AgileBits Releases '1Password' Version 4

[lhotka]

Wifi syncing is extremely temperamental. Some users had no issues. Others couldn't get it to work at all. We felt it was not giving our users the best possible experience we could provide.

Is there a reason why you can't use Dropbox syncing? If you have security concerns I can probably give you all the information you need for security on that. We all use Dropbox here at AgileBits. We wouldn't ask you to do it if it wasn't secure.

Let me know what your concerns are and I'll tackle them.

Well, aside from the fact that use of cloud services is prohibited by company policy (and we have thousands of Mac users - a substantial portion of which use - or used to use - 1Password), I wouldn't trust dropbox with anything after their history.

Here's an example Someone hacks dropbox and starts collecting 1password keychains even if they can't hack them yet. Then down the road, a vulnerability in 1Password is discovered. All of a sudden, all your passwords are now exposed. Syncing security data to a cloud service is simply a bad idea.

And again, that link is useless. Try it. Start with a clean iOS app. Click 'existing user'. Then click 'iTunes sync' and see what happens.

And still no answer on if it's a real-sync (individual bi-directional passwords), or if it's just a wholesale DB replacement.

 

[BornAgainMac]

As soon as the Mac version gets updated for iCloud then I'll upgrade my iOS version.

 

[AGKyle]

Except that those instructions are totally useless. They assume that you're already in the app, but you can't get into the app to follow them! If you select 'already use 1password', and the 'itunes sync' it just opens up an Apple KB article. No information on what file to sync (I can't seem to find the agilekeychain file on the mac to point it to).

It also appears that this is a one-way bulk keychain transfer, not a true password-level incremental sync, so that's a major reduction in functionality.

Correct. The way this works is this:

Mac or PC version of 1Password creates a file called 1Password.agilekeychain

You can drag this file from the desktop to the iOS device via iTunes. You can edit that file and drag the contents out of iTunes onto the Mac or PC.

You are correct in that there is no incremental sync. It's all or nothing.

If you open 1Password on your Mac, then click 1Password->Preferences in the menu bar. The General tab will tell you where the data file is.

You can then open that location in Finder and drag the file into iTunes to copy it onto the iOS device.

Hope that helps out a little.

 

[AppleInLVX]

Yea, we can't bundle iOS apps with anything. Limitation of the App Stores. Sign up for our newsletter and you'll typically hear about promotions that way.

Thank you for your feedback!

And FWIW, I find the fact that you're participating in a fan site and taking the time answer concerns very encouraging. This goes a long way to making me feel like I bought into something people care about, and far more likely I'll continue to support it. Cheers to you!

 

[Gandalf!]

You're welcome! And thank you for the kind words. I'll pass it along to the team

There isn't a way to recategorize items. At this point you still want to keep items separate. I'm not sure how this may change in the future. But for now, banking area stuff is for storing banking related things and logins are for logins. You can just add custom fields to them now, which wasn't possible before.

You'll need to use Dropbox if you use separate iCloud accounts. All of the iCloud syncing is handled by iCloud. We sort of put data in a folder and iCloud syncs that data by magic. So we can't control what iCloud account it goes to. It just goes to the iCloud account that is setup on the iOS device.

Dropbox you can control though. So if you go that route you'll get the ability to share the same data.

Please let me know if that helps or not.

Perfect! Thanks again Kyle!

 

[Yujenisis]

I don't think we'll be leaving website customers without options. What those options are, I don't know, but it's something you'll have to be patient and wait for when 1Password 4 for Mac is closer to release. There just isn't anything to tell you right now or I'd be happy to help.

I'm happy to be patient. I just wanted to express my feelings of frustration about how one set of customers gets clarity in this area while the other is left wondering if they will arbitrarily be treated differently.

I think it is a testament to your company, and your work as an employee, that you take the time to listen to the concerns of your customers. Even the ones who are frustrated.

Thanks.

 

[GoCubsGo]

snip

I don't think we'll be leaving website customers without options.

snip

I certainly hope that is true. Because I have used this app since it was in beta, I never thought to buy from the MAS. I don't want to be left behind because of that.

