Windows v4 blog

1Password 4.1.0.538 for Windows gets TOTP, more control

Yep, it was a busy holiday season and early 2015 for us. We have a lot planned for 2015, and rolling out support for TOTP—Time-Based One-Time Passwords—to our Windows customers is just the next big step.

Available in our latest Windows update, 1Password 4 for Windows joins our iOS version with support for creating and managing TOTPs. A growing number of services implement them as a secondary layer of security, and you can learn more about this system at TwoFactorAuth.org.

We also packed in support for Terminal Services and Citrix, polished up the Quick Start and Welcome process for new customers, improved the Dropbox vault picker, and improved plenty of other stuff.

You can see the full list of changes in our release notes, or fire up 1Password’s in-app updater to get the details. Let us know what you think on Twitter @1Password and on Facebook.com/1Password, and stay in touch with the AgileBits Newsletter!

1Password 4 for iOS icon

1Password 5.2 for iOS: The Awesomesauce Edition is here

OPI 5.2 jar of AwesomesauceThe holiday season may be over, but we saved your best present for last! Well, at least the best present with ‘AgileBits’ printed on it somewhere. 1Password 5.2 for iOS is now making its way to the App Store, and we even saved you the time to unwrap it.

(Get it? Because software is digital and therefore impossible to wrap with paper.)

This free update goes out to our new customers and Pro feature owners. To start, we added our first-ever Login Creator, a really slick new tool that makes it easy, dare I even say fun, to add your existing Logins to 1Password and get a feel for how much time it can save you.

Login Creator has a polished workflow for hundreds of sites and services, and we hope it makes getting started with 1Password even easier.

1P iOS Login Creator

For our Pro feature owners, let’s start with a new One-Time Password tool. This helps you sign into a growing number of services (like Amazon and Tumblr) that support a secondary, randomized password for that extra… je ne sais quoi. You can learn more about One-Time Passwords at TwoFactorAuth.org.

1P iOS OTP

Pro owners can now also delete attachments from the item editor and add many new custom field types like addresses, dates, and month/year.

Rounding up this release are plenty of additions in the 1Password App Extension, design, sync, Accessibility, and translation departments. You can check out the full iOS changelog if you want all the details or skip straight to the App Store and pick up the latest and greatest 1Password for iOS!

While you’re there, please take a minute to give us a great review—it helps more than you may know! Finally, let us know what you think of this release on Twitter and Facebook, and stay in touch with the Agile Newsletter.

1Password for Mac logo

1Password 5.1 for Mac: The Syncerrific Edition is here

Judging from the title, you might think this update is about Watchtower enhancements or properly formatting credit card numbers, but you would be only half right! 1Password 5.1 for Mac, rolling out now to the the AgileBits Store and Mac App Store, is all about sync.

In short, we completely overhauled how you manage sync for your primary and secondary vaults to save you time. In Preferences > Sync, you can now view all your vaults and how they sync, and change sync methods with a click.

OPM5 new sync pane

Wi-Fi Sync users also get a whole new Preferences pane that makes setup much easier. Oh, and secondary vaults can now sync via Wi-Fi!

We packed lots of other great changes into v5.1 for Mac, from copying addresses in Identities with just a click to support for Portuguese. You can view the full changelog for all the details.

1Password 5.1 for Mac is a free update available now for all v5 owners. If you’re a Mac App Store customer, please leave us a great rating and review, they really help!

As always, let us know what you think on Twitter and Facebook, and stay in touch with the AgileBits newsletter!

Jimmy_Kimmel_Live_hero

People accidentally tell their passwords to Jimmy Kimmel and the world

See? This is why you don’t use your pet’s name and high school graduation year for your password. Because you’ll end up on Jimmy Kimmel Live, telling it to the entire world.

To stay safe online, you want good, strong, unique passwords for all your accounts. That’s where 1Password‘s Strong Password Generator for Mac, iOS, Windows, and Android has you covered.

Homescreen icon

Check out the other apps on 1Password user #Homescreens!

Homescreen iconA little while ago, the fine folks at Betaworks released a clever app called #Homescreen. With a tap, you can share a screenshot and list of apps on your homescreen with your Twitter pals, then check out everyone’s apps at homescreen.is.

But #Homescreen’s cleverness runs much deeper. Not only can you click each app and check it out in the App Store, you can see some really cool stats (like 1Password is on 23 percent of homescreens!) and even all the other apps used by, say, the 1Password community.

Turns out 1Password is in some great company! Of course, Facebook and Twitter are there, and so are great apps (and favorites among AgileBits staff) like Fantastical, Day One, and Reeder. There’s also Slack (which we love for office chat), Launch Center Pro, Workflow, and Mailbox, and the list goes on. It’s also dynamically generated as more people share their homescreens, so it might even change over time.

Check out the full list of apps your 1Password comrades use, there are plenty of gems to discover! Give #Homescreen a try too—it’s a smart, simple way to learn more about your fellow homescreens.

2014 Top 100 Emails - Campaign Monitor

We sent one of the top 100 emails of 2014!

One of the things we love most about this job is talking to you, our customers. We’re on the Twitters and Facebooks, but we also love making and designing the occasional email newsletter for our one million subscribers. Apparently we’re doing something right, too, because our newsletter service, Campaign Monitor, just announced that we sent one of the Top 100 Emails of 2014!

To be specific, our Heartbleed newsletter was quite popular, hopefully because we helped explain what was going on and, of course, whether 1Password was affected (spoiler: it wasn’t). If you scroll to the bottom of our entry there, you’ll see Campaign Monitor gave us good marks for knowing how to balance our design and message, as well as founder (and Chief Newsletter Writer) Dave Teare’s personal touch.

