1Password 4 for iOS: Overhauled and Improved
Although TidBITS editors use multiple ways to create and store passwords securely, AgileBits’s 1Password has long been one of our top picks, and I rely on it everywhere. The only disappointment I’ve ever had with the program is that its iOS versions didn’t stack up to the desktop flavors for robustness and features. The iPad release, since its introduction, has omitted a way to pull up generated passwords, for instance, something I’ve complained about for years. It also appeared in three versions: two versions called 1Password, built separately for the iPhone/iPod touch and iPad, and a pricier universal version called 1Password Pro.
AgileBits’s 1Password 4 for iOS fixes my complaints, and brings its mobile experience in line with what I have come to expect from the company on the Mac. AgileBits also collapsed the three 1Password versions to a single, universal app that will cost $17.99. However, since the App Store doesn’t allow developers to charge for upgrades, AgileBits has discounted this new 1Password app to $7.99 to give previous owners a break, and to entice new users.
For those who don’t use 1Password, let me offer a quick rundown. The app provides a secure data store that holds passwords, notes, and Web logins. It also stores “identities” (name, address, and so on), credit cards and other account-based information, and software serial numbers. A password generator creates strong passwords with adjustable parameters based on the site you’re using: you can include only letters and numbers, generate a password 14 characters long, or make one that comprises nonsense words that are nonetheless pronounceable.
The new iOS version, which requires iOS 6, more closely models itself after the desktop software, and indicates what we will likely see when the Mac and Windows versions are revised from 3 to 4, as well. Instead of tabs by item type (password, identity, and so forth), the app puts these categories into a single list view. You can tap a category, like Secure Notes, and browse through items or search the text stored in them. But the latest version also allows you to tap an All Items option to scroll through or search every item in every category at once. That’s a big help, and corresponds to the general search field in the desktop software. A new Favorites view lets you store frequently used items for quicker reference. The app also now
shows items organized into folders in a separate view, a useful higher-level sorting option.
Where I find the new version of 1Password shines brightest is in its updated integral Web browser. When you use 1Password on the desktop, it’s a seamless process both to generate and fill in passwords. Whenever I create a new account on a site, I use 1Password to generate a password, which it can also fill into the areas that it guesses are the password and re-enter/verify password fields. When I click the site’s Create Account button, 1Password captures all the form information and prompts me to create a new
entry. (You can also update existing entries, create entries without prompting, or block 1Password from ever asking about storing data for a given site.) Then, when I revisit a site, I can tap the 1Password toolbar icon or use a keyboard shortcut to have 1Password automatically fill in the login fields. The workflow is wonderful.
The iOS version of 1Password can’t provide a Safari plug-in, because Apple doesn’t allow browser extensions. Instead, 1Password has always had a built-in Web browser that could be used to log into a site, but the way it handled logins was weak: it showed you a site’s information and you had to tap each bit of information (like the account name) to copy it separately, then tap the associated HTML form field, tap, and choose Paste.
1Password 4 does away with that requirement. Instead, if you open the in-app browser to visit a site or tap a URL stored with one of your Web logins, it provides a button that reveals logins for the site, credit cards and other accounts, and identities. You can then tap to use any of those items just as you would in the desktop version of 1Password. (The app does allow the entry of Web logins from scratch, even though it can’t capture them.)
1Password 4 for iOS secures data with a master password, and the data store can be synced in three ways across devices and desktops. Dropbox support was already available, and AgileBits added iCloud and iTunes File Sharing. But the Dropbox connection is now improved: both it and iCloud use a direct authentication process to connect your data to your cloud account. (The previous Wi-Fi Sync option has been removed. It used Bonjour to allow syncing between desktop and mobile versions over a local network.)
While you might worry about storing data in the cloud, 1Password’s protection is strong enough that with a good password (say, 12 characters or longer that doesn’t resemble a word in the dictionary), there’s essentially no way to crack the file, even if the overall security of Dropbox or iCloud were compromised. (If there were such a way, most password-protected systems in the world would also be vulnerable.) Of course, do not reuse your 1Password password for any other app or site! See “Watch TidBITS Presents “Protecting Your Digital Life”” (22 August 2012) for more on why this is a bad idea. (We’ve added an audio-only option for this presentation; click the Listen link to hear the audio part without having to watch the video.)
If that doesn’t reassure you, then iTunes File Sharing is an alternative that can also be used to complement cloud storage. With that option turned on, 1Password stores its data file in such a way that it can be accessed in iTunes with a device selected by clicking the Apps tab and viewing the File Sharing section. The data file can then be dragged in or out between desktop and mobile versions to keep them up to date. This requires manual management, but prevents the data from ever being synced to cloud storage. (For more details, read the iTunes section of the updated FAQ.)
