Feature suggestion: public API for 3rd-party app integration

stevenjklein

1Password works great with my browsers, but I have lots of other apps that also need to remember passwords. Right now all those apps support Keychain, because Keychain is built-in to the OS, but [b]also[/b] because Keychain has a published API for 3rd-party app developers to use.



A few examples:



[list=0]

[*]FTP apps use Keychain to remember passwords for FTP servers

[*]Chat clients use Keychain to remember passwords for IM servers

[*]Website development apps use Keychain to remember passwords for website (FTP) servers

[*]Microsoft's Remote Desktop Connection uses keychain to remember passwords for remote Windows systems

[*]GarageSale uses Keychain to remember my eBay password

[*]Many, many others

[/list]

There are other examples of 3rd-party system services that have become widely adopted by 3rd-parties; Growl comes instantly to mind.



Of course I wouldn't expect Agile to have to write plugins for all those apps. Just make an API available so app developers can write their own 1Password integration code.

MartyS

This suggestion has come up from time to time. There is a huge difference between a supported API for 3rd-party applications requesting to integrate with a feature of the OS, such as keychains, and our completely separate system of storage, encryption, Auto-lock settings and such that comes with the 1Password application and browser integrations. We also have a huge set of additional information that the OS X keychain cannot hold.



At this time, 1Password only interacts with your web browsers for filling forms online. As you correctly point out, the Mac OS X keychain is the lingua franca for Mac developers to have their applications store sensitive data such as usernames and passwords. We don't want to replace this functionality. We want 1Password to be the lingua franca for how users interact with forms on the internet. You can store a record of your applications' usernames and passwords in 1Password, but you would need to copy and paste the passwords manually.

dteare

I agree that an API would be a cool feature to add to 1Password. It would be amazing to see "Supports 1Password" in my favourite applications. It is not something to be taken lightly, however, as there is a huge set of security concerns we'd have to take into consideration. For example, the OS X Keychain has an entire team at Apple supporting it because they are solving a very hard problem.



The main issue is time. I just finished [url=http://forum.agile.ws/index.php?/topic/2860-multiple-duplicate-logins/]replying in another thread[/url] that there are simply not enough hours in the day to implement all the cool features we can imagine. This is not a complaint! Indeed, I love that we live in such exciting times! However, we need to be careful and pick the most important features to focus our time on. I'm not going to spill the beans on my Top 5 Upcoming Features list, but I will say that the API did not make the cut. Perhaps this will change in the future but for now I'd rather say no than get your hopes up.

jpgoldberg

[quote name='dteare' timestamp='1292434060' post='17661']

It is not something to be taken lightly, however, as there is a huge set of security concerns we'd have to take into consideration.[/quote]

As chief worrywart, I have to say that this really is an enormous issue. Not only technically do we need to worry about the security implications, but also behaviorally. We may control the API, but we couldn't control what people do with it. Thus a poorly designed third-party application may end up leaving master passwords around in places they doesn't belong. (They only belong in users' heads.)

dteare

[quote name='jpgoldberg' timestamp='1292745895' post='17815']

As chief worrywart, I have to say that this really is an enormous issue.[/quote]



jpgoldberg++



That's a ++ for both the "enormous issue" and "worrywart" parts <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/biggrin.gif' class='bbc_emoticon' alt=':D' />



[quote name='jpgoldberg' timestamp='1292745895' post='17815']

Thus a poorly designed third-party application may end up leaving master passwords around in places they doesn't belong. (They only belong in users' heads.)

[/quote]



My first thought was we'd only allow applications to access the data they store into 1Password. This would completely mitigate this risk.



The problem is once you have this limitation the API has much less value as it severely limits people's creativity for creating cool things. With that said, I could see this being very useful in applications like Knox.

TheMacMommy

[quote name='MartyS' timestamp='1292376852' post='17616']

This suggestion has come up from time to time. There is a huge difference between a supported API for 3rd-party applications requesting to integrate with a feature of the OS, such as keychains, and our completely separate system of storage, encryption, Auto-lock settings and such that comes with the 1Password application and browser integrations. We also have a huge set of additional information that the OS X keychain cannot hold.



At this time, 1Password only interacts with your web browsers for filling forms online. As you correctly point out, the Mac OS X keychain is the lingua franca for Mