Please, change the password to something else before trying to delete the account.
Many websites don't ever actually "delete" data, they just mark it as deleted. If they get hacked (which, considering their security this far, isn't unlikely), your password could very well still be there for the hacker to grab.
Changing your password to gibberish before removing it could prevent your password being released. Always making your passwords gibberish is even better. Get a password manager (LastPass, Enpass, 1Password)
> They don’t have any pictures of you, there’s no keylogger, etc. they got your password and are using that to scare you into thinking they have more.
I second all of this 100%
> Don’t reply, block his email address, and ignore.
Don't forget to change that password they shared with you anywhere & everywhere it was used. I highly recommend switching to https://1password.com to generate secure/unique passwords for every site. It will also tell you where you have duplicate passwords and which passwords have been seen in data breaches.
> I know we all default to the same three or four passwords.
If what you're saying actually is true then it's about time to get with the times and get yourself a password manager.
There are plenty password managers out there which works great on mobile and desktop, but those two are in the very top and rightly so. Try them out, find out which works best for you, and never look back again.
to clarify for readers that's https://1password.com/ and not one single password. i personally prefer keypass, but these are all good. my only recommendation is that for anything extra important, mislabel it, use 2fa, and change the pass a bit from what is there.
We're paying for 1Password Business - https://1password.com/teams/pricing/
There's desktop apps, browser plugins, and a website.
For us being able to share some passwords was a huge requirement. We've got ~240 different hosting providers, most of whom don't allow team accounts. So we needed a good way of handling those credentials. Adding people to vaults and taking them away is pretty easy (we do that for the vault containing corporate credit cards for people who don't have one).
I wish they had a real linux application, but their browser plugin for FF on linux does the job there.
Apple evaluated it and think it's safe enough for their 120k employees and Troy Hunt appears to be a fan.
If you don't trust them the whitepaper is publicly available https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
Hi there! If you'd like to continue using 1Password standalone, 1Password 7 (release coming soon) will be available from our website as well, and from there you'll be able to be purchase a license and sync your data with iCloud, Dropbox, WiFi Sync, or even not at all.
I'm always over on r/1Password if you have any more questions!
- Henry from AgileBits (makers of 1Password)
It’s end to end encrypted. Your device encrypts the cloud payload and only your device can decrypt it. https://1password.com/security/. The key for the end to end encryption is automatically generated so it’s more random and secure than your local device password.
<strong>Password card</strong> and <strong>1password</strong> are my go-to generator/managers.
1password for most everything and passwordcard + sticky note ~~under my keyboard~~ in my wallet (with vague interpretations of the coordinates of the password) for places where I don't have access to 1password.
You probably have a lot of different accounts online for things like shopping, banking, subscriptions, etc. Each of those accounts needs a password. Most people will come up with one password that they can remember and use the same password for every account
But, sometimes the companies that you have accounts with don’t do a great job of keeping your password secret. And if one of them messes up, now the password for all of your accounts isn’t a secret anymore!
Most people will make up passwords that aren’t very strong either, because weak passwords are usually easier to remember. If you use your birthday or the name of a family member, these passwords aren’t very hard to guess, especially for a computer who can make lots of guesses very quickly
A password manager helps you to fix both of these problems. With a password manager you can come up new strong passwords that are different for each account you have and you don’t have to worry about remembering them. So you can have a password that looks like this: !DzWifTKNkrNJN$&Y5M%
for one website and this HXf^N52S5S@up*@L9Z8!
for another website
The only password you need to remember is for your password manager. And luckily there is a neat trick to have a password that is easy to remember but still pretty hard to guess. It’s called Dice Word and it looks like this: flyable-bootie-overrule-boots-easing
Also, you can use 2 factor authentication to keep your password manager secure, which is a fancy way of saying that in addition to your password, you also need to have access to something you own to log in like your phone or a special USB key
I use a different password manager from One Password, but I find they have some of the best communication on what a password manager does, why it’s important to have one, and other ways to understand digital security. So I would recommend checking out their website if you want to read more: https://1password.com/password-manager/
https://1password.com/pricing/
Looks like there is a one time version as well, and the $5 version actually is a family plan for up too 5 users. That seems reasonable for something that needs to be actively patched and product support (apps/os version etc), but you know developers don't need food.
If you want to be cheap just use keepass and sync it via btsync or something, and stop complaining about someone charging for a product of convenience.
Hey there! We appreciate your dedication to security—we think alike!
This is a somewhat misguided warning, however. The format of 1Password data you speak of (.agilekeychain) hasn't been in use in the 1Password app since 2015, and you're free to move your data to the newer .opvault format (which encrypts even non-sensitive information)! The only unencrypted "stuff" you speak of is non-sensitive information like URLs and titles that is left in clear text by your browser anyway. Your password, username, notes, and all other important information you trust us with is always encrypted by your Master Password. We decided in 2009 (when we started using the agilekeychain format) to leave that non-senstivite unencrypted for the performance benefits on Apple's then-flagship device, the 3GS.
Our newest and best service, a 1Password.com account, takes security well beyond our competitors. Both your Master Password and Secret Key encrypt every bit end-to-end (with AES-256 bit encryption) to keep you extra-extra secure.
Learn more about how security is at the core of 1Password: https://1password.com/security/
Learn more about how your passwords are safe in the old .agilekeychain format: https://discussions.agilebits.com/discussion/50346/your-passwords-are-safe-when-using-the-agile-keychain-format
We know you trust us with your most important information, and it's our promise to you to honor your trust and keep your data absolutely secure.
