Look up in 1Password
Brett Whistler
I followed the directions at this URL...http://help.agile.ws/1Password_touch/fix_1pt_bookmarklet.html... am still getting a "Cannot Open Page" error on my iPhone and iPad. I've been cutting and pasting from 1P for a long time now waiting for a replacement. I miss the 'handy dandy' bookmarklet you had when you first developed the iOS version. The look up in 1P was better than nothing. Is there some way I can bring back any of either to make 1P iOS easier to work with?
Comments are currently closed for this discussion. You can start a new one.
2 Posted by Stu Helm on 01 May, 2012 10:37 PM
Hi Brett,
Sorry for the trouble, we no longer support the old 'Lookup in 1Password' bookmarklet with the latest versions of 1Password for iOS, we don't have plans to bring this back but we are going to be massively improving our built-in browser and we'll be actively looking at ways to make the 1Password iOS experience better too.
Stu Helm
Agile Crusader
AgileBits
http://support.agilebits.com
http://twitter.com/1Password
3 Posted by Brett Whistler on 01 May, 2012 10:43 PM
Thanks for the feedback Stu…
Sorry to hear that…I'm not interested in 1PW's built in browser no matter how good it gets. Because of Apples sandboxing, it won't be able to integrate efficiently with Apples core applications as well as Safari does. I guess I'll have to keep using cut and paste. Too bad…1PW was more elegant on iOS when it was first released to the platform. And while it has gained more features, it is now significantly more cumbersome to work with than it originally was.
Brett Whistler
4 Posted by Stu Helm on 01 May, 2012 10:45 PM
Brett,
I'm not saying we won't bring in a new bookmarklet, but the old one just isn't supported, we're going to be looking at the best ways to handle this going forward.
Stu Helm
Agile Crusader
AgileBits
http://support.agilebits.com
http://twitter.com/1Password
5 Posted by Brett Whistler on 01 May, 2012 10:55 PM
Hi Stu,
That's somewhat relieving. To be perfectly blunt, I was looking at RoboForm's application immediately after receiving your first reply. I have been a loyal 1PW user since they first came on the Mac scene. I was using RoboForm on my PC and was hesitant to become a Mac user because there weren't any equivalent password management programs. As soon as 1PW was developed, I switched to Mac and have been a happy 1PW user ever since. It far surpassed RoboForm. The iOS version has given me occasional 'pain' though. Now that I use my iOS devices at least as much as my desktop/laptop, having a fast password UI is essential to me. I'm not relishing the idea of going back to RoboForm, but now that they support Mac and have a relatively pain free iOS login UI I'm considering it. I'll wait and see what Agile releases in their next go round before making my final decision.
I'm hoping for a decent iOS UI because I really am a loyal Agile customer.
Brett Whistler'
6 Posted by Stu Helm on 01 May, 2012 10:59 PM
Brett,
We never really base our decisions for 1Password's features or future development on other apps, our developers have a great vision for 1Password, we know our iOS apps need a lot of work in the browser area, it's a really tricky issue to get right.
Sorry if you're considering moving to another product, I've never used RoboForm so I really can't comment on their implementation but I'd imagine they have the same limitations as we do with regards to a built-in browser and what they can and can't do.
We're taking every bit of feedback we get into consideration for 1Password for iOS' future, we just can't promise that we'll please everyone.
Stu Helm
Agile Crusader
AgileBits
http://support.agilebits.com
http://twitter.com/1Password
7 Posted by Brett Whistler on 01 May, 2012 11:09 PM
Hi Stu,
I realize Agile developers follow their vision. It's one of the reasons I've stuck with them these years. I also realize that Apple hasn't made working with the browser easy on you.
With regards to RoboForm, their overall UI isn't that great. Or at least it wasn't 'back when.' I don't know what it's like now. As I said…I was looking at their software because I'm getting frustrated with the pain of using 1PW in iOS. I'm not sure if their UI is any better than yours.
Brett
8 Posted by Stu Helm on 01 May, 2012 11:14 PM
Brett,
I can really understand your pain, let me ask you though, what exactly is the biggest problem, is it that you can't easily get from Mobile Safari to the right record in 1Password or just not being able to use 1Password's browser effectively?
Stu Helm
Agile Crusader
AgileBits
http://support.agilebits.com
http://twitter.com/1Password
9 Posted by Brett Whistler on 01 May, 2012 11:48 PM
Stu,
It's that I can't get the information out of 1PW to fill a login efficiently anymore. As I said, when the initial bookmarklet came out it was very elegant. The UI was almost as nice as the desktop version. I realize there were security issues, but it was an awesome interface nonetheless. I was willing to assign each of my logins as high or low security so as to allow the bookmarklet to only work on non-important data sites. I would have never used it on my bank login etc. I think this was a common argument for the continuation of this bookmarklet on the forums. The Go To 1PW bookmarklet was OK…but it was almost as easy to just login to 1PW and copy and paste from there.
As I mentioned…not interested in the internal browser. I NEVER use it. The same can be said for any of my programs with internal browsers. I always select the "Open in Safari" option. Multi-tasking makes it easy enough to jump back to the program.
Let me also say that the Mac version of 1PW is incomparable. It is the Lamborghini of it's class. No complaints.
Brett Whistler
10 Posted by Stu Helm on 01 May, 2012 11:57 PM
Brett,
Ah, that's the old '1Password Logins' bookmarklet, that was removed due to security reasons, the encryption used just wasn't up to scratch and we decided to make the call to remove it, that part of the bookmarklet will never be coming back, sorry but it's just too insecure for us to have as part of 1Password.
The 'Lookup in 1Password' bookmarklet was the one that let you open 1Password to locate a login item and then copy and paste back to Safari from 1Password, with multi-tasking we felt it was just as easy for people to do this manually.
I hope we can surprise you with how well the internal 1Password browser will actually work, I can't share much but I can tell you that it's going to be very different to what you're used to with in-app browsers.
Stu Helm
Agile Crusader
AgileBits
http://support.agilebits.com
http://twitter.com/1Password
11 Posted by Brett Whistler on 02 May, 2012 12:23 AM
Stu,
Yep, I know the story and I know it's not coming back. I've just been waiting for some kind of interface improvement.
Knowing Agile, I'm sure the internal browser will be a work of art. But just like all art, it is interesting to some and not so much to others. I'm not interested in working in a browser other than Safari. End of story. I'll just have to keep kludging with 1PW until I find something that works better.
Brett
Support Staff 12 Posted by Khad Young on 02 May, 2012 01:02 AM
Brett,
We really appreciate your high praise for 1Password for Mac and are working to make 1Password as worthy of your praise in iOS as well.
As I think you already know, it is not possible to integrate directly with Mobile Safari, so some "hacks" were used in the past to try to ease the pain. No iOS app will be able to integrate directly, so this isn't just a 1Password issue. It is an iOS security issue.
We made the difficult decision to remove the bookmarklet in order to stay ahead with security. That's the short version.
The long version follows.
PBKDF2 is a trick we use with 1Password to make it much harder for automated password guessing systems to crack your password if they get hold of your encrypted 1Password data file. Without PBKDF2, automated password guessing systems could guess hundreds of thousands, even millions, of passwords per second. PBKDF2 slows down the processing of your Master Password. There is no way to check a possible password without going through many cycles, called “iterations.”
This means that if you have a good master password along with our use of PBKDF2, your encrypted data is safe even if the bad guys get hold of your data file. If you want to learn more about PBKDF2, check out our previous overview on the topic: Defending Against Crackers: Peanut Butter Keeps Dogs Friendly, Too:
http://blog.agilebits.com/2011/05/05/defending-against-crackers-pea...
We were ahead of the game when we used PBKDF2 in the design of the current 1Password data file format more than three years ago:
http://help.agilebits.com/1Password3/agile_keychain_design.html
But we weren't going to rest on our laurels. We have been phasing in an increase in the number of PBKDF2 iterations used from 1000 to 10000. Going from 1000 to 10000 iterations means that a cracker has to do ten times as much work to try a particular guess.
1Password 3.9, the Mac App Store version, can make use of a cool Lion-only feature that automatically calculates the optimal number of PBKDF2 iterations for use on your computer. When you first create a 1Password data file using 1Password 3.9, it will call the CCCalibratePBKDF function that is part of Apple’s new CommonCrypto framework. This will calculate how many PBKDF2 iterations are needed to force, say, a 500 millisecond delay on your machine. We then use this when creating the new data file. We do put an upper limit on these, because the files you create on your super powerful Mac Pro will still need to be used on other potentially less powerful devices that you sync your 1Password data file with.
