Feature requests & feedback

Yvo

Great product. Below are a few points of feedback:

1Password desktop app

• The difference between password items and login items is still a bit unclear to me. It seems that login items can do everything that password items do? When I started using 1Password it was a bit confusing.
• I like to store my vaults on Bittorrent Sync, so I use the folder sync option. It was a bit of a hassle to set up because 1Password doesn't ask for a filename when you configure the Primary Vault. So I had to create the vault, reset 1Password, rename the vault file, start 1Password again and recreate the primary vault based on the renamed file. If you ask for a filename (prefill it with 1Password) instead of a folder that would make the set up a bit easier.
• Often I need a bit more flexibility in editing items. For example I've just created an Identity item for my company and I want to specify both the address of the office and the PO box. I can't seem to add another address section, so I have to squash my PO box details under a custom label. Also I'm not interested in the Internet Details section but I can't remove it. For custom items you provide a dropdown with "text" and "password", could you add "address", "credit card" and other special fields there as well?
• Please add the option to move sections (in the same way you can re-order custom fields)
• Turning on/off item icons seems like a bit of a useless step in the set up process. My suggestion would be to turn it on by default and hide it somewhere in the settings.
• I took some time to create icons for my items, it would be nice if this would save other people the time of creating these icons themselves. Perhaps upload icons to a central server and add this as a community icons option?

1Password mini

• It would be great if the 1Password mini could remember the last vault you opened
• Is there a fast way to copy the password out of the 1Password mini app? For example when I want to copy a server password, I have to navigate to the right server item and then move the mouse to the left so that it expands, look for the password field and click the copy button. It would be much faster if it would copy the password when I click the server item (clicking it currently has no action).

1Password security

• Could you add the option to always ask for the (secondary vault) password when you open a secondary vault? I've read that the password of secondary vaults is stored in your primary vault and you guys didn't call it 1Password for nothing, but this feels a bit insecure. I understand that people might create an item in their primary vault to store the password for the company vault, but at least I can tell them not to do that :), and let it be their responsibility.
• Is it true that you are always able to unlock vaults with old master passwords?
• Does the HTML / Javascript in the vault file still contain unencrypted metadata?

1Password 5.1 (510027) on OS X Yosemite.

littlebobbytables

Hi @Yvo,

1Password

• Password items have two purposes. Their primary purpose is a record of passwords generated by the 1Password Password Generator as a record of potentially used passwords. So each time you use the Fill or Copy function in the 1Password mini Password Generator it will create a Password item as a backup. I also like to use them for instances where other categories don't apply like a PIN for a infrequently used iOS app or if an application needs a password for any reason - that sort of thing. A Login item is more directed to filling in a login page in your web browser when you use it in conjunction with our 1Password Browser Extension. A basic Login item will store both a username and password and if you create Login items using our Saving a Login Manually guide it will record even more information about a particular login page if it's proving difficult for filling.
• By default 1Password does name the primary vault 1Password.agilkeychain or 1Password.opvault for historic reasons. I'm sure this is a request in our tracker but I'll have to continue searching to try and find it.
• 1Password 5.3, currently still in beta, will allow you to set a field to more types than in 1Password 5.1. Now features in betas can change/be removed for stability reasons but at the moment it has the following As you can see you will soon be able to add second addresses if all goes well :smile:
• It turns out you're not the first to request the ability to reorder custom sections ref: OPM-1289. I hadn't even realised it wasn't possible! I will add your voice to the request.
• Your Icon questions are a little related and I'll try and explain why. Rich Icons are icons on a server of ours and we ask about Rich Icons in the setting up phase in case people don't want 1Password contacting the icon server. It only applies to Rich Icons though so even if turned off any custom icons you add will remain visible.

