Release 1.6 now available πŸŽ‰

1Password X 1.6 has some amazing new features for you to enjoy, including two of our most popular requests! You can now have more control over your auto-lock settings and our beloved password generator has made its triumphant return! πŸ™Œ

This new version is working its way through the Chrome Web Store update process now and Chrome will install it for you automatically. Once it does, please let us know how it goes. Here's the full changelog.

Our Firefox fans will be delighted to know that we have an internal build of 1Password X running on Firefox Nightly already and we’re almost ready to share it with adventurous testers. If that’s you, please give us your email and we’ll be in touch.

This release wouldn't have been possible without all your continued support and feedback. Please keep it coming!

Thank you! 🧑

Comments

  • lambda
    lambda
    Community Member

    Password generator, hell yeah! I missed it so much. Also,

    1Password X uses machine learning to suggest passwords for you when you need them, and only when you need them

    Any more info on this? I'm assuming this happens server-side, not client-side? And what details are sent to the machine learning algorithm? I would be concerned if it was analyzing sensitive information that I don't want sent to a server.

  • Mitch
    edited March 2018

    Hi @lambda,

    Glad you're interested in knowing more about this. The ML model in 1Password X is pre-trained on data from websites and uses no user data, and all predictions are made on the client. Our security and privacy policies remain the same even in the era of machine learning, and I intend to write a blog post soon that will go into much more detail about both the technical and security aspects of our approach.

    Cheers,
    Mitch

  • lambda
    lambda
    Community Member

    Excellent, thanks @Mitch. I'm looking forward to reading your post.

  • beyer
    beyer
    1Password Alumni

    @lambda: Whew! I'm glad @mitch replied here first since he's done the majority (maybe all) of the work on the 1Password X machine learning project. I'll just say, on behalf of Mitch, you're very welcome and thanks for using 1Password X! πŸ’™πŸš€

  • KevinPhilipsBong
    KevinPhilipsBong
    Community Member

    I can no longer copy and paste text from the notes field from a login or from a secure note after unlocking 1Password X. I have to edit the entry and then copy & paste the text from the new tab that opens.

    Is this intentional or a bug? Either way, it's an annoying extra step to have to go through.

    cheers

  • Alexey Stepanov
    Alexey Stepanov
    Community Member

    Is Opera supported as per the changelog? All I was able to find is 1Password X in Chromestore, but it does not work in Opera 51

  • beyer
    beyer
    1Password Alumni

    I can no longer copy and paste text from the notes field from a login or from a secure note after unlocking 1Password X. I have to edit the entry and then copy & paste the text from the new tab that opens.

    Is this intentional or a bug? Either way, it's an annoying extra step to have to go through.

    @KevinPhilipsBong: To the best of my knowledge, this wasn't intentional. We are bringing some pretty fun improvements to Secure Notes, and it looks like this was a side effect of those changes. I've created an issue on your behalf so we can get this resolved quickly.

    Is the new password generator coming to the apps, or is this going to be a case of another 1Password product having a different password generator?

    Isn't it about time they were all unified so we have the same experience regardless of if we're using the Windows app, the Mac app or the iOS app?

    @BrokenHope: Great questions! You're absolutely correct in that we don't have a standardized strong password generator (SPG) across all the 1Password client apps at this time. Frankly, I wish we did because it would be a heck of a lot clearer for 1Password users and it would make my job easier too! Everyone from our Defender Against the Dark Arts, Jeffery Goldberg, our Lead Designer Dan, to the founders of AgileBits (Dave & Roustem) had a hand in creating what we are calling "our best password generator yet." In other words, we take the SPG very seriously, and we are certainly looking at bringing what we built for 1Password X to all of our clients. Since day one, 1Password X has been our "proving ground" for our innovative ideas, so you will likely see features and design decisions from it make their way across many of our apps.

