Hands-on: New 1Password 4 looks like a worthy update to a great OS X app

Despite having to contend with a market that's increasingly crowded by competitors, AgileBits' 1Password is still my go-to repository for every last bit of information that I want to keep safe and secure, like my passwords, software licenses, and banking data.

Luckily, the folks behind 1Password aren't slacking off. Now that even Apple is baking password management right into its operating systems, they are responding by releasing a new version of their popular app that includes more goodies than ever.

Better and the same

Let's start with the basics. Despite sporting dozens of new features and having received a new coat of paint, 1Password 4 feels much like its predecessors, which makes the transition very easy to manage for existing users. Considering how often I pull the app up during a typical workday, this seems like a very smart move--particularly when you consider that the app's user interface was very slick to start with.

In addition to its traditional full-size window interface, the app now also includes a convenient "mini" version that sits in your menu and keeps your passwords and other private information ready at hand, without having to launch the full app. As a nice touch, you can even "pin" an item so that it always remains on top of other windows; this allows you to copy and paste multiple pieces of information without having to open the menu item too many times.

A number of other refinements round out the user interface, including support for favorites, the ability to open and maintain multiple vaults, new filtering options, and even a complete set of professionally-designed icons for the kinds of items you are most likely to store in your vault.

Browser integration

Browser support is probably the one area of the app that benefits the most from the latest update. Like before, 1Password comes with extensions for all three major browsers (Safari, Chrome, and Firefox); without fail, their interfaces have been redesigned to make using them significantly easier.

For example, when you come across a Web page that requires authentication, 1Password now opens a dialog box asking you if you want to use a stored password (or if you want to create a new one), whereas the previous version used to slide a new panel right in the browser's chrome.

This may seem like a minor change, but it has the effect of reminding you that 1Password is always at your fingertips. As a result, you'll use the app more often, ending up with a larger database of more secure passwords that you need to type in less often. When I first came across this feature, I thought that I was going to annoyed by it, but, perhaps counterintuitively, it has made my life much easier.


The emphasis that AgileBits has traditionally placed on security has also been carried over to the new version of the app; all data is encrypted using the 256-bit AES standard, and a new special digital signature helps prevent tampering. More importantly, the user interface strikes an excellent balance between security and convenience: the default timeouts are calibrated so that you don't have to input your master password too often while still taking effect soon enough that your data doesn't remain accessible for too long.

New in version 4 is also a feature called a Security Audit that causes 1Password to go over your entire password database looking for potential security issues, such as weak passwords or logins that you haven't used or changed in a long time. If you happen to be a longtime user of the app, chances are that you'll benefit from this functionality--I tend to be fairly cautious with my credentials, but still ended up changing about half a dozen long-forgotten logins after going through an audit.

As good as ever

The new 1Password is every bit as good as its predecessors, and represents exactly the kind of update that I was hoping for from the folks at Agile Bits. The app is unobtrusive (unless it needs your attention, in which case it's not timid about asking for it) and feels both lightweight and responsive. In my brief tests, it has also been very stable on both Mountain Lion and even on the latest Mavericks betas, without any glitches or crashes.

Join the CSO newsletter!

Error: Please check your email address.

Tags Applepasswordssecuritysecurity software

More about AES EnvironmentalAgileApple

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Marco Tabini

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts