Sorry for the trouble, we no longer support the old 'Lookup in
1Password' bookmarklet with the latest versions of 1Password for
iOS, we don't have plans to bring this back but we are going to be
massively improving our built-in browser and we'll be actively
looking at ways to make the 1Password iOS experience better
3 Posted by Brett Whistler on 01 May, 2012 10:43 PM
Thanks for the feedback Stu…
Sorry to hear that…I'm not interested in 1PW's built in browser no matter how good it gets. Because of Apples sandboxing, it won't be able to integrate efficiently with Apples core applications as well as Safari does. I guess I'll have to keep using cut and paste. Too bad…1PW was more elegant on iOS when it was first released to the platform. And while it has gained more features, it is now significantly more cumbersome to work with than it originally was.
5 Posted by Brett Whistler on 01 May, 2012 10:55 PM
That's somewhat relieving. To be perfectly blunt, I was looking at RoboForm's application immediately after receiving your first reply. I have been a loyal 1PW user since they first came on the Mac scene. I was using RoboForm on my PC and was hesitant to become a Mac user because there weren't any equivalent password management programs. As soon as 1PW was developed, I switched to Mac and have been a happy 1PW user ever since. It far surpassed RoboForm. The iOS version has given me occasional 'pain' though. Now that I use my iOS devices at least as much as my desktop/laptop, having a fast password UI is essential to me. I'm not relishing the idea of going back to RoboForm, but now that they support Mac and have a relatively pain free iOS login UI I'm considering it. I'll wait and see what Agile releases in their next go round before making my final decision.
I'm hoping for a decent iOS UI because I really am a loyal Agile customer.
We never really base our decisions for 1Password's features or
future development on other apps, our developers have a great
vision for 1Password, we know our iOS apps need a lot of work in
the browser area, it's a really tricky issue to get right.
Sorry if you're considering moving to another product, I've
never used RoboForm so I really can't comment on their
implementation but I'd imagine they have the same limitations as we
do with regards to a built-in browser and what they can and can't
We're taking every bit of feedback we get into consideration for
1Password for iOS' future, we just can't promise that we'll please
7 Posted by Brett Whistler on 01 May, 2012 11:09 PM
I realize Agile developers follow their vision. It's one of the reasons I've stuck with them these years. I also realize that Apple hasn't made working with the browser easy on you.
With regards to RoboForm, their overall UI isn't that great. Or at least it wasn't 'back when.' I don't know what it's like now. As I said…I was looking at their software because I'm getting frustrated with the pain of using 1PW in iOS. I'm not sure if their UI is any better than yours.
I can really understand your pain, let me ask you though, what
exactly is the biggest problem, is it that you can't easily get
from Mobile Safari to the right record in 1Password or just not
being able to use 1Password's browser effectively?
9 Posted by Brett Whistler on 01 May, 2012 11:48 PM
It's that I can't get the information out of 1PW to fill a login efficiently anymore. As I said, when the initial bookmarklet came out it was very elegant. The UI was almost as nice as the desktop version. I realize there were security issues, but it was an awesome interface nonetheless. I was willing to assign each of my logins as high or low security so as to allow the bookmarklet to only work on non-important data sites. I would have never used it on my bank login etc. I think this was a common argument for the continuation of this bookmarklet on the forums. The Go To 1PW bookmarklet was OK…but it was almost as easy to just login to 1PW and copy and paste from there.
As I mentioned…not interested in the internal browser. I NEVER use it. The same can be said for any of my programs with internal browsers. I always select the "Open in Safari" option. Multi-tasking makes it easy enough to jump back to the program.
Let me also say that the Mac version of 1PW is incomparable. It is the Lamborghini of it's class. No complaints.
Ah, that's the old '1Password Logins' bookmarklet, that was
removed due to security reasons, the encryption used just wasn't up
to scratch and we decided to make the call to remove it, that part
of the bookmarklet will never be coming back, sorry but it's just
too insecure for us to have as part of 1Password.
The 'Lookup in 1Password' bookmarklet was the one that let you
open 1Password to locate a login item and then copy and paste back
to Safari from 1Password, with multi-tasking we felt it was just as
easy for people to do this manually.
I hope we can surprise you with how well the internal 1Password
browser will actually work, I can't share much but I can tell you
that it's going to be very different to what you're used to with
11 Posted by Brett Whistler on 02 May, 2012 12:23 AM
Yep, I know the story and I know it's not coming back. I've just been waiting for some kind of interface improvement.
Knowing Agile, I'm sure the internal browser will be a work of art. But just like all art, it is interesting to some and not so much to others. I'm not interested in working in a browser other than Safari. End of story. I'll just have to keep kludging with 1PW until I find something that works better.
