Windows v4 blog

Turbo boost 1Password for Windows with new 4.5 version

Ctrl+\ has become muscle memory for millions of 1Password users all around the world. It’s hard to beat the speed of a customizable keyboard shortcut. Unless, of course, we focus on what happens after you invoke the 1Password extension in your web browser.

The technology behind the extension is what fills your 1Password information in web forms. It’s an incredibly complex system that we lovingly call The Brain, and it has received a serious upgrade in 1Password 4.5 for Windows. What this means for you is that filling web forms is now faster and more accurate than ever before.

An upgraded Brain is only one of the time-saving, experience-enhancing improvements in 1Password 4.5, which is a free update and available to download right now from our website.

Time-based, One-Time Passwords (TOTPs)

These single-use passwords are becoming more commonplace as a supplementary security measure to protect online accounts. If you’re not familiar with them, our blog post will help you learn how to use them in 1Password. Not only is it possible to add a time-based, one-time password to your Login items in 1Password 4.5, but it’s a cinch to do it.

Personalize Secure Notes with custom fields

Custom fields are great. They let you modify an item’s details view to hold exactly the information you want, formatted in a way that makes sense to you. In version 4.5, we’ve introduced custom fields to the Secure Notes item type.

Adding custom fields to your secure notes

1Password speaks your language

We have begun localizing 1Password for Windows and are kicking things off with nine languages. Thanks to our wonderful translators, they are:

  • Czech
  • Dutch
  • English
  • French
  • German
  • Italian
  • Polish
  • Spanish
  • Swedish

If you’d like to help translate 1Password into your language, you can create a free Crowdin account and join us at

Report website issues with Synapse

The 1Password extension is pretty much continuously being improved. It has to be, because there are umpteen billion websites out there, many with their own quirks and many others constantly changing. Now, you can help us ensure maximum compatibility by reporting any website issues you encounter.

In the extension menu, select the option to report an issue with the current website.

In the old days, you’d report a website and we’d ask you all sorts of questions, trying to learn any detail that might help us reproduce and diagnose the problem. No more! There are no lengthy questions to answer and you don’t have to know every minute detail about your web browser or the website. Our new website reporter makes it super easy: simply select the option in the extension menu and all the relevant information is already filled out for you.

Accessibility, Wi-Fi Sync, and more

If you use the NVDA screen reader, you should notice a marked improvement in this release. We are committed to making 1Password fully accessible to you, and there’s always room for improvement. We’d love your help in determining what most needs our attention. Please let us know how we’re doing!

Last on the list of highlights, but certainly not least, is Wi-Fi Sync. This is a wonderful way for you to sync 1Password for Windows with 1Password for iOS when you’re on the same wireless network, if you prefer not to use cloud-based services. We are constantly working to improve performance and reliability, and Wi-Fi Sync has received a nice coat of polish in this update.

1Password 4.5 for Windows is available now as a free update for existing owners (Help > Check for New Version), or you can grab a new copy from our downloads page. Thank you for choosing 1Password!

1Passwords new brain

Synapse and 1Password’s new brain

Filling is clearly one of the most important features in 1Password.  I know, I know, security is super important too … it protects our data from prying eyes and provides some very valuable peace of mind. But day to day, it is the convenience of being able to fill those long, randomly generated strings of gibberish into various sign-in pages that makes 1Password truly awesome. I’d love to say 1Password’s encryption is my favourite feature, but I’d be lying. When it comes down to it, I just don’t want to have to type my passwords. Ever.

So we rely on the 1Password extension to put those complex passwords where they belong to log us in to websites, pop our credit card details into online shopping forms, and provide our identity details for all those fun new services we can’t wait to try out.

Unfortunately, every now and then we run into a website that just doesn’t seem to want to play nice with 1Password’s current filling algorithms for one reason or another. Believe me, our intrepid filling gurus have performed some complicated code gymnastics to convince the existing extensions to fill forms on these less-than-standard websites. As 1Password sought to tackle more complex login screens, it became more and more challenging to write new solutions in and around the existing codebase.

So, in the 5.3 update for 1Password for Mac, our developers decided the best solution was a complete brain transplant for the extension.

1Password’s new brain

Version 5.3 of 1Password for iOS and version 5.3 of 1Password for Mac have now been released with this brand new brain, and Windows and Android users will see updates soon that take advantage of 1Password’s new smarts as well.  This new brain will provide filling that is more consistent across all of the platforms that we offer 1Password on, with more flexible algorithms that can be used on multiple websites, and easier-to-code solutions for those ‘unique’ sign in pages.

What’s improved here?

