1Password 7 for Mac Launching Today With Redesigned Sidebar, Easier Access to Vaults, and Much More

[AGKyle]

@AGKyle I did have a question, in the post you quoted....

View attachment 762534

Ah, my fault, I should take up drinking coffee apparently.

If you use Chrome or Firefox you can use our new 1Password X extension. If you search for it in their respective extension galleries you'll find it there. You'll just sign into your account within the extension and your data will appear.

If you use Safari or Firefox or Chrome, you can use our "normal" extension, it's not old or legacy or anything but it depends on having the native app installed as it gets it's data directly from the app. This is what most users have been using for years now (1Password X is new, but only works with 1Password.com Accounts).

Linux use will only work with Chrome and Firefox via the 1Password X extension, but you also have the option of using our Command Line Interface.

App required extension here: https://1password.com/browsers/

Hope that helps and sorry for missing your question there.

Informative link. Thank you.

I see the effort and care to minimize possible exploits in the description. But I don’t personally feel that it goes far enough. I don’t say that to discredit obviously talented programmers. But I don’t feel it’s secure enough for my preferences.

Whether theoretical or practical, I feel like there’s greater risk involved than my current method (which doesn’t involve any transmission of passwords except on an individual site by site manual entry) and no central cache of all my passwords online.

You can read about the Api specifically here: https://haveibeenpwned.com/API/v2

You can disable this feature in the Watchtower pane of preferences if you wish. But everyone on our team is using it and we wouldn't use it if it wasn't a secure solution. I think Troy Hunt is an incredibly smart guy and he discusses a lot of the security of this here. You may find more fun questions and details in the comments.

 

[einsteinbqat]

Is 1Password.eu up and running, for users wanting to store on non-North American servers, if so how does the signup work? And are there any limitations in using it over the N.American sites?

Been running for a while now. You can use 1password.ca if you don't want your data to be stored on US soil. Servers are in Canada.

 

[S.B.G]

Ah, my fault, I should take up drinking coffee apparently.

If you use Chrome or Firefox you can use our new 1Password X extension. If you search for it in their respective extension galleries you'll find it there. You'll just sign into your account within the extension and your data will appear.

If you use Safari or Firefox or Chrome, you can use our "normal" extension, it's not old or legacy or anything but it depends on having the native app installed as it gets it's data directly from the app. This is what most users have been using for years now (1Password X is new, but only works with 1Password.com Accounts).

Linux use will only work with Chrome and Firefox via the 1Password X extension, but you also have the option of using our Command Line Interface.

Hope that helps and sorry for missing your question there.

Awesome, thank you for the reply!

I'll have to look into the CLI bit for Linux.

 

[flyinmac]

Ah, my fault, I should take up drinking coffee apparently.

If you use Chrome or Firefox you can use our new 1Password X extension. If you search for it in their respective extension galleries you'll find it there. You'll just sign into your account within the extension and your data will appear.

If you use Safari or Firefox or Chrome, you can use our "normal" extension, it's not old or legacy or anything but it depends on having the native app installed as it gets it's data directly from the app. This is what most users have been using for years now (1Password X is new, but only works with 1Password.com Accounts).

Linux use will only work with Chrome and Firefox via the 1Password X extension, but you also have the option of using our Command Line Interface.

Hope that helps and sorry for missing your question there.



You can read about the Api specifically here: https://haveibeenpwned.com/API/v2

You can disable this feature in the Watchtower pane of preferences if you wish. But everyone on our team is using it and we wouldn't use it if it wasn't a secure solution. I think Troy Hunt is an incredibly smart guy and he discusses a lot of the security of this here. You may find more fun questions and details in the comments.

Ok. I’ll check into that.

I also appreciate seeing developers active in discussions. Regardless of how each of us may decide, it’s good to see active participation.

 

[AGKyle]

Awesome, thank you for the reply!

I'll have to look into the CLI bit for Linux.

Details on the CLI are here: https://discussions.agilebits.com/categories/cli

Sorry again for missing your question though!

Ok. I’ll check into that.

I also appreciate seeing developers active in discussions. Regardless of how each of us may decide, it’s good to see active participation.

My pleasure. It's not always pretty over here on this forum but we try to at least make sure we're around to help answer questions, particularly on days like today with a new major release out.

 

[Stella]

1Password has been one of my most used applications, which I use for home and work. Unlike Apple's keychain, 1Password is multi-browser, multi-platform, both desktop and mobile, and not tied to iCloud storage either.

 

[Naaaaak]

Been running for a while now. You can use 1password.ca if you don't want your data to be stored on US soil. Servers are in Canada.

