This Week's Sponsor:

Kolide

Ensure that if a device isn’t secure it can’t access your apps.  It’s Device Trust for Okta.


1Password 5 for iOS 8 Review

There are certain things in life that are resilient to change or that are bound to stay the same forever – February 29th happens every four years and some people believe the moon landing was staged. For me, one of those immutable facts used to be that 1Password for iOS couldn’t be as powerful as its Mac counterpart. That changes today with the launch of 1Password 5 for iOS 8, available for free on the App Store.

Ever since I started using 1Password on my Mac and iPhone in 2009, I had to accept the limitations of iOS (née iPhone OS) that forced 1Password to run in its own sandbox, completely separate from the rest of the system. While AgileBits brought a more powerful extension and 1Password Mini to the Mac, 1Password users on iPhones and iPads were stuck with a great app that couldn’t communicate with anything else directly. The point of using 1Password is to have quick and seamless access to strong password retrieval and generation for web logins and other sensitive information; without that, adding friction increases the probability of not using 1Password, which is both tedious and potentially dangerous. How many times have you skipped creating a strong password on iOS because 1Password required too much effort?

With the introduction of iCloud Keychain last year, Apple started providing a solution for strong password generation in Safari, which was great news for most users but brought no changes for 1Password customers. If anything, I found myself letting Safari create strong passwords for me, which I then had to copy manually back into 1Password. In general, iCloud Keychain didn’t (and doesn’t) have the same flexibility and management options of 1Password, making it, ultimately, a more integrated but inferior choice.

The changes introduced by iOS 8 allow 1Password to be a first-class citizen with native integrations that are almost as powerful as 1Password for Mac and dramatically better than what 1Password for iOS used to be. There are some trade-offs with Apple’s approach in iOS 8, but they don’t change the fact that 1Password 5 is the 1Password for iOS I’ve always wanted.

1Password, Extended

1Password 5 is, on the surface, the old 1Password 4 for iOS with more refinements and some design tweaks. There’s support for Favorites with rich icons; you can assign multiple websites to each login; and, items can be organized in folders and tags. There’s still no Security Audit feature, which is disappointing, and, obviously, there is no 1Password Mini because there is no menu bar on iOS. New generated passwords are automatically copied to the clipboard (clever idea), the PIN lock screen has been redesigned, and old inconsistencies have been removed. The 1Password app itself looks good, but it doesn’t show groundbreaking changes.

What’s different is the way 1Password extends beyond the app to retrieve logins and fill passwords more quickly and easily thanks to Touch ID and an action extension. These two additions are a massive departure from 1Password 4 and they’re possible thanks to Apple’s willingness to open up iOS a bit more in its eighth release.

Touch ID integration is based on a complex technology, but it’s presented as straightforward and natural to the end user. In 1Password’s Settings on a device that has Touch ID, you can activate an option to unlock the app with your fingerprint so you won’t have to type your master password over and over.

Accepted fingerprints are the same ones you’ve already configured in the iOS Settings and stored in iOS’ Secure Enclave: you won’t have to set up any fingerprint-related option in 1Password as Touch ID integration is just a toggle that can be On or Off. Apple did a good job in exposing a Touch ID API without actually giving developers access to user data: 1Password can’t even see your fingerprint; it just knows if it’s accepted or not. AgileBits’ implementation is essentially perfect.

Your Master Password will still be required after a device restart, just like you can’t unlock an iPhone 5s with Touch ID after it reboots. Touch ID authentication in 1Password can be requested to kick in after 1 minute to 1 hour of the app being open and unused, and you can choose to always lock the app on exit and ask for Touch ID to log in. Combined with the existing Master Password preferences in the Security settings, these changes make 1Password quicker and more secure at the same time.

Here’s what I’ve done. I’ve set my Master Password to be requested after 30 days of 1Password being open and unused (unlikely to happen) and, of course, 1Password will always ask for my Master Password upon launching the app after a system restart. Then, I’ve activated Touch ID, enabled “Lock on Exit”, and set to request a fingerprint after 2 minutes.

Because Touch ID is fast but safer than a password than other people could guess, it’s faster for me to log into 1Password while simultaneously being more secure than before. On iOS 7, I used to keep my Master Password expiration time to 10 minutes so I wouldn’t have to type it on every app launch; now, I can authenticate every time I open 1Password because touching the Home button with my finger is effortless. It’s a win-win scenario that’s made possible by Apple’s new APIs.

But AgileBits didn’t stop at Touch ID: with an action extension available in the system share sheet, you can now bring up 1Password’s interface in any app that has a native sharing menu. This is a major change that allows 1Password to be just two taps away in Safari and third-party apps that handle logins or secure information, and it’s a great demonstration of iOS 8’s extensibility features.

Once 1Password 5 has been installed, a new icon will appear in the action extension menu of the iOS share sheet; tapping that icon on a webpage will bring up a 1Password sheet (locked or unlocked depending on the settings you’ve chosen in the app) with a search for the current URL, just like the 1Password desktop extension. Choose a login, and 1Password will automatically fill username and password in Safari; tap the Login button of the website you’re viewing and you’re done.

The 1Password extension in Safari.

The 1Password extension in Safari.

There’s no need to switch back and forth between the browser and 1Password; the extension supports the Touch ID security settings you’ve assigned in the app; and, everything happens in a matter of seconds through an interface you’re already familiar with. The first time you use it, you won’t believe you’re doing that on an iOS device.

