XARA: Unauthorized Cross-App Resource Access
Darren Pauli (comments): Six university researchers have revealed deadly zero-day flaws in Apple’s iOS and OS X, claiming it is possible to crack Apple’s password-storing keychain, break app sandboxes,...
View ArticleMacUpdate Adware Installers
Thomas Reed: Following Mr. Urdaneta’s hints, I sought out the Skype page on the MacUpdate site and downloaded the app. The result was a file named Skype Installer.dmg, which seems legit on first...
View ArticleCloudKit JS
AgileBits: CloudKit is still the way that developers access the iCloud database, but Apple has provided a brand new way of accessing their CloudKit servers: CloudKit web services. CloudKit web services...
View ArticleThe Futility of Pleasing All Users
Khoi Vinh: This is a fine idea, but when I upgraded, I was surprised to find that the new “All Vaults” view is the default view. Even when I selected a specific vault as my preferred view, the next...
View Article1Password’s Cleartext IPC
Ross Hosman: So it appears 1Password is sending data to the browser extensions over the loopback interface in clear text and not only passwords but credit card data as well if you use it for checkout...
View Article1PasswordAnywhere No Longer Works With Dropbox
David Teare: In the coming days, 1PasswordAnywhere (the 1Password.html file within your Agile Keychain folder) will stop working for 1Password data stored in Dropbox. Logging into my Dropbox account,...
View Article1Password Cloud Services Incompatible With VPNs
Matt Henderson: Unfortunately, however, I recently discovered that all of our 1Password applications (iOS and Mac) have stopped syncing their data with 1Password’s servers. And to make matters worse,...
View ArticleTouch Bar
macOS Human Interface Guidelines: The Touch Bar—located above the keyboard on supported MacBook Pro models—is a Retina display and input device that provides dynamic interface controls for interacting...
View ArticleAbout Touch ID Security in 1Password for Mac
AgileBits: When you enable Touch ID, 1Password stores in the macOS Keychain an obfuscated version of a secret that can be used to decrypt your 1Password data. The secret is used to unlock 1Password...
View ArticleCloudbleed: Cloudflare’s HTTPS Traffic Leak
Tavis Ormandy (via Hacker News): On February 17th 2017, I was working on a corpus distillation project, when I encountered some data that didn’t match what I had been expecting. It’s not unusual to...
View ArticleTheft and Loss Recovery for iOS Users
Fraser Speirs: Fortunately, the bag was stolen on the final day of the trip and not the first, otherwise we would have had serious problems throughout the holiday. This is another post for another...
View Article1Password Travel Mode
Rick Fillion (MacRumors): Travel Mode is a new feature we’re making available to everyone with a 1Password membership. It protects your 1Password data from unwarranted searches when you travel. When...
View Article1Password Standalone Vaults and PasswordWallet
Dave Teare: Now the thing is, I know it’s not realistic to expect everyone to be able to be able to join one of our memberships at this time. As great as 1Password memberships are, I know that our...
View ArticleProductivity Apps and Subscription Pricing
Paul Mayne: Day One is evolving. We’re transitioning to a more stable subscription business model to ensure this app and these services always stick around. This week we’re releasing the Day One...
View Article1Password Command-line Tool Public Beta
Connor Hicks (via Rick Fillion): The 1Password command-line tool makes your 1Password account accessible entirely from the command line. A simple op signin will securely authenticate you with the...
View ArticleAd Targeters Are Pulling Data From Your Browser’s Password Manager
Russell Brandom: The researchers examined two different scripts — AdThink and OnAudience — both of are designed to get identifiable information out of browser-based password managers. The scripts work...
View Article1Password 7 for Mac
Dave Teare: While in your browser, mini will automatically suggest the items you’re most likely to need. And mini doesn’t limit itself to just browsers. With our new app integration we’ll automatically...
View ArticleAustralian Assistance and Access Act
Danny O’Brien: With indecent speed, and after the barest nod to debate, the Australian Parliament has now passed the Assistance and Access Act, unopposed and unamended. The bill is a cousin to the...
View ArticleMeet the New Dropbox
Emil Protalinski: Dropbox has doubled the storage space for its Plus users from 1TB to 2TB, added Rewind and Smart Sync features, and increased the price from $10 per month to $12 per month. The...
View ArticleLocal 1Password iOS Vaults No Longer Free
gross (via Hacker News): I have a workflow where I use 1Password on my phone - locally, no sync, do not want sync, can not use sync. Obviously this is not my main way of using 1Password, which I have...
View ArticleSafari 13 and Extensions
Apple (Hacker News): Removed support for Legacy Safari Extensions 1Password: Moving forward, the use of 1Password with Safari will require 1Password 7, which fully supports the latest Safari and macOS...
View Article1Password Takes Accel Investment
Dave Teare (tweet, TechCrunch, Hacker News): Accel will be investing USD$200 million for a minority stake in 1Password. Along with the investment – their largest initial investment in their 35-year...
View ArticleSafari 13.1: Third-Party Cookie Blocking and 7-Day Script-Writeable Storage
John Wilander (tweet): Cookies for cross-site resources are now blocked by default across the board. This is a significant improvement for privacy since it removes any sense of exceptions or “a little...
View ArticleUnable to Enable Safari Extensions
Jeff Johnson (tweet): In macOS 10.15.3, Apple introduced a bug that can prevent you from enabling or disabling Safari extensions. In order to enable or disable an extension, you must click the checkbox...
View ArticleGoogle Authenticator 3.1
Oliver Haslam: Google Authenticator for iPhone has had some attention lavished on it, with the new app featuring a redesigned interface that also includes support for dark mode for the first time....