Thanks for reading :)
-Henry
1password. We have a family account that lets my wife and I share passwords with each other.
The security on 1password is extremely good. Even though the content is stored on their servers, they never have access to unencrypted data. Everything runs through their app which does encryption locally using your master password as well as your "account key".
The master password hash is combined (XOR'd) with the secret key to derive the master unlock key which is used to protect your private key. The master password hash doesn't contain any information about the secret key. Unlike other online password managers, 1Password's servers do not use your masterpassword hash to authenticate you. Instead they use the secure remote password protocol.
Hey catpies - a couple of things: first, to the extent that law enforcement can get data from us via subpoena, they would be able to get it from Apple as well. The same law applies equally to both of us. If you've been using iCloud as your sync method (or Dropbox for that matter), you've already stored your data "in the cloud," and it's just as available to law enforcement - or not available - as it is when you use a 1password.com membership.
More important is the fact that 1Password always encrypts your data before syncing it with any cloud-based server, and we always have. All encryption/decryption is performed on your local device before sync occurs, so the only thing that's stored "in the cloud" is an encrypted blob of ciphertext which is useless to law enforcement, hackers or anyone else, without the password you use to decrypt it.
But, with 1password.com accounts, because we control and operate the servers on the other end of the pipe, we were able to develop the true heart of 1password.com account's security, the Secret Key. It's a lengthy string of numerals and letters (which you do not have to remember) that is combined with your password to derive the encryption keys that actually decrypt your data. Without that Secret Key, even someone who might know your password (like a family member or co-worker) cannot decrypt your data from the 1password.com servers. In this way, using 1password.com is much more secure than iCloud, because of the Secret Key that protects your data in addition to your account password.
We have a public-facing page on our website for law enforcement detailing this fact - that we have no ability to decrypt the data we hold as we do not have and cannot obtain the encryption keys needed to decrypt any user's data.
> I would miss xcode and it's ios emulator/debugger.
Yeah, I'm not really sure how you'd do iOS dev without an Apple machine. I was always under the impression that you'd NEED an Apple machine to do iOS dev. (Maybe React Native?)
1Password seems to have a Linux app available (https://1password.com/downloads/linux/)
Tower isn't the only Git client - GitKraken is a popular one for Linux. It didn't really mesh with my style but I've worked with people who swear by it.
BETTER CONCLUSION: Use a password manager like Lastpass or 1password and have it generate your website passwords for you.
Also, consider using NFL Ticket Exchange for verified tickets, otherwise there is a possibility of getting ripped off.
Hi /u/fjarlq
This is the response I'll be posting to our discussion forums after responding here.
We are aware of the reported data breach at Cloudflare.
1Password data was NOT exposed as a result of this breach. This means that users of 1Password do not need to change their Master Passwords.
1Password does not rely on HTTPS to ensure that customer's 1Password data is not at risk. Our security recipe starts with AES-256 bit encryption and uses multiple layers to protect your data both at rest and in transit.
To read further about our approach to security and how we protect your 1Password data you can read our security whitepaper here: https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
Kyle
AgileBits
Edit: A typo of "your" to "our" :)
Look at their website, look at how many people work there (over 400), it's absolutely ridiculous. How many people do you need for a feature complete password manager?
Whether you subscribe through iTunes or the 1Password website, you still have all the exact same features (with the exception of managing your billing through the 1Password website vs. managing your billing through iTunes.) The option to pay yearly for less is available both ways too.
That being said, reasons you'd want to subscribe through iTunes:
And then some reasons you want to subscribe through 1Password directly:
You should use something like Vault.
Failing that, you could make a script that populates your .env with a CLI tool:
https://1password.com/downloads/command-line/
Storing the secrets on disk, however, dramatically increases the risk of exposure, so I would strongly recommend having separate dev credentials and documenting how to invalidate them in an emergency and making sure you have monitoring on anything they could be used for. Or, you know, set up vault.
I did a scan through and didn't see the answers, and you guys have a fantastic security white paper (https://1password.com/files/1Password-White-Paper.pdf) that I have only scanned, so apologies if this is answered elsewhere.
Do you roll your own implementations of encryption standards, and if so, how do you validate it?
Also, given your breadth of runtimes / platforms, how do you protect yourself from supply chain attacks? That's a lot of moving parts to be auditing every line of source.
Je suis surpris que personne ne parle de 1Password qui est pour moi le meilleur gestionnaire de mot de passe dans un environnement Apple.
Par rapport aux autres gestionnaires, il a un « Travel Mode » qui est génial pour les voyages aux États Unis 👍
My personal tip is to use a "Correct Horse Battery Staple" to lock all of your passwords in Keepass or 1Pass (Which is what I personally use) then you randomize all of your other passwords and make them like 32 characters long.
I just use http://passwordsgenerator.net/ or I use 1Pass' own generator. All of your passwords will look like
&*_tTN?5mS?WeNnP+_cCEyLgsLW2*F6_
Except for your master password which you'll use the XKCD method
EDIT: It should be noted that a big part of storing your passwords this way is making sure you don't use the same password for everything. This is a super simple way to just make unique, hard-to-crack passwords for every site you go on.
I concentrate on using the fastest methods I know to build a website, which rarely intersect with what Lighthouse tells me I should be doing.
I learned a new concept on this thread today, the Doherty Threshhold, named after an IBM researcher who discovered that users find computer programs that react in 400 ms or less to be irresistable.
That's my performance target, and I learned yesterday there are other people working toward, or who have achieved that level of performance in production.