There are some trade-offs that don’t make 1Password’s iOS extension as advanced as its Mac counterpart. First and foremost, due to Apple’s design of extensions, apps can’t invoke the 1Password extension directly: unlike OS X, you won’t see a button that immediately shows the 1Password lock screen in the app you’re currently using. There will always be the intermediary step of tapping the 1Password extension icon from a share sheet, and that’s because Apple decided that, in this first release of iOS 8, share sheets can be the only attach point for extensions.

In this version, 1Password also can’t fill Identities and Credit Cards, but AgileBits promises that the feature will be coming “soon” in an update.

The implementation of the 1Password extension in third-party apps can be slightly different. In Safari, 1Password lives alongside all other extensions enabled on the system as it’s designed to work out of the box with Apple’s browser for the basic login fill-in functionality. Third-party developers, however, can unlock more 1Password features by adding support for the official 1Password Extension SDK and let their apps fill logins in native UIs and web views, change passwords from the extension, and create new user registrations directly from their app.

Furthermore, AgileBits has based the 1Password extension on an open specification that lets developers write code once and automatically support another password manager if the user doesn’t have 1Password installed. These are great perks for third-party developers, and I hope that everyone will start supporting the 1Password extension on iOS 8.

The 1Password extension in a third-party app (Pinner for Pinboard).

The 1Password extension in a third-party app (Pinner for Pinboard).

Over the past few months, I’ve been able to test the 1Password extension in several third-party apps that manage logins and passwords. In Pinner 3, a custom 1Password button brought up a share sheet (unsurprising) that only showed the 1Password button for available “activities”, which suggests that apps are forced to show a share sheet but they can at least filter buttons to specific ones. In the extension, Pinner automatically performed a search for logins containing “pinboard.in”, which immediately found my Pinboard account credentials stored in 1Password.

The extension’s design mirrors the 1Password app completely: there’s nothing new to learn, and you can even add to/remove from favorites and share logins from the extension. On the iPad, the extension is a floating sheet like the many others we’re going to see on iOS 8 this year.

The 1Password extension in a third-party app (Pinner for Pinboard).

The 1Password extension in a third-party app (Pinner for Pinboard).

Upon tapping the login, Pinner filled its native login screen and signed me in. I didn’t have to tap “Login” myself, which is another advantage of full 1Password integration in third-party apps.

I also tried the 1Password extension to fill logins for web views inside apps. In another bookmarking app, I visited various web views inside its native interface and tapped the share sheet, which showed 1Password as an available action. Running the extension worked as advertised, but, like Safari, it couldn’t automatically log me in and I had to tap the “Login” button on the webpage myself. It’s a small difference worth noting.

Another browser-related difference with the desktop extension is that 1Password can’t prompt you to update or save logins when it recognizes that you’ve modified that information on a website in Safari. The 1Password extension for iOS is something that you explicitly activate with your interaction by tapping buttons: it can’t run in the background and see what you do with login fields. This is an important difference to keep in mind if you’re used to 1Password on the Mac and wonder why the iOS app doesn’t have the same features yet.

I should also mention that, with version 5, AgileBits is adopting a freemium model and making 1Password free for everyone going forward with an In-App Purchase to unlock all of its features. According to AgileBits, “every man, woman, and child needs help to save time and get secure online” and making 1Password a free download will help the company bring “simple, convenient security to more people than ever before”.

As part of the freemium change, AgileBits is turning some features into a $9.99 Pro upgrade that needs to be unlocked from the app (and that is automatically unlocked for existing customers of version 4). The free version of the app can create and edit Logins, Credit Cards, Identities, and Secure Notes, and sync with 1Password for Mac, iOS, Windows, and Android; the Pro upgrade will unlock all category types, Multiple Vaults, organizing with folders and tags, custom fields, and more.

The Real 1Password

You haven’t used 1Password for iOS until you’ve tried its new version for iOS 8. In spite of trade-offs caused by the early nature of extensions, 1Password 5 feels like the mobile 1Password we’ve always wanted, and in many ways it’s also better than the desktop app. With Touch ID, I can unlock the app quickly and securely; native integrations with my favorite apps means that logins are always right there, interactive, stored securely, and based on a consistent experience across the OS.

1Password continues to be an excellent app, and while I used to say that it’s more than a password manager, now I would argue that 1Password is more than an app. Thanks to iOS 8 and extensions, 1Password can be a common layer of secure storage that multiple apps can access. There’s never been a better time to start using 1Password.

1Password 5 is available on the App Store.

Unlock More with Club MacStories

Founded in 2015, Club MacStories has delivered exclusive content every week for over six years.

In that time, members have enjoyed nearly 400 weekly and monthly newsletters packed with more of your favorite MacStories writing as well as Club-only podcasts, eBooks, discounts on apps, icons, and services. Join today, and you’ll get everything new that we publish every week, plus access to our entire archive of back issues and downloadable perks.

The Club expanded in 2021 with Club MacStories+ and Club Premier. Club MacStories+ members enjoy even more exclusive stories, a vibrant Discord community, a rotating roster of app discounts, and more. And, with Club Premier, you get everything we offer at every Club level plus an extended, ad-free version of our podcast AppStories that is delivered early each week in high-bitrate audio.

Choose the Club plan that’s right for you:

  • Club MacStories: Weekly and monthly newsletters via email and the web that are brimming with app collections, tips, automation workflows, longform writing, a Club-only podcast, periodic giveaways, and more;
  • Club MacStories+: Everything that Club MacStories offers, plus exclusive content like Federico’s Automation Academy and John’s Macintosh Desktop Experience, a powerful web app for searching and exploring over 6 years of content and creating custom RSS feeds of Club content, an active Discord community, and a rotating collection of discounts, and more;
  • Club Premier: Everything in from our other plans and AppStories+, an extended version of our flagship podcast that’s delivered early, ad-free, and in high-bitrate audio.