Filed under: Software, Internet Tools
1Password 2.7 gets a little sexier
I know we just mentioned the upcoming iPhone version of 1Password yesterday, so I'll make this quick. Version 2.7 (of the desktop variety) was just released and it adds a brand new feature: a fully keyboard-accessible HUD window which allows you to instantly navigate to a website and log in.
According to the developers, this feature has been In the works for over a year. It integrates all of your "Go & Fill" 1Click bookmarks directly into your web browser. The HUD window (yes, I have a weak spot for those sexy, transparent black HUDs) has a search feature at the top of it which allows for speedy location of the bookmark you're looking for.
So, please excuse the extra mention; I think this new feature is useful enough to warrant a quick note. Current users just need to check the auto-updates within the application. Curious parties can visit the 1Password page.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
David said 11:24AM on 7-09-2008
I got a promotional version of 1password that expired a little while ago. I've been dismissing the "buy now" reminders for some time now, but this update may be worth finally pulling the trigger. If I don't, one of these days it's going to quit working on me altogether and I'll be locked out of all my important sites.
Reply
Sportsmedjosh said 11:32AM on 7-09-2008
I don't get how to use this HUD can someone please explain. I just upgraded and searched the help but still no idea.
Reply
cheetahkayak said 11:35AM on 7-09-2008
I can't find the HUD either
David Teare said 11:35AM on 7-09-2008
CMD-Option-\ will bring up the Bookmarks window with the Search field in focus. Start typing and the search results should 'slide in'. Hit Enter or tab to get to the search results, and press enter again to launch the bookmark.
You can also use the mouse and use the Select a Bookmark menu.
David Teare said 11:33AM on 7-09-2008
There is an internal debate on whether we should be using a HUD window here or not. Be sure to cast your votes here in the comments!
Personally, I love the HUD window and want to keep it.
Reply
Charles Burnett said 12:27PM on 7-09-2008
I love this update, and the whole app as well.
By far one of the best purchases that I've made for my Mac.
HUD all the way...
kleinias said 4:39PM on 7-09-2008
I actually find this feature pretty useful and I hope that you keep it in 1Password.
Frank said 11:33AM on 7-09-2008
I've got the latest version and can't find reference to the HUD anywhere. How do I pop the HUD?
Many thanks.
Reply
David Teare said 11:38AM on 7-09-2008
There is a Bookmarks menu item in the 1P toolbar and context menus.
Also, the CMD-Option-\ keyboard shortcut will launch the Bookmarks window.
Roustem said 11:40AM on 7-09-2008
Frank,
Make sure you restart the browser after you install the new version. You can see the menu here:
http://skitch.com/roustem/xqys/safariscreensnapz001
Frank said 12:19PM on 7-09-2008
Thanks David and Roustem. Got the bookmark menu option but can't get the shortcut to work. Is there somewhere to configure the keys? I'm assuming I'm being a bit slow on this.
Brooklynguy said 12:30PM on 7-09-2008
Frank, you're not the only one. I've spent an hour trying to get this to work. I have the latest updates to 1Password, Firefox, and Safari. I've rebooted my machine. No menu item, no shortcut, nothing. Very frustrating. I've emailed them--no response. I guess they're swamped with email right now. Generally they are really really great, and I love the app--but I cannot get this new, supercool functionality to work.
David Teare said 12:31PM on 7-09-2008
The shortcut key can be a but finicky Frank. If other apps grab it we'll have a conflict, and we've seen a few cases where Universal Access conflicts with it too.
We will be adding the ability to customize the shortcut so you can work around these issues.
David Teare said 12:35PM on 7-09-2008
@Brooklynguy: the inbox was down to 1 when I went to bed at 1am last night.
Now that I'm up and running again and Gita is online, I'm sure we'll answer well before the 24 hour target we set for ourselves.
With that said, it sounds like an old version is hanging around somewhere....If you send us your diagnostics we can look at em and see what's going on.
Brooklynguy said 1:25PM on 7-09-2008
Diagnostics sent. Thanks, David!
Jim said 11:39AM on 7-09-2008
I honestly can't believe they are still allowing you to sync a password bookmarklet to your iphone. The my1password bookmarklet was disabled due to the security of the bookmarklet. It is even more serious when you consider the iphone bookmarklet. Your entire password list could be stolen by a website.
Reply
Roustem said 12:13PM on 7-09-2008
Jim, you're right; there is a potential issue for websites that allow javascript injection on the login page that specifically targets the 1Password iPhone bookmarklet. There has been no reports of this in the 'wild' yet because it is an edge case that is hard for criminals to attack. Criminals would need these conditions to be true:
1. A popular website.
2. You have an account there.
3. Website allows javascript injection on the login page.
4. You use iPhone to login and provide the encryption password.
Given the number of steps and the fact this *only* works for Mac iPhone users the danger is limited.
Also, unfortunately, the only alternative to the bookmark at this moment is to use weak passwords for your logins which is arguably even more dangerous. The rationale for this is a weak website password can be attacked by anyone from anywhere in the world, whereas this edge case requires many prerequisites.
Despite all this, we do agree this edge case should be closed and therefore we will be removing the bookmark entirely once the Native application is available from the App Store, hopefully within next few days.
While the Native app fixes this problem on iPhone, unfortunately there is nothing we could do for my1Password. The good news, however, is that when using my1Password on a desktop you are able to use copy-and-paste.
Jim said 12:37PM on 7-09-2008
"1. A popular website.
2. You have an account there.
3. Website allows javascript injection on the login page.
4. You use iPhone to login and provide the encryption password.
Given the number of steps and the fact this *only* works for Mac iPhone users the danger is limited. "
The danger is limited but also catastrophic. As I am sure you are aware, when looking at risk management, you look at how likely it is to happen and the results of it happening.
If you are like me and you store very sensitive passwords(banking) in 1Password, then the damage of this attack it just too much to risk. I am just not sure that most people here read your forums where you first announced this vulnerability. I read it and I immediately removed it from my ipod touch.
BTW, I couldn't live without 1Password on my mac.
Roustem said 12:40PM on 7-09-2008
Well, it means that we need to finish the native iPhone application ASAP. I will be turning off the internet and getting back to work then :)
Thanks for that extra push!
Sportsmedjosh said 11:50AM on 7-09-2008
Wow thanks for the very very very fast reply! I love the HUD. But I also hate it because now I have to organize all my 1password stuff.
Reply