1Password mini

• For me 1Password mini does remember the last vault accessed. Now this is a global memory between the main application and the mini but it always opens up in the same vault for me. Now my vaults are almost permanently open because I'm at my computer all day, are you finding it isn't the case if need to unlock 1Password first?
• Keyboard shortcuts. In 1Password mini, if you highlight an item and use the keyboard shortcut ⇧⌘C it will copy the password and close the 1Password mini menu. You don't even need to bring up the items details, just having it select in the list is enough. There are a few keyboard shortcuts so that link might be of interest.

1Password Security

• There is a request for secondary vaults to not be automatically unlocked ref: OPM-2053. Again, I'll add your voice to that request.
• A Master Password change does not offer forward security. A skilled enough attacker with the right old and new data could replace the encrypted keys from the new with the encrypted keys from the old but it isn't true that you can simply unlock a vault with old passwords when used normally. The creation of new keys only occurs when you create a new vault so there is a way to force new keys if you're concerned.
• The file I think you're referring to is 'contents.js' and only exists in the .agilekeychain. It's one of the reasons we will eventually shift to the .opvault container for syncing but this only applies to the sync data in regards to Mac and iOS and they store their vault in an encrypted .sqlite database file whether you sync or not.

Sorry if any of those answers appear terse at all, there were a few to get through. If you want anything expand please let us know :smile:

Yvo

Hi littlebobbytables. Thank you for your reply, also nice username! :)

• Thank you for clarifying the difference between passwords and logins
• Great to see that more field types are added. Do you have a rough estimate on the release date of 1Password 5.3?
• Can I switch over to the .opvault file format? Is that an 1Password 5.3 feature?
• On the matter of icons, what do you think of the idea of sharing icons between customers? Or perhaps the option that we can send in icons to you guys for review.
• I have my vaults set to lock quite quickly. After I type in my master password 1Password mini always seems to go back to my primary vault. Not the last vault I've used.
• Thank you for the shortcut, I'll try that
• If a master password change doesn't protect your passwords from skilled attackers, wouldn't it be advisable to always recreate the vault file when someone changes the master password? 1Password could do that automatically in the background right?

rickfillion

Hi @Yvo,

Let me see if I can address those point by point...

• 1Password 5.3 should be released fairly soon. We've submitted it for review with Apple for the Mac App Store. I can't guarantee a timeline as it's mostly in their hands from here on out.
• OPVault is not a 1Password 5.3 feature.. it's actually a 1Password 4 feature. It's been around for a while, but hidden by default. We recently took down our instructions for how to switch over to OPVault as we discovered that switching from AgileKeychain to OPVault made you vulnerable to a bug. 5.3 fixes the bug that caused us to take down the instructions, and we'll be posting those back up shortly after the release.
• I like the idea of submitting icons for review. We would definitely want to review those before we make them accessible to others.
• If you unlock using the primary vault's master password, the selected vault will always be the primary vault upon unlocking. To unlock to the last vault, you need to switch to that last vault while locked, then unlock using that secondary vault's password.
• While we could swap your actual AES key locally by decrypting and re-encrypting all of your data using the new AES key, it'd be time consuming to do so, and would only truly protect edits going forward. The assumption we make is that your local device is trusted. If ever that trust is lost, then even new keys won't help much. You have to get the device back into a trusted state, then generate new keys, import old data, and change every password. With this assumption in place, and the fact that an AgileKeychain, or OPVault or iCloud sync vault has its own AES key... swapping the local key without good reason becomes less desirable. If for whatever reason you come to not trust your AgileKeychain, you should disconnect sync on all devices pointing to it, delete it, and create a new one. This will create a new AgileKeychain, with a new AES key. You should also change your passwords at that point.

I hope this helps. Let us know if you have any more questions.

Rick

Yvo

Hi @rickfillion,

Thank you for your reply, great to see that you guys are so active in the support forums.
I think all my questions are answered, for now ;)

Yvo

AGAlumB

@Yvo: Excellent! We really have a great community here as well -- so we can't take all the credit! But be sure to let us know if you have any other questions. We're always here to help! :)