 

[lhotka]

Correct. The way this works is this:

Mac or PC version of 1Password creates a file called 1Password.agilekeychain

You can drag this file from the desktop to the iOS device via iTunes. You can edit that file and drag the contents out of iTunes onto the Mac or PC.

You are correct in that there is no incremental sync. It's all or nothing.

If you open 1Password on your Mac, then click 1Password->Preferences in the menu bar. The General tab will tell you where the data file is.

You can then open that location in Finder and drag the file into iTunes to copy it onto the iOS device.

Hope that helps out a little.

It confirms was I was afraid of. Losing incremental sync is a huge feature regression.

Your FAQ/Help page needs to have much better instructions on how to set it up (it still refers to the old pre-app store file location), and you need to explicitly indicate that it is NOT a sync. It's a database copy.

Oh, and one more question - if I add a password on iOS, then won't it just sync back the file and overwrite the mac one? What happens if both keychains are updated? Which one wins?

 

[WesCole]

Correct. This is a limitation of iOS since Apple don't allow plugins for mobile Safari. It does suck, but hopefully Apple will change this in the future.



This only works for when you've already got 1Password open, not for the initial launch unlock. Still, better than having to enter master password every time 1Password locks.

I would LOVE for Apple to allow extensions like 1Password in Safari for iOS...that would make this app soooo much more useful. They did integrate their own browser for iOS, but it isn't quite as good as Safari. It isn't terribly hard to switch from Safari to 1Password, copy my password, and switch back to Safari to paste it in, but Apple should allow extensions anyway...it probably wouldn't be hard to do.

 

[lhotka]

It confirms was I was afraid of. Losing incremental sync is a huge feature regression.

Your FAQ/Help page needs to have much better instructions on how to set it up (it still refers to the old pre-app store file location), and you need to explicitly indicate that it is NOT a sync. It's a database copy.

Oh, and one more question - if I add a password on iOS, then won't it just sync back the file and overwrite the mac one? What happens if both keychains are updated? Which one wins?

 

[AGKyle]

Thank you for your feedback!

And FWIW, I find the fact that you're participating in a fan site and taking the time answer concerns very encouraging. This goes a long way to making me feel like I bought into something people care about, and far more likely I'll continue to support it. Cheers to you!

I try my best. Days like today I'm spread very very thin and bouncing all over. So, I'm doing what I can here but as you can tell my responses are a little short (in length) but I'm happy to expand on things when it calms down.

But thank you so much for the kind words. I'm just sorry I was a little late to this one or I could've been on top of the questions faster.

Perfect! Thanks again Kyle!

Absolutely my pleasure!

I'm happy to be patient. I just wanted to express my feelings of frustration about how one set of customers gets clarity in this area while the other is left wondering if they will arbitrarily be treated differently.

I think it is a testament to your company, and your work as an employee, that you take the time to listen to the concerns of your customers. Even the ones who are frustrated.

Thanks.

I totally understand. I try to mention what I can here to help people know that if they are frustrated don't be frustrated until AFTER the details are known It's all in flux until we tell users what's going on. Pricing for the iOS app wasn't known until recently.

I've worked for my fair share of companies that didn't treat their employees well. I finally said enough is enough and found one that stands behind them. Believe me, if you are patient, kind, considerate and are willing to know that you can't have the moon we'll do what we can. Sometimes though things conspire against us. Just know we're doing our best.

I certainly hope that is true. Because I have used this app since it was in beta, I never thought to buy from the MAS. I don't want to be left behind because of that.

You won't be left behind, you'll have options. I just don't know what they are at this time. It's simply too early to know. Give it a few and things will start to solidify.

Glad to hear you've been a user for so long (longer than me actually!).

 

[AGKyle]

It confirms was I was afraid of. Losing incremental sync is a huge feature regression.

Your FAQ/Help page needs to have much better instructions on how to set it up (it still refers to the old pre-app store file location), and you need to explicitly indicate that it is NOT a sync. It's a database copy.

Oh, and one more question - if I add a password on iOS, then won't it just sync back the file and overwrite the mac one? What happens if both keychains are updated? Which one wins?