We send just a handful of newsletters per year. Sometimes we even include goodies, such as a free copy of The Email Field Guide by David Sparks in our Thanksgiving newsletter last month.

In fact, Dave’s preparing our Christmas newsletter as you read this, and I hear it will include a gift. If you have yet to experience an AgileBits newsletter, right now is, quite literally, the perfect time to subscribe and get a party in your inbox!

Thanks to Campaign Monitor for the kind words, and thanks to everyone for subscribing!

iMore Best 2014 Awards

iMore names 1Password 5 for iOS an App of the Year for 2014!

It isn’t every day that we have a chance at winning a best-of-the-year award from iMore. In fact, I am told that the opportunity comes only once a year.

And this year we won!

We are thrilled and thankful and just plain touched that iMore named 1Password 5 as the iOS Utility App of the Year for 2014, and 1Password 5 for Mac as a runner-up for Mac Utility App of the Year!

iMore reviewed and listed a ton of stuff for its awards this year, from apps to accessories for both iOS and the Mac. It’s a great list from a bunch of smart folks, so be sure to give the entire thing a look!

1P Emergency Kit v3

Incredible 1Password users release 1Password Emergency Kit 3.0

The 1Password Emergency Kit is a clever PDF created by some of our brilliant users to help families and friends during unfortunate times. Invented by Mike Vardy at Productivityist a couple years ago, it recently reached version 3 and looks even more useful.

The idea behind this user-created Emergency Kit is simple: we create a will and place sensitive items in safe deposit boxes in case something happens to us. But with so much of our lives these days depending on the internet, many of us want a way to make 1Password part of these plans.

Thanks to Productivityist reader and 1Password user Charles Hamons, the 1Password Emergency Kit v3 is now a fillable PDF and includes space for even more useful information, such as locations of multiple vaults (and their Master Passwords) and even instructions for what to do with one’s social media accounts.

Admittedly, this isn’t quite a fun or exciting feature to boast about. But we are absolutely thankful for the work of Mike Vardy, Charles Hamons, and others in the community for building a useful 1Password tool that can help immensely during one of the most painful times in our lives.

App_Store_Best_of_2014

Apple lists 1Password among the App Store Best of 2014

App_Store_Best_of_2014

We are amazed, humbled, and absolutely thrilled that Apple has listed 1Password among the App Store Best of 2014 for iPhone and iPad!

We’re listed alongside some incredible peers, too, from Storehouse to Xcom: Enemy Within, Litely to NYT Now. Apple sure does know how to pick ’em.

We are especially honored since v5 was both a major feature release and a huge step in taking 1Password for iOS freemium. We added some of our best features ever—like Touch ID and App Extension support for other apps— and we made 1Password 5 for iOS free to start using for new customers. Now, everyone can enjoy 1Password’s security and convenience, then unlock their full potential with a single, one-time in-app purchase.

We might be biased, but we agree that makes 1Password worthy of a Best App of 2014 spot. Thanks to you, our customers, for getting us here!

Watchtower icon 1024

Viewing Drupal from the 1Password Watchtower

1Password WatchtowerWhen a large number of websites are discovered to have been vulnerable, as is the case with websites running recent versions of Drupal, people need clear and unambiguous advice that you can act on. And so, our clear and unambiguous advice is:

If you have a username and password on a site which has been using Drupal for its content management, you should change that password. You will need to change that password everywhere you use it, not just on the potentially affected sites.

Our Watchtower service within 1Password for Mac and Windows will recommend password changes for a number of sites that we detect as using Drupal. Here you can see what that will look like.

Drupal Watchtower example

We should also make it clear that none of our systems are affected by the Drupal vulnerability. We don’t use Drupal.

Site administrators know best

We don’t know the status of any particular site other than it appears to be running Drupal. Therefore, if our advice conflicts with advice you received from the administrators of a site, follow their recommendations.

We don’t know when a site gets fixed

Some vulnerable Drupal systems may have been fixed on October 15. Others may still not be fixed yet. Our tests are only capable of determining whether a website is using Drupal (and even that test is imperfect).

Merely patching Drupal is not sufficient for sites that may have been compromised. That is because an attacker using the vulnerability may have left a “backdoor” in a site allowing them back in even after the original vulnerability has been fixed. This makes it yet more difficult to determine whether a site remains vulnerable.

We don’t know if a site has been compromised

Drupal icon 400pxJust because a site has been vulnerable doesn’t mean that it has been compromised. However, it appears that automated attacks have been systematically breaking into vulnerable sites and planting “back doors” that would allow the attacker a way back in at any time in the future. So we should assume that most Drupal sites which weren’t patched very quickly on October 15 have been compromised.

A password compromised anywhere must be changed everywhere

If you reuse the same password on more than one site, you will have some extra work cut out for you. Let me explain why.

Suppose that Molly (one of my dogs) has used the same password on Bark Book as she does on Sprayed By a Mink Anonymous, and let’s also suppose that Bark Book gets compromised by Mr Talk (the neighbor’s cat).  Molly will need to change her password on both the compromised site (BarkBook.com) and on the uncompromised site (SprayedByMinkAnon.org) . That is because Mr Talk can use what he has learned from Bark Book against all of the sites and services that he thinks that Molly may be using. I must also report that Mr Talk, along with everyone down wind, can easily guess that Molly may well be visiting SprayedByMinkAnon.org.

Molly should take this opportunity to work towards having a unique password for each and every service. 1Password will remember those for her. The closer she gets to having a unique password for each site, the less of a headache the next big incident will be.