Posts

Introducing native messaging for the 1Password extension

I’m really excited to announce a brand new way for 1Password to save and fill in browsers. It’s not a new feature, and chances are you won’t even notice it. It’s called native messaging, and it changes the way 1Password integrates with your browser. In fact, if you use 1Password with Google Chrome, you might already be using it.1

Native messaging makes the 1Password extension faster, more stable, and more compatible in more situations. It improves the performance and reliability of the 1Password extension, and it’s the end result of talking with thousands of 1Password users over the years.

Once upon a time…


When the 1Password extension made its debut for Chrome in 2012, the options for browser extensions to talk to apps were limited. We settled on an approach using WebSockets, which creates a network connection on your computer between 1Password and the browser. Although it’s technically a network connection, the data is only transmitted locally and never leaves your computer. This served us well in the vast majority of cases, but for a significant number people, this connection was unreliable. Proxies, antivirus, and other security software could interfere with the connection and prevent saving and filling. These conflicts caused a lot of pain, especially for Windows users. Over time, it became clear that we needed a better approach.

Enter native messaging

Thankfully, Google led the way and introduced that better approach. Native messaging is a more direct way for browser extensions to communicate with apps. Unlike WebSockets, it doesn’t rely on creating a network connection between your computer and itself.

With native messaging, no longer is Chrome’s connection to 1Password subject to the vagaries of your network and computing environment. No matter how you’ve configured your computer, if you can run 1Password and Chrome, then native messaging will work for you. Last year, we began the transition to replace WebSockets with native messaging. In order for 1Password to use native messaging, we needed to update the extension and the apps. So in April, we released a version of the 1Password extension for Chrome with support for native messaging. Since then, all current versions of 1Password for Mac and Windows have been updated to use the new technology.

What will change?

If you notice any changes, they should only be positive. Communication is nearly instant, and you’ll be able to use the extension as soon as you open your browser. Native messaging removes entire classes of problems that have affected 1Password users for a long time. Conflicts with network proxies and firewalls in corporate computing environments, ad blocking software, and even productivity tools that lock you out of distracting sites should be a thing of the past. Security software that gets spooked by local network connections should relax down from red alert. And many less common scenarios will work much better with native mesaging as well.

How do I get it?!


The first thing to do is check for updates in 1Password to make sure you’re using the latest version available. The latest releases of 1Password all include native messaging. We even updated 1Password 4 for Windows to make sure everyone can take advantage of this advancement on both Mac and Windows. 1Password has built-in support for Google Chrome and many other browsers based on Chrome, like Opera. If you’re using a supported browser, 1Password will switch to native messaging immediately.

Some Chrome-based browsers are supported but require additional configuration to work with native messaging. See our support article for more details.

Conclusion

Native messaging is the future for the 1Password extension. For now it’s supported in Chrome, but support will be coming soon to other browsers like Firefox and Edge. We’ll let you know when native messaging arrives on new browsers — and stay tuned for more posts about the 1Password extension. There’s a lot of exciting stuff going on that I can’t wait to share with you. For now, I’d love to hear your thoughts about native messaging in the comments, and you can always connect with me and the rest of the extension team in the forum.


  1. I will use Chrome as a shorthand for Chrome and browsers based on
    Chromium such as Opera and Vivaldi throughout this post unless there are
    specific differences to note. 

Web View Filling ups the awesome factor of the 1Password App Extension

App Developers, this one’s for you!

Since the introduction of the 1Password App Extension API, support for the extension has been added to over 200 apps. We are so excited by this show of support from the development community that we decided to add functionality to the App Extension API to make it even more useful for you and more powerful for your users.

Version 1.5 = (Web View Filling)^2

As most of you already know, the 1Password Extension was originally designed to fill login details (usernames and passwords) in Safari and third-party applications. Thus far, the primary use of 1Password in third-party apps has been to sign in, which means that users likely invoke 1Password only once, right after installing your app.

In the latest update, we’ve made the app extension more powerful and more versatile. I am happy to introduce you to the redesigned Web View Filling capability of the 1Password App Extension API, which will enable your users to use 1Password to fill not only Logins, but also Credit Cards and Identities in any of your app’s web views.

From a technical point of view, this updated capability works in a similar fashion to the original Web View Filling: it can fill 1Password items in web views. However, to get the best user experience from the 1Password Extension, we should treat it as two distinct capabilities. Let’s take a quick look at what makes these two options unique, so that you can determine the best choice for your use case.

Scenario 1: Authentication

Let’s say users have to sign in to a service before they can use your app. When the user opens your app, they are presented with a web view in which they can enter their username and password to log in. In this case, you do not want the user to be distracted or confused by Credit Card and Identity items. You only want the Login for the service to show up in the 1Password Extension so the user can log in quickly.

Login selection screen using app extension API 1.5

Scenario 2: Web Browsing

  • Can your users purchase items from your web store?
  • Can your users sign up for a service by entering their information in to a web view?
  • Does your app have a built-in browser?
  • Does your app have billing and/or shipping forms for users to fill?
  • Would you like the 1Password Extension to show in the share sheet?

If you answered “yes” to at least one of the above questions, consider adding support for 1Password using the wonderful new Web View Filling capability, which will enable you to permit the filling of Credit Cards and Identities. You will also benefit from the fantastic new Brain filling logic we use in 1Browser and Safari.

This capability will help make your users’ browsing experience simple and secure by filling Login details, Credit Card items and Identities.

Fill Login, Credit Card, and Identity info when using app extension API 1.5

The Code

Choosing between the two scenarios is very easy: simply decide whether you want to show the Credit Cards and Identities that the user has stored in 1Password. To show only 1Password Login items in the 1Password app extension, pass YES as the parameter for showOnlyLogins. To unlock the full awesomeness of the 1Password app extension and take advantage of the new Web View Filling of Logins, Credit Cards and Identities, pass NO. That’s really all there is to it!

- (IBAction)fillUsing1Password:(id)sender {
    [[OnePasswordExtension sharedExtension] fillItemIntoWebView:self.webView forViewController:self sender:sender showOnlyLogins:NO completion:^(BOOL success, NSError *error) {
        if (!success) {
            NSLog(@"Failed to fill into webview: <%@>", error);
        }
    }];
}

1Password ❤ App Developers

I want to take this opportunity to thank all of you app developers who have already added the 1Password app extension to your apps; you’re awesome! This new functionality gives you the chance to make security even more convenient for your users, and I can’t wait to see how you use it. Please don’t forget to submit your app to our Apps ❤ 1Password directory.

A newsletter just for you

You can also subscribe to our 1Password App Extension Developers newsletter. We’ll send you an occasional newsletter containing 1Password App Extension news, updates, and tricks, to help you realize the full potential of the 1Password Extension API in your iOS apps.

If you have any questions, you can comment on our GitHub project or email support+appex@agilebits.com. I look forward to talking to you!

Improved locking in 1Password 5.5 for iOS

Security and convenience

One of the coolest features in 1Password for iOS is the extension. For nearly a year, it’s been really easy to log in to participating apps without having to copy and paste usernames and passwords. Shopping in Safari is also a breeze, now that you can add items to your cart, then fill in your credit card and address with just a couple of taps. The icing on this cake is that you can log in to 1Password using Touch ID instead of tapping out a PIN or your entire Master Password over and over again.

Integral to the extension is the 1Password Lock Service, which determines how often you’re prompted to unlock the app and whether you’re prompted to use quick unlock (Touch ID or PIN Code) or your full Master Password. Thanks to the feedback you’ve provided, the Lock Service has gone through a couple of transformations since iOS 8 was released last fall. The latest update to 1Password is no exception and includes some major improvements that we’re sure you’ll love!

Touch ID: The star of the show

When Apple announced Touch ID on the iPhone 5s in 2013, we knew it would be the perfect way to unlock 1Password for iOS quickly and securely. It took a year before we were able to integrate it, but it was definitely worth the wait!

1Password for iOS Touch ID lock screen

In previous versions of 1Password, cancelling the Touch ID prompt cleared your Master Password from the iOS Keychain, which meant that you would have to enter your Master Password before you could use Touch ID again. This was inconvenient, especially when your goal was just to dismiss the Touch ID prompt without unlocking 1Password.

In version 5.1, we decided to force quit the main app and dismiss the extension when the Touch ID prompt was canceled. It seemed like a good idea, but it was confusing because it looked like the app was crashing. So we went back to the drawing board.

In 1Password 5.5, canceling Touch ID will cause 1Password to display the Master Password prompt, but your password won’t be cleared from the iOS Keychain. This means that you will be able to use Touch ID the next time you open 1Password without typing your Master Password; all you need to do is to tap the fingerprint icon to bring up the prompt.

1Password 5.5 for iOS Master Password lock screen with Touch ID icon

Lock Service: Centralized and better than ever

In 1Password 5.5 for iOS, we have created a “central” Lock Service that is shared between 1Password and its extension. The extension will now use the settings you have specified in the main app. Additionally, when you unlock the 1Password extension, you will also unlock the main app (and vice versa). Those of you who use 1Password on Mac will probably notice that this is similar to the way 1Password and 1Password mini lock and unlock in unison.

As long as you have Lock on Exit disabled, you will no longer be prompted to unlock 1Password moments after you unlock the extension in Safari. Depending upon your Auto-Lock settings, it may be as long as an hour before you’re prompted to unlock 1Password again.

1Password 5 for iOS security settings

iOS Keychain + 1Password Extension = ❤️

In previous versions of 1Password, the extension never saved the Master Password to the iOS keychain. This meant that if your Master Password were cleared from the iOS keychain (like when you restart your iPhone or iPad), you would have to launch the main 1Password app and enter your Master Password before you’d be able to use quick unlock. Entering your Master Password in the extension would allow you to access your vault, but you’d have to keep reentering your Master Password until you finally unlocked the main 1Password app.

Now it doesn’t matter if your Master Password is cleared from the iOS keychain! If you have quick unlock enabled, you’ll just need to enter your Master Password in either the extension or main app—once. After that, you’ll be able to use quick unlock until the next time your Master Password is wiped from the keychain.

It’s taken some time and experimentation to get the main 1Password app and the extension working together just so, but we think our latest changes offer a balance of security and convenience. We hope you’re as happy with this update as we are! We’d love to hear your thoughts in the comments and in our discussion forums.

A big 1Password extension 3.9 update is out!

Are you sitting down? Ok, you folks who stand while you work—don’t answer that. Regardless, if you’re reading this in Safari, Chrome, or Firefox, we have a great new 1Password browser extension release for you.

Fresh out of beta is version 3.9 of our browser extension, and boy it’s a doozy. We added support for multiple profiles to Firefox and Chrome, and domain matching is, as they say in the car industry, “all new,” except we actually mean it. We completely rewrote it to watch out for things like subdomains and international domains.

All told, we added over 20 new features, changes, fixes, and bits of TLC in this extension update, and you can read all the details if so inclined. As for how to get it:

  • If you already have our new 1Password browser extension installed, your browser should update automatically, if it hasn’t already
  • If you need to install our extension on Mac or PC (Windows Firefox users—your wait is almost over, promise!), just open 1Password’s Preferences to the Browsers pane, click Install Browser Extensions, and follow the instructions on the webpage that opens

We hope you enjoy the new extension, and let us know what you think!

1Password Power Tip [Mac]: Create a 1Click Bookmark

Know what’s fast? Typing in a URL, then hitting Command-\ to automatically fill your 1Password Login and randomized password to get on with what you’re doing. Know what’s even faster? Clicking a single bookmark to have all that work done for you.

Nerd blogger Brett Kelly, productive podcast Back to Work, TUAW, and Lifehacker have recently mentioned one of our best “guy-behind-the-guy” features in 1Password for Mac, one that is super handy but probably doesn’t get enough of the credit it deserves: 1Password’s “1Click Bookmark.”

Long story short: you can add a button for any site to your browser toolbar that—in one fell swoop click—both opens a website and logs you into it. How do you attain such 1Password awesomeness? Simple:

  1. Find a Login in the main 1Password app that you want to access quickly
  2. Drag it from 1Password to the bookmarks bar of any browser we make an extension for

It’s. that. simple.

From now on, you can click your awesome new 1Click Bookmark (or bookmarks—create as many as you want!) to open its site in the current tab and login right away  (though if the 1Password extension is locked, you’ll need to enter your Master Password). This is especially handy if you have multiple Logins for a site, because the bookmark you create calls on the specific Login that you dragged from 1Password.

If you want to know more about 1Click Bookmarks, check out our help doc about them or swing on by posts at Nerd Gap, Lifehacker, and TUAW.

1Password extension gets Firefox import, some nips and tucks

You’d think our developers would take some time off over the holidays. You know, put down Xcode and pick up their child, a Michael Bublé album, and some eggnog.

You would be half right.

Our resident code architects somehow found time over the last few days to polish an update to our new 1Password extension for Safari, Firefox, and Chrome on Mac, as well as Safari and Chrome on Windows (Firefox for Windows support is still on the way for the new extension, but those customers can still install the previous extension from 1Password’s preferences).

1Password extension 3.8.9 gained some great improvements to Autosubmit (especially on sites like iCloud.com and iWork.com) and better mouse interaction. But there’s a big new feature too: “Import Saved Firefox Passwords.” As the name suggests, there is a new button in the extension’s Settings panel that allows you to import Logins from Firefox’s built-in password manager.

Now I know what some of you are about to ask: “So when will Safari and Chrome get this?” We can’t promise anything just yet, because due to the way those browsers stored your Logins before you installed 1Password, they’re tougher challenges. Rest assured, we’re working on it, so stay tuned.

Your browser should automatically update your 1Password extension to this v3.8.9 update, but you might need to check your browser’s extension manager to make sure automatic updates are installed. Here’s the full changelog:

New

Added “Import Saved Firefox Passwords” button in Settings to automatically import passwords from Firefox’s internal password manager.

Changed

  • Improved Autosubmit algorithm, including websites like iCloud.com and iWork.com.
  • Updated Firefox Add-on SDK (Jetpack) to latest version.Using “Helper” instead of “Agent” in messages shown to the user.
  • Added the ability to disable unlock animations to work around a freezing issue in Chrome.
  • To disable unlock animations, go to the Settings > About and click the 1Password icon to reveal the Advanced settings.

Fixed

  • Logins within the All Logins section now highlight during mouseover and properly reveal the View Details arrow.
  • Changed supported Firefox’s max-version “12.*” to “12.0a1” to avoid being marked as incompatible.
  • Password generator sliders in Firefox now update the generated password.
  • Now properly filling Logins on sites that (incorrectly) use the same HTML element id for multiple input fields. For example, NAB Internet Banking.