Today, 1Password announced that it’s moving to a passkey-based system for unlocking its password manager app. Using a password manager like 1Password already means not having to remember passwords for every site and service you use because it locks your passwords behind a single, hard-to-guess password. With passkeys, that single password approach will become a thing of the past, allowing users to access their passwords through biometric-based passkeys generated locally on their devices.
1Password’s new passkey feature is coming this summer. The company explains how passkeys differ from the way the app works today:
Now, unlocking 1Password without a password is nothing new. It’s something we do every day using biometrics. 1Password was the first third-party iOS app to offer Touch ID, all the way back in 2014, and since then we’ve added support for Face ID, Windows Hello, Android Fingerprint, and more.
But as convenient as biometrics are today, they don’t actually replace the password; they only mask it. That’s why 1Password asks you to type in your password periodically in order to ensure that you have it memorized.
Passkeys also use biometrics, but they allow us to go farther and eliminate the underlying password entirely.
By replacing passwords with passkeys, 1Password will be able to preserve the benefits of biometrics while eliminating the need to ever use a password to access the app’s data, no matter what platform you use.
Passkeys are a big deal for security. The apps, sites, and services you use may not adopt passkeys for a while, but with 1Password doing so, the passwords you still need to use will be protected better than before. I know I’ll be switching to this system as soon as it’s available.
Apple has created a new open source project to help developers of password managers collaborate to create strong passwords that are compatible with popular websites. The Password Manager Resources open source project allows you to integrate website-specific requirements used by the iCloud Keychain password manager to generate strong, unique passwords. The project also contains collections of websites known to share a sign-in system, links to websites’ pages where users change passwords, and more.
Apple has continually deepened its investment in the area of password management with iCloud Keychain upgrades in recent years and new APIs for third-party apps. Today’s announcement takes things a step further down the path of openness and collaboration, enabling apps to share important site-specific information with one another so that users have the best, most secure experience possible no matter their choice of password manager.
This year’s WWDC must have been a wild roller coaster ride for 1Password’s developers, Agile Bits. Anxieties were surely at a high as Apple shared news of iCloud Keychain’s expanded capabilities in iOS 12 – the system now offers seamless new password creation, security code AutoFill, and more. Those segments seemed to signal Apple’s intent to make third-party apps like 1Password unnecessary for most users. Yet not long after Apple’s Keychain announcements, a new API was discovered that told an entirely different story. As I wrote in my iOS 12 overview earlier this summer:
One advantage Apple’s own iCloud Keychain has had over third-party password managers like 1Password is that it can populate relevant account info inside the QuickType keyboard. That level of convenience is hard to beat, no matter how much more full-featured third-party apps may be. Fortunately, in iOS 12 a new Password Manager API will enable the same type of feature to be adopted by third parties.
The team at Agile Bits wasted no time getting to work implementing this Password Manager API, and it’s launching today in 1Password alongside iOS 12.
The Sweet Setup has been on a roll lately with developing video training courses for some of the best iOS and Mac apps the App Store has to offer. Following similar deep dives into Things, Day One, and Ulysses, today they’re launching a new course called ‘Unlock 1Password.’
1Password has long been considered the premier password management solution on Apple platforms, but many users may only scratch the surface of what it can do, or they’re simply hesitant to trust it with their most secure data. ‘Unlock 1Password’ takes users of varying experience levels into account, covering key features of the app, an overview of the product’s security levels, ways it can be used alongside iCloud’s own Keychain feature, and more.
In total, the course includes a whopping 14 videos, all of which can be downloaded for offline viewing if you’d like.
Overview of 1Password for Mac
Overview of 1Password for iOS
Why You Can Trust 1Password
Which Version is Right for You?
Installation and Setup
All the Things You Can Store in 1Password
Working with Vaults
Using the Browser Extension
How to Perform a Security Audit
Using 2-Factor Authentication
1Password for Families and/or Teams
Using 1Password Alongside iCloud Keychain
How to Sync 1Password Across All Your Devices
I’ve relied on 1Password for years, but there were still things I learned from the course, such as how family and team plans work, and the process for setting up 1Password as a two-factor authentication tool. This is one of the things I especially appreciate about The Sweet Setup’s courses: even when they cover apps that already have an important place in my life, I benefit from finding even more ways to put those apps to use.