Oh, and one more question - if I add a password on iOS, then won't it just sync back the file and overwrite the mac one? What happens if both keychains are updated? Which one wins?

Quoting both since they seem to be repeats (at the end).

I'll see what I can do about the syncing guide when things calm down a bit. Added to the todo list. Thanks for the feedback as it lets me target specific things well. Appreciate that.

Correct on the "syncing" thing. You need to manually manage this. My suggestion would be that you don't do any edits on the iOS device and only do it on the Mac if you're worried here.

I'll pass this along to our developers. We never say never, but wifi syncing probably won't make a come back. Perhaps we can improve on the iTunes sharing though to help with this type of situation.

 

[lhotka]

Quoting both since they seem to be repeats (at the end).

I'll see what I can do about the syncing guide when things calm down a bit. Added to the todo list. Thanks for the feedback as it lets me target specific things well. Appreciate that.

Correct on the "syncing" thing. You need to manually manage this. My suggestion would be that you don't do any edits on the iOS device and only do it on the Mac if you're worried here.

I'll pass this along to our developers. We never say never, but wifi syncing probably won't make a come back. Perhaps we can improve on the iTunes sharing though to help with this type of situation.

Yeah, duplicate entries.

You should rename it from syncing then, both because it's not the same as the old solution, and because it doesn't sync anything - it just copies files.

You guys almost lost me (and the other users at my company) when you refused to support the FireFox ESR release stream. This is another nail in the coffin.

 

[AGKyle]

Yeah, duplicate entries.

You should rename it from syncing then, both because it's not the same as the old solution, and because it doesn't sync anything - it just copies files.

You guys almost lost me (and the other users at my company) when you refused to support the FireFox ESR release stream. This is another nail in the coffin.

ESR releases are tough. We don't refuse to support them, we just don't have an easy way of handling multiple extensions. There is a workaround:

http://support.agilebits.com/kb/browser-extensions/compatibility-with-firefox-esr

That said, the demand for the ESR releases is pretty low. I see maybe one customer a month asking. Please send me a message via our support page and we'll discuss more and I can approach the devs with some more information. Just make sure you mention who you are and the situation and put "Attention Kyle" somewhere so that one of the other team members can assign it to me if need be. We have over 1600 people waiting for answers. It may take me a day to get to you. Just a heads up on that.

 

[farleysmaster]

I got the pro version of the old app and I believe it became universal at the same time the iPad version was released. I may just be lucky but I don't feel I've been charged twice for the same thing and the £5 I just spent is more than worth it for the daily use I get out of it!

 

[unplugme71]

I bought it. Much cheaper than when I paid $19.99 for the Pro that works on both iPad/iPhone

 

[gri]

ESR releases are tough. We don't refuse to support them, we just don't have an easy way of handling multiple extensions. There is a workaround:

http://support.agilebits.com/kb/browser-extensions/compatibility-with-firefox-esr

That said, the demand for the ESR releases is pretty low. I see maybe one customer a month asking. Please send me a message via our support page and we'll discuss more and I can approach the devs with some more information. Just make sure you mention who you are and the situation and put "Attention Kyle" somewhere so that one of the other team members can assign it to me if need be. We have over 1600 people waiting for answers. It may take me a day to get to you. Just a heads up on that.

Will it transfer automatically the passwords from the 3.X version into the new one?

 

[Romf]

Hi, just bought it.

Dropbox sync was not working, I found solution here but had to put hands in the grease (get the 1password file, create a 1password folder and copy inside, THEN select Dropbox sync).
When I got this to work, it made all "website adress" duplicate... Don't know if it's because I had iCloud AND dropbox sync ON, but it's supposed to work. I turned icloud sync off, we will see.

I have some problems with the browser:

1.When i click the site adress in a "Login" item category, the browser launches with the adress in the adress bar but doesnt load the website. I have to clic on the adress, then in the keyboard on the access button.