The browser extension is now a lot smarter at capturing user information on non-standard websites when a new Login is saved. And you may not notice this on your end, but many sites that previously required some of those complicated code gymnastics filling workarounds now fill smoothly – which makes the codebase a much nicer place for our team to play. Starting in version 5.3, you will see an improvement in Credit Card and Identity filling, particularly with respect to the filling of expiry dates. In addition, our gallant gurus have finally managed to slay a particularly troublesome dragon of a website: Citibank saving and filling will now work seamlessly across all login pages! Go on, re-save your Citibank Login to test … I know you want to.  :)

Even more awesome than the changes that are already introduced is the framework that our developers have built here. We’ve got a great foundation for future improvements … and our team is already working on slaying more dragons.


Not only is 1Password’s new brain better, stronger, faster, AND more fill-ier than ever, but it ALSO comes with an awesome new reporting feature that will allow users to let us know when 1Password isn’t filling properly – from right within the app! Not only does this feature save you the effort of having to post in the forums or email in to tell us when filling isn’t working, but it quickly gets developers the information that they need, and provides a way for us to communicate fixes and workarounds to you. It’s all-around awesome.

So, what is Synapse?

Synapse is a brand new tool that lets customers report broken filling on websites directly through 1Password. Synapse will automatically gather the information about the site that developers need to quickly diagnose (and fix) the problem.  Now, that’s a great improvement for our team, but Synapse is also something for you to get excited about, because beyond making it easy to let us know when something’s not right, this tool will also advise you of any known workarounds (or the fix version) when you report a site that we’re already working on.

How can users report?

report_website_issueOur Knowledgebase has an article that can tell you all about this awesome new feature. But it’s easy to find, right in the extension’s menu!

What information does Synapse gather?

First and foremost: Synapse does nothing without your explicit consent. No information is gathered until you click the ‘submit’ button when reporting a website.

Because Synapse is an information-gathering tool, we want to be very clear about what information we are receiving when you report a website. As always, we take your privacy very seriously. And with Synapse, we take every effort to prevent sensitive information from being collected. Usernames, passwords, and other secure details are not included in the report which is sent to us. We’re also careful to mask any kind of information that could possibly identify you.


Here’s what Synapse does collect:

  • The platform you are using. Currently this feature is implemented in 1Password for Mac (introduced in version 5.3), and the beta version of 1Password for Windows. We’d love to expand this feature to our mobile platforms in the future, if possible.
  • 1Password’s version number.
  • The version number of the browser extension.
  • Which browser is being used (Safari, Chrome, Firefox, or Opera).
  • The browser’s user agent.
  • The browser’s bundle identifier.
  • The URL of the site that is misbehaving.
  • The item’s Category type: whether you are attempting to fill a Login, Identity, Credit Card, or Password item.
  • Where the item was created: sometimes a Login created in the main app can behave differently than an item that was saved directly from the extension.
  • The date the item was created.
  • The date the item was last updated.
  • Any additional comments you might choose to share.

How does this make life easier for us all?

On the development end of things, Synapse gives developers a lovely aggregated list of the reported sites, which easily identifies the top issues and lets the team focus on fixing the issues that are most important to you. In addition to easy prioritization, developers have a ton of useful information to help track down the issue … without even needing to request it. Not only does this save time for our developers, but it also saves you from having to hunt down these details, which are not always easy to find! We think it’s a win-win situation.

Synapse also provides us a way to easily notify you when progress has been made on the issues you report. When you report an issue in Synapse, you’ll see an option to provide us with your email address. Sharing your email address means that our team can contact you if they need any more information about the issue that you reported. But, more importantly, it also means that we have a way to let you know when we have a workaround, or, even better, a proper resolution to the issue.

What else will you see when you report an issue with Synapse?

When you report an issue with Synapse, you’ll also be advised of any existing workarounds for the issue and be able to vote on if the workaround was successful for you, which provides us with some valuable feedback.  If our developers have already fixed the issue for a future update, you’ll see that notice as well.

Basically, what it comes down to is a pretty awesome update for those of us who rely on 1Password’s filling magic. 1Password’s filling is stronger and more ready to take on those uniquely designed websites, and with Synapse you can easily tell us when something’s not working and give the developers the details they need to fix it quickly.

Let us know what you think about Synapse and 1Password’s new brain in the comments, or in our forums.


1Password for Apple Watch: Putting Security Within Arm’s Reach

1Password for Apple Watch 01Today’s the day! A number of you (and a number of us) are finally going to be able to play with the latest and greatest addition to our gadget family: Apple Watch. No doubt, once you have sent your heartbeat to someone, put in your height and weight measurements for fitness tracking, and marveled at just how cool the haptic feedback is, you’re going to start playing with all the apps that have added support for Apple Watch. As you may have noticed from our latest iOS update, 1Password is one of those apps. We’re thrilled to introduce 1Password for Apple Watch and answer all of your burning questions about this handy little companion app to 1Password for iOS.