View ArticleDisplaying the State or the Action
John Gruber: In the Facebook/Android style, a down-pointing chevron is a button you tap to expand more content, and an up-pointing chevron is a button you tap to collapse it. In the iOS/Mac style, a...
View ArticleSubstack’s Subscription Form vs. 1Password Autofill
Timmy O’Mahony (via Hacker News): To state the obvious: there is no $2,023 plan here. There is a “founding member” option, but I’m sure I didn’t click that?Wait, what did I do? I’m certain I selected...
View Article1Password Takes Second Round of Venture Capital
Jeff Shiner (tweet): Today we’re announcing a new investment round in 1Password. Our current investor Accel led this round and a number of incredible folks including Ashton Kutcher’s Sound Ventures and...
View Article1Password 8 for Mac Early Access
Dave Teare (tweet, MacRumors, Reddit): Categories now sit atop your item list as a simple dropdown filter, giving the sidebar plenty of room to show all your vaults and their accounts. You’ll also...
View ArticleiOS Safari Extension: 1Password
Sami Fathi: With iOS and iPadOS 15, Apple allows Safari extensions developers to release their previously exclusive Safari for Mac extensions to the iPhone and iPad, allowing users to use extensions on...
View Article1Password Series C Funding Round
Jeff Shiner (tweet, Hacker News): I’m delighted to announce that 1Password has raised $620 million in our latest investment round that values our company at $6.8 billion. This moment represents a lot...
View ArticleMoving From 1Password to KeePass
Josh Centers: I always somewhat regretted switching away from KeePass, which stores its encrypted database in a standardized, open format. The original KeePass has always been Windows-only, but there...
View Article1Password 8 for iOS Early Access
Michael Fey: Over the last couple years we’ve been making a concerted effort to unify our design language. We built a user interface that’s cohesive across all our apps, but also makes you feel right...
View Article1Password 8 for Mac
Dave Teare: We created an entirely new design language, code-named Knox, to unleash the power and productivity we’ve been dreaming of – all while preserving the heart and soul of 1Password. 😍 […] Quick...
View ArticleRediscovering the Mac
Federico Viticci (tweet): As much as I love the iPad, at some point I have to face its current reality: if Apple thinks iPadOS isn’t a good fit for the kind of functionalities people like me need,...
View Article1Password Meets Git
Simon Sickle: Enable the SSH Agent and optionally biometrics if you wish. Now, we must add a snippet of code to our SSH configuration file to tell the SSH command we wish to delegate key management to...
View ArticleLastPass Breach
Dan Goodin: LastPass, one of the leading password managers, said that hackers obtained a wealth of personal information belonging to its customers as well as encrypted and cryptographically hashed...
View ArticleChanging Apple ID Password Using Only a Device and Passcode
Joanna Stern and Nicole Nguyen (tweet, Hacker News, MacRumors): Using a remarkably low-tech trick, thieves watch iPhone owners tap their passcodes, then steal their targets’ phones—and their digital...
View Article1Password to Add Telemetry
Pedro Canahuati (Hacker News): 1Password is beginning an internal test of our new, privacy-preserving in-app telemetry system. […] We’re only interested in how people use the app itself, what features...
View ArticleGoogle Authenticator Adds Syncing
Christiaan Brand (Hacker News, MacRumors): We are excited to announce an update to Google Authenticator, across both iOS and Android, which adds the ability to safely backup your one-time codes (also...
View ArticleArc Browser
Matt Birchler: While Vivaldi targets people who want absolute control over everything and who always want more functionality, while Arc is more focused on appealing to Mac enthusiasts who want a...
View ArticlePasskeys: A Loss of User Control?
Jeff Johnson (Mastodon, Hacker News): One thing is painfully clear to me already: the BigCos are coming for our passwords, so passkeys can’t be ignored. Google recently wrote about the beginning of the...
View ArticleElegy for the Native Mac App
Keaton Brandt (Reddit): To the old-school Mac community, installing some shitty cross-platform Java app on their pristine Macbook was an admission of defeat. Even web apps were avoided whenever...
View ArticleIs It Safe to Store Passwords and 2FA Codes Together?
Megan Barker: It’s important to acknowledge that 2SV is a very valid way to secure your accounts, and improves upon the standard use of a username and password (one-factor authentication). The...
View Article1Password Acquires Kolide
Jeff Shiner: Why would 1Password acquire a device health and contextual access management solution? The reality is that access isn’t secure if the device doing the access isn’t secure. This is part of...
View Article1Password.co Tracking Links
Cabel Sasser: PSA: 1Password uses “1Password.co” for email links — instead of their usual “1Password.com” domain. Craig Hockenberry: So the “phishing link” with the .co domain was a valid link and...
View ArticleThe Dark Age of Authentication
Sriram Karra and Christiaan Brand (via Hacker News): We’ve received really positive feedback from our users, so today we’re making passkeys even more accessible by offering them as the default option...
View ArticleWWDC 2024 Wish Lists
I always want releases focused on bug fixes, but we all know that isn’t going to happen. If we’re dreaming big, how about something like virtual memory for iOS so that it stops losing my Safari tabs?...
View ArticleApple Passwords App in Sequoia and iOS 18
Jay Peters (Hacker News): Password managers are essential. They keep track of your passwords, encourage better security practices, and generally help to manage your life across your devices. They’re...
View ArticlePasskeys Credential Exchange
Filipe Espósito (Hacker News, MacRumors, Dan Moren): As just announced by the FIDO Alliance, the new specifications aim to promote user choice by offering a way to import and export passkeys. The draft...
View Article