See 1password.com for a complex page that breaks the Doherty Threshhold at 300 ms according to Lighthouse. It's a thing of beauty.
Yep! You can pay with a gift card. $125 gift cards are currently on sale for $99, which is a pretty sweet deal if you ask me!
Individual accounts are $36/year (+ VAT outside the US), so it should cover just over three years, and of course you can mix and match with multiple gift cards to your heart's content :)
-Henry from AgileBits (makers of 1Password)
I use it for work! Just chiming in to say that if you have any questions unrelated to opinion, feel free to send us a quick message and we'd be happy to chat with you about it.
1Password is amazing. Used to be great on Mac and half assed on Windows but now they are feature parity.
They have a one time payout referral program. Its not much, but better than nothing I guess.
The closest thing you'll find is https://1password.com/password-generator/, as you mentioned. While I don't doubt the security of our website, yeah, not generating and saving the passwords all in one go inside an app doesn't feel right to me, either. Sounds like a good reason to make the leap to 1Password. 😉
1Password has had many independent security audits, all of which have revealed no issues that put any user data at risk of compromise.
If you need further reassurance: since all of your vault(s) data are heavily end-to-end encrypted with your secret key and master password (neither of which ever leave your devices), even if a hacker somehow broke into 1Password's servers and was able to retrieve your data, they couldn't do anything with it anyway, because to them it would just be a meaningless encrypted blob, and it would be computationally infeasible for them to try to break that encryption with even some of the strongest supercomputers we have today.
Hope that helps!
Those passwords in the cloud are encrypted, you know that right? Just make sure your master password is safe. Here’s their white paper if you’re interested in knowing more about their security https://1password.com/files/1Password%20for%20Teams%20White%20Paper.pdf
You are correct (see page 2). The same is also true for bitwarden. I assume RapidCuscus is of the point of view that closed-source software from a company based in an n-eyes country must be capable of and actively be sharing user secrets with government(s).
They are misguided, although open-source can offer extra peace of mind.
My view, for what it is worth, in regards to passwords is that users should use whatever reputable software they are comfortable with using. After all, password managers are only going to be successful if a user stores all their passwords in them and makes each and every one unique and difficult to crack. This of course means there is a lot of trust in the application to not only secure the passwords, but also to allow the user easy enough access that they are confident in its use.
Hey zepoke! Peri from 1Password here. :)
Of course I'm biased on the subject, but I wanted to jump in here to reply to your question. We've designed 1Password to be super secure and with your privacy in mind. All of your data is end to end encrypted locally with your Master Password, which we never have access to. Your Master Password is never transmitted over the internet, or stored in our servers. We use a zero-knowledge protocol (SRP) for authentication with our server. We have a whole slew of documentation on the subject, which I recommend taking a look at:
Security - https://support.1password.com/1password-security/
Privacy - https://support.1password.com/1password-privacy/
And if you want the real nitty gritty deets, have a look at our white paper - https://1password.com/teams/white-paper/
Oh, and feel free to join us over in /r/1Password!
You're totally right that free stuff is cool! Still, a free tier doesn't make sense for us, because we'd have to do one of two things to make 1Password free without hurting our business:
Monetize with ads/data collection (which we would never ever do, because we're so concerned about your privacy–we don't even use basic analytics for our apps!)
Severely limit the free tier so that most users will end up having to switch to the premium tier (which we don't want to do because it'll hurt our reputation, not be super satisfying, and make our happy paying customers have to consider becoming unhappy non-paying customers)
Also, I know I say this a lot, but we really do our darndest to make 1Password worth it for you, from beautiful apps to top-notch security to friendly & helpful support. :)
Hopefully, $3/month is worth it for adding security and happiness to your life with 1Password, and if it isn't, our sweet gift card deal ($125 for $99) might help out even a little bit more!
One final note: if you're not sure if 1Password is worth it for you, you can try out a 30-day free trial without even entering a payment method - https://1password.com/sign-up/. And be sure to try out the new 1Password 7 for Android beta (sign up here) to see all the cool new things, from document upload to an updated design, that are in store for the future.
To build on this, I would also strongly suggest using a password manager like 1Password, LastPass or similar. Having randomly generated passwords that you don't need to remember is much safer than reusing your old passwords. It's slightly time-consuming setting up and going through to change your password everywhere you have an account, but I can't stress enough how much safer it is.
Thank you for much for the kind words, /u/sbazv!
Slack currently shows 184 people in our Core channel and at least half of them are developers working on the client apps. We do have a special team dedicated to improving auto-fill, they will never be out of work because there are so many different websites :)
Our team grew quite a bit over the past few years and it is wonderful to see new features launched this year like Masked Email and Psst!. We were able to launch them across all platforms at once which is a huge improvement on its own. And, unlike the past, we didn't have to work 70-80 hours/week to do this!
Still, we plan to do even more and want to grow the team. If you or anyone you know is interested, please join us.
Hey /u/Morrow_84,
Glad to hear you're such a big fan of 1Password and have been sharing it with other people! That's what we strive to deliver, a product where our customers love to share it with others. 😀
​
While not quite a lifetime license, we do offer a $125 USD gift card available for $99 USD. For an individual 1Password account, this would be more than 3 years of your 1Password membership, and for a 1Password Families account, this would be 2 years covered for your $99 USD.
At 1password.com you can select Show Previously Used Passwords and/or View Item History. Under item history you can also revert to a previous version of the item. It does this without losing any of the item history. Any items you accidently delete can be recovered from the View Recently Deleted section.