1Password 3.8 needs to run on Snow Leopard as well as on Lion, so it doesn’t use the same mechanism as the MAS version. But starting in 1Password 3.8.11 we set things so that a newly created data file will now use 10000 iterations instead of 1000.
We have been anticipating this increase in PBKDF2 iterations for a while. One thing that we need to make sure of is that every version of 1Password you may sync your data with will be able to cope with increased iterations. Otherwise, a 1Password data file created with, say, 1Password 3.9 couldn’t be unlocked on other systems, but we’ve had the infrastructure for this change in place for more than a year.
This means that new 1Password data files will also work with current versions of 1Password on iOS, Windows, and Android. It also means that those using 1Password 3.6 on Leopard or Snow Leopard will have no problem unlocking data files created using our latest version. Users of 1Password version 2 (are there any still out there?) will still be able to work with 1Password data files that have already been created, but will encounter problems using a data file that was created with the very latest systems.
It’s time to say good-bye to a couple of features that won’t stand up to the anticipated threat environment. One feature, loved by many, was the "1Password Logins" bookmarklet. This was originally designed as a way to get some 1Password functionality into browsers we didn’t support at the time. Before we had 1Password for iOS, this could be used to kinda-sorta get 1Password data into browsers that didn’t support 1Password directly such as Google Chrome on the desktop and Mobile Safari on iOS.
The data in the "1Password Logins" bookmarklet was very well encrypted, but the password for it was not secured using PBKDF2. This means that if the bookmarklet were to be captured it would need a very strong password on it to resist attack. Because the bookmarklet lives in the browser’s bookmarks, there are more opportunities for it to be captured. Given these two issues, it was time to phase the bookmarklet out. Existing bookmarklets, already in the browser, will continue to work if users decide to keep them. But from this point onward, you will not be able to create new ones.
The story is similar for 1Password’s Encrypted HTML export feature. The passwords for those HTML files are also not protected by the PBKDF2 technique. But the good news is that our much-loved 1PasswordAnywhere feature will continue to work. 1PasswordAnywhere actually uses the same data file as the 1Password application itself, so there are no worries about its data format.
The "1Password Logins" bookmarklet and Encrypted HTML export features were meant as temporary measures until something better could be put in place. 1PasswordAnywhere, 1Password for non-Mac platforms, and our 1Password extension for Google Chrome are those better ways of doing things.
We’ve always known that security is a dynamic process and that we would need make these changes at some point. We remain vigilant about changes in computing and the threat environment so that you can rest assured that your data is safe.
The "Look Up in 1Password" bookmarklet was not removed for any security reasons, but as Stu already mentioned, we are working on some great new things for iOS. I can't say more at this time, but I have a feeling you will be very pleased. :)
Please keep an eye on our blog, Twitter, and/or Facebook accounts for news as it is available.
Let me know if there is anything else I can help with in the meantime.
Cheers,
Khad Young
Forum Choreographer, AgileBits
http://agilebits.com/support
13 Posted by Brett Whistler on 02 May, 2012 01:29 AM
Khad,
That was the most thorough explanation I've ever received. Thank you.
I've been a loyal 1PW customer since the beginning…so I'll wait around patiently to be "very pleased."
Thanks to you and Stu,
Brett Whistler
Support Staff 14 Posted by Khad Young on 02 May, 2012 01:51 AM
Glad I could help (if even a little bit). :)
Enjoy the rest of your week!
Khad Young
Forum Choreographer, AgileBits
http://agilebits.com/support
15 Posted by Brett Whistler on 02 May, 2012 02:00 AM
And you enjoy yours
16 Posted by Alan on 15 May, 2012 09:41 PM
Been a 1Password user from very early on. Sorry to see the login bookmarklet go. 1Password just became pretty useless then, as the in-app browser doesn't work on most websites. And now with the other bookmarklet gone and the huge annoyance of copying, opening 1Password, pastin, etc., etc., etc on an iOS instead of just opening the in-app browser (even when it does work.) Sad to see a great product shoot itself in the foot like that.
I guess I don't really see the point of the app if it doesn't actually do one of the important the things it is supposed to do: eg. fill in passwords for you.
Support Staff 17 Posted by Kyle Swank on 15 May, 2012 10:52 PM
Hi Alan,
We didn't really shoot ourselves in the foot. We're trying to protect your data better. For that reason we had to remove the features you are unhappy about seeing go. We certainly understand the frustration as many of us hated to see it go too. But if it meant keeping our data more secure, we felt it was a worthwhile trade off.
