Modify Item Attributes

Three attributes of 1Password items—especially login items—have a significant effect on how 1Password processes them in a web browser:

• URLs: The URL in a login item’s website field is the one for the page on which 1Password’s automatic login saving feature was used. If that’s the site’s regular sign-in page, you shouldn’t need to modify it. But if it points to a page used only for registration, then clicking the URL (or accessing it in any of the other ways discussed in Log In) could produce an error, since you’re already signed up!

  The easiest way to handle this is to navigate manually to the page on the site where you normally sign in, copy its URL from your browser’s address bar, and paste it into the website/URL field, overwriting the one that’s there.

  You can also add more URLs to tell 1Password that there are other pages, domains, or subdomains on which you can log in with the same credentials (see Add Multiple URLs to a Login). If you have multiple login items for a given site—one for each page or subdomain where you log in with the same credentials—you can simplify things by entering all those URLs in a single login item.

• Display: The fact that a login item, identity, or credit card appears in the main 1Password app doesn’t mean that it has to show up in 1Password mini or in your browser extensions.

  Preventing an item from appearing while you’re in your browser means it won’t autofill or appear on the list if you press ⌘- or Control-. You might opt for this feature, for example, if you’ve disabled or deleted an account, moved to a new address, or canceled a credit card—you can keep a record of your old data in 1Password without cluttering your browsing experience.

  To keep an item from displaying in your browser on a Mac, choose “Never suggest in browser” from the Display pop-up menu when editing an item. In Windows, select the item, click Edit, and select the “never display in browser” checkbox.

• Submit: As I explained in A Word About Autosubmit, Windows users can choose, for each login, whether to automatically submit the form after filling in credentials—always, never, or only when the global “Automatically sign in after filling usernames and passwords” option is selected. The Submit pop-up menu lets you specify your preferences for this login.

Use Custom Fields

You can add extra fields to an item and call them anything you like. This should rarely be necessary, since 1Password provides the most commonly needed fields, plus a generic Notes field. However, it could come in handy if, for example, you want a single software license item to contain license keys for multiple versions of the software, or if you want a login item to include several security questions and answers without overloading the Notes field.

When editing an item, you’ll see an area like the one in Figure 32. Click where it says “label” and type a label of your choice. Then click where it says “new field” and type whatever you want the field to contain. When you do this and press Tab or click outside that field, 1Password automatically adds another blank label and field below it so you can repeat the process as needed.

If you add more than a few and want to label an entire set of custom fields, click where it says “Section” and type a section label. (1Password also adds an entirely new section as soon as you create your first custom label, so you can have multiple custom sections with multiple custom fields in each one.)

After you’ve created a new custom field, you can designate it as a password if you like so that its contents will normally be rendered as bullets (unless you hold down the Option key on a Mac or click the click the Reveal or Large Type icon in Windows). To do this, create and fill in a new custom field, click the pop-up field type menu (which initially shows a T for “Text”) on a Mac, or the More icon on a Windows PC, and choose Password to designate that field as a password. Choose Text if you’d prefer to treat it as an ordinary text field. (There are also other, self-explanatory field types in that menu.)

You can remove a custom field by clicking its delete or icon, and, on a Mac, you can rearrange custom fields by dragging the handle control up or down.

Change Web Form Details

When 1Password automatically saves your credentials, it records all the fields on that page’s form, along with their values—not just your username and password. You can later see what all those fields are, edit their names or contents, or correct any mistakes (such as the wrong field being designated as “username”).

To see what 1Password has stored for any given login on a Mac, click the View Saved Form Details button; in Windows, click “Web form details.” The display expands to show the names and contents of all the form fields that 1Password has recorded (Figure 33), and the button on a Mac now says Hide Saved Form Details.

If you notice anything you’d like to change, click the Edit button and then click View Saved Form Details or “Web form details” again. In edit mode on a Mac, the fields include more controls (Figure 34).

Here’s what you need to know about editing web form details:

• The field names shown here are what the form uses behind the scenes, not necessarily the way the fields were labeled on the page. Although you can edit field names on a Mac, you normally should not, because if the field names don’t match what the form uses, they may not fill in properly.

• You can edit any field’s content by clicking in the field and typing, but bear in mind that this changes only 1Password’s record, not what the site stores. If you change your username or password, for example, you won’t be able to log in automatically until you make the corresponding changes on the site, too.

• On a Mac, the first pop-up menu to the right of the field contents lets you specify the type of information a field contains (such as Text, Email, or Number). It’s virtually never a good idea to mess with these.

• On a Mac, the rightmost column should display a Username icon and a Password icon next to their respective fields. But sometimes 1Password guesses wrong. For example, if a site asks for both a username and an email address, 1Password assumes your username will be used for signing in, but some sites expect you to enter your email address, not your username, along with your password when you log in. So, if logging in doesn’t work properly, use the pop-up menus in the right column to tell 1Password which fields it should use for your “username” and password.