You may also rely on File Sharing to let you back up the 1Password data file as part of an iOS backup. If you’re using local iTunes backup for an iOS device, the encrypted 1Password store never winds up in the cloud at any time. With an iCloud-based iOS backup, however, the file would be copied in its encrypted form to iCloud. (Visit Settings > iCloud > Storage & Backup > Manage Storage > your device — and, possibly, Show All Apps under a short list of apps — to enable or disable 1Password’s backup to iCloud.)
A number of other smaller improvements found their way in as well, such as automatically copying passwords when they’re created, viewing attachments stored with notes, and erasing the iOS clipboard after an interval to prevent a copied password from being available later to others who might use the device.
In an amusing move to promote sharing the program, 1Password includes an optional demonstration mode that can be turned on from the Settings view’s Advanced item. With Demo Mode set to On, entering “demo” as the master password brings up a fake set of data, and allows a 1Password owner to show off the app without compromising his or her own passwords.
I find 1Password 4 a substantial improvement. The previous release often caused mild irritation when I knew that I could accomplish a task, but it took too many steps or required workarounds. The latest release reduces friction, and makes the app a less fussy and more fluid part of my security workflow.
Bought it the second I saw your review was up. Looks like a great update, but I'm really bummed about Wi-Fi Sync being gone. For me, that was a key feature. I didn't have to plug in the phone, but I also didn't have to store my precious password file on a strange server.
I really hope AgileBits reconsiders. If I'm pushed to keep my database in the cloud, why wouldn't I just use Lastpass or Keepass+Dropbox?
Adam Engst is a LastPass fan, but it didn't have the features I wanted years ago, and so I bought into 1Password and have stuck with it. I use Dropbox for everything, and have been syncing via Dropbox with 1Password since that capability became available. For me, this is an improvement as it uses Dropbox's authentication and API instead of a kind of arm's length arrangement.
As far as why 1Password versus the others, LastPass has a sort of different approach in some ways; they're not identically featured. KeePass doesn't seem to have the full 1Password featureset that I use.
I use LastPass on my Macs because it does auto-login (where it auto-fills and auto-submits with no user interaction, if I set it up that way for a specific site), which I find faster and more effective than 1Password's manually invoked auto-fill and auto-submit.
But I also keep most passwords in 1Password as well, as a backup, and I use it exclusively for credit card storage and filling, along with secure notes for tracking various important bits of sensitive information.
In iOS, honestly, I don't use anything, mostly because I very seldom need to access my password-protected sites from my iPhone or iPad when I don't have better access through my Mac. I did once log in to the LastPass site to look up a password while travelling, which was awkward, but did work.
Thanks for those comments, Adam. We go back and forth on the question of autofill like you have set up with LastPass. I trust you know about 1Click bookmarks and Go & Fill. It's a mental shift in some ways, but it has the same result of going to the page, filling, and logging in with one fell swoop.
Yes, I know about those features but it really is a significant mental shift to start the process in a different way when going to a site that needs a login. I access sites in too many ways, from too many browsers, and with too many different accounts, to adopt what to me seems like an artificial approach. Put bluntly, the tools need to adapt to my way of working, not the reverse.
Oddly, this works perfectly for me, as many sites I visit, I have multiple accounts for (Amazon, Twitter, etc.). And I often want to choose whether to log in or not.
Thanks for the kind words and support!
The decision to remove Wi-Fi sync wasn't made without a lot of debate and consideration. For many users, it worked great, but it was very troublesome for a significant percentage of users, so we decided to go the route of iTunes document sharing for those who absolutely can't use the cloud due to firewall or paranoia restrictions. :)
But, you don't even have to trust the cloud. Your data is encrypted when stored on iCloud or Dropbox. More info here: http://help.agilebits.com/1Password3/cloud_storage_security.html
Although 1Password 4 can use iCloud to sync between iOS devices, can it use iCloud to sync with a Mac?
Not until 1Password for Mac is updated to version 4.
I still have a bad feeling about dropbox storage as, like many other apps, 1Password uses the "full dropbox" access pattern. So every app with the same access can browse and download the files stored in the 1Password folder and than try to crack them, or am I wrong?
I haven't bought the new version, but does it support password generation beyond the 50 characters? From time to time you need a new password for your wireless network and want to choose the maximum length?
