AgileBits has released 1Password 4.4, integrating its free, Web-based 1Password Watchtower service into the password management utility. Created shortly after the Heartbleed exploit was made public (and mentioned in the comments of “The Normal Person’s Guide to the Heartbleed Vulnerability,” 9 April 2014), Watchtower checks Web sites to determine whether they are vulnerable to the Heartbleed bug. With this new built-in feature, 1Password automatically checks Web sites associated with your Logins to alert you if the sites are (or were) vulnerable, and if you should now update the password for any given Login. The Web version of Watchtower remains available.
Watchtower is turned off by default in 1Password, but you can activate it easily by clicking the new Watchtower item under the Security Audit section of the sidebar, and then clicking the Enable button. (You can also control the feature in the new Watchtower pane of 1Password’s Preferences window.) Once active, you can click Watchtower under Security Audit to see a list of all Logins that are potentially vulnerable.
Selecting a Login item displays its detail pane, where you’ll find a red alert stripe at the top. (This is visible in the detail pane within the 1Password app, as well as the detail pane that appears when using either a browser extension or 1Password mini.) Click the red stripe and then the Learn More link that appears to visit the Watchtower Web site to see what action 1Password recommends. For example, checking on Watchtower’s guidance for the Hotwire travel Web site let me know that site certificates had been reissued on 18 April, 2014, so it was safe to update my password. Tracking whether or not a site has been patched for the Heartbleed bug is important, as emphasized in the Heartbleed article noted above:
Heartbleed is a live exploit, which means changing your password on an unpatched site is more likely to expose it than doing nothing. Avoid vulnerable sites until you know they are fixed, and then go back and change your password.
1Password updates Watchtower’s vulnerability data once per day, and AgileBits further states that it will never transmit your Web site information to its servers.
In addition to Watchtower, 1Password 4.4 also introduces a Greek localization and improves conflict resolution during syncing (see the full release notes). A free update for licenses purchased from either the AgileBits Web site or the Mac App Store, the 1Password 4.4 release weighs in at 38.9 MB and requires OS X 10.8.4 Mountain Lion or later. TidBITS members receive a 25 percent discount off the normal price of $49.99 when purchasing 1Password from AgileBits; start at your Member Benefits page.