For a technology writer who tends to stay on the bleeding edge of the latest developments in the industry, most people would find my stance on online security to be surprisingly relaxed.
I realise that the majority of Internet users simply aren’t enough of a high value target that someone would try to hack their Facebook accounts or break into their PayPal balances. For all the recent uproar about our diminishing online security, I think most Internet users are fairly safe, owing to the sheer number of people using the Internet—security by obscurity, if you will.
All Killer, No Filler
We’re bringing Momentum to New York: our newest event, showcasing only the best speakers and startups.
However, it is important to realise just how much of our online identities and physical, real world assets are safeguarded by humble alphanumeric passwords that can be easily decoded by anyone with even the slightest motivation.
I consider it imperative to my online security to at least have a different complex password for each service or website I sign up for, and it’s impossible to remember these passwords without the help of specialized tools designed to help you do so. This is where password management apps like 1Password step in.
1Password is a secure digital identity and password manager that keeps track of your online accounts, secure notes, banking and credit card info, software licenses, identity proof documents and various loyalty and membership cards. 1Password is made by AgileBits, and it only existed as a Mac OS X app for a long while, before making the jump to iOS.
The company has also had Windows and Android apps for a while now, but the latter was an ancient, ugly-looking app that only had the very basic ability to sync and display your passwords.
Yesterday, after months of beta testing, AgileBits released 1Password for Android 4.0, a ground-up rewrite of the app that replaces the weathered and only marginally useful 1Password Reader with a well designed, modern Android app individually designed for phones and tablets. It’s free to try until August 1 and will require an in-app purchase from that point forward to retain its adding, editing and organisational features; it will always be free to use in read-only mode.
When you first launch the app, it takes you through a brief slideshow of the new features and then offers the option to either set up a new account or sign in to an existing one. If you’re already using 1Password on other platforms, the app will connect to your Dropbox account, find the keychain and sync it with your Android device.
I had no trouble syncing with my account and 1Password continued to do it in the background after I’d exited the app. A notification in the Notification Shade keeps you abreast of its progress.
With a light grey titlebar and simple black text on white background, the new 1Password UI is nothing to write home about, but it is a major improvement over the previous clunky UI that harked back to Android’s Honeycomb days.
The layout is well spaced and easy to read and navigate, with new icons that have been updated to match those on other platforms. The initial login screen is also similar to its counterparts on other platforms and is the most immediately recognisable element of the app’s otherwise unremarkable UI.
I did find some functional issues with aspects of the UI. Occasionally, some fields of information would be repeated, but I never found any data to be missing. The release notes say that the app has support for viewing attachments, but I found no way to do that at all.
I have a scanned copy of my driver’s license attached with its entry in 1Password, but the Android app made no mention of the fact that it even exists, let alone allowing me a way to view it. The desktop client of 1Password has no trouble displaying the image file to me.
Another significant flaw with the way data is displayed is that it truncates lengthy text instead of wrapping it around to the next line. This means that addresses and other lengthy bits of data cannot be read within the app, unless you edit them.
It also does allow you to copy them for use elsewhere. Furthermore, as with the iOS app, the list of generated passwords does not give you the option to sort them by anything other than the title, which is a fairly unintuitive method of browsing that list. The ability to sort by date would be welcome.
Security and synchronization
The most important aspects of any password management utility are its security and synchronization components. On the security front, 1Password has you covered with 256-bit AES encryption and a secure master password and (optionally) PIN lock. It won’t allow anyone to take screenshots of your open vault and automatically clears your clipboard after a configurable amount of time has passed, so your copied passwords don’t end up in the wrong hands.
Furthermore, AgileBits has a remarkable track record of being on top of the latest developments in online security, and 1Password has always been pretty secure as a result.
It’s also supposed to automatically lock your vault after ten minutes of disuse, but I found that this particular feature does not work as intended. If I set 1Password to not lock immediately upon exit and wait for ten minutes after, it would simply never lock if I launched it through voice commands.
However, if I launched it through the App Drawer, it would always be locked with the master password (even when I had the PIN lock enabled), irrespective of how much time had passed. I expect that the developers will fix this bug in a future update.
As for synchronization, 1Password offers Dropbox as the only built-in option, but it can save data locally to a folder as well, which can then be synced to other online services using third party apps.
If you are using 1Password on Apple’s platforms with iCloud as the only synchronisation option, you’ll have to switch to Dropbox to enable it to work with Android. This is no different from how 1Password has always worked on Android. The Dropbox syncing itself is robust and I experienced no loss of data when moving and merging data libraries. It works in the background once initiated and instantly uploads any changes you make in the Android app.
That said, there is no push synchronisation of data, so the app will not initiate a sync in the background based on changes you make on other platforms. It only starts the automatic synchronisation when you launch the app. If you ever launch the app in an area with no internet connectivity, you’ll have to wait until it is restored in order to update it with your latest passwords. It goes without saying, however, that all the synced data is available to use offline.
I have a couple of gripes with the sync feature: for one, it insists on showing you a syncing notification even after you’ve disabled the preference; and second, it spends about a minute or two syncing attachments every time you launch the app, even when you’ve made no changes to them anywhere, and does not even allow you to see those attachments in the app.
Combined with the fact that there is no push sync, this means that you end up having to wait several minutes for your latest passwords to be available when you launch the app.
If you’re browsing a website in Chrome or launch a third party app that requires login information, you have to launch 1Password and copy the username and password over manually. Unfortunately, Android does not allow the kind of browser integration that desktop platforms like OS X do, and there is precious little that AgileBits can do to change that. It does, however, offer a very basic built-in browser that automatically logs you into websites that it has the login information for.
But again, the implementation of the built-in browser leaves much to be desired. The only way to use it is to search for the website you’re looking for in 1Password and click on its URL. There is no ability to share URLs from other apps to 1Password and you cannot even copy the URL from elsewhere and paste it into its browser, like you can on iOS.
No matter how you go about it, getting passwords from 1Password into websites you’re browsing on Android is nowhere near as seamless as it could be. Dashlane, a 1Password competitor, does a better job of it, but is also similarly hampered by Android’s restrictions.
Organization and management
1Password does a great job of grouping your various types of data into appropriate categories, and supports the creation of folders and subfolders to facilitate better organisation of data. It includes the ability to mark items as favourites for quicker access.
You can also create new entries from scratch, entering all the details manually, and pair it with a strong random password that the app will generate for you (though creating pronounceable passwords isn’t an option yet).
1Password 4.0 is a significant update to the languishing 1Password Reader that Android users had been accustomed to, and gives existing 1Password users significant motivation to stick with the service.
AgileBits seems to have finally woken up to Android and is taking the platform much more seriously. Although the app still feels like it is in beta, the essential components are already there and there are no show-stopping bugs to be found. The company has seeded the first 4.1 beta to its testers and we hope to see the app make rapid advancements in the future.