1Password 2.9 is now released!
Those paying close attention will notice that the last version of 1Password (2.8.2) was released on August 1st, over two months ago! We normally publish new releases every 2 weeks on average, so for us this release has taken a lifetime!
The reason this release took so long, quite frankly, is we were all exhausted after the release of the iPhone version of 1Password. When 1Password was added to the App Store things were absolutely crazy here; I have never seen anything like it. I now have even more respect for Apple; the firestorm they must have endured is unfathomable.
Now that we are back at full strength, we of course have some surprises in store for you! Without further ado, let me introduce the solution to our #1 requested feature: Robust Alternative to MobileMe Syncing!
Keeping Your Macs in Sync
There are few fantastic tools available to keep your files in sync. Examples of these include FolderShare, ChronoSync, Unison, iDisk, SugarSync, and our favorite, Dropbox.
Until now these tools could not be used to sync your 1Password data. With the new Agile Keychain format added in version 2.9 it is possible to sync information almost instantaneously and without conflicts. All changes are detected and reloaded by 1Password automatically.
It is also possible to share the Agile Keychain between multiple computers on your local home network using a regular shared folder.
What is the Agile Keychain?
The Agile Keychain is a new keychain format developed to build on the success of the OS X Keychain and expand its functionality. The OS X Keychain has served 1Password incredibly well over the years and we are proud to support it. Over time, however, our users have required us to create something more flexible and portable that meets all of their diverse needs.
Here is a comparison of the OS X and Agile Keychains:
| Mac OS X Keychain | Agile Keychain | |
| File Based Syncing1 | not practical |
 robust, easy & instantaneous |
| Performance2 | degrades as size increases |
fast even at GB sizes |
| AutoLock3 | based on keychain usage |
mouse and keyboard based |
| Data Encryption4 | Triple DES |
AES 128bit CBC & PBDKF2 |
| MobileMe Syncing5 | keychain synced |
iDisk only |
1 File level syncing is not practical with the OS X Keychain because everything is stored in a single file. Each modification causes the entire file to be recreated and then synced. This hurts performance and increases the chance of conflicts.
2The OS X Keychain slows significantly as its size increases because it creates an entire copy of the file and then replaces the original.
3 The OS X Keychain's AutoLock is based on keychain usage. The amount of time between using the keychain is calculated to determine if the keychain is locked. User activity such as typing or mouse movement is irrelevant. This forces users to specify a much longer Automatic Lock time than they might otherwise prefer.
4 The OS X Keychain uses Triple DES as its encryption algorithm which is quite secure, but it is growing older and has been superseded by newer encryption algorithms with longer key lengths. AES is the new standard used by the US Government.
5 The OS X Keychain has direct support for syncing with MobileMe. The Agile Keychain does not have this level of integration with MobileMe, but it can be kept on iDisk.
For a full analysis of our need to design the Agile Keychain, please refer to the History of 1Password's OS X Keychain Integration. For details on how the Agile Keychain was designed and made secure, please see the Agile Keychain Design document.
As mentioned, the OS X Keychain has served 1Password incredibly well. In fact, the majority of users are completely satisfied with its current functionality and will not be motivated to immediately transition to the Agile Keychain.
Therefore, the OS X Keychain will continue to be a part of 1Password for the foreseeable future, and we will not be forcing people to move to the Agile Keychain. Over time, however, features will be added to 1Password that are only possible using the new Agile Keychain format and will require switching in order to access the new feature.
How to Switch to Agile Keychain
It is easy to start using the new Agile Keychain format. Simply, launch 1Password and go to Preferences > Keychain and select Switch to Agile Keychain, as shown here:
You will be asked for the Master Password that will be used for the new keychain, as shown here:
Once provided, all your OS X Keychain items will be recreated and stored into the new Agile Keychain using the provided password.
You can switch back and forth between old and new keychains at any time. When switching back to the OS X Keychain, I recommend to reuse the old keychain for much faster switching. All changes (except deletions) made in one keychain will be copied to another:
While initially testing the Agile Keychain you should just leave the OS X Keychain where it is. Once you are satisfied with the new keychain format, however, you can clean things up. For detailed instructions, see the Removing the OS X 1Password Keychain section in the Using the Agile Keychain
Automatic Syncing Without MobileMe
You can sync your files using any of the great tools available, but our favorite is Dropbox. You can download it from their site, watch their video to see how things work, and be up and running in a few minutes.
After Dropbox is installed, go to the 1Password > Preferences > Keychain window and select Change Location:
1Password will ask you for the new location of the keychain. Specify the Dropbox folder (or a subfolder within it):
Clicking Change Location will cause 1Password to move your Agile Keychain to the Dropbox folder. That's all there is to it! Your keychain is now being monitored by Dropbox and automatically copied to all your other machines.
To configure 1Password on your other Macs, first setup Dropbox, then make sure you have the latest version of 1Password installed, and then use Finder to browse your Dropbox folder and double click 1Password.agilekeychain. 1Password will launch and ask you if you want to switch to this new location:
After clicking Yes 1Password will configure itself to use this new keychain. Since the keychain is monitored by Dropbox, any change you make to your keychain will be automatically synchronized to all your other Macs. 1Password and its browser extensions will detect these changes and automatically reload the keychain, allowing for completely automatic and seamless syncing without MobileMe.
Automatic Syncing Using iDisk
By popular demand I decided to add this section to detail how to use MobileMe's iDisk to sync your data. The steps are nearly identical to the previous section but instead of using DropBox you use iDisk instead.
I have been using both iDisk and Dropbox for my testing and have found both to work fine for my purposes. With that said, Dropbox is a lot faster and has some amazingly cool features built into it, such as the ability to recover deleted files, revert to a previous version of a file, Growl notifications, and secure sharing of files between your friends. While this section is about using iDisk, I wanted to share my excitement that the 'new kid on the block' has some cool stuff :)
With that out of the way, here are detailed instructions for setting up 1Password syncing with iDisk:
Configuring iDisk to Sync 1Password Data
Important Note for Leopard+Firewall+iPhone Users
As mentioned in a previous blog post, after releasing the iPhone version of 1Password many people experienced permission issues every time 1Password was updated.
It is very important to follow the recommend upgrade steps carefully to ensure upgrading does not result in the same permissions problem reoccurring.
Basically what is required is to export all your data, upgrade 1Password, and then recreate your keychain. Detailed upgrade instructions can be found in the Recreating Keychains to Resolve Leopard Firewall Permission Issues section in the Using the 1Password Interchange Format document.
Once upgraded and your keychain recreated, you can change to the Agile Keychain. The new Agile Keychain will avoid this permissions issue and switching to it will solve this problem once and for all.