I don't think you can change the permissions for the Private vault. However, if you're using 1Password Families then you can define the access rights to shared vaults as Allow Viewing, Allow Editing or both. If you're a family organiser then you can always change this setting, but its an extra hoop to jump through.
I could probably write an essay on this. I store all my logins (along with other site details such as username/email/security questions/notes/etc.), personal info (drivers license, passport, frequent flyer number, etc.), credit cards, documents (i.e. png/pdf files), secure notes, 1 time passwords (i.e. same as Google Authenticator, but automatically copying the code for you). All of this data is synced between all my devices.
They take security very seriously (have never been hacked unlike LastPass) and also provide a "family" version where you can have shared vaults. There's many other "hidden" use cases as well. For instance, I tag all logins/sites that have my home address so in the future I can find them easily when doing a change-of-address.
They also have this thing known as WatchTower, which basically checks for passwords that have been compromised, vulnerable, duplicates or just generally weak.
I could go on and on, but you're better off looking at https://1password.com/tour/
Honestly really easy to use and you only need to remember your master password. Make that out of something which makes sense to you but nobody else.
eg "Twat Features Keeps Looking At My Mail So I need To Change My Password" is easier to remember than a random string and becomes "Tfkl@mms1n2CMP!" by taking the first letters.
If you can come up with one password like that to remember, 1password will generate complex passwords for everything else. There are other password managers around but that is the one which my Mum uses without trouble so its fairly user friendly.
Hi there and welcome to 1Password!
We don't autofill your passwords automatically simply because it's a pretty big security problem. We always value your security above all so though it's a popular request we've never added user-input-less filling in the browser.
However, we also love simplicity and of course it's really easy to autofill your passwords! Download our extension then use the control + backslash (\) shortcut to instantly fill in your username and password. So, one quick keystroke and you're in. :)
And if you enable auto-submit (from the 1Password app, Settings > Options > Browser > Automatically sign in after filling usernames and passwords), then we'll press the Login button for you too.
Let me know how this goes and I'm here for more anytime!
- Henry from AgileBits (makers of 1Password)
So you have a fully open source phone from the hardware to the firmware to the OS? Unfortunately, you're going to be running proprietary code somewhere no matter how hard you try not to. The question is who do you trust and how much do you trust them?
FWIW, 1Password's file format and crypto is fully documented. A more complete white paper on 1Password's security is also available.
I like using 1Password without its private online service, this allows you to host the passwords locally which decreases the likelihood of a LastPass-style security debacle.
I keep my devices in sync via iCloud.
Try clicking on it :) It just goes here: https://1password.com/downloads/windows/#browsers (or the link specific to your OS - I am on Windows)
Classic is not supported anymore. It is all 1Password for browsers (formerly 1Password X).
I hesitate to promise any specific timeframe, but 1Password.com has been a thing for ~6 years and in that 6 years we've never deleted any accounts because they're frozen. I'm unaware of any plans to start doing so.
Hello! 👋
1Password for Linux does not have support for local vaults. A 1Password membership is required as our Linux app relies on 1Password.com to do a lot of the heavy lifting. You can subscribe to any of our hosted regions in the US (1password.com), Germany (1password.eu), or Canada (1password.ca) and your data is yours and always accessible, even if your subscription lapses.
Now you specifically said the word will so there’s a good chance you already knew the above and are asking about the future. So let’s cover that, too. 🙂
Local vaults as they were designed on the other platforms will be very difficult to add. They were designed for use with generic file sync services and there’s so much more possible when our developers can work their magic on both sides of the network connections (server & client). So much so that 1Password for Linux assumes it will always be working with our hosted service.
The most likely path towards a modern day version of local vaults would be self-hosting of the 1Password service. We’ve seen some excitement for self-hosting from some users so there’s definitely some interest in this idea. It’s hard to gauge interest piecemeal like this, however, so I’d like to measure things more formally with a survey. To that end I’m putting together a set of questions to see who wants this feature, how it will help them, and some detailed questions to help ensure we build the right thing if and when we decide to move forward on this.
One fun tidbit is I’m planning on using 1Password Secrets Automation to store survey responses directly within one of my vaults. I thought this would be a fabulous way to ensure we protect the privacy of people’s information and their comments. It also gives me a great opportunity to geek out with our other big launch of this year. 🙂
I hope this helps. 🤗
++dave; 1Password Founder
A short blurb on closed source: sure, it’s not an inherent vulnerability, but it’s definitely far from an advantage when it’s security related. What are you going to trust more, the product that has thousands of people involved looking at it, or a small team? I work in the security space and it’s unbelievable just how many vulnerabilities a product can have in places you wouldn’t even expect.
Within the closed source space, you then get some great examples like 1Password’s 81 page white paper going into their security. With lockdown, reading their security info page, it’s heavy with buzzwords and light on the details. The most I could find was “Atomization encryption”. To reference Bruce Schneier don’t roll your own crypto.
To be clear, I’m not trying to say that this isn’t a good product or that it’s a bad one, but I definitely would want to wait a long while before using it. It would be promising to see a CSO (Chief Security Officer) on their team, along with more explicit/affirmative information on why it is secure.
I use this app called 1Password. It remembers every password and even generates it for you. You just use a hot key on a website and put in your one password and it fills in the rest. Highly recommend it. here it is
Not yet, Apple takes a little bit longer to review app updates before making them live. If you want 7.7 quicker, you can download 1Password for Mac directly from 1Password, or just be a little patient and the update will appear on the App Store likely very soon.
Not the only one. Get a password manager. I use 1Password.
As for having your phone with you all the time, you probably do anyway. And you can install the app on your computer or as a Chrome extension.