Support Staff12 Posted by Khad Young on 02 May, 2012 01:02 AM
We really appreciate your high praise for 1Password for Mac and
are working to make 1Password as worthy of your praise in iOS as
As I think you already know, it is not possible to integrate
directly with Mobile Safari, so some "hacks" were used in the past
to try to ease the pain. No iOS app will be able to integrate
directly, so this isn't just a 1Password issue. It is an iOS
We made the difficult decision to remove the bookmarklet in
order to stay ahead with security. That's the short version.
The long version follows.
PBKDF2 is a trick we use with 1Password to make it much harder
for automated password guessing systems to crack your password if
they get hold of your encrypted 1Password data file. Without
PBKDF2, automated password guessing systems could guess hundreds of
thousands, even millions, of passwords per second. PBKDF2 slows
down the processing of your Master Password. There is no way to
check a possible password without going through many cycles, called
This means that if you have a good master password along with
our use of PBKDF2, your encrypted data is safe even if the bad guys
get hold of your data file. If you want to learn more about PBKDF2,
check out our previous overview on the topic: Defending Against
Crackers: Peanut Butter Keeps Dogs Friendly, Too:
But we weren't going to rest on our laurels. We have been
phasing in an increase in the number of PBKDF2 iterations used from
1000 to 10000. Going from 1000 to 10000 iterations means that a
cracker has to do ten times as much work to try a particular
1Password 3.9, the Mac App Store version, can make use of a cool
Lion-only feature that automatically calculates the optimal number
of PBKDF2 iterations for use on your computer. When you first
create a 1Password data file using 1Password 3.9, it will call the
CCCalibratePBKDF function that is part of Apple’s new
CommonCrypto framework. This will calculate how many PBKDF2
iterations are needed to force, say, a 500 millisecond delay on
your machine. We then use this when creating the new data file. We
do put an upper limit on these, because the files you create on
your super powerful Mac Pro will still need to be used on other
potentially less powerful devices that you sync your 1Password data
1Password 3.8 needs to run on Snow Leopard as well as on Lion,
so it doesn’t use the same mechanism as the MAS version. But
starting in 1Password 3.8.11 we set things so that a newly created
data file will now use 10000 iterations instead of 1000.
We have been anticipating this increase in PBKDF2 iterations for
a while. One thing that we need to make sure of is that every
version of 1Password you may sync your data with will be able to
cope with increased iterations. Otherwise, a 1Password data file
created with, say, 1Password 3.9 couldn’t be unlocked on
other systems, but we’ve had the infrastructure for this
change in place for more than a year.
This means that new 1Password data files will also work with
current versions of 1Password on iOS, Windows, and Android. It also
means that those using 1Password 3.6 on Leopard or Snow Leopard
will have no problem unlocking data files created using our latest
version. Users of 1Password version 2 (are there any still out
there?) will still be able to work with 1Password data files that
have already been created, but will encounter problems using a data
file that was created with the very latest systems.
It’s time to say good-bye to a couple of features that
won’t stand up to the anticipated threat environment. One
feature, loved by many, was the "1Password Logins" bookmarklet.
This was originally designed as a way to get some 1Password
functionality into browsers we didn’t support at the time.
Before we had 1Password for iOS, this could be used to kinda-sorta
get 1Password data into browsers that didn’t support
1Password directly such as Google Chrome on the desktop and Mobile
Safari on iOS.
The data in the "1Password Logins" bookmarklet was very well
encrypted, but the password for it was not secured using PBKDF2.
This means that if the bookmarklet were to be captured it would
need a very strong password on it to resist attack. Because the
bookmarklet lives in the browser’s bookmarks, there are more
opportunities for it to be captured. Given these two issues, it was
time to phase the bookmarklet out. Existing bookmarklets, already
in the browser, will continue to work if users decide to keep them.
But from this point onward, you will not be able to create new
The story is similar for 1Password’s Encrypted HTML export
feature. The passwords for those HTML files are also not protected
by the PBKDF2 technique. But the good news is that our much-loved
1PasswordAnywhere feature will continue to work. 1PasswordAnywhere
actually uses the same data file as the 1Password application
itself, so there are no worries about its data format.
The "1Password Logins" bookmarklet and Encrypted HTML export
features were meant as temporary measures until something better
could be put in place. 1PasswordAnywhere, 1Password for non-Mac
platforms, and our 1Password extension for Google Chrome are those
better ways of doing things.
We’ve always known that security is a dynamic process and
that we would need make these changes at some point. We remain
vigilant about changes in computing and the threat environment so
that you can rest assured that your data is safe.
The "Look Up in 1Password" bookmarklet was not removed for any
security reasons, but as Stu already mentioned, we are working on
some great new things for iOS. I can't say more at this time, but I
have a feeling you will be very pleased. :)
Been a 1Password user from very early on. Sorry to see the login
bookmarklet go. 1Password just became pretty useless then, as the
in-app browser doesn't work on most websites. And now with the
other bookmarklet gone and the huge annoyance of copying, opening
1Password, pastin, etc., etc., etc on an iOS instead of just
opening the in-app browser (even when it does work.) Sad to see a
great product shoot itself in the foot like that.
I guess I don't really see the point of the app if it doesn't
actually do one of the important the things it is supposed to do:
eg. fill in passwords for you.
Support Staff17 Posted by Kyle Swank on 15 May, 2012 10:52 PM
We didn't really shoot ourselves in the foot. We're trying to
protect your data better. For that reason we had to remove the
features you are unhappy about seeing go. We certainly understand
the frustration as many of us hated to see it go too. But if it
meant keeping our data more secure, we felt it was a worthwhile
We have every intention of improving the built in web browser in
the next major version of 1Password. Hopefully it will both
surprise and delight you.
Thanks for the reply, though I'm not sure why anyone would want
to remove the option. If some didn't want to use it, that would be
up to them. Given that the point of the app is to fill in
passwords, just like the OSX version, the key functionality seems
like an odd way to improve the product.
(No offense, but there are hundreds of non-Safari browsers out
there and they all suffer from the same problem: they're not
Safari. That is why Apple let's them in the app store in the first
place -- because they're not real competition. Your browser will
never work as well and be as integrated as Safari because Apple
would never allow it.)
And frankly, if your customers were actually concerned about
security, they wouldn't be carrying sensitive information around on
their smartphone. :). Maybe reinstating the logins bookmarklet as
an option is worth reconsidering, particularly as there is no
My sentiments are still similar to Alan's. I understand the
security risks you describe. I use the iOS version because it
simplifies PW entry. I fully understand that it is nowhere near as
secure as your normal database. I also agree with Alan that until
you replace the bookmarklet feature with something comparable, you
should include it as an option...perhaps with a warning when
creating the bookmarklets that pops up and describes these security
issues. And also the ability to choose which passwords in the
database to include in the bookmarklets file.
Support Staff20 Posted by Kyle Swank on 16 May, 2012 12:10 AM
The trouble isn't that we don't want to give you the option. The
trouble is that there is a fine line between helping users secure
their data and enabling them to make it too easy to access and
In this case we were enabling users to store their data in an
unsecured fashion. We don't want to enable users to do this. We'd
rather have a secure option for the feature.
We never say never, but it is unlikely that this feature will
come back in the same way it was before. Perhaps we can find a
better way to do it, but there is at this time no way to do this
that we are aware of.
I really am sorry for the inconvenience.
That said, we prefer to under promise and over deliver.
Thanks again for your response, but now I'm confused... Allow me
to backtrack a bit...
First, I want to be clear that I'm talking about the "1Password
Login" bookmarklet, not the "Lookup in 1Password" bookmarklet.
Also, I'm using the latest versions of both the Mac and OSX
1Password software on Lion and iOS 5.01 on a Macbook Pro, iPad 2,
and iPhone 4.
The problem I was experiencing was that updating a password on
my Mac and then updating the 1Password Login in OSX Safari was not
getting the bookmarklet synced to my iPhone/iPad. This has been
going on for a while, but the problem has been accumulating as I
continue to change passwords. Today, fed up, I looked online and
found this discussion.
If I understand what you've said above, the 1Password Login
bookmarklet has been discontinued, which I found annoying as that
was the only reason I really bought 1Password in the first
After receiving your reply, I thought I'd start looking for a
hack to make it work anyway, and the first thing I happened to do
was to turn off iCloud bookmark sync and sync bookmarks via iTunes
over a cable instead. Voila! It works perfectly and I can now login
to sites using the bookmarklet on iOS Safari, just like always.
So, I am now confused about your previous answers to our
questions. 1) Are you saying that 1Password Login bookmarklet is
never going to work over iCloud bookmark syncing only, or 2) Are
you saying it is not ever supposed to work at all on iOS
Safari, regardless of syncing method, and I found a bug (which I
would call a FEATURE)? Or am I confused in some other way? Because
if it is answer #1, then I don't really
care, and if it is answer #2,, then I need to know
that as my solution is to never update 1Password again, keep a
backup of the iOS Bookmarks DB, and move on.
What we are saying is that we no longer support the feature or
encourage its use. In fact, we strongly discourage its use. If
you've found a way to make it work for you, and you still want to
use it, despite the security risks, that would certainly be your
Again, I'd strongly recommend against not updating 1Password in
order to keep the legacy feature, but if that is what you want to
do we aren't going to stop you. :)