What’s the benefit of servers in Canada? My understanding is that its intelligence communities share everything the US demands https://en.m.wikipedia.org/wiki/Five_Eyes.

Documents leaked by Snowden in 2013 revealed that the FVEY have been spying on one another's citizens and sharing the collected information with each other in order to circumvent restrictive domestic regulations on surveillance of citizens.

How are Canadian servers more private or their laws any safer? I seem to recall things like Canadian seedboxes rolling over to US corporation copyright claims. Not that you’d have a copyright issue here — just that their privacy laws seem to be governed by US pressure.

 

[Stella]

I prefer to use the Mac App Store wherever possible for software purchases because a) software gets audited by Apple and b) there’s a one-stop consistent mechanism for receiving timely software updates. At the same time, I absolutely will not indulge in paying a subscription. AgileBits create a bunch of new features and enhancements for a product. Great. I’ll think about buying it, if it’s on the Mac App Store. Even better if they use some of that revenue to fix bugs. I’m not going to rent software with an expiry date on the assumption that it might one day have some useful new features.

So, no, I am not relaxed.

I almost never buy via MAS, especially when the MAS version is a cutdown version of the non-MAS version due to Apple's sandboxing and other restrictions. I'd rather give the developer the full price, and not give 30% of the sale price to Apple. More revenue for the developer.

 

[AGKyle]

What’s the benefit of servers in Canada? My understanding is that its intelligence communities share everything the US demands https://en.m.wikipedia.org/wiki/Five_Eyes.



How are Canadian servers more private or their laws any safer? I seem to recall things like Canadian seedboxes rolling over to US corporation copyright claims. Not that you’d have a copyright issue here — just that their privacy laws seem to be governed by US pressure.

The differences are probably small, but we needed a test region for deploying across multiple regions, and since we're a Canadian company we chose to do .ca first. This also meant that anyone who wanted to pay in Canadian Dollars and not have to pay foreign transaction fees or conversion fees could do so.

From a security perspective they're all really the same though. We don't ever have your decrypted data, and anyone who gains access to our servers need your Master Password and Secret key to decrypt the data. Here's what we tell law enforcement who ask for your data (so far as I know no one has actually asked though):

https://1password.com/legal/law-enforcement/

Regardless of what country of origin the request comes from, we can only give them a few things, mostly minor meta data about access (IP address, time, device name, etc). The data itself, sorry we can't really give them anything besides the encrypted blobs.

The .eu server is necessary for GDPR compliance, the rule is that no data leaves the EU, which is why it exists.

Aside from that bit, all of our servers (US and CA) are GDPR compliant I believe. We treat your privacy and security the same regardless, and actually to a higher standard than even GDPR requires.
[doublepost=1526995194][/doublepost]

I almost never buy via MAS, especially when the MAS version is a cutdown version of the non-MAS version due to Apple's sandboxing and other restrictions. I'd rather give the developer the full price, and not give 30% of the sale price to Apple. More revenue for the developer.

One of the changes to 1Password 7 is even the website version is sandboxed. We have a few more choices when sandboxing the website version though. Notably we choose the restrictions. I believe they're very very close to the same as the Mac App Store, if not identical though. Because the Mac App Store version has been sandboxed for so long we were able to remove a lot of situational code that handled one or the other, and it was a requirement for a couple of other things coming in future updates

But in general, you shouldn't notice any real differences with the website version regardless of the sandbox being in place now.

 

[thisisnotmyname]

Fantastic! Price is a bit high tho :/
But, miss me with that subscription junk, would much rather pay once and own it.

It's been so long I can't remember the price I paid last time, that tells you something. I'm OK with paying $50 for a good app once every few years and I'm happy they're not forcing us into SaaS on a product that doesn't require their resources to continue to function on a daily basis.


Edit: Not on Mac App Store anymore unless you go SaaS???? Not at all happy with that move Agilebits!!

Edit2: I was all "just take my money" but now I'll be waiting to see if that's a horrible horrible mistake or some misguided bean counter that's just made my use of the product much less convenient in the hopes I'll just give up and pay you every month forever.

 

[Eidorian]

Fantastic! Price is a bit high tho :/
But, miss me with that subscription junk, would much rather pay once and own it.

There was a sale a few years ago after a data breach for Mac + Win versions. To be honest, it's worth the price anyways.

 

[TheMacAvenger]

Curious how it can compare my password database against a list of known hacked passwords without introducing a potential opportunity for someone to exploit this feature to obtain my passwords.