Is all of my 1Password data on my watch?

Add to Apple WatchNope! Much like Apple Watch is a companion device to your iPhone, 1Password for Apple Watch is a companion app to 1Password for iOS. After you enable Apple Watch functionality in 1Password’s settings, a new option will appear on the item detail screen which will allow you to “Add to Apple Watch”. You choose which pieces of information you want to make available on your Apple Watch. Logins, Passwords, Credit Cards, and Secure Notes are all fair game to add to Apple Watch.

What am I going to use this for?

When Apple Watch was announced, we immediately began brainstorming ways to bring 1Password to this incredibly personal device. Our first idea was a bit of a no-brainer: the small screen of Apple Watch, coupled with being able to access it quickly, made it the ideal place for one time passwords (TOTP). For a long time that was all our Apple Watch app did; however, after some more thought we realized it could be used for so much more.

As a recent blog post explains, 1Password can be used to store all kinds of information beyond website logins. Locker combinations, bike lock combinations, garage door codes, office keyless entry codes, banking PINs…. All of these pieces of information can be stored in 1Password, and with the introduction of Apple Watch they can now be stored on your wrist.

This is where 1Password for Apple Watch shines: Small pieces of secure data that you need throughout your day can literally be kept within arm’s reach at all times.

Store your locker combination on your Apple Watch.

Store your locker combination on your Apple Watch.

1Password for Apple Watch can ensure that your door's unlock code is always handy.

1Password for Apple Watch can ensure that your door’s unlock code is always handy.

Ok, I’m in! How do I get started?

We have a much more detailed User Guide that goes in-depth on how to set up 1Password for Apple Watch, but we’ll give you the 30,000 foot view of it here.

Step 0: Ensure you have set a device PIN code (or, preferably, a longer, more secure passphrase) and that you have purchased our Pro Features.

Step 1: Open 1Password for iOS and tap on Settings > Apple Watch > Enable Apple Watch. Set a PIN code for use on Apple Watch, and you’re good to go.

Step 2: Add an item to your Apple Watch by tapping on “Add to Apple Watch” in the item details screen.

There is no step three! (And no, we didn’t cheat by starting at zero).

Well this sounds lovely

We hope you love using 1Password on your Apple Watch as much as on all of your other devices! How will you use it to help keep all of your bits of information easily accessible? Leave a note in the comments and let us know.


1Password, time zones, and you

When is yesterday really today

Over the last few weeks we’ve released huge updates to 1Password across all of our platforms. Along with some awesome new features and improvements, these updates contained a fix to a pretty important, and to be honest, rather embarrassing date problem. You see, there were some cases where you would find dates in 1Password shifting by a day if you travelled to a different time zone.

Wendy's birthday is January 24, 1984

For example: Wendy enters her birthday (January 24, 1984) into her Passport item in 1Password. When she travels West to visit her brother, she notices that the birthdate listed in her Passport item is now January 23, 1984.

To understand why this is happening, we have to take a look at how 1Password stores dates.

Dates as timestamps

1Password uses date fields in a number of items. These date fields fall into one of two different formats; Month/Year fields like a Credit Card expiry, or full date fields (Day/Month/Year) like a birthday in a Passport. Month/Year fields are stored as just that, a month and a year, and as a result weren’t a problem. Date fields however were stored as seconds since midnight 1970 UTC.

For example: Wendy’s birthdate (Jan 24, 1984) is stored in her 1Password database as 443750400 seconds since midnight 1970 UTC.


This in itself is not a problem, however we chose to use the native date picker in Mac and iOS to help users when entering dates, but had not set the time zone for these dates to UTC. This meant that dates were saved using the local time zone. When displaying the date we would adjust for the time zone and all would appear to be fine… as long as you stayed in the same time zone. Unfortunately few of us stay in one place in this day and age. When travelling into a different time zone it was quite possible that you would find your date fields shifted one day earlier.

UTC moving forward

To ensure that this doesn’t happen for newly created dates we have set the time zone to UTC when both setting and showing dates. This way we never need to adjust to the local time zone and the date will always show up properly.

What about old dates?

Any dates that have been entered into 1Password on Mac or iOS prior to version 5.3 have been created with the local time zone setting. When we made the change to the UTC time zone, we made the decision not to make any changes to existing dates. Displaying or converting them to UTC would be incorrect in most cases and could cause further confusion, so your existing dates will continue to be displayed using the local time zone setting. For most people, most of the time, this will display correctly. However it is possible that by moving time zones you might see these older dates appear off by one day. If you wish to correct these dates to the new UTC time zone setting, simply edit the date field and save the changes. This will force a change to UTC and ensure that your dates display correctly, whatever globetrotting you do.