As with the recent video courses from The Sweet Setup, ‘Unlock 1Password’ is launching at a special introductory price of $23, which will increase to $29 after a week. You can purchase the course here.
AgileBits has released 1Password 7 for Mac, a significant update that is free to subscribers but also available as a standalone download. I’ve used 1Password since I started using a Mac. The app has always been the best way to store passwords for websites, and for years, that’s primarily how I’ve thought of it.
There’s been more to 1Password than just password storage for a while now though, and what sets this update apart is the depth of those other features and the ease with which they can be incorporated in your everyday computing life. That’s important because it doesn’t take much friction for someone to get lazy about security.
1Password 7 is a comprehensive update that touches every corner of the app. The app will still be familiar to long-time users, but features like Watchtower and Vaults have been extended with new capabilities that are worth exploring if you haven’t in a while. 1Password also works better than ever with app logins. There are dozens of other changes big and small that along with a design refresh that make 1Password 7 an excellent update.
AgileBits has announced a public beta for the next Mac version of 1Password. The company says there are more features to come during the beta, but what was released today already includes many new features and a refreshed design. I particularly like the new dark-themed sidebar, which is reminiscent of Slack’s default theme. It has a more modern look and serves the purpose of focusing users’ attention on the selected items.
The newly-collapsible sidebar comes with enhanced utility too. You can drag items between vaults or onto the ‘New Vault’ button to create a vault containing the item you drag onto it. That should reduce a lot of friction if you use multiple vaults. You can also edit a vault’s name, description, and avatar from the sidebar.
I’m a fan of the Courier Prime font, which is one of a few fonts I switch between to write. AgileBits has added a custom version to 1Password called Courier Prime Bits that should make passwords more readable, so it’s easy to distinguish between characters like the number one, a lowercase l, and a pipe character.
In addition, the beta adds:
Rich text formatting to secure notes
Easy access to multiple pop-out ‘sticky windows’ for stored items
A new under-the-hood architecture that should make everything faster
Several other smaller improvements
Even without the additional features that AgileBits expects to add during the beta, 1Password 7 for Mac is shaping up to be a big release. I haven’t had a chance to try the beta yet, and betas come with the usual caveats about bugs, but so far I like what I’ve seen a lot.
Earlier today Twitter announced that you’ll now be able to use a third-party app (such as Google Authenticator, Authy, or 1Password) for two-factor authentication instead of SMS. The company has updated their support document with instructions on how to set it up here.
This is great news as Twitter was the last service with 2FA that only supported sending codes via SMS. Switching from text messages to 1Password (which I use for one-time codes) was easy: in Twitter for iPad, I went to Settings ⇾ Account ⇾ Security, and enabled the ‘Security app’ toggle. I then selected to use another app to generate my codes and opened 1Password on my iPhone, where I hit Edit on my Twitter login item and scrolled to the OTP section. Here, I tapped the QR button, scanned the QR code Twitter was displaying on my iPad with the iPhone’s camera, and that was it.
Unless you specifically want to receive 2FA codes from Twitter via SMS, you should consider switching to a dedicated authentication app: these codes work independently from carriers and location, and they can be generated offline.
Travel Mode is a new feature we’re making available to everyone with a 1Password membership. It protects your 1Password data from unwarranted searches when you travel. When you turn on Travel Mode, every vault will be removed from your devices except for the ones marked “safe for travel.” All it takes is a single click to travel with confidence.
1Password is home to some of the most sensitive information in its users lives, so a feature like Travel Mode seems like the perfect way to better safeguard that information when traveling. AgileBits has made its implementation extremely easy as well, with a simple login to 1Password.com to enable or disable the feature.
Though the benefits for individuals are clear, Fillion highlights Travel Mode’s usefulness in a business setting as well. He shares that administrators of 1Password teams have the option to mark team vaults as “safe to travel” or not, allowing companies to keep business information as secure as possible when their employees travel.