Seems like a breach waiting to happen.

This article explains how it works without exposing your passwords: https://blog.agilebits.com/2018/02/22/finding-pwned-passwords-with-1password/

 

[AGKyle]

It's been so long I can't remember the price I paid last time, that tells you something. I'm OK with paying $50 for a good app once every few years and I'm happy they're not forcing us into SaaS on a product that doesn't require their resources to continue to function on a daily basis.

On that note, we haven't charged anyone for an upgrade since version 4. So if anyone had purchased version 4 (back in 2013) they've had free upgrades since then. That's a bit over 4 years now.

The same is true for 1Password for iOS, that one was actually 2012, so we're going on 6 years in November of this year since the last paid upgrade for that.

 

[PCtoMAC1]

Will the current version of 1Password still be updated/supported in the Mac App Store? Like others, I prefer to only download from the App Store.

Thank you!

 

[AGKyle]

It's been so long I can't remember the price I paid last time, that tells you something. I'm OK with paying $50 for a good app once every few years and I'm happy they're not forcing us into SaaS on a product that doesn't require their resources to continue to function on a daily basis.


Edit: Not on Mac App Store anymore unless you go SaaS???? Not at all happy with that move Agilebits!!

Edit2: I was all "just take my money" but now I'll be waiting to see if that's a horrible horrible mistake or some misguided bean counter that's just made my use of the product much less convenient in the hopes I'll just give up and pay you every month forever.

We have a blog post on why we made this decision here:

https://blog.agilebits.com/2018/05/10/getting-1password-7-ready-for-the-mac-app-store/

The short of it is licenses are still available via our website version. The reason was ease of use.

We cannot provide "upgrades" via the Mac App Store, so to prevent our 1Password.com users from having to download a new app each time we do this process we opted to make the Mac App Store version 1Password.com only and not support licenses there.

For license users the website version will provide the license option and it gives us the ability to properly support updating users who are on active subscriptions automatically to the next version while prompting license users to upgrade if that's necessary.

If we charge an upgrade fee for a future version the way this works in the future is:

1. Are you on an active subscription? Automatically upgraded
2. Are you on a license? Prompt to show you the upgrade is available

Currently that process is:

1. Are you on the Mac App Store version?
1a. Are you on a active subscription? If yes, download the new app
1b. Are you on a license? If yes, you download the new app and will have to purchase
2. Are you on our website version?
2a. Are you on an active subscription? We auto-update you
2b. Are you on a license? If yes, you need to purchase an upgrade

Which is more clear for almost every single user?

The reduced complication here means it's more clear for everyone what needs to happen in the future. With the Mac App Store handling licenses it would mean we'd have to release a brand new app each time and deal with this mess every time. With the changes we're making with this release the pain is one off and then each successive upgrade is better for everyone.

Hope that helps a little in explaining our reasoning. You may not like the change, and I certainly understand, but we're trying to make things better for as many people as we can.
[doublepost=1526997537][/doublepost]

Will the current version of 1Password still be updated/supported in the Mac App Store? Like others, I prefer to only download from the App Store.

Thank you!

End of the road for the Mac App Store version. Once it's pulled from sale we cannot update it any longer.

We do have plans to update the direct website version with minor fixes, mostly around handling 1Password.com subscription related changes (if the server requires changes) or security related fixes if any come up and also probably to handle migration to version 7 better. But for all intents and purposes there isn't going to be a lot of updates left for version 6.

The future is 1Password 7, so that's where our time will be baring any emergency fixes necessary for security.

 

[yg17]

@AGKyle I have a subscription but use the downloaded website version. I'll switch to the MAS version for 7. Anything I need to do other than drag the old one in the trash and download the new one from the app store?

 

[AGKyle]

@AGKyle I have a subscription but use the downloaded website version. I'll switch to the MAS version for 7. Anything I need to do other than drag the old one in the trash and download the new one from the app store?

That should be all that's necessary. Just make sure the website version is fully quit (including mini in the menu bar) and in the trash. Don't use any uninstaller tools.

It should just pickup your data from version 6 and away you go.

 

[KernelG]

End of the road for the Mac App Store version. Once it's pulled from sale we cannot update it any longer.

Is there any way to convert our MAS version 6 to a direct website version 6, just so we can re-install later or get potential security fixes? All while we think about that 7 subscription, of course.

 

[AGKyle]

Is there any way to convert our MAS version 6 to a direct website version 6, just so we can re-install later or get potential security fixes? All while we think about that 7 subscription, of course.