If you can't do that, you probably shouldn't be using that computer for anything secure anyway. (Or it's in a secure air-gapped facility)
If you don't have a constant computer, but have a requirement to always be available by email, ask your work for a work phone or laptop.
1Password is a paid upgrade if you have a standalone license, which it sounds like based on your post. It's an included upgrade though if you're a subscriber. It's $5/month for a family subscription (covers 5 people). Here's what's new in version 7 for Mac (I'm assuming you're on Mac since you mention having a standalone license for version 6—which is only possible on Mac.)
You can still download 1Password 6 for Mac here if you need to roll back your father's app.
Well, password managers are as strong as your master password is. If you are using a password manager but your master password is blink182, then it's as strong as having them on a post it on your monitor, even worse.
I use 1Password, safe, secure, and reliable. They have plugins for almost any explorer, apps for iOS and Android that work offline and I haven't had any problem so far. They even record your old passwords, that can be handy sometimes. The downside is that it's a subscription app so you need to pay $2.99 per month. In my opinion it's worth it. It suggests you passwords and you can set alarms and reminders if you want/need to change them every certain months.
If you don't want to pay, there are some free options. My SO uses Dashlane, because apparently she thinks having a password manager is a waste of money but still forgets her passwords. Other popular option is LastPass.
Yes, account hacking/impersonation is a definite possibility. A good practice is to use a unique password for every service/site you access. I prefer 1Password. As the name implies, I have a single password. 1Password generates and stores the passwords for the various services I use. It's also nice for storing secure notes and credit card numbers.
There are lots of benefits to the membership, and I'd love you to consider it, but if you'd prefer to buy a license, you can download the app from our website once it's released and purchase a license from within the app!
-Henry from AgileBits (makers of 1Password)
Hi there! 1Password Families would be perfect for you, and I'm happy to explain the security of it too.
In short, all your data is encrypted before it leaves your device, and we never store your Secret Key or Master Password in our servers—we even went so far as to create our own protocol (Secure Remote Password) to allow us to verify both client and server while preventing your Secret Key and Master Password from ever having to leave your device.
Your Secret Key is stored securely, encrypted by both itself and your Master Password (and like all your vaults, it uses PBKDF2 key derivation to prevent brute forcing). Your Master Password is stored (or, more accurately, isn't) in the same way. And ditto with every bit of data in your vaults. All this is designed so that even if a malicious third-party was able to gain access to our servers, your 1Password data would be safe.
Let me know if you have any more questions at all (and I'm happy to have a member of our security chime in too if you'd like super-technical explanations) and you can also learn about how security is at the core of 1Password accounts right here on our security page.
Maybe you should spend a second researching the product you're bitching about before making a terribly uninformed post complaining about issues that aren't actually issues.
> What happens if my subscription lapses? > > Don't worry, you will never be locked out of your account or your data. If your subscription ends, your account will be frozen but you will still be able to access, view and export all your data.
The trust model hasn't change.
If 1Password's software works the way described then they don't have the encryption keys for local vaults and they don't have the encryption keys for vaults hosted at 1password.com.
In both cases their client apps process the unencrypted data and in both cases you are trusting that their apps work as described.
iCloud and Dropbox control access to your encrypted vault with simple authentication and the HTTPS protocol. In both cases the authentication credentials are stored on their servers and passed over the HTTPS connection.
1password.com controls access to your encrypted vault with the secure remote password and HTTPS protocols. A verifier is saved on the server, but no long term secrets are passed over the HTTPS connection. The client app can confirm that it is the legitimate server and the server can confirm the user has the secret key and master password before any encrypted vault data is exchanged.
I can understand the reluctance to put your encrypted data in a 1Password "honey pot", but the whole system is designed to make this safe. All our passwords are already stored on servers in the cloud and encryption is the only thing that protects any of it. As long as you trust the software to work as described, storing data in the cloud and encrypting with keys that remain local is just as safe as storing data locally.
Just FYI: Even when 1Password offered stand alone licenses, it was impossible to have shared vaults between users. It was only once they built their own syncing service, along with introducing memberships, that it became possible to support shared vaults. For just a single user, shared vaults isn't necessarily that big of a deal, but for a company that probably has passwords or other secure information you want shared between employees—and kept up to date across each user's 1Password—shared vaults become crucial to using 1Password. (Although I obviously don't know what your company's specific use case for a password manager is.)
But if your company was still interested in adopting 1Password, and having shared vaults would be useful to them, they'd definitely want to go with either the 1Password for Teams or 1Password for Business plans.
Instagram support should be able to help you with this. No need to start from scratch.
Try these steps: https://help.instagram.com/149494825257596
If that doesn't work, DM me and I can ask someone there to try and help.
Also: once you get it back, use unique random passwords and 2FA. 1Password is free for journalists.
Hey /u/isaquiel1
We're no longer selling licenses for 1Password. Existing licenses will of course continue to work with v7 for as long as it works for you, but we won't be selling more or licensing future versions (including v8).
/u/dteare7 has a post about this and how we envision the future here: https://1password.community/discussion/comment/601917/#Comment_601917
If you're trying to avoid the reoccurring payment aspect we do sell gift cards, which could help. As a bonus, we are currently offering a deal where you can trade in your existing license plus $99 USD for $150 USD worth of 1Password.com credit. That'll hold most folks over for a number of years before they have to think about it again, and with that you wouldn't be automatically charged.
Thank you, seeing the positive reaction from the linux community has been heartwarming.
MrRooni touched on your first question in another thread. Other platforms will benefit from the work we put in on linux. That said, we want our users to have a fantastic experience on all platforms. Many of our developers run linux as their primary machine. We want to give any devops teams (or single developers) using Secrets Automation the ability to manage their secrets with a buttery smooth client on whatever their platform of choice is.
I shared a similar view about speed not being critical when I first started at 1Password. And in many places, you are absolutely correct! But, I found that there are a few areas where performance it's critical.
1Password Business accounts can have many vaults, items and frequent changes. Because of the encryption 1Password uses, the servers have no knowledge of the contents of vaults or their items. This prevents certain optimizations that are possible in other spaces, such as filtering search results on a server before sending a minimal response to the client. It's important that 1Password scales from single users, to families, all the way to enterprises and that means handling a user's data directly on their device.
You can only purchase it from within the app downloaded from 1password.com/download.
It cannot be done from the Mac App Store.
Click 1Password from the menubar, then click License.
1Password.ca and 1Password.eu were introduced just over a year ago!
1Password.ca accounts are billed in CAD, keep your data stored in the AWS Montreal region, and keep your service data restricted to only CA- and EU-based 1Password staff. More info here.
Unless you'd like billing in CAD or have a specific regulatory requirement for where your data is stored, I'd generally recommend sticking with a 1Password.com account. No matter where it's stored, your data is kept private and secure.
>But in the real world you have to download a app for every service you use and.
I use 1Password for all my TOTP 2FA needs. No need for a new app for every 2FA service if they're all using TOTP (the code that changes every 30 seconds).
As for SMS authentication, that's how the hacker that stole passwords from Reddit ended up with access to Reddit staff accounts. If someone's going to do that for something as useless as a list of ancient email addresses, what are they going to do when there's a luxury car on the line?
/u/MoveForwardJim might want to change banks, cards, etc. and possibly look at freezing credit and for lack of a better term, evasive maneuvers.
​
Other obvious moves are changing ALL passwords to everything, and while we're on that topic, just using a password manager (Lastpass or 1pass) with MFA enabled to lock it all down.
​
Also backup and format the phone in case she loaded anything into it. Same goes for laptop and anything else.
​
You've basically got to treat this like a sophisticated break-in and burglary, because that's what happened.
Hiya! I'm so glad to hear you're loving 1Password Families already—yay for slickness! If you're ready to keep on loving it (I hope you are!), you can go for a beautiful new 1Password gift card that's on sale. It's $125 of credit for $99, which brings down the price a nice bit. :)
Also, you'll have our undying love and support! Anytime you need anything, I'm right here 😉
1Password Teams and 1Password Business rely on our cloud to deliver all our powerful enterprise features (and the simple ones too, like sharing vaults between team members)! We don't have anything for sharing vaults between multiple computers locally.
However, with 1Password Teams (just like all 1Password accounts) your data never truly leaves your devices—before being sent to our cloud, everything is AES-256 bit encrypted by both your Master Password and Secret Key, turning it into completely useless blobs of data without both those keys (neither of which we have) whenever it's off your devices. The security of your vaults is bolstered further by PBKDF2 key derivation (to prevent brute forcing) and our Secure Remote Password protocol, which enables device/server authentication all without your Secret Key or Master Password leaving your device.
In short, your secrets are safe with us. You can read more about our dedication to security at 1password.com/security and take an in-depth look with our nerdy security white paper. For added peace of mind, we're also HIPAA compliant and SOC2 certified, have a $100,000 bug bounty for responsible disclosure, and have had 1Password Teams independently audited multiple times.
Finally, if you'd rather keep your data (or, rather, useless blobs) out of the US, you can sign up for a 1Password.eu or 1Password.ca account!
If you have any more questions about all this, feel free to ask me or our business team at business [at] 1password. com.
Hope that helps :)
Sure thing! Download our Windows app, then purchase that license right in the app: after adding a standalone vault, you'll be able to choose between purchasing the app with an account or a license on your next unlock. If you dismiss this window, you can choose 1Password > License and click Buy Now anytime.
1Password is end-to-end encrypted, and your master password is never transmitted over the internet. IMO The devs are quite clever and make good decisions when having to decide between convenience and security. You can read the 1Password security white paper here.
(I’m not a shill, just trying to explain why IMO 1Password is trustworthy.)
Your much better off using an offline password manager such as KeePass.
If you want to try a cloud password manager, 1Password - FREE for 6 months, here's the link... https://1password.com/promo/precious/?c=DAVELUVSU
You should look into 1Password for Families. Their new 1Password X client runs in Chrome on Linux and Chrome OS.
We'd be totally fine with you two sharing an account :).
But...I think you'll definitely want a Family account! Selectively sharing items is awesome (your vault won't be busied by logins your wife made that she only needs, and vice versa) and the ability to recover each others' accounts can come in real handy! And, if your family expands, you'll be perfectly set up for that 😄. See more right here: https://1password.com/families/
1password is good. It's a pay service, though.
I use keepass at work. It works, but I don't prefer it.
You may notice 1password on the list for this cloudflare breach, but here's a statement from them:
Hi all!
We are aware of the reported data breach at Cloudflare.
1Password data was NOT exposed as a result of this breach. This means that users of 1Password do not need to change their Master Passwords.
1Password does not rely on HTTPS to ensure that customer's 1Password data is not at risk. Our security recipe starts with AES-256 bit encryption and uses multiple layers to protect your data both at rest and in transit.