2. I have an enterprise website with a basic login / password access. I put everything in a login item in 1password.
When I access the website via the integrated browser, it fills correctly the 2 boxes, but the website says "invalid password".
But the very weird thing is, when I reveal the password in the app it has no mistake, and if I copy/paste it to the password box on the website... login works.

I sent an email to developers about this with the website adress.... It's really weird

 

[Drag'nGT]

Sadly, not possible. Limitation of iOS itself. If it were possible, a lot of apps that have their own inbuilt browsers would be doing this already.

Thank you, but I know that. That impossibility was the point of the post. IE, I have no desire to pay $8 to have a new UI for an app I use only on occasion if it doesn't actually add something to it's functionality.

I LOVE 1Password on my Mac. Couldn't live without it. I have personally signed up over 5 people with a 1Password account and continue to tell people about it. Two weeks ago I told my Department Director and his staff about it. I especially like how the significant updates only cost me $19 when they updated from v1 to v2 and v2 to v3. I was eager to give them my money. And as long as they do something similar with the v3 to v4 upgrade for Mac I will again shell out $19.

I am not however a big user of the mobile app since the companies that I would keep a secure code with have their own Apps (Amazon, Bank of America, Chase, Capital One etc...) So there is no need to 'log in'. But when they have an update that wipes out my current saved log in, like Flickr did this week, I use the 1P app. Or, wait until I get home.

 

[lhotka]

ESR releases are tough. We don't refuse to support them, we just don't have an easy way of handling multiple extensions. There is a workaround:

http://support.agilebits.com/kb/browser-extensions/compatibility-with-firefox-esr

That said, the demand for the ESR releases is pretty low. I see maybe one customer a month asking. Please send me a message via our support page and we'll discuss more and I can approach the devs with some more information. Just make sure you mention who you are and the situation and put "Attention Kyle" somewhere so that one of the other team members can assign it to me if need be. We have over 1600 people waiting for answers. It may take me a day to get to you. Just a heads up on that.

We gave up asking months ago when it became clear you guys wouldn't support them, but since the current plugin will run on the new ESR, that should help (at least until you drop support for FF17).

I've got a private ticket open on the original wi-fi sync issue, so I'll add a new comment to it.

 

[user418]

I use eWallet ... Is this app that much better?

Guess we're the only two using eWallet. It has worked well for me over the past few years. Never tried 1Password so don't know how much better or worse it may be. Would appreciate comments from anyone who has tried both.

 

[dolphin842]

Ok guys, incoming list of answers. I hope. If I miss something please let me know.

Hey Kyle, thanks for taking the time to answer questions here on what is no doubt a busy day.

I had one quick security question: Any word if we should be concerned about the following 1Password issue brought up by this paper (mentioned by an earlier forum member), or if it's been addressed in the latest version?

However, because PKCS7 padding is used when encrypting database encryption key, it is possible to verify password just by computing KEK (using MD5 hash function), decrypting last block of encrypted database key, and checking if it equals to 16 bytes with value 0x10 (this will be the PKCS7-compliant padding when encrypting data whose length is exactly N blocks of underlying cipher). Thus, very fast password recovery attack is possible, requiring one MD5 computation and one AES trial decryption per password.

 

[AGKyle]

Hey Kyle, thanks for taking the time to answer questions here on what is no doubt a busy day.

I had one quick security question: Any word if we should be concerned about the following 1Password issue brought up by this paper (mentioned by an earlier forum member), or if it's been addressed in the latest version?

Anytime!

That issue was taken care of back in the 3.6.5 release of 1Password and does not affect 1Password 4.

You can read about the fix in 3.6.5 here:

http://blog.agilebits.com/2012/04/09/1password-ios-pbkdf2-goodness/

Note the dates, this was back in April

----------

We gave up asking months ago when it became clear you guys wouldn't support them, but since the current plugin will run on the new ESR, that should help (at least until you drop support for FF17).

I've got a private ticket open on the original wi-fi sync issue, so I'll add a new comment to it.

Private message me on here with the URL you receive in the private email you get back after sending.

If you did it on the website, if you did it via email, send me your email you used and I'll find it and try to get some reply to you asap.

----------

Hi, just bought it.