Yup, details here

Note that you can still download 1Password 6 from the Mac App Store if you downloaded it in the past. It just won't get the updates (of which there will be few, if any) the website version gets.

 

[Defthand]

I must use this opportunity to give Agilebits the endorsement it deserves.

1Password is the Bentley of password managers. It is my must-have app.
In addition to my Passwords, I can store and identify shared passwords and account details of business clients and family members. It’s useful for miscellaneous credentials and identifications such as licences. Apple Keychain is a waterdowned alternative.

My only wish for 1Password is that more app developers would incorporate 1Password’s login assistance, or that iOS would allow the same 1-click functionality as MacOS (iOS is sandboxed to a fault).

 

[AGKyle]

I must use this opportunity to give Agilebits the endorsement it deserves.

1Password is the Bentley of password managers. It is my must-have app.
In addition to my Passwords, I can store and identify shared passwords and account details of business clients and family members. It’s useful for miscellaneous credentials and identifications such as licences. Apple Keychain is a waterdowned alternative.

My only wish for 1Password is that more app developers would incorporate 1Password’s login assistance, or that iOS would allow the same 1-click functionality as MacOS (iOS is sandboxed to a fault).

Glad to hear you're enjoying 1Password! Really appreciate the positive feedback. Days like today are always a mixed bag for us. Some users will love what we do, others will hate it. I try to focus on the positive stuff because we all busted our butts to get 1Password 7 where it is today. It won't be perfect, we've already identified bugs that need fixing, but we have a 7.0.1 planned that will hopefully see people's computers this week.

I agree with you on the iOS extension support though! Easily makes using apps so much easier when other apps include support for it

 

[ignatius345]

I'm very averse to subscriptions too (still royally pissed at Ulysses for their gall in asking for a blank check to keep developing a very feature-mature writing app) but 1Password is worth it. It utterly solves passwords not just for me but for my family. And I trust them to keep on top of evolving threats, which to me justifies the $48/year. Using iCloud for passwords is ok if your needs are basic, but it doesn't really touch the functionality that 1Password has.

 

[adam9c1]

I have 1password 6 for Mac (the non MAS) and use Dropbox to sync.

Does 1password 7 from MAS allow syncing via Dropbox?

 

[AGKyle]

I'm very averse to subscriptions too (still royally pissed at Ulysses for their gall in asking for a blank check to keep developing a very feature-mature writing app) but 1Password is worth it. It utterly solves passwords not just for me but for my family. And I trust them to keep on top of evolving threats, which to me justifies the $48/year. Using iCloud for passwords is ok if your needs are basic, but it doesn't really touch the functionality that 1Password has.

This is where we're at as well. We have a lot of maintenance to keep 1Password running smoothly.

1. Browsers update every 6 weeks these days, we have to stay on top of those
2. Webpages change frequently and new insane ways of creating login forms and credit card forms see the light of day all the time. We have to update our extension brain to handle all of this fun new whacky stuff.
3. We update watchtower for new compromised sites
4. We have to keep up with OS updates
5. We have to keep up with security updates and improving for security related reasons.
6. There will always be bugs, not matter how hard we try

That's just general maintenance and doesn't account for anything related to new features or making improvements.

But we didn't create a subscription option for this reason, we created the subscription option because it opens the possibility for our users to buy once and get everything, not just for themselves but for their families. And our automatic sync functionality means you both control your data and it works seamlessly in the background while being incredibly secure.

Hopefully people will find value in it all, regardless of which way they purchase. But I'm quite happy with my 1Password.com account.
[doublepost=1526999196][/doublepost]

I have 1password 6 for Mac (the non MAS) and use Dropbox to sync.

Does 1password 7 from MAS allow syncing via Dropbox?

It does, but you have to have a subscription for this to work.

The Mac App Store version is read-only for non-subscription accounts. However if you have a subscription it also unlocks all of the same features you have with the website version.

If you don't want a subscription to 1Password.com then you need to continue to use the version directly from our website.

 

[Shackrat]

You you use the Eero mesh wifi system, you get their plus service with content screening. It also includes a 5 user family license of 1Password. The normal cost is $99 per year, but they're running a 30% promo that brings the cost down to about $5.75 per month. Personally, haven't decided if I am going to do this or not, and not because of 1Password, I want other features that the plan brings. It's just that I have a strong aversion to subscription software.

That said, I really don't like the direction that this is headed. This is really nothing more than a GUI refresh in my opinion, and an excuse to start a service model. I would happily pay a one-time upgrade fee, say $20-30, as I recognize that there is ongoing development work required. But a service model? No thanks.