To read further about our approach to security and how we protect our 1Password data you can read our security whitepaper here
We also have a blog post up here
Kyle
The risk of this can not be overstated. Any site using cloudflare could have revealed secrets/passwords/tokens/private messages/etc over the course of the last 5 months. Much of this data has been cached by various search engines. While those search engines are actively working to purge this data, since it was publicly avalable, there is no saying where this data could have been stored.
It is strongly recommended that you a) start using a password manager (1Password/LastPass/Keypass) b) reset passwords across all of your online identities c) enable 2FA anywhere you can. Do not use the same password across multiple sites. Truly, there is no remediation for the private data outside of passwords; that data was potentially exposed.
>No more local vault?
Not in 8, no. It will be going fully to 1password.com. While it may be annoying for some, 1Password found that 97% of people use Cloud vs local, so it makes no sense to spend dev time on that.
https://1password.com/giftcards/
Yes, you can buy a gift card and apply it to your current subscription. When your next billing date happens, it will automatically pull from the gift card balance until that is depleted, and then return to charging whatever card you have on file.
You can also buy the $125 worth of credit gift card, which is on (seemingly perpetual) sale for $99. Saves you some money on the subscription cost.
Yes, and yes. The standalone price is for the previous version 6 that they've said would be security updates only from now on. If you prefer one-time payments over subscriptions it looks like this will be of diminishing use over time.
For me, the service is invaluable. I have to manage several organizations' website logins and related credentials as part of my day job, I'm happy to support a good developer house if their offering is best-in-class. I'm hoping they continue to find a way to differentiate as Apple slowly moves in on their territory.
As long as I find that the product continues to innovate I'm happy to keep paying, but I find some companies (i.e. Sketch and Adobe) want to have it both ways by collecting subscription fees without adding big features to their core offerings over the years.
You also have the option of taking the advice of the Bitwarden open source chads and dipping your toes into something similar for free. But like most things related to Apple, I'm fine paying a little more for a much-improved experience.
a while back there were some exploits for Firebase that would sometimes result in Spammy notifications/messages "from apps".
These messages were usually harmless, and would NOT have been related to Xfinity.
​
More likely I'm thinking that possibly someone was going around and trying to connect to Xfinity hotspots or wireless networks or something with a device named "Facebook" for example. And you would get a message like "Facebook would like to connect to your wifi"
Even if you did let someone into your wireless, you would still be very unlikely to get breached like that without other security warnings from them hijacking the internet once inside or something.
If you suspect you may have opened/clicked a malicious notification/link, make sure you have antivirus and anti-spyware installed, preferably a VPN as well, grab a phone or computer and network connection you trust, and go contact your bank and any other services/people you don't want a hacker inside to check that there is no unauthorized access and reissue anything you need to.
If you haven't yet, this would also be a great time to setup 2FA and a password manager like 1Password.com
1Password developer here. We don't actually have access to any of your passwords or secure data. I would recommend you read our whitepaper and this blog post.
Some FAQs:
Can I redeem this offer if I already have a 1Password personal or family account ?
No you cannot. This is limited to new accounts.
How do I redeem this ?
Click the link in the post.
How much does this cost ?
This plan costs $5 per month, and gives access to 5 family sub accounts.
What is 1Password ?
It is a password manager, and is among the best and most reliable.
Read more here: https://1password.com/
Why would I use this rather than a free/open source alternative ?
Most of the major password managers, paid or free or open source, are good, so it all comes down to your preference, and one thing perhaps that makes 1Password slightly more interesting is it is really well made, UI is one of the best and has a deep integration in iOS and MacOS.
Some other password managers’ free plans are limited, and so a free promo code for a paid platform is interesting in this case.
Read more here: https://www.wired.com/story/best-password-managers/
1Password Families is designed to be used as what it is, an online 1Password account. With a 1Password membership your data and is encrypted not only by your Master Password but also by your own personal Secret Key. This additional key adds 128 bits of entropy to your derived key, and by using the Secure Remote Password protocol we ensure that no information about your Secret Key nor Master Password is ever transmitted to our servers. The end result is even if someone manages to steal this encrypted data from our service, it's infeasible for them to ever be able to brute force it. Aside from the improved security, the other aspect about hosting your data on our system is syncing is much faster and more reliable.
I'd recommend taking a look at our security page if you haven't already, and if you're feeling a little nerdy, our white paper is worth checking out, as well. 🙂
1Password.com truly offers the best 1Password experience there is, so if there are any concerns I can squash about the security of "your data" existing in your 1Password account, let me know!
1Password is made by a growing team of over 110 of us, and we work really hard every day to keep your data safe and your 1Password experience fast and smooth. We've got friendly support happy to help, completely native apps for every supported platform, reliable cloud syncing, and a foundation of strong security and privacy.
In short, we're working tirelessly to make an awesome customer-friendly product designed to improve your life just a little bit, and I think the price we ask is more than reasonable for that :)
If 1Password is a bit out of your price range, feel free to shoot a note to our friendly sales team at [email protected]
and the team will see what they can do to help you!
Hey! I'm sorry to hear you're disappointed in our offering for Thanksgiving. We want to spread the 1Password love and share with as many people as possible, and this was the best way we could do so. If you're interested in a sale for an already-existing account, our gift cards always remain an option - I purchased one myself, actually!
https://1password.com/giftcards/
And just because it's a Families accounts that we are allowing our users to give out doesn't mean that can't be given to an individual - an individual person can always have a Families account and downgrade to an individual one.
