For years, 1Password has been a constant part of my workflow and security profile. The password creation and management software, first released for Mac OS X and later for iOS, makes quick work of creating a strong password for every site and retrieving it on request. The new 1Password 5 for iOS 8 unlocks the utility’s full capability and makes iOS 8 itself much better. It’s also now free, with an in-app purchase for a small set of Pro features. (1Password is also available for Windows and Android.)
As 1Password aged, it matured. In version 4, its improved browser integration in Mac OS X and interface overhaul on both platforms reduced the effort required to access passwords and other confidential data while also improving how categories of disparate things were organized and could be filed into folders or tagged with metadata. With 1Password 4 for OS X, I finally started filling in all my forms and credit card numbers from the program.
But 1Password integration in iOS suffered before iOS 8’s release because of Apple’s strict limitations on inter-application communication. While 1Password could (and still can) sync via Dropbox and iCloud to keep passwords and other data up to date between various installations on mobile and desktop systems, there was an awful lot of copying and pasting required, and that isn’t one of iOS’s strengths. An improved in-app browser in 1Password 4 was a big step up for accessing Web resources, but it carried a lot of compromises: cookies couldn’t be shared between Safari and 1Password’s browser, and so forth.
iOS 8 has given AgileBits the tools they needed to pull a lot of threads together. But because of Apple’s requirements and how AgileBits adapted some of 1Password’s current settings and thinking to iOS, how to make use of all the new options can be confusing. Here’s some step-by-step advice.
What’s New -- You can read AgileBits’ announcement, but the brief story is that 1Password 5 for iOS sports three key additions and two improvements, one of which has yet to be enabled. The additions are:
Because of Apple’s new support for extensions in iOS 8, 1Password can be used directly within Safari.
You can unlock 1Password using Touch ID on the iPhone 5s, 6, and 6 Plus.
Apps that use 1Password’s framework can incorporate the extension in various ways, such as allowing login by unlocking 1Password, including via Touch ID. No round-trip is required. Instead it all happens within the other app.
The two improvements relate to syncing. AgileBits rewrote its iCloud sync to use Apple’s overhauled CloudKit, and the company says it’s fantastic compared to the previous set of tools, although it requires iCloud Drive, which in turn requires the upcoming OS X 10.10 Yosemite. AgileBits also made Wi-Fi sync automatic — you don’t have to invoke it — but this change will come into effect only once 1Password 5 for the Mac sees the light of day.
The other major change is that 1Password for iOS is now free. The Pro upgrade to add some organizational features is a one-time in-app purchase of $9.99. Existing 1Password 4 for iOS owners get these features unlocked without paying for them.
The freemium split is interesting, because I imagine most users won’t particularly care about support for less common items (bank accounts, reward programs, software licenses, and so on), multiple password vaults, custom fields, and folder/tag organization, but they will want to sync with desktop versions of 1Password on the Mac or in Windows, both of which remain paid products. The freemium model is a great way to get new people using 1Password for iOS, and then either paying the in-app fee or buying desktop software licenses.
Turn On and Use Touch ID -- All versions of 1Password rely on a master password, which unlocks your vault. The iOS version also has an option that lets you compromise between having to enter the full master password repeatedly — often a pain for a good password on the iOS keyboard — and leaving 1Password unlocked for extended periods of time. You can set a short PIN that you can use between times you’re required to enter the full master password. The PIN unlocks the master password, and that unlocks the vault. Thus, you could have 1Password ask for the master password every 24 hours, but set it to require the PIN after a specified delay (like 2 minutes of idle time) or after switching away from and then back to 1Password.
If you own an iPhone 5s, 6, or 6 Plus, Touch ID replaces the PIN option and must be enabled to be effective. Even if you’d prefer to use a PIN, it’s not available.
Turning on Touch ID is simple: in 1Password, tap Settings > Security > Touch ID. (Note that this interface changed from 5.0 to 5.1, so be sure to update if you’re not yet using 5.1.)
1Password will require a Touch ID scan whenever it locks. If you enable Lock on Exit in Settings > Security, it will lock whenever you leave the app. It will also lock after a set amount of time, which you can change in Settings > Security > Auto-Lock. However, you must enter your master password after a device restart, or whenever Touch ID fails. (AgileBits tells me that Apple won’t let a developer replace a password with Touch ID entirely.)