We have every intention of improving the built in web browser in the next major version of 1Password. Hopefully it will both surprise and delight you.
Cheers!
Kyle Swank
AgileBits Support
18 Posted by Alan on 15 May, 2012 11:31 PM
Thanks for the reply, though I'm not sure why anyone would want to remove the option. If some didn't want to use it, that would be up to them. Given that the point of the app is to fill in passwords, just like the OSX version, the key functionality seems like an odd way to improve the product.
(No offense, but there are hundreds of non-Safari browsers out there and they all suffer from the same problem: they're not Safari. That is why Apple let's them in the app store in the first place -- because they're not real competition. Your browser will never work as well and be as integrated as Safari because Apple would never allow it.)
And frankly, if your customers were actually concerned about security, they wouldn't be carrying sensitive information around on their smartphone. :). Maybe reinstating the logins bookmarklet as an option is worth reconsidering, particularly as there is no downside.
19 Posted by agilebitssupport on 15 May, 2012 11:53 PM
My sentiments are still similar to Alan's. I understand the security risks you describe. I use the iOS version because it simplifies PW entry. I fully understand that it is nowhere near as secure as your normal database. I also agree with Alan that until you replace the bookmarklet feature with something comparable, you should include it as an option...perhaps with a warning when creating the bookmarklets that pops up and describes these security issues. And also the ability to choose which passwords in the database to include in the bookmarklets file.
Support Staff 20 Posted by Kyle Swank on 16 May, 2012 12:10 AM
Hi guys,
The trouble isn't that we don't want to give you the option. The trouble is that there is a fine line between helping users secure their data and enabling them to make it too easy to access and neglecting security.
In this case we were enabling users to store their data in an unsecured fashion. We don't want to enable users to do this. We'd rather have a secure option for the feature.
We never say never, but it is unlikely that this feature will come back in the same way it was before. Perhaps we can find a better way to do it, but there is at this time no way to do this that we are aware of.
I really am sorry for the inconvenience.
That said, we prefer to under promise and over deliver.
Cheers!
Kyle Swank
AgileBits Support
21 Posted by Alan on 16 May, 2012 02:51 AM
Hi Kyle,
Thanks again for your response, but now I'm confused... Allow me to backtrack a bit...
First, I want to be clear that I'm talking about the "1Password Login" bookmarklet, not the "Lookup in 1Password" bookmarklet. Also, I'm using the latest versions of both the Mac and OSX 1Password software on Lion and iOS 5.01 on a Macbook Pro, iPad 2, and iPhone 4.
The problem I was experiencing was that updating a password on my Mac and then updating the 1Password Login in OSX Safari was not getting the bookmarklet synced to my iPhone/iPad. This has been going on for a while, but the problem has been accumulating as I continue to change passwords. Today, fed up, I looked online and found this discussion.
If I understand what you've said above, the 1Password Login bookmarklet has been discontinued, which I found annoying as that was the only reason I really bought 1Password in the first place.
After receiving your reply, I thought I'd start looking for a hack to make it work anyway, and the first thing I happened to do was to turn off iCloud bookmark sync and sync bookmarks via iTunes over a cable instead. Voila! It works perfectly and I can now login to sites using the bookmarklet on iOS Safari, just like always.
So, I am now confused about your previous answers to our questions. 1) Are you saying that 1Password Login bookmarklet is never going to work over iCloud bookmark syncing only, or 2) Are you saying it is not ever supposed to work at all on iOS Safari, regardless of syncing method, and I found a bug (which I would call a FEATURE)? Or am I confused in some other way? Because if it is answer #1, then I don't really care, and if it is answer #2,, then I need to know that as my solution is to never update 1Password again, keep a backup of the iOS Bookmarks DB, and move on.
Thanks again for your prompt replies.
22 Posted by Ben Woodruff on 16 May, 2012 02:59 AM
What we are saying is that we no longer support the feature or encourage its use. In fact, we strongly discourage its use. If you've found a way to make it work for you, and you still want to use it, despite the security risks, that would certainly be your choice.
Again, I'd strongly recommend against not updating 1Password in order to keep the legacy feature, but if that is what you want to do we aren't going to stop you. :)
--
Ben Woodruff
Positive Experience Architect, AgileBits
System closed this discussion on 27 Jun, 2012 03:01 AM.