    Is Opera supported as per the changelog? All I was able to find is 1Password X in Chromestore, but it does not work in Opera 51

    @Alexey Stepanov: Whoops! I apologize for the mistake in the changelog! Dave mentioned we would be supporting Opera very soon in our recent blog post, but we are still testing those changes internally, so they weren't included in this release. Sorry for the false hope, however, we do have a few big Opera fans here so you'll see an official release in the near future.

  • qzmarco
    qzmarco
    Community Member

    Is it intended that 1Password X replace the extension for browsers? Can I use both in Chrome?

  • Janis
    Janis
    Community Member

    Hello everyone!
    Thanks for great update!
    I have question about security. How secure is when

    To achieve this incredible speed, 1Password X caches your encrypted data locally so it’s always available.

    It's nice and good, but what's happen when I log in on my work PC and set 1Password X and log out from X or uninstall X from PC then vault is removed also?
    Or if somebody stole my vault and hack my master password then it got my passwords...

    Could you please can explain more is it secure and posibility to remove cache after using public PC?
    Thanks!

  • prime
    prime
    Community Member

    This is probably the best update since 1Password X was launched. Awesome job!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Is it intended that 1Password X replace the extension for browsers? Can I use both in Chrome?

    @qzmarco: While you can absolutely have both extensions installed β€” 1Password X and the desktop app extension β€” and alternate using either, we recommend using the one that best fits your needs to avoid confusion. For example, if you want integration with the 1Password desktop app, use their extensions. However, if you prefer to (or must) go without the native app, 1Password X will work on its own in the browser. Cheers! :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for great update!

    @Janis: Thanks for the kind words!

    I have question about security. How secure is when

    To achieve this incredible speed, 1Password X caches your encrypted data locally so it’s always available.

    It's nice and good, but what's happen when I log in on my work PC and set 1Password X and log out from X or uninstall X from PC then vault is removed also?

    1Password caches your encrypted data locally. It's only decrypted when you're using 1Password and access an item. And deleting 1Password from the browser will remove the cache there as well.

    Or if somebody stole my vault and hack my master password then it got my passwords...

    Someone cannot get your Master Password unless you give it to them, either by telling them or using a compromised device which they control. But if you have any reason to think that any of your account credentials have been compromised, you can change them to prevent them being used to decrypt your data.

    Could you please can explain more is it secure and posibility to remove cache after using public PC? Thanks!

    As far as using a public PC, Don't. A device you do not control should not be trusted. Accessing sensitive information there gives its owner the opportunity to capture whatever you access. Beware.

  • AGAlumB
    AGAlumB
    1Password Alumni

    This is probably the best update since 1Password X was launched. Awesome job!

    @prime: Thank you for saying so, and all of your help testing it these last months! I think we're in agreement: 1Password X has come a long way in such a short time. So glad to have it so that we can all enjoy it! :chuffed:

  • KevinPhilipsBong
    KevinPhilipsBong
    Community Member

    "To the best of my knowledge, this wasn't intentional. We are bringing some pretty fun improvements to Secure Notes, and it looks like this was a side effect of those changes. I've created an issue on your behalf so we can get this resolved quickly"

    @beyer Many thanks for this. When you manage to restore this functionality, perhaps you could fix another minor issue that I never got around to raising. When copying text from a secure note or from the notes field in a login, a space at the end would always be added so when the text or password was pasted, it would be wrong. e.g. the text copied would be

    'abcdefg'

    ...and what would be pasted would be

    'abcdefg '

    This behaviour was not seen when copying the text after clicking to edit the login/secure note

    cheers

  • Janis
    Janis
    Community Member

    But if you have any reason to think that any of your account credentials have been compromised, you can change them to prevent them being used to decrypt your data.

    @brenty Thanks as always for great support and could you please explain more how can I prevent that?

    Thanks!

  • beyer
    beyer
    1Password Alumni

    @KevinPhilipsBong: πŸ‘I'll look into that as well!

    @Janis: I'm sorry, I'm not entirely sure what you are asking. Are you asking how you can prevent your account credentials from being compromised?