Did they get rid of the search feature? I can't seem to find it anywhere
Is there a benefit to using iCloud over Dropbox, or vice-versa? I use Dropbox from earlier versions and it works great. But is there a benefit to using both (to ensure there's a backup method)? Or would that confuse the app? It's possible to have both enabled.
The truth is in the cloud! But which cloud? Since 1Password is available for Windows, too, Dropbox support makes sense if you're not entirely in the Apple infrastructure; also, if you're using pre-iCloud systems with 1Password, I believe you can still have Dropbox support on the desktop.
And iCloud support isn't yet available in the Mac software, which is still 3.x. It will be in 4.0.
Conceivably, you'd use Dropbox to sync with the desktop and iCloud could be used for better (?) iOS sync, but with both turned on, that doesn't make sense except for backup.
Personally, I wouldn't use iCloud because it's a completely black box, and not one that has proven itself to be totally reliable. With Dropbox, if something goes wrong, you have local files and a version on the Web that can be retrieved, plus built-in versioning.
The one benefit to Dropbox is that you can access your 1Password installation from anywhere just by logging into Dropbox and opening up the HTML file. I highly doubt that is available on iCloud.
(Also it it astroturfing if Tidbits authors comprise a majority of the comments here? ;-)
Only if we all agree and pretend to be other people!
Great point! -gf
Nicholas, haha. :-)
Yeah, but browser support is really finicky. IE isn't supported, Chrome needs special flags, and I think even Firefox takes some tinkering now.
Still, I've had enough file loss to not trust iCloud.
Another person not trusting iCloud yet. Also Dropbox allows recovery of old files. If I delete a password I can restore to another location and use 1Password to get that password out of the resored files.
No mention of storing snapshots, although I've been told that's coming.
A snapshot would allow you to keep a picture of items like your drivers license for situations where simply having the ID numbers isn't enough.
You can view attachments on iOS now. But you cannot add them from iOS at this time. They can be added using Mac or Windows desktop versions.
I'll pass your feedback along to the developers though.
Initially I was very excited about this but now I'm not.
I use the mac version and sync via dropbox. On 1Password 3 I had a shorter master password on my IOS 1password than my desktop version (as my iphone is passcode protected, can be remote wiped, and the app is PIN and password protected).
On the desktop I use a mega strong 32 character password in conjunction with a Yubikey in static password mode to type some of it in.
With the old set-up as my 1Password keychain stored in dropbox was encrypted with such a strong 32 character password I was very relaxed about storing it there. With 1Password 4 I will have to use a weaker encryption password as the desktop and IOS version seem to have to use the same master password.
If I am correct then I believe that this is a weakening of security for me. Any password that I can remember will be cryptographically weaker than a 32 character one that is currently protecting my keychain in drop box.
Does anyone else have any views on this?
I also have quite a long master password for my Mac, and I used to have a shorter password for 1p on my iPad en iPhone.
Really bummed they removed this feature in 1p4. I sent them a tweet about this issue, and replied that your master password should be easy to type. I agree, but whats easy to type on physical keyboard is not neccesarily so on an virtual keyboard. For the rest I think the app is excellent upgrade, both visually and in use, except for master password issue
I'm in the same boat. I have a 36 character master password that is completely painless on a physical keyboard, but murder on iOS.
I'm sticking with 1Password 3 until they add this feature back in.
The Quick Unlock Code can be re-enabled in the Security Settings. It was disabled on install, not removed.
I've used 1Password3 on the iMac and iPad for quite a while. Purchased and installed 1P4 on the iPad, told it to connect to the existing 1P3 data file on my Dropbox account, and watched it it endlessly trying to connect.
Rebooted the iPad, now 1P4 was looking for the data file in iCloud, which it wasn't ever going to find as 1P3 doesn't sync to iCloud. Deleting, downloading, and reinstalling 1P4 didn't break the cycle.
Same here 1Password 4 now has been "Checking iCloud" for more than 24 hours. Tryed to restart my iPhone5, to reinstall 1Password 4. Exported data from 1Password 3 on the same phone. Nothing helps. And there are no preferences, no button or menu to stop this in 1Password 4. Agilebits did not respond to an email asking for help... Have been happy with 1Password3... What to do now?
Email tech support?
Very sorry for the trouble! Glenn's definitely right that you can email us, but we also have a help document for this known issue: http://learn.agilebits.com/1Password4/iOS/Sync/iCloud/stuck-icloud.html
I hope that helps!
Code Wrangler @ AgileBits
Sorry for the trouble. There is a bug in our Dropbox syncing that is affecting a few users in edge case situations. We're working on a fix and hope to send it to Apple very soon. In the meantime, you can fix this by following this guide: http://learn.agilebits.com/1Password4/iOS/Sync/Dropbox/stuck-dropbox.html
I hope that helps!