Dropbox sync was not working, I found solution here but had to put hands in the grease (get the 1password file, create a 1password folder and copy inside, THEN select Dropbox sync).
When I got this to work, it made all "website adress" duplicate... Don't know if it's because I had iCloud AND dropbox sync ON, but it's supposed to work. I turned icloud sync off, we will see.

I have some problems with the browser:

1.When i click the site adress in a "Login" item category, the browser launches with the adress in the adress bar but doesnt load the website. I have to clic on the adress, then in the keyboard on the access button.

2. I have an enterprise website with a basic login / password access. I put everything in a login item in 1password.
When I access the website via the integrated browser, it fills correctly the 2 boxes, but the website says "invalid password".
But the very weird thing is, when I reveal the password in the app it has no mistake, and if I copy/paste it to the password box on the website... login works.

I sent an email to developers about this with the website adress.... It's really weird

Please private message me either the URL you received in a response email (there should be one if you used the website) or the email address you used if you emailed it in.

I'll take a quick look asap

----------

Will it transfer automatically the passwords from the 3.X version into the new one?

Yes, there is a bug however related to Dropbox syncing.

If you're using Dropbox syncing, just resync with Dropbox.

If you're not using Dropbox, just follow the instructions as an existing user and it will walk you through transferring the data from the old app to the new app.

Be sure to make a backup just in case:

To create a backup of your iPhone data please follow the instructions in How To: Back up your 1Password Data on the iOS. You'll want to follow the instructions for Backing up only.

http://support.agilebits.com/kb/1pa...-on-the-ios-devices-before-upgrading-your-ios

Save this file in a safe location just in case.

 

[opq]

It's still hard for me to believe that the iOS part of 1Password 4 will cost $17.99 after this 'limited time launch sale'.

Apple's Pages, Keynote and Numbers iOS apps are $9.99 each and so far they've been free upgrades for life (iPhone version came after iPad, and they are now universal apps). So AgileBits is trying to convince us that the iOS part alone, not including the Mac and Windows counterparts, is worth TWICE as much as an iWork app?

Yes, 1Password 4 gains a few features and is a lot prettier, but fundamentally, it's remembering my usernames and passwords. How has that changed?

Like most people I feel ripped off having paid $11.99 for 1Password Pro 3 for iOS less than 6 months ago and having to pay again so soon. If Pages, Keynote and Numbers is still being updated with new features, features such as a new iPhone version for users who bought them with only the iPad versions built in, for free, I don't see why this is a paid upgrade that costs as much as the original if not more. I'd love to support my local devs, but I can't stand how these guys are branding themselves as the 'small time developers charging only what they can', and the worst part is, the Internet seems to be buying their story. But then again, people buy the 'organic' and 'local' food premiums. For that reason I guess I'll stick with the current version until it stops being supported.

Edit: If incremental syncing as mentioned above is indeed gone, along with my favorite Wi-Fi syncing, it's not just a coat of paint with no forward movement (new features), but definitely a step back (I might be convinced otherwise when iCloud sync gets brought to the Mac/Windows versions). With the features I use most missing, I probably wouldn't upgrade even if it was free (maybe backup the old version, but still). Surprised how many people are paying $8 to go backwards, I guess 1Password 4 has been a marketing win!

 

[dolphin842]

That issue was taken care of back in the 3.6.5 release of 1Password and does not affect 1Password 4.

You can read about the fix in 3.6.5 here:

http://blog.agilebits.com/2012/04/09/1password-ios-pbkdf2-goodness/

Excellent, thanks!

If Pages, Keynote and Numbers is still being updated with new features, features such as a new iPhone version for users who bought them with only the iPad versions built in, for free, I don't see why this is a paid upgrade that costs as much as the original if not more.

Apple makes its money in hardware, so they can subsidize the cost of developing software. Ask most independent developers who make apps for a living... they know that unless your user base is growing significantly every year (which increases support costs, etc.), it's unsustainable to sell an app once and support it for years. The LastPass model (small, recurring subscriptions) is much more sustainable and I wouldn't be surprised if most software moves to that model in the future.