    The most important thing you can do is to start with a very strong Master Password as this is the last line of defense if your device or 1Password encrypted data is compromised. From there we recommend more obvious security precautions like:

    • Always keep the OS and any software you run on your device up to date
    • Only run software from reputable developers that you trust
    • Only download and use web browsers directly from their developer (preferably code signed)
    • Be very cautious about what browser extensions you use, and remove any you don't need
    • As brenty said, don't use 1Password on public PCs. It's much better to manually type in the passwords you need from a mobile device running 1Password

    I hope that helps a bit. I suspect @brenty might stop by and add to what I've mentioned. Please let me know if you were asking something different.

  • AventuraViper
    AventuraViper
    Community Member

    @Janis Is your concern more along the lines of the encrypted cache being on a machine that has perhaps been stolen by someone (perhaps who also happens to know your master password)? Even if you knew they knew your password and so changed it, they would still be able to access the encrypted cache of the extension I would think.

    @Beyer So in my above (Rather unfortunate and extreme) example, what protections does 1password have against this? Granted I cannot think of many. Does it perhaps check against 1password.com for changed password/email etc. and if it was changed since it last checked delete the cache, thus decreasing the time the attacker has to act? Obviously this could be circumvented with keeping the stolen device offline.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Is your concern more along the lines of the encrypted cache being on a machine that has perhaps been stolen by someone (perhaps who also happens to know your master password)? Even if you knew they knew your password and so changed it, they would still be able to access the encrypted cache of the extension I would think.

    @AventuraViper: I know I can't speak for Janis, but in that scenario all bets are off really: you've got someone monitoring you as you use the device in the first place, so they can get everything they need that way as you access it. Or at least I think it's important to assume so. That's why it's so important to just not use an untrusted device in the first place. :blush:

    So in my above (Rather unfortunate and extreme) example, what protections does 1password have against this? Granted I cannot think of many. Does it perhaps check against 1password.com for changed password/email etc. and if it was changed since it last checked delete the cache, thus decreasing the time the attacker has to act?

    Neither 1Password nor any other technology can protect you in this situation. I don't think it's extreme at all. It happens every day. The important thing is that we each practice good security hygiene (as Beyer laid out above β€” I really have nothing to add there!) to ensure that it doesn't happen to us. 1Password does check for remote changes, but...

    Obviously this could be circumvented with keeping the stolen device offline.

    Exactly. And I think it would be unwise for us to assume that an attacker is smart enough to be able to pull off the rest but too stupid to think of that.

    1Password's security is built on the assumption that the data itself may be captured, so that it needs to withstand attack even then. Using a good Master Password gives us great power when it comes to protecting our data, but it's our responsibility to guard it jealously so that no one else can use it to access our data. It's worth mentioning that, if we don't authorize an untrusted device with our 1Password.com account, entering the Secret Key there, even if someone does discover our Master Password, they will not be able to access our data, as both are needed to decrypt it. So it isn't all bad news, so long as we're vigilant. :sunglasses:

  • Janis
    Janis
    Community Member

    Thank you 1P team for support! Yes I got all my answers!
    Cheers!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Likewise, thanks for caring enough to ask the questions! Interesting discussion. :)

  • two7offsuit
    two7offsuit
    Community Member

    The two things preventing me from switching to X are the ability to automatically sign in after presseing the keyboard shortcut (it still requires pressing the Return key), and also not being able to use the shortcut Ctrl + \ as configured in the browser extension. Let me know if you plan to have these in any future updates.

    Thanks!

  • wkleem
    wkleem
    Community Member

    The two things preventing me from switching to X are the ability to automatically sign in after presseing the keyboard shortcut (it still requires pressing the Return key), and also not being able to use the shortcut Ctrl + \ as configured in the browser extension. Let me know if you plan to have these in any future updates.

    Unfortunately, Ctrl - \ and Ctrl - Shift - X are mutually exclusive to one another and no one can map the former into the latter. Chrome won't allow it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Yeah, we don't have a lot of flexibility within Chrome itself, but perhaps that will change in the future. :)

This discussion has been closed.