Travel with confidence

While most of you have never encountered this issue, I would like to take this opportunity to apologize to those who did. We appreciate your assistance in reporting and helping us track this bug. Rest assured that our fix will keep any new dates rock solid from now on regardless of where your travels take you.

If you have any questions about this fix, please let us know in the comments or in our forums.

1P iOS icon 1024

1Password 5.4 for iOS: The “Go Go Gadget Watch!” Edition

watchdrawn_2xYou’ve come to love 1Password as the handiest of multi-tools on all your gadgets: your computer, your phone, your tablet…and now, your watch.

That’s right, 1Password for Apple Watch is here, ready to save the world (and, more importantly, your time)!

You don’t need to be an intrepid inspector (or a precocious crime-solver in pigtails) to appreciate the awesomeness of having 1Password on your wrist. 1Password for Apple Watch helps you find the little pieces of secret info you need every day, quickly and easily. If you need the code to open your garage door, one of your one-time passwords, or to look up the Konami Code for those extra lives when playing Contra, 1Password is right there for you.

After a couple months of diligently attending the gym, you’ve earned a coveted private locker. Of course, remembering your locker combination is probably not a priority when you’re counting reps. But if you store that combination in 1Password, it only takes a couple of taps for you to see the combination in 1Password for Apple Watch when you’re back at your

You don’t have to be a secret agent on a mission to see how 1Password for Apple Watch is the best partner your wrist could ask for. No matter what you need to have with you, 1Password for Apple Watch is there.

We’d love to know what sort of items you’re most excited to add to your new Apple Watch! Let us know in the comments or in our discussion forums.

1Password for Apple Watch is included at no additional cost for owners of the Pro Features. If you don’t yet have the Pro Features you can find them in Settings > Pro Features for $9.99.

Hand-Polished 18-karat Cogs & Sprockets

1Password 5.4 for iOS isn’t all about Apple Watch. Our quartermasters have made some other refinements to the app as well. Based on your feedback, the Message Center now has a button to mark everything as read. We also added a toggle to remove the unread badge from the settings tab. We hope you enjoy the tips we’re sharing with you via the Message Center, but this improvement will ensure it’s not distracting you during important covert missions.

1Password’s memorization skills have been fine-tuned, and it will now remember whether you were viewing Favorites or Categories and take you back there when you reopen the app.

With the 5.4 update for 1Password for iOS, quickly accessing your secure information is easier than ever, whether on your wrist, or in your pocket.

Go Go Gadget Ears!

If you want to learn more about 1Password for Apple Watch, the Chief has a message for you. Don’t worry, this one won’t self-destruct! Sign up for our Apple Watch newsletter to get relevant communiques sent directly to your inbox!

Update 2015-04-15: Changed a use case example. 

1Password for Android header

1Password 4.2 for Android: It’s Out of this World

It’s not often in the life of an application that one gets the opportunity to draw inspiration from one of the greatest and most hilarious sci-fi stories of all time. Today, we are incredibly honoured and excited to present 1Password 4.2 for Android. With a custom keyboard; automatic filling in web browsers and third-party apps; and built-in support for viewing time-based, one-time passwords (TOTPs); our newest version of 1Password for Android promises to be approximately 420% more useful than a towel. Read more

1Password for Mac logo

1Password 5.3 for Mac: The Bionic Edition is out!

We last heard from our hero, 1Password for Mac, in version 5.1. Sadly, version 5.2 suffered a tragic accident. The development team refused to give up. “We can rebuild it,” they said. “We have the technology. We have the capability to make the world’s first bionic password manager. 1Password 5.3 for Mac will be that app. Better than it was before. Stronger…Faster…Better.”

We proudly present 1Password 5.3 for Mac, now available for Mac App Store and AgileBits Store customers, and it won’t cost six million dollars (it’s a free update for all 5.x owners).

Two-Steps Stronger

Barcode Scanner With BorderWe recently introduced our TOTP feature — Time-Based One-Time Passwords — in iOS and Windows, and now we’re bringing it to the Mac. TOTPs are increasingly used as an extra layer of security by companies from Dropbox to Tumblr, so now you’re ready for them with 1Password for Mac. To learn how to add TOTP to 1Password for Mac, check out our handy dandy guide and video!

Faster Communication

1Password makes you more secure online, but it also saves you time by logging you in and filling long, tedious forms with a single click. Now it can help you make phone calls and start emails with one click, too.

We’ve added great new features in v5.3 to make it even easier for you to keep in contact with your sidekick. You can click on phone numbers that you’ve added to Identities to start FaceTime Audio or Skype calls, or click on an email address to start emails.

This works not only in the default fields for these in items like Identities and Software Licenses, but also in custom fields.

synapse_brainA Better Brain

Did you know 1Password has a Brain that handles the under-the-hood tasks of figuring out webpages and filling your Logins, Identities, and Credit Cards into forms? In v5.3, we gave the Brain a heavy dose of B and D vitamins, as well as some omega–3 dev classes and shared objects to make it much faster and smarter when filling said forms and generally saving you oodles of time.

Too much more to list

We also implanted a plethora of custom field options, some great 1Password mini nips and tucks, and Secure Notes can now have custom fields and sections.

Actually, I’d love to list all the great stuff we packed into this free update, but there’s a chance such an extensive post might break WordPress. Instead, you can check out the full details in our release notes. To get the update, just hit the Mac App Store’s Updates tab, or for our AgileBits Store version, click 1Password 5 > Check for Updates in the menubar.

Enigma machine

Bcrypt is great, but is password cracking “infeasible”?

There are a lot of technical terms that mean something very specific to cryptographers but often mean something else to everyone else, including security professionals. Years ago I wrote about what it means to say that a cipher is “broken”. Today’s word is “infeasible”.

The news that sparked this lesson is the use of “computationally infeasible” in an announcement by Slack. Slack has announced that their hashed password database had been compromised, and their message was excellent: They clearly described what was available to attackers (usernames, email address, hashed passwords, and possibly phone numbers and contact information users may have added); they offered clear and useful instructions on what users should do (change passwords, enable two-step verification), and described what they have done and what they will be doing. And – most relevant for the technical discussion here – they have told us how the passwords were hashed.

In this case they said:

Slack’s hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that your password could be recreated from the hashed form.

It is terrific that they chose to use bcyrpt for password hashing. bcrypt is among the three password hashing schemes that we recommend for sites and services that must store hashed passwords. The other two are PBKDF2 and scrypt. But Slack’s use of the term “computationally infeasible” here illustrates that one must be very careful when using cryptographic technical terms.

If you have a weak or reused password for Slack, change it immediately. Here is a guide to using 1Password for changing a password. And because the Slack app on iOS makes use of the 1Password App Extension, it is easy to use a strong and unique password for Slack.

Slack 1Password login Slack 1Password extension

If you would like to see how to use Slack’s two-step verification with 1Password take a look at our handy guide on doing just that.


But now back to what is feasible with password hashing.

One way hashing

When services that you log into store your password they should never store those as unencrypted “plaintext”. If they are stored as plaintext it means that anyone who can get their hands on that data file can learn everyone’s passwords. For example, Molly (one of my dogs) uses the same password on Poop Deck as she does on Barkbook. So if Patty (my other dog) learns Molly’s Poop Deck password, she can use it to break into Molly’s Barkbook account as well. This is why it is important not to reuse passwords.

Now suppose that Molly uses the password “rabbit” on Barkbook. (Have I mentioned that Molly is not the smartest dog in the pack?) Barkbook shouldn’t store just “rabbit”, but instead should store a one way hash of rabbit. A cryptographic hash function will transform something like “rabbit” into something like “bQ67vc4yR024FB0j0sAb2WKNbl8=” (base64 encoded).

One of the features of a cryptographic hash function is that it should be quick and easy to compute the hash from the original, but that it should be infeasible to perform the computation in the other direction. That is it should be pretty much impossible to go from “bQ67vc4yR024FB0j0sAb2WKNbl8=” back to “rabbit”. And it is.

Guessing versus reversing

With any halfway decent cryptographic hash function is it infeasible to compute the original from its hash if the original is chosen at random! But if you can make some reasonable guesses about the original then you can use the hash to check your guesses. Because passwords created by humans are not chosen at random, then it does become computationally feasible (and often quite practical) to discover the original based on the hash.

The actual formal definition of “one-way” for a cryptographic hash function, H(x), includes the requirement that x be the output of a uniformly distributed sampling of the domain of H. That is, considering all of the things that you can hash (under some set length), you need to pick something at random.  Otherwise a hash function might be invertible. Human created passwords do not meet that requirement and so the “computational infeasibility” of inverting a one way function isn’t applicable when its input is not chosen at random.

So now let’s correct Slack’s statement:

Slack’s hashing function is bcrypt with a randomly generated salt per-password which makes it computationally infeasible that a randomly created password could be recreated from the hashed form.

Modified Slack statement.