I set Auto-Lock to 2 minutes, though conceivably I could have set it to longer, because my iPhone is rarely out of my control. But I also enabled Lock on Exit, which adds a little inconvenience in return for more peace of mind.
Once enabled, here is the super cool part: you can use Touch ID everywhere 1Password can be invoked, whether through its Safari extension or direct integration with an app! I’ll explain that in a moment.
Sometimes, Touch ID doesn’t appear as an option when you use 1Password, and it took me some back and forth with AgileBits to understand why. iOS 8 gives developers only a “yes” or “no” response from a Touch ID interaction. If, when 1Password asks for your Touch ID, you tap Cancel or navigate away, iOS interprets that as a “no,” causing 1Password to see your action as an authentication failure and prompt you for your master password.
The one lingering issue with Touch ID isn’t limited to 1Password: physical coercion. Because you could be forced to use Touch ID by force (or even while unconscious), using it as a means to gain access to a password store could leave you vulnerable if you have concerns about potentially violent people having physical access to both you and your iPhone.
For most of us, that’s not an issue. Garden-variety muggers aren’t likely to know about Touch ID, and even if they do, access to someone’s passwords isn’t a guarantee of financial reward. If you live in a country or engage in a profession in which you might be physically compelled to unlock your secrets, Touch ID and 1Password may not be for you. Of course, your master password may not be much help then either.
Use 1Password with Safari -- “Oh, joy!” I exclaimed, when I first tried 1Password within Safari in iOS 8. Apple’s iCloud Keychain for generating, storing, and syncing passwords in Safari across mobile and desktop systems is good, but 1Password is great. Turning it on requires a few steps, after which you’ll never have to mess with setup again.
Somewhat counterintuitively (Apple’s fault, not AgileBits’), 1Password’s extension is accessible from the Share view in Safari, but getting it to show up requires a little work. After installing or upgrading 1Password and configuring your password preferences, open Safari.
With any page open, tap the Share button. On the list of actions on the second row, which starts with Add Bookmark at the left, by default, slide right until you see More. Tap More.
At the bottom of the list you see 1Password (with an on/off toggle) and any other apps that have Safari extensions. Toggle 1Password on, and then drag the three-line handle at right to move it to the top. In testing, I found that re-ordering Share items doesn’t stick. I’ve had to re-do it (with Apple’s items as well as 1Password) multiple times.
Now, when you visit a site that requires a log in, tap the Share button, tap 1Password, use Touch ID or the master password to unlock if necessary, and then you should see any matching logins. Tap the i icon to make changes or review or copy individual settings, or tap the item to fill. You may need to also tap a Login button.
For now, 1Password can fill in only login details; AgileBits says support for filling in street address and credit card information is in the works.
Use 1Password within an Integrated App -- AgileBits says that 100 developers are integrating 1Password’s iOS 8 extension directly into their apps. A few are ready now, including the latest release of Instapaper.
The process of logging into an app using 1Password requires a few steps, none of which is onerous, especially on devices with Touch ID. In Instapaper, for instance, when not logged in, tap the Sign In button on its home screen.
With 1Password installed, the Password field shows a 1Password logo at the far right. Tap it, and in a pop-up menu that shows extensions, you can select 1Password. Unlock 1Password, including with Touch ID, and then tap the correct Instapaper login entry — the sole entry for most people. The app handles the rest.
You can also create a new login within apps that support 1Password, something that’s not yet available when using 1Password within Safari.
Seamless Security without the Pain -- The new release of 1Password dramatically improves my overall iOS experience without compromising security. It’s more likely that I and other users of 1Password will become even more dedicated users of the software, because of its wider availability in Safari and apps, and its far easier use.
The more that regular users can be encouraged to create a unique, secure password for every site, the less likely a single site’s password breach will be seriously problematic. Combining passwords with Touch ID reduces friction even more.
The main missing piece, apart from filling in contact and credit card information, and something that AgileBits may not be able to do within Apple’s parameters, would be to let people create Web logins within Safari. But that’s minor, in the scope of things.