I hope you have a happy Thanksgiving, and as always let us know if there's anything we can help with. :)
-Michael
1Password 7 for Mac brings major improvements for this already: when you're in an app (say Slack), opening Mini with a click or a keyboard shortcut automatically brings up relevant logins (like your Slack login); then drag and drop your username/password/OTP and you're all set. We're always looking for ways to improve this in the future and I'll pass on your suggestion :)
You can upgrade to 1Password 7 with a new license: download the new app and choose the "Need a License?" option on first launch. Let me know if I can help more with that!
Damn that's pretty disappointing...do you know how much the stand alone costs? I've looked through their website but I can't seem to find anything about it. Every article/blog post I find directs me to this page and I only see information on the subscriptions.
Yep! Some interesting things have been happening with the Safari Extension lately—we did some testing in 1Password 7 betas with the new Safari App Extension (rather than a standard browser extension) but that didn't work out as well as we'd hoped, so we switched back to a regular browser extension there for now.
Sorry that's causing some weirdness—deleting the extension from Safari and downloading it again from 1password.com/browsers should fix it right up!
Also, do let me know if you have any feedback from trying out 1Password 7, I'd love to hear it. :)
Forgive my asking, but why wouldn't you want 1Password synced across all your devices?
In your current setup, your data is totally secure in 1Password, but you're of course risking data loss by not syncing.
For that extra peace of mind from seamless syncing and automatic backups (plus a whole lot more), you can start a 1Password account right here: https://1password.com/sign-up/. There's a month-long free trial and you don't need to add a credit card!
Learn more about how security and privacy are at the core of 1Password: https://1password.com/security/.
Let me know if you have any more questions and I'd love to answer them!
-Henry from AgileBits (makers of 1Password)
We really want you with us at 1Password! 💜
It's easy to switch, and I think you'll love 1Password a lot :). Sign up on 1password.com and learn how to migrate your data in from LastPass!
- Henry from AgileBits (makers of 1Password)
Yay, I'm so glad you love 1Password :).
Just wanted to contribute this link about how security is at our core: https://1password.com/security/
I'm here (and so is our super-smart head of security!) to answer any questions you have about 1Password and it's top-notch security.
-Henry from AgileBits (makers of 1Password)
1Password and LastPass are password managers, but they also offer encrypted notes as well. May not be as fluent as Evernote depending on how much you take notes, but it might get the job done.
There is also Turtl, but I haven't tried it so can't speak much to it (and don't think the mobile apps are that great.)
Would love to hear what everyone else's suggestions are.
Disclaimer: I work for AgileBits, makers of 1Password.
Something incredibly important is that even if someone asked for your data, we could only provide the encrypted data. There are two secrets that we simply don't have:
If they have your data, they still need those two things since both are used together to encrypt your data. You can read a lot more about how this works and secures your data in our white paper
If you have further questions I am more than happy to help answer those :)
Kyle
AgileBits
This is why it's important to use a password manager. It lets you use unique passwords for everything and they can be very long and random without you having problems with remembering them. The master password is one thing you need to remember, and the AppleID one is good too. Using the XKDC password method there would work well.
I rather like 1password, because you can sync it via Dropbox or iCloud (it's encrypted, naturally) so that you can use the same vault on both iOS, macOS and other OSes as well.
Don't reuse passwords anywhere and breaches like this won't matter at all.
When your password is something like Bx6NTv,qjzToMV47gudQgTWBwKN3b&
, and you ONLY use it on gm-volt.com because you use a password manager like 1Password, then the only cost of a breach like this is that you need to reset your password.
>The one thing I love about Dashlane is that on Chrome desktop it will autofill my 2FA codes. Is this possible with 1Password?
This is totally possible with 1Password! If you're on the fence about giving us a shot, take in mind that your first 14-days is on-the-house, so there's no need to worry about committing to something that you may not like. Though, I have a feeling you'll feel right at home with us. 😊
I've been using 1Password for several years now and like it a lot.
If you want to take it a step further you can even pair it with a service like Privacy which lets you generate virtual cards for making payments online. You can set cards that expire after a single use, set monthly limits, and even pause a card to automatically decline any transactions.
1Password backsup your database every day and every device you use to access 1Password keeps a local copy of your database. You can export your database from your local copy at any time and you don't need 1password.com to be online to do this.
I have tried exporting to a 1Password format, but I didn't find a way to sync this with my database and it didn't protect from the extreme case of 1Password disappearing. So I export my database to CSV once in a while and import this into Keepass.
You can’t… yet. TL;DR: It’s coming, and soon(?)
The 1Password X extension by virtue of being a browser extension, doesn’t have direct access to hardware like TouchID, not in the same way the desktop 1Password app can.
However for a while, the beta versions of 1Password X and the Desktop app communicated with each other so they could have shared locked/unlocked states (meaning: when you unlock 1Password Desktop with your fingerprint, the browser extension unlocks too. And if you try to unlock the browser extension, it’ll ask the desktop app to unlock allowing you to use TouchID.)
That integration was removed from the betas because the developers were switching to a different implementation (and didn’t want to maintain two separate implementations for beta users.)
As recently as a month ago in a forum thread one of the developers said:
> We’re slowly but surely making progress and I’m greatly looking forward to the return of this feature. I can’t share any specifics just yet but I can say that I’ve been reviewing merge requests that are getting us closer to this goal.
I say “soon(?)” because the developers aren’t making any promises—as rightly they shouldn’t, I’d rather they take the time to be right, not quick.
However, if you really don't want to wait, 1Password has two different browser extensions. You're using 1Password X, but if you switch to the companion app extension, it has a slightly different user experience (slightly worse than 1Password X), but it does rely on the desktop app, and already has shared locked/unlocked state with the desktop app.