This, of course, is why you should use 1Password’s Strong Password Generator for creating your passwords. When your password is chosen randomly with a large set of possibilities, then it really is computationally infeasible to discover the password from the cryptographic hash.

Slowing down guessing

I mentioned that (for now) bcrypt, scrypt, and PBKDF2 are good choices for password hashing. Once the final results are in from the Password Hashing Competition and the dust has settled, we will probably have a good successor to those three. These are built upon cryptographic hash functions, but are designed for hashing specifically for when their input is not selected randomly.

Because cryptographic hashing is something that we have computers do a lot of, one of the things that we want is that it be fast. We want to be able to perform lots and lots of SHA-256 hashes per second without straining a computer’s memory. But if an attacker is going to be guessing passwords to see if they produce the right hash, we want to slow down the hashing. PBKDF2, scrypt, and bcrypt are all designed to require much more computation than a regular hash function to compute a hash. This can slow down an attacker from performing millions of computations per second to just thousands. The actual speed depends on many things, including the hardware that the attacker brings to bear on the system. scrypt, additionally, places specific demands on memory.

So the use of bcrypt means that attackers will need to do more work than they otherwise would to guess passwords stolen from Slack. That is a good thing, but it is not an “infeasible” amount of work.

What’s infeasible?

I started out by saying that I was going to talk about the word “infeasible”, but so far I have just been using it a lot. This is because its definition is abstract, subtle, and hard. I am not going to give a full definition, but I am going to try to get reasonably close. The discussion that follows is inherently technical, and nobody will blame you if instead of reading further you just wish to watch us pour ice water over ourselves. (Remember, that was a thing just last year.)

Welcome back to this article. It get’s progressively more arcane from this point onward.

The notion of infeasible depends on the relationship between the amount of work the defender has to do to secure the system compared to the amount of work that the attacker has to do to break it. A bank vault may take a minute to unlock if you know the combination, but it may take days to break through if you don’t. With cryptographic systems it can take just a fraction of a second to decrypt data if you have a key, but many times the age of the universe to do so if you don’t have the key.

Security parameters

What we want is the amount of work the attacker has to do to be vastly disproportionate to the work that the defender must do. It turns out that this can be stated mathematically, but first we need to introduce the notion of “security parameter” if we want our definition to stand the test of time instead of depending on the speed and power of current computers. So we will talk about how much work the defender and the attacker have to do in proportion to some security parameter.

Let’s pick, for purposes of exposition, an encryption system that operates at a security parameter of 56. The amount of computation that the the defender has to do to decrypt some data with the key is proportional to 56, but the amount of work that the attacker has to do to decrypt the data without the key is proportional to 2⁵⁶. Fifty-six is much much smaller than 2 raised to the 56th power, but today even 2⁵⁶ operations is within the reach of many attackers. Thirty years ago it was within the reach of just a few.

So now let’s suppose that we want to double this security parameter to 112. How much of a work increase might this cause the defender? You might be thinking that it doubles the cost to the defender, but the system I’m thinking of actually tripled the cost to the defender. Tripling the cost for double the security parameter may not seem like a good deal, but doubling the security parameter increased the work of the attacker by another 2⁵⁶, for a total of 2¹¹². This puts it well outside the reach of even the most resourceful attacker for a long time to come.

When we doubled the security parameter in that example, the work to the defender increased linearly while the work to the attacker increased exponentially. We want the work required of the attacker to increase exponentially with the security parameter while for the defender we increase it linearly or polynomially.

Doing time, time, time in an exponential rhyme

If the security parameter is n, we will tolerate it if the amount of work the defender must do is proportional to na for any a > 1. That’s what we mean when we say the work is “polynomial in n“. So if the work goes up with the square or cube of n we might grumble and seek more practical systems, but no matter how big the power that n is raised to gets, this is still a polynomial expression. An algorithm that works this way is called a “polynomial time algorithm”.

For the attacker we want the number of computations needed to be proptional to an expression in which n is in the exponent. So if the work to the attacker is proportional to b for any b > 1, so that the work is exponential in n. (Those of you who know this stuff, know that I’m leaving some things out and am taking some shortcuts.)

It might seem that a “big” polynomial get us bigger numbers than a “small” exponential, but no matter how much a polynomial function starts out ahead of an exponential, the exponential will always catch up. Let’s compare the exponential  y=1.1ˣ with the polynomial y=x⁶ + 2. For values of x below a few hundred, it looks like the polynomial is the runaway winner.Plot of polynomial taking early lead over exponentialBut we inevitably reach a point where the exponential function catches up. For the particularly examples I’ve given, the exponential catches up with the polynomial when x is about 372.73.