• To delete a field entirely on a Mac, click its delete icon. In Windows, you must separately delete the contents of each field and its label.

• To add a new web form field (Mac only), click in the blank “label” area and type a new label; then click in the blank “new field” area and type the contents of the field.

Enable Rich Icons

When you enable rich icons, 1Password consults an image server that holds icons and thumbnails for a large number of apps and websites, and downloads any that match items in your vault. (If the image server doesn’t happen to have a matching image, the item retains its generic icon.)

To enable rich icons on a Mac, go to 1Password 7 > Preferences > General, and select the “Show rich icons” checkbox. On a PC, go to 1Password > Settings > General and select “Use rich icons.” 1Password downloads the icons, which may take a few minutes. To disable rich icons—which removes all existing rich icons (though not custom icons) from your 1Password items—deselect the checkbox.

For logins, the image server delivers the site’s favicon—the tiny icon that appears next to the URL in your browser’s address bar. Often these are quite small, so when 1Password scales them up they may look fuzzy. As more websites update their favicons for Retina/HiDPI displays, they should get sharper.

For apps, the image server delivers the actual app icon, if available, although icons sometimes change from one version of an app to the next, so it may not always match the version you have installed.

If 1Password’s image server doesn’t have an icon for a login or app, if you dislike the icon it delivers, or if you want to add an image for another item type, you can override any 1Password icon with a custom icon of your own—an app icon, a photograph, or pretty much any other graphic. You can do this even if rich icons are disabled.

Add Custom Icons on a Mac

To add a custom icon on a Mac, first select the item in 1Password and click Edit. Then do any of the following:

• To add an application’s icon or a graphic file from disk, first double-click the generic application icon. Then, drag that application or file from the Finder onto the item’s icon in the editing dialog that appears (Figure 35). If you want to resize the image, double-click the icon to open the editing dialog, adjust the slider, and click Done.

  

• To use the contents of the clipboard, click the icon in 1Password once to select it, and then choose Edit > Paste.

• To select or create a different icon, double-click the item’s icon to edit it. Click Defaults to use items from Apple’s icon library or Recents to use items from your Photos library; click Camera to use your Mac’s iSight camera to take a picture; or click Other to navigate to a file on disk.You can then resize it using the slider.

When you’re finished adding and adjusting the icon, click Done followed by Save.

Add Custom Icons on a PC

To add a custom graphic on a PC, first select the item in 1Password and click Edit. Then click the little triangle to the right of the generic application icon and choose “Change icon from file” from the pop-up menu. Locate a suitable icon on your disk and click Open. Alternatively, copy the icon to your clipboard and then choose “Change icon from clipboard” from the pop-up menu.

Compromised Logins

AgileBits tracks websites that have publicly revealed security breaches. If you have a login for one of these sites whose password hasn’t been changed (at least, as far as 1Password knows) since the date of the breach, 1Password lists the login in this section.

Although a security breach doesn’t necessarily mean your password was leaked, the prudent action is to change your password for any such site just to be on the safe side.

Vulnerable Passwords

When a list of passwords exposed in a security breach is made public, 1Password can check it against your passwords and see if there are any matches. Well, that’s not exactly correct. As described in this support article, if you enable this feature, 1Password uses the haveibeenpwned.com service to check just the first five characters of a 40-character encrypted hash of each of your passwords against the first five characters of the hashes for the exposed passwords. The items shown in the Vulnerable Passwords category are those for which that one-eighth of the encrypted hash matches.

In other words, mathematically, there’s a reasonable chance that a password shown in this category was not in fact part of a data leak, but this feature errs on the side of caution. Once again, the safest course of action is to change each of these passwords.

Reused Passwords

As I explained in Learn Password Security Basics, reusing the same password in multiple places puts you at unnecessary risk. In the Reused Passwords category, 1Password displays any items with passwords that are used by other items, with entries grouped by password. (In 1Password 7.2.2 or later on a Mac, you can also select an item and then click the pop-up menu in the Reused Password banner—for example “1 other item”—to see the other item(s) using that password.) Then change one or more of the passwords so that each one is unique.

Weak Passwords

1Password has an internal strength ranking scale, which runs from Terrible through Weak, Fair, Good, Very Good, and Excellent all the way up to Fantastic. (The app doesn’t indicate precisely how it calculates those scores.)

The Weak Passwords category shows everything that 1Password ranks as “Terrible” or “Weak.” Work your way through these and change them to be longer and/or to contain more character types.

Note that you may have a different idea of what constitutes an acceptably strong password than 1Password does. For example, my personal standard is that all passwords should be in at least the Excellent category, assuming the site or service allows that level of complexity. If you want to see passwords that fall into other rankings besides Terrible and Weak, you can do so on a Mac—click All Items at the top of the sidebar, and then choose Password Strength from the sort order pop-up menu.

Unsecured Websites

These days, most websites—especially those that require you to enter a password—use TLS or SSL encryption (as indicated by a URL that starts with https://). Those sites encrypt data as it travels between your browser and the server, reducing the risk that a password could be intercepted in transit. If you’ve stored any sites whose URLs begin with http:// instead of https://, they’re listed in the Unsecured Websites category as a way of warning you that your credentials could potentially be sniffed when you log in.

In almost every case I’ve seen, the websites in question have in fact been upgraded to use TLS or SSL since the time I stored my login, so the problem wasn’t the site, but simply the fact that my record of it in 1Password was old. What you should do in each of these cases is visit the site in question and see if you’re automatically redirected to a secure, https:// version of the site, usually indicated by a lock icon in your browser’s address bar. If you are, you can edit the 1Password login to add that s in the right spot. (On a Mac, you need not edit the login manually—simply click Use HTTPS in the banner that appears at the top of the login, as shown in Figure 37. The first time you do so, 1Password prompts you to confirm that it can check with the site to see if it supports HTTPS; click either “Always allow for all sites” to enable this check globally, or “Allow once for this site” to enable the check just once.)

Inactive 2FA

If a site offers two-factor authentication (or two-step verification) using the One-Time Passwords 1Password can generate—but you haven’t set up that site’s TOTP in 1Password yet—the site appears in the Inactive 2FA category. Select an item and click the “View instructions” link at the top for details on how to enable two-factor authentication on that site.

Expiring

If you have items in 1Password with expiration dates—things like credit cards, driver licenses, and passports—and they’re near or beyond those expiration dates, they appear in this category. Renew the item if necessary, or update the expiration date if you’ve already renewed it.

Share a Vault

1Password for Mac supports multiple local vaults, each of which can have its own sync method. So, you can sync a secondary vault (containing items you want to share) with a different location from your primary vault, and make sure the other users who need access also sync to the same location. You can do this with either the Dropbox or folder sync method on any platform. (iCloud doesn’t support syncing 1Password data between users, and in any case, only your primary vault can sync via iCloud.)

To share a vault via Dropbox, follow these steps:

1. If you haven’t previously done so, create a new secondary vault following the instructions in Work with Multiple Vaults.

2. Make sure the secondary vault is active; if it is not, choose Vault > Switch to Vault > Your Secondary Vault’s Name.

3. Go to 1Password 7 > Preferences > Sync.

4. Select the vault you want to sync, and choose Dropbox from the pop-up menu.

5. Click Choose, and then navigate to a folder within your Dropbox folder–not the top level!—that you’ve shared with someone else. (If you don’t have such a folder, click New Folder to create one—we’ll share it in a moment.) Click Open.

6. Click Create New.

7. If the person or people with whom you want to share your new vault already have access to the Dropbox folder where your vault is stored, skip this step. Otherwise, log in to your Dropbox account at www.dropbox.com, hover over the folder’s row in your main Dropbox folder list and click the Share button on the right. Enter the names or email addresses of the people with whom you want to share the folder, optionally type a message, and click Share. (In case it’s not obvious, the other people must have both Dropbox accounts and copies of 1Password.)

8. For any Mac user who will access this shared vault, go to the Dropbox folder in the Finder, locate the vault (it’ll have the name you gave it plus the extension .opvault; for example, Family.opvault), and double-click it. In the dialog that appears (Figure 38), type a different name if desired and optionally double-click the icon to customize it, just as when creating a new vault. Then enter the vault’s password and click Create Vault.

   

   1Password adds the shared vault as a secondary vault—with syncing (via Dropbox, in this example) already set up.

If you want to sync via a shared local network volume or another cloud sync service such as SugarSync or SpiderOak, the directions will be similar except you’ll choose a folder sync instead of a Dropbox sync in step 4, and the other person will have to use the relevant method to access the shared file in step 8.

Share an Individual Item

Sometimes you don’t need to share an entire vault, but want to give someone else access to a single login or other item. You can do it—albeit not very securely, and only on a Mac—by opening the main 1Password app, selecting an item, and choosing Item > Share > destination (such as Mail or Messages).

1Password opens the selected destination, and pastes in a long URL that begins with onepassword://share/1?d= followed by several lines of random-looking characters. If the recipient has 1Password installed, when they click that link, the item is added to their 1Password vault.

This technique is handy but not secure—that long string of characters obfuscates your username, password, and other item details but doesn’t encrypt them, and it wouldn’t take a great deal of cleverness to reverse the obfuscation scheme. For that matter, anyone with 1Password who got a copy of that URL could easily add the item to their copy of the app. And, if you should change the password in your copy of 1Password, you’d have to share it again in order for the other person’s copy to be updated.

Import

The importing process differs between Mac and Windows.

Export

You can export 1Password data as 1Password Interchange Format (.1pif) on a Mac, or as comma-delimited (.csv) or tab-delimited (.txt) text files on either Mac or Windows. Like the importing process, the exporting process is a bit different between the two platforms.