Code Wrangler @ AgileBits
I'm having a different Dropbox syncing problem.
I installed 1Password 4 for iOS and started the setup process:
I selected: "I've used 1Password before"
Then I selected: "Sync using Dropbox"
Because Dropbox was already installed, I selected the green button to allow 1Password to access Dropbox.
Then, I was asked to unlock with the Master Password.
This is where I'm stuck:
1Password 4 for iOS says "Please try again" when I enter my Master Password (the one I use on 1Password 3.9.6 for Mac. The Mac app shows my data is stored in Dropbox.) What can I do to unlock 1Password 4 for iOS?
My 1Password.agilekeychain is in the folder called 1Password in my Dropbox, which is where it belongs. However, I noticed I have an invisible file called ws.agile.1Password.settings at the root of my Dropbox (and not in my 1Password folder). Should I get rid of that?
I moved that invisible file to my 1Password folder on Dropbox, and now 1Password 4 for iOS lets me login with my current Master Password and appears to be syncing my Dropbox items. However, after it seems to be done syncing, I'm getting "Dropbox Errors:" Failed to delete remote path, The operation couldn't be completed. Dropbox.com error 503. Now what?
It seems to have finished syncing the next time it tried. I was able to correct the problem using your guide on dealing with a stuck dropbox sync. It may be worth expanding your guide to include the dropbox sync problem that I encountered. It also may be worth informing all your tech support personnel about the existence of this guide so they can share it with customers having a problem. I had received email back from someone in tech support, after I explained my problem in great detail, and he never directed me to this guide or made any suggestions as to how to resolve my problem.
Please contact AgileBits technical support. When you're having a problem like this with a paid product, you should definitely talk a firm directly.
You think? I immediately contacted AgileBits. I got a reply within 24 hours, but the reply just asked me to check 1Password>Preferences (on Mac) to see if my Data was stored in Dropbox. I had already told them I was syncing through Dropbox. Anyway, on 12/13, I told them yes, the Preferences reflected that my 1Password data was stored in Dropbox. I didn't get a reply after that! I resent my reply on 12/15.
This is the reply I got today:
"Our apologies, … (we're) backed up. Honestly I'm not sure what the answer is to your question and don't want to lead you astray… Can you please contact us in a few days… If your question is urgent please … title the subject SNOWBALL and a higher level customer service person… will … assist you soon."
I can understand their being backed up. But, they should be sharing their knowledge amongst themselves & should have booted up my problem rather than sitting on it scratching their heads.
Anyway, thanks to this thread, 1Password 4 is working great 4 me.
All true, but we always advise turning to the company when there are serious technical problems preventing things from working, as we're a second line of defense, and don't have the larger base of experience from which to draw.
I do apologize for the delay in responding to you. We have literally thousands of emails waiting to be answered.
We're working overtime here, many of us pulling 12 hour shifts without days off, to try to catch up. Unfortunately, this means that there will be delays in us responding.
Normally we answer all emails within 24 hours. But when you have a backup of 2500 waiting emails it tends to be difficult to get to everyone in 24 hours.
If you email me directly, kyle at agilebits.com with the email you used, I'll take a look and see if I can find your reply.
I do ask that others do the same if they need an immediate response. If you can wait for a response please hang in there and we'll get to you as soon as we can.
I could sync with 1Password on my Mac via iTunes and than everything workes fine. Also AppStore has Agile Bits update, meeting this issue. Thanks for the good work!
I love 1Password, more on the Mac than on IOS.
It doesn't look like version 4 addresses my main complaint, which is more due to Apple than Agilebits, which is that using passwords with all the IOS apps which need them requires switching to 1Password, displaying the password, copying it, and going back to the app and HOPING it lets you paste the password.
One app (KelbyTraining) recently updated and no longer accepts a pasted password which makes it useless, since I rely on 1Password to remember 'safe' passwords.
You're right that this is a sad limitation and it's even more troublesome when the other app does not allow password pasting. Given the way iOS sandboxes applications, it's not something that we can overcome.
We do have some ideas to improve 1Password's reach in some ways, but they're just at the "hey, I wonder if that would work" stage right now, so I can't say much more.
Thanks for using 1Password!
Code Wrangler @ AgileBits
"..1Password’s protection is strong enough that with a good password (say, 12 characters or longer that doesn’t resemble a word in the dictionary), there’s essentially no way to crack the file.."