Plot with exponential catching up

Finally, if we go just a bit beyond the point where the exponential overtakes the polynomial, we see that the exponential completely flattens the polynomial.

Plot on scale where exponential flattens polynomial

Some computations will take a number of steps that are polynomial in n (“polynomial time algorithms”), and others will be exponential (“exponential time algorithms”). We say that a task is infeasible if there is no polynomial time algorithm to complete it with a non-negligible chance of success. I have not defined what a non-negligible chance of success is, but as the article appears to be growing in length exponentially, I will leave that discussion for our forums.

When we have this sort of asymmetry, where the work done by the attacker grows exponentially with the security parameter, but grows at most polynomially for the defender, there will always be some security factor beyond which the work to be done by the attacker is so enormously larger than what the defender must do as to just not be an option for any attacker.

Quibbling over terminology

Now that we have a workable definition of “infeasible” and a better understanding of what cryptographic hash functions do, we can take a closer look at Slack’s statement. First let me repeat that their overall statement was excellent, and I fully sympathize with the difficulty involved in writing something about security that is correct, clear, and usable. I’ve taken some shortcuts in my exposition on any number of occasions, and I’ve made my share of errors as well. My point here is not to criticize but instead to use this as an opportunity to explain.

Given what we believe about cryptographic hash functions it is infeasible to discover x if you are only given the hash of x but only if x is chosen at random. Furthermore this is true of any (decent) cryptographic hash function and is not limited to the slow functions that are recommended for password hashing. That is, we don’t need bcrypt or PBKDF2 for that property to hold.

The limits of slow hashes

Slow hashes – specifically designed for password hashing – are built because we know that passwords are not chosen at random and so are subject to guessing attacks. But slow hashes have their limits, and with the notions that have been introduced above, we can now talk about them more clearly. Using a slow hash like PBKDF2 slows things down for both the attacker and for the defender. And the amount of slow-down is roughly the same for both the attacker and for the defender.

If we increase the security parameter (number of iterations) for PBKDF2 the computational cost rises linearly for both the attacker and for the defender. This is unlike the security parameters we use elsewhere in cryptography, where we would like a small (linear or perhaps polynomial) increase in cost to the defender to create a large (exponential) increase for the attacker.

Let’s see how that works out with a concrete, if hypothetical, example. Suppose it is using 40,000 PBKDF2 iterations. Now suppose that you add a really randomly chosen digit to the end of your Master Password. Adding a single random digit will make an attacker do 10 times the amount of work that they would have to do to crack the original password. Adding two digits would make the attacker have to do 100 times the work of the original. Making a password just a little bit longer (with random stuff) makes the work required by the attacker increase exponentially. That is the kind of proportion of work that we like.

Now suppose 1Password uses 40,000 PBKDF2 iterations in deriving your Master Password. To get the same additional work as adding a single digit to your password, you would need to increase the number of PBKDF2 iterations to 400,000. And to get the equivalent of adding two digits, you would need to increase the number of iterations to 4,000,000. Once we have a goodly amount of PBKDF2 iterations, there isn’t that much gained by increasing it by an additional ten or twenty thousand. But there is much to be gained by even a small improvement in a Master Password.

PBKDF2 is terrific, and it is an important part of the defense that 1Password offers if an attacker gets a hold of your encrypted data. But you must still pick a good Master Password because the security parameter is linear for both the defender and the attacker. Unless there is a breakthrough in the slow hashing competition, a strong Master Password will always be required in order to ensure your security can withstand the test of time.

1Password 4 for iOS icon

1Password 5.3 for iOS: The Extended Brainiac Edition is out!

This major, free update to 1Password for iOS is so awesome, we thought about pulling a Harry Potter and releasing it in two parts. But when Apple told us Daniel Radcliffe wasn’t available, and they didn’t even have his number in the first place, we just had to give it all to you at once.

A 400 percent better App Extension

1P iOS 5.3 App Extension CC Identities borderYou know how our App Extension can fill Logins into Safari, our own 1Browser, and hundreds of other apps with a single tap? Now it can also:

  • fill Identities
  • fill Credit Cards
  • create new Logins when you’re signing up for new services
  • show all Logins if none are found for the current app (App Extension only)

It’s all in the name of saving you even more time when logging in and now filling long forms and shopping carts.

A brand new Brain

We affectionately call 1Password’s under-the-hood tools and form-filling logic the “Brain,” and we gave it a huge upgrade in 5.3. It’s much smarter about matching websites and subdomains and fills forms even faster.

We need to talk

OPI 5.3 Message Center

There is so much great stuff going on with 1Password that we added a new Message Center to keep you in the know. It brings you 1Password news and tips right in our in-app Settings. Don’t worry, Push Notifications need not apply.

So, so much more

We added Large Type so you can view usernames and passwords in Jumbo Size, and we fixed a couple Zoom Mode bugs and a crash for iPhone 6 Plus users. Truly, there is a mountain of improvements you can check out in the full release notes.

Our free 1Password 5.3 for iOS update is now live in the App Store, so take it for a spin and let us know what you think on TwitterFacebook, and in our newly redesigned forums!

An Open Letter from AgileBits

An open letter to banks

Update (2015-04-02): TD Canada Trust updated their iPhone app today re-enabling pasting in the login fields. It’s a great first step toward friendliness with security-conscious customers and password managers.

TD Canada Trust made quite a splash recently when it launched its redesigned iPhone app which disabled pasting in the password field. Users who embrace password managers for their online security were quick to point out their … well, ‘unhappiness’ with this decision. TD Canada’s original response to those users was unsettling:

Hi Steve, thx for stopping by. For ur security, your password should be committed to memory rather than using a password mgr. ^SB

The original tweet has since been deleted by @TD_Canada.

For those of us who rely on 1Password (and other password managers) on a daily basis, this advice is completely cringe-worthy … unfortunately, it’s really not all that uncommon in the banking world. Many banking and financial sites implement restrictions on password length, require certain special characters to be present, and put in place various ‘security theatre’ measures on their websites that do little for increasing user security, while ultimately making it more difficult for users to rely on password managers to fill their complex passwords in on the site. Why do they do this? Well, it’s difficult to know for sure, although our Chief Defender Against the Dark Arts does have a theory on the matter.

With the conversation about online security and banking so fresh in everyone’s minds, I thought now would be a great time to send a message out to banks and financial institutions everywhere to encourage them to to take users’ security more seriously. I’m writing this not only as a member of the 1Password team who deals with security issues on a daily basis, but also as a concerned customer who just wants simple and secure access to her data.

Dear banks,

I know that you have my best interests at heart.

I know that you’ve worked hard to put ‘safeguards’ into place (such as disabling pasting into password fields, obfuscating usernames, spreading the login process across multiple pages and “please input the nth character of your password” fields) to thwart various types of attacks.

But the truth is that these ‘security measures’ are not actually helping your users.

Do you know what would really help your users? Long, random passwords.

Using long, random, and unique passwords is the best defense that we, your users, have against attackers. This advice is true for every site we have to sign in to these days … and believe me, we sign in to a lot more than just our financial sites. Keeping 100 or so strong and unique passwords memorized is not only a silly suggestion, it’s nearly impossible for all but the most savant-ish of us. Password managers help us increase our security by remembering these unique passwords for us, keeping them stored securely, and filling them in on websites so we don’t have to.

Many of the ‘security measures’ you have put into place serve only to make it much more difficult for those of us who rely on password managers. Password managers are not your enemy here. In fact, encouraging the use of trusted password managers will do more for your users’ security than any of the measures you currently have in place.

You have an awesome opportunity here. Take the time to educate your users on the value of true security. Encourage users to adopt long, random, and unique passwords that never need to be stored in their brains. Make it easy for password managers to store and fill these secure passwords for your users (in web browsers as well as in mobile apps).

Now, it just so happens that there is a very simple way that you can give your users easy access to their banking data in your mobile apps. We’ve written an App Extension API that can be added to your iOS app in 3 easy steps. The app extension will allow users to select their password manager of choice and fill their complex passwords into your form, with no typing required.

1Password has been giving people control over passwords for almost 10 years now, and it truly is a wonderful thing. Our team built 1Password around the idea that being secure should never be compromised for convenience. We’ve been advocating for stronger, safer passwords for years, and we’d be so happy if you stood with us.

For now, passwords are a necessary evil. Remembering them shouldn’t have to be.

Please help us increase awareness of online security. Your users will be ever-so-grateful that you are taking their security seriously, and you’ll be making their lives a lot simpler too.

Signed, a hopeful user.

Since TD’s original response last week, they seem to have had a change of heart. A tweet from @TD_Canada on Saturday indicates that they are in fact working on an update that will allow copy and paste within their app … and possibly considering integrating password managers.

Hi Rick, we're working on providing our customers w/ the option to use copy/paste & PW managers. No dates to share yet. ^SK

This is incredible news! Without seeing the update, it’s hard to know exactly what they have in store for users, but they have a great opportunity here to set the standard for banking apps and give other financial institutions a secure example to follow. I’m excited to see what they come out with!

If you believe as I do that banks should add 1Password (and other password manager) integration to their iOS apps, please consider sharing this open letter with your bank. #BanksNeed1Password