1Password Development Preview 0.8.4

SavanniSavanni

Team Member
edited September 9 in Linux Development Preview

Good morning, and welcome to a new week!

We're still doing under the hood refinements, but this week we have also put out several bug fixes and improved the user interface. Thanks go out to those who reported the bugs, especially @JoeSh, who noted that full text search broke.

Did you know?

We support TOTP! These are those two-factor authentication systems that involve typing six digits that change every thirty seconds. Here is how you add TOTP to one of your accounts.

This week, we fixed a bug and TOTP drag-and-drop now works! No longer do you need to type those six digits, as now you can drag them from 1Password directly into the TOTP on the website!

New and Improved

  • Made it possible to drag and drop the TOTP digits. #2588
  • Added a beautiful design for deleting a collection along with a pretty red Delete button. #2611
  • Made syncing more reliable when the user has multiple accounts. #2255, #2633
  • Fixed full text search. Thank you to @JoeSh! !2991
  • It is no longer necessary to reset the database when turning on or off the multi-factor authentication for a 1Password account. #2255, #2256 #2258
  • Centered the 1Password icon in the empty item details view. ##2518
  • Switching between item fields with just the arrow keys (Up/down) now works correctly. #2593
  • Validate and verify the 1Password sign-in address prior to signing in. Thank you to Cure53 for this suggestion! #1774
  • Improved how we handle setting changes. #2408

Installing and Upgrading

Go to the getting started guide for instructions on installing or updating 1Password.

Thank you to everyone who is providing feedback on this journey! Our development team will be active in this forum so when you find issues please let us know here.

Comments

  • No release this week? :'(

  • BenBen AWS Team

    Team Member

    @k4n30

    I feel ya. We're a little behind with the holiday that was on Monday, but we're anxious to get back to a normal schedule. :+1: Good things coming soon. :) What are you most looking forward to? I can't wait until we can edit items in the app.

    Ben

  • SavanniSavanni

    Team Member

    There will be! I'm trying to get it out right now, but we ran into a last-minute problem that took us a bit to recover.

  • BenBen AWS Team

    Team Member

    @k4n30

    I come bearing good news!

    🎉1Password Development Preview 0.8.5

    Still no item editing, but it looks like there are lots of other goodies to enjoy and try to break test out. :)

    Ben

  • @Ben Fantastic news to wake up to. I'm in Australia so we're a day ahead so I was getting anxious by Wednesday. I didn't realise that you had a holiday, so a good reason to be late.

    I'm mostly looking forward to editing in app (and the last minute 2FA fix that was taken out). Browser integration is closely behind that (after coming from Windows), I know I could use 1PasswordX - but I'm hoping the Linux client is even better.

  • BenBen AWS Team

    Team Member

    I'm mostly looking forward to editing in app

    I can relate! :)

    Browser integration is closely behind that (after coming from Windows), I know I could use 1PasswordX - but I'm hoping the Linux client is even better.

    We're planning on having integration between 1Password for Linux and 1Password X such that when you unlock one it unlocks the other. Is that what you're looking for? If not, would you mind elaborating on what you're hoping for here?

    Fantastic news to wake up to. I'm in Australia so we're a day ahead so I was getting anxious by Wednesday. I didn't realise that you had a holiday, so a good reason to be late.

    Ah, yes indeed. At least for us US folks as well as my Canadian colleagues Monday was Labor Day. Cheers!

    Ben

  • @Ben I was more referring to the ability to have a Firefox plug-in (i.e. the same as "1Password extension (desktop app required)" that can be used on windows), talk directly to the Linux client & vice versa (and not require 1PasswordX).

    I'd prefer not to use (and have my passwords accessible) through the 1PasswordX extension if possible. I understand that the extension (I suggested) would be able to access the passwords through the Linux app when unlocked, but it's not storing the data inside the browser ecosystem and can therefore be cut off by locking the Linux app (should a browser exploit be realised).

    It's more about minimising the "possible" attack surface. With 1passwordX and the Linux app integration - you have to worry about 2 possible places being exploited (The Linux App & your browser extension storage), whereas if you copy the current windows model, you really only need to worry about the app being exploited (as the extension doesn’t store any data).

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member
    edited September 11

    Hi @k4n30,

    Thick and thin extensions

    You are correct that we built the 1Password extension to be very thin1 and deal with has few secrets as possible. We only developed 1Password X after browsers had given us a way to keep the crucial secrets far from the web page even though it is part of a browser extension. That is there is some code in the 1Password X that runs on the web page, but that is also very very limited in what it can do, and it communicates to another set of things that are in what is called a "background page". Thus, we've been able to largely have the a very thin process that is exposed to (potentially hostile) web page separate from the component that holds decryption keys and is capable of decrypting any item. Advances in internal browser security models have allowed us to do in recent years stuff that we would have ruled out in the more distant past.

    Browser/App communication

    The communication between the browser extension and the 1Password Helper on Mac and Windows has always been a challenge. 1Password X helps us avoid that problem. And this becomes more important on Linux as some of the tools available to us on Windows and Mac to help authenticate the browser extension aren't available on Linux. In particular, we trust the major browsers to give us the correct identity of a browser extension, but on Mac and Windows we can know that it 1Password is talking to a bona fide browser by being able to check the code signature of the (alleged) browser process. Linux doesn't give us that ability, and so it is better to talk to a thicker browser extension which can prove that it has authenticated to 1password.{com,eu,ca}. So working with 1Password X really is the right way to go on Linux.

    Edit:

    I should add that what you are seeing is a Development Preview, and all of the sorts of questions you have raised and what I described are things that are under discussion. Even if it weren't a Development Preview, keep in mind that prior to 1Password X, we changed the way that the app talks to the browser multiple times over the years as different technologies became available and different threats emerged.


    1. The term "thin client" was bandied about in the 1990s. The idea is that the client didn't do much computation or hold much data at all. Instead it talked to some service. I am extending that terminology here to talk about browser extensions. The 1Password browser extension that you use in association with 1Password on Mac or Windows is deliberately designed to be "thin" with the work passed off to what is effectively a service operated by the native app on your machine. 1Password X is a thicker extension. It does much more of the work (and handles more secrets) than the thiner companion. ↩︎

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file