t usually talk about upcoming features, but we were just too excited about this one to keep it a secret.

As we get closer to the launch of Android M, we will need your help to beta test fingerprint unlock. If you’d like to be among the first to try it out, we invite you to join our beta team. We will share more information in time; for now, we hope you are as excited about this new development as we are!

Update: We had the privilege of being demoed at Google I/O today! If you happened to be in the audience, we’d love to hear what you thought of the demo. And if you weren’t, we’re happy to be able to show you a very, very quick sneak peek. Here’s what it might be like to access your 1Password vault using fingerprint unlock.

because we love you sale, feature image

The Because We Love You Sale

UPDATE: The Because We Love You Sale will be ending the evening of May 27, 2015.

Everything we do here at AgileBits is with you in our hearts & minds: whether it’s sharing tips & tricks to enhance your security, squashing bugs & implementing exciting new features, or answering your questions in our Support Forums, our focus is always on you.  And every once in a while we like to go all out and show how much we appreciate you by having a good old-fashioned sale.

We usually like to focus a sale around a holiday or a release from a certain California-based fruit company, but today we were searching for another reason to celebrate. So we gathered our crack marketing team around the MacBook and started brainstorming ideas:

  • Dinosaurs are awesome! Okay, maybe we’re just really excited for that new prehistoric blockbuster that’s coming soon to a theater near you.
  • Someone on the team had a birthday! It’s true, there’ve been a number of May birthdays here at AgileBits, but we’ve already overdosed on sugary frosting.
  • Baseball’s back! But really, we just wanted to sing “Take me out to the ballgame.”
  • Spring is here?  It’s been done a billion times before.  Boring.
  • We love you! Oh, there it is. What better reason do we need than just to simply say…

we love you. And to show how much we care, we’re knocking 30% off 1Password across the board on Mac, Windows, iOS, and Android.

While our love for you will last forever, this sale won’t. So if you or someone you love has been holding off on buying 1Password, now is the time to say, “I love you, too.”

You can pick up a Mac/Windows bundle (or grab them separately) on our AgileBits Store. 1Password for Mac is also available on the Mac App Store. And 1Password for iOS is on the iOS App Store, and 1Password for Android on Google Play.

More than just passwords header

Staying on top of deadlines and expiry dates

1Password is at its best when it’s helping us forget — not just our passwords and credit card numbers, but also where we put that thing. 1Password remembers, so we don’t have to. It’s easy to get hooked on this line of thinking. You start to ask yourself: what else can I afford to forget about?

How about deadlines? I’m not talking about calendar appointments. Think instead of the warranty on your laptop — the one that always runs out days before you need to use it. Think of the gift card you need to spend before Father’s Day. The domain name you keep forgetting to renew. The annual subscription you plan to cancel before you get charged again.

So much of our sensitive information comes with a best before date — and 1Password is great at keeping track of best before dates.

expires soon

You’re probably used to filling in the expiry date field for your credit card, but you might know that it’s also built into lots of other 1Password items — Passports, Memberships, Driver’s Licenses, etc. You can also add it to your own items using custom fields.

Once you assign expiry dates to all your time-sensitive items, you’re one smart folder away from seeing anything that needs your immediate attention.

expiry smart folder

The key to making this work is the second field (“Any Value” -> “contains”), which I’ve set to the current year. You could also fill in “2015-05” to see only the items that expire in May, but tweaking this value every month might be too fiddly for your tastes. I find a year’s worth of expiry dates is manageable so long as I review the folder every once in a while.

1Password won’t ever replace my calendar, but there are some due dates it handles with style — especially when it comes to information I can’t risk keeping anywhere else.

How do you use 1Password to make your life a little more manageable? We’d love to find out. Share your creative ideas in the comments!

DevBits header

On The Design And Building of 1Password for Apple Watch

When Tim Cook took the stage back in September to announce the next generation of Apple hardware, and that there was already an SDK for it, we were incredibly excited (and that’s putting it mildly!)

I believe our reaction was something akin to:

“We can make a 1Password app for Apple Watch!”

“That’s awesome!”

…brief silence…

“What would a 1Password app for Apple Watch do?” 

Day 0: the idea phase

We tossed a number of ideas around that first day, but the one we kept coming back to was our new (at the time) support for one-time passwords in 1Password for iOS.

One-time passwords seemed like a perfect fit for Apple Watch. They are a fixed length of 6 characters, so fitting them on the Apple Watch’s screen would be simple. They are refreshed every 30 seconds, so they could be stored and displayed without the need for authentication each time.