I must be missing the obvious here. How exactly would brute force password cracking be used in any real world situation with these devices, or even websites?
Many ways, some of which have to do with someone specifically targeting you. If you got involved in a situation in which criminals wanted your information (say, they figure out you're the HR head or comptroller even for a small business), or are involved in a divorce or other legal matter, a password file could be a tool against you. There's also the randomness factor of criminals getting access and having tools to crack.
So if you left your iOS device or phone somewhere, and someone gained access to it and copied the file; or if Dropbox were compromised; or if someone got your Dropbox password; and on and on.
Any case in which someone had your 1Password file, a strong password would effectively prevent them in the foreseeable future (until quantum computing becomes reality, at least) from decrypting it.
After reading this great review, I rushed out and bought it. We've been using version 3 for ages on the family's iDevices and we love it. But I should have read the fine print first: 1Password V4 requires iOS6. Alas, this tidbit was not mentioned in the review.
Good catch, David, and sorry! I've added that fact to the article now.
How about the ability to clear copied values in the clipboard on iOS? There is a prefs setting for this in the desktop version but not on iOS. I manually do this by selecting random text but, this is a bit of a hassle.
Also - I'd like to ditto other responses here and on the app store requesting wifi sync be restored. It always worked flawlessly for me. I know others had trouble at times but, seeing the feedback, it seems just as many are having trouble with cloud sync as well. Options. I like options.
Wifi sync will likely remain gone. However, that isn't to say something else can't be included. Please read our updated FAQ item:
Especially the bottom two paragraphs.
(Sorry, this comment system seems to be bonkers and hates me)
This is available in 1Password 4 for iOS. See our site here:
Particularly the Clear Clipboard section.
I'd encourage people selecting a (new) master password to read the following article from Agilebits about creating a very strong, but still memorable (as in being able to remember it) master password.
I'm a long-time user, and was really teed that you can't search in portrait mode on the iPad. Really?
Also, the built-in browser is nice, but how many of us use a browser for password protected sites? Maybe forums, but not shopping, banking, utilities, etc. Those have their own apps and it's copy-switch-paste switch back, enter passcode, copy....etc. I realize that's an Apple issue, but you have to consider whether the app is worth that much for that utility. And make sure you make a copy of the older version if you have an original iPad or prefer running iOS 5; this won't work on that iPad or in 5.
Apple needs to get away from passwords anyway. In the meantime this is just OK. The desktop version still rocks though.
Portrait mode search simply didn't make the cut for first release. It's there in the latest beta.
I'm not sure about you, but having used the new iOS browser I actually prefer using it to various apps if I can. I only ever use an app for my bank now (camera based check cashing). Otherwise, I use 1Password's browser almost exclusively. I didn't think I'd do this, but that's the way it turned out.
But yes, this is an Apple issue. We can't fill into other apps. We'd love to, but, Apple says no.
Thanks for the feedback!
Alas, it will not work on my iPad version1, due to no IOS 6 for this iPad.
Good review, but questions, questions, questions:
1. Does 1Password require a separate purchase for each iOS device a user owns?
2. When is v4 for the Mac due to ship?
3. Does 1PW require seperate purchases for each Mac? Is a Mac or iOS family pack or multi-user business pack available?
4. How much does the current Mac version cost and what will the v4 upgrade price be?
5. What would be the total cost of ownership to use 1PW on two iOS devices and two Macs, and how does this cost compare to the two alternative products noted in the Comments section?
6. Will the upcoming v4 work on Mac OS X v10.7 (and an old Mac Pro) or require 10.8 for full functionality?
Pre-sales support is something that the company selling a product is better suited for than those of us who write about how it works.
On point 1, as with all iOS apps, 1Password 4 can be installed on any iOS device associated with the same iTunes account.
Version 4 for desktops hasn't been announced, but is planned.
1. This is on Apple really. If you use the same AppleID for each device, then no. It's a universal app for both the iPhone and iPad. But a purchase is tied to your AppleID, so if you use a different AppleID for the App Store, then you will have to buy again. I personally use the same AppleID for all "app stores" and have a separate iCloud account
2. Sometime next year we hope.
3. Our Mac licensing is "Per User, Per Platform." So a single living breathing human being can install on any number of Macs they are the user of. Each user requires their own license.
The exception to this is the MAS. Their licensing is effectively any user so long as they use the same Apple ID, same as the iOS counterpart.
4. $50 is the current cost of the Mac App. MAS users get a free upgrade. No pricing announced for website
5. You'll need to add this up, or contact us support at agilebits.com. Space is too constrained here.
6. We don't have details on that yet.