1Password 7: A new design and added security features

AgileBits has released 1Password 7 for Mac and Windows. The password manager is among the most long-lived and popular offerings of its kind out there.

1Password 7 security

Both the Mac and Windows version sport a new design that puts the important things (i.e. the user’s items, the most important information) into focus and a new custom font that makes it easier to type passwords into another device.

1Password 7 security

The Mac version continues to support Touch ID and the Windows version Windows Hello for biometrics-based login. Both versions sport a new and even more helpful 1Password mini, and in the Mac version it’s not limited to working with browsers.

“With our new app integration we’ll automatically suggest logins for the current app you’re using. Along with support for drag and drop, this is a real game changer,” AgileBits founder Dave Teare noted. (Users can drag and drop items between vaults and accounts.)

1Password 7 security features

The 1Password Watchtower is now a suite of security tools that notify users of breaches, highlight weak, vulnerable and reused passwords, point out logins that are using an insecure (HTTP) website address, and even warn users about soon-to-expire credit cards and documents.

1Password 7 security

“Watchtower integrates with Troy Hunt’s haveibeenpwned.com service to see if any of your logins are vulnerable. 1Password securely checks your items against a collection of breached passwords (over 500 million and counting) and notifies you to change them,” Teare explained.

Integration with twofactorauth.org allows Watchtower to know which websites support two factor authentication and to alert users when it finds logins without 2FA enabled.

1Password 7 security

“Also new in 1Password 7 (for Mac), we’ve taken advantage of Apple’s Secure Enclave to protect your Master Password when Touch ID is enabled. This is incredibly cool because the keys used for encryption are protected by the hardware and not accessible to other programs or the operating system,” Teare shared.

“And if you’re moving over to our new 1Password memberships, syncing your data is more secure than ever. With the addition of a Secret Key, Secure Remote Password, and Galois/Counter Mode, your data has never been safer.”

And for those worried about their passwords being accessible to the company, Michael Fey, Apple Team Lead for 1Password, says “Don’t.”

“The fact of the matter is that with 1Password your passwords are not ‘in the cloud’. What we store on our servers is a fully encrypted data blob that only you have the keys to decrypt,” he told Help Net Security.

“Furthermore, that decryption only ever happens on your devices – neither your master password nor any of the other pieces we use to encrypt your data are ever transmitted to us. Our security page covers all of this in detail, and if you really want to dive into it, our security white paper dives into the nitty gritty,”