Also, they fit perfectly into the use case of logging into a site on your computer, and then looking to your wrist for the second factor verification.

So, we were decided, one-time passwords it was!

Day 23: build/design phase, part 1

1Password for Apple Watch was a simple three screen app in its infancy. There was one screen for the scenario of “no data”, one screen to list the items that included one-time passwords, and one screen to show the selected item’s one-time password.

A crucial part of the design was that we didn’t want you to have to enter your Master Password anywhere to access the information on Apple Watch. The usefulness of having your 1Password data on your wrist went way down if you needed to pull your phone out of your pocket to access it.



Apple Watch apps are an interesting animal in that very little code actually runs on Apple Watch itself. Instead, each Apple Watch app is comprised of two parts: the visual “shell” that runs on Apple Watch, and an app extension that runs on the phone. The app on Apple Watch talks to the app extension over Bluetooth to get its data and respond to user interactions.

Apple Watch App Architecture

1password-for-apple-watch-03A good example to illustrate this idea is the PIN code screen in 1Password for Apple Watch. Each time you tap a digit on Apple Watch’s screen the following actions take place:

  1. Information about the tap is sent via Bluetooth to the 1Password Watch Extension (running silently in the background on your iPhone).
  2. The 1Password Watch Extension determines which digit was tapped and adds it to any digits tapped before.
  3. The extension then tells the Apple Watch app to update the PIN length indicator at the bottom of the screen, which requires another transfer of information over Bluetooth.
  4. If the tapped digit is the fourth in a series the 1Password Watch Extension checks to see if it is the correct PIN code, and if so tells the watch app to display the list of items, which requires yet another trip over Bluetooth.

As you can see, even a simple interaction with an app on Apple Watch can create a lot of Bluetooth traffic back and forth between Apple Watch and iPhone.

Day 45: fine-tuning

Once we had a baseline set of requirements and user interface designs we started to work out how to get the one-time password data to 1Password for Apple Watch.

Because we weren’t going to require your Master Password to access your data we precluded ourselves from being able to decrypt your 1Password vault, meaning we needed a place to store the one-time password secrets for use by 1Password for Apple Watch. We decided to utilize the iOS keychain as a secure storage location that wouldn’t require decryption each time we wanted to use it.

Of course this decision came with its own set of challenges, namely that we were going outside of the 1Password ecosystem to store secure data. Because of this fact we knew we had to ramp up our customer education efforts about this new feature and make sure that it was opt-in only.

We added what we called a “keychain maintainer” to the main 1Password app that would listen for changes in the 1Password database, determine if those changes were one-time password-related, and update the iOS keychain accordingly. The keychain maintainer worked out really well as it handled changes that were made by our sync system as well as any changes made to an item by a person manually.

With the keychain successfully populated with data all we needed to do was load this data in the 1Password Watch Extension and use it to populate the list of items. We finished up the implementation of the three screens and 1Password for Apple Watch was done…or so we thought.

Day 97: 1Password for Apple Watch v1 debut …

At this point we were quite happy with ourselves. 1Password for Apple Watch was complete months before Apple’s launch date of late April. We began to show it off to friends and industry acquaintances to get their reactions. Some of them thought it was very cool that they’d have access to their one-time passwords on their wrist, but many more of them weren’t exactly over the moon about it, and some had to be educated about one-time passwords before they understood exactly what it was we were offering.

It all came to a head when we were on a business trip and in a meeting with a handful of individuals whose opinions we really respect. With our usual gusto we showed off 1Password for Apple Watch and…it fell flat. Out of the five people in the room with us, only one person was genuinely excited about. They say two outta three ain’t bad. No one ever says anything about one outta five.

We knew we needed to do more.

So we went back to the drawing board: beyond one-time passwords, what kind of information would be useful to have on your wrist? We started to brainstorm ideas and realized there was a whole class of secure information that could be stored in 1Password that we weren’t leveraging: all kinds of small pieces of secure information that you need throughout the day.

Store your locker combination on your Apple Watch.

Store your locker combination on your Apple Watch.

1Password for Apple Watch can ensure that your door's unlock code is always handy.

1Password for Apple Watch can ensure that your door’s unlock code is always handy.


We started to work up some use cases. Gym locker combination? Check. Garage door code? Check. Would it be useful to see your credit card info while placing an order over the phone? Yep. We discovered all sorts of situations where it might not be convenient to pull your phone out of your pocket, unlock it, open 1Password, unlock 1Password, and search your vault for the data you needed. Apple Watch, however, was the perfect place for this kind of information. App interactions are incredibly short and perfect for the things you need on the go: you get in, get your data, and get out.

