Hi,

I am pretty new to the beta testing of 1Password. I do use the stable app for quite a while and I think I have an interesting suggestion to make 1Password on iOS even more awesome. :-) I hope you will like it.

At work I work in a Windows only environment and there we use a different password manager with a strong business focus (multi user password databases on a dedicated server with various access levels and seals, and so on). That product has also a good mobile companion app. Overall I would say that their app is not so polished than 1Password but I think they have one outstanding feature: airPass

airPass/wifi Pass - is an easy and secure way to access one specific password over wifi

Scenario description

If you are with your iOS dive in a wifi lan than you could share single password entries from 1Password via an encrypted HTML file. You can access those with a browser that is connected to the device. It is read-only access.

You use an Internet connected device (e.g. PC) that is not yours. There you have full internet access but usually no access to your 1Password application. One solution would be to connect to your Dropbox account and use 1Password Anywhere. But if you do not trust the Internet connected device enough to type your password in than airPass could be a solution. To use it you would need your iOS 1Password app and your iOS device must be in the same wifie than the Internet connected device. If that is true than 1Password on your iOS device could act as a http-server and let you access the currently viewed login information in via the browser. You do not have to type in your Dropbox or 1Password passphrase on the untrusted device. You need only a PIN code that is generated from 1Password on iOS for the current airPass session. That pin will be only once valid.

Use case in detail

1. You join the wifi in which you want to access single password entries. Than you open 1Password and navigate to an entry that you would like to access on a different device via browser. In that entry you would choose an option to share it via wifi.
2. 1Password have to generate an encrypted file of that login with all the information that the entry contains and provide that file via the IP address of the iOS device in the network. After generating it 1Password will display the IP address and the port that the user will need to access it.
3. To access that encrypted HTML file the user can use a normal browser. He only needs to type the IP address and port number in the address bar of the browser.
4. After loading the encrypted HTML file in the browser the 1Password app should display a login PIN to access that shared password entry. Only with that generated PIN (that should change between each use) you can access the content of the shared password information. To use a randomly generated PIN (maybe 4 to 6 digits) enables you that the 1Password user does not need to type his 1Password password on that untrusted device. As a security precaution the iOS device will serve the file only once under the IP address. After you accessed it from the browser once it will not be valid anymore. To share it again you will need the action again. That will prevent that other can access that shared item too. After one access the iPhone will not share it anymore until the user clicks the "share again" button.
5. After logging in you can show a similar website as in 1Password Anywhere to display that password entry.
6. For a better security you might also include in the HTML code a timer that will lock the page after a certain time (maybe 60 or 90 seconds).

Needed elements for the airPass screen on iOS

You need to display the IP address and port number where the user can access the file. After and only after the file was accessed you display also the generated PIN to login into the encrypted HTML file. I would also recommend to have a "share again" button to invoke a new encryption of the data (new encrypted file, new PIN and new serving under the IP address).

Conclusion

I think that sharing mechanism will be a great enhancement of the mobile 1Password app and should be implemented on iOS and other mobile platforms as well. It allows an easy and secure access to single 1Password entries without a possible compromise of your 1Password Master password and/or Dropbox password. Another benefit would be that you can easily copy long and cryptic passwords from that encrypted HTML file. You will not need to type those 40 random letters.