Day 98: the re-build phase

With this new vision for 1Password for Apple Watch we began to rework both the user interface and the code.

Because we were expanding beyond one-time passwords we no longer wanted 1Password for Apple Watch populated with a whole set of information automatically. Everything that appeared on your wrist needed to be there because you put it there. A button was added to the bottom of the item detail screen that allows you to add/remove an item to/from your Apple Watch. This button ended up being a shortcut for adding a new “Apple Watch” tag to the current item. The cool thing about this approach is that you can manage your Apple Watch items not only on your phone, but also on any of your other devices or computers simply by adding the “Apple Watch” tag and syncing the changes over.

Our keychain maintainer evolved beyond looking for one-time passwords to looking for items tagged with “Apple Watch” instead. We added an extra set of attributes (encrypted with the 1Password Apple Watch PIN code) to our keychain entries to handle the extra data for logins, passwords, secure notes, and credit cards. 

In 1Password for Apple Watch itself we ended up adding four new screens to support the new item types in addition to the original one-time password screen. When Apple Watch shipped at the end of April our app’s design looked like so:

Apple Watch App Storyboard


1Password for Apple Watch 01I hope you’ve enjoyed this little glimpse into the process behind 1Password for Apple Watch. If you have any questions please leave them in the comments below, I’d love to talk some more about our process here. For some further reading I’d recommend our excellent Apple Watch User Guide and our Apple Watch Security Guide.

Windows v4 blog

Turbo boost 1Password for Windows with new 4.5 version

Ctrl+\ has become muscle memory for millions of 1Password users all around the world. It’s hard to beat the speed of a customizable keyboard shortcut. Unless, of course, we focus on what happens after you invoke the 1Password extension in your web browser.

The technology behind the extension is what fills your 1Password information in web forms. It’s an incredibly complex system that we lovingly call The Brain, and it has received a serious upgrade in 1Password 4.5 for Windows. What this means for you is that filling web forms is now faster and more accurate than ever before.

An upgraded Brain is only one of the time-saving, experience-enhancing improvements in 1Password 4.5, which is a free update and available to download right now from our website.

Time-based, One-Time Passwords (TOTPs)

These single-use passwords are becoming more commonplace as a supplementary security measure to protect online accounts. If you’re not familiar with them, our blog post will help you learn how to use them in 1Password. Not only is it possible to add a time-based, one-time password to your Login items in 1Password 4.5, but it’s a cinch to do it.

Personalize Secure Notes with custom fields

Custom fields are great. They let you modify an item’s details view to hold exactly the information you want, formatted in a way that makes sense to you. In version 4.5, we’ve introduced custom fields to the Secure Notes item type.

Adding custom fields to your secure notes

1Password speaks your language

We have begun localizing 1Password for Windows and are kicking things off with nine languages. Thanks to our wonderful translators, they are:

  • Czech
  • Dutch
  • English
  • French
  • German
  • Italian
  • Polish
  • Spanish
  • Swedish

If you’d like to help translate 1Password into your language, you can create a free Crowdin account and join us at

Report website issues with Synapse

The 1Password extension is pretty much continuously being improved. It has to be, because there are umpteen billion websites out there, many with their own quirks and many others constantly changing. Now, you can help us ensure maximum compatibility by reporting any website issues you encounter.

In the extension menu, select the option to report an issue with the current website.

In the old days, you’d report a website and we’d ask you all sorts of questions, trying to learn any detail that might help us reproduce and diagnose the problem. No more! There are no lengthy questions to answer and you don’t have to know every minute detail about your web browser or the website. Our new website reporter makes it super easy: simply select the option in the extension menu and all the relevant information is already filled out for you.

Accessibility, Wi-Fi Sync, and more

If you use the NVDA screen reader, you should notice a marked improvement in this release. We are committed to making 1Password fully accessible to you, and there’s always room for improvement. We’d love your help in determining what most needs our attention. Please let us know how we’re doing!

Last on the list of highlights, but certainly not least, is Wi-Fi Sync. This is a wonderful way for you to sync 1Password for Windows with 1Password for iOS when you’re on the same wireless network, if you prefer not to use cloud-based services. We are constantly working to improve performance and reliability, and Wi-Fi Sync has received a nice coat of polish in this update.

1Password 4.5 for Windows is available now as a free update for existing owners (Help > Check for New Version), or you can grab a new copy from our downloads page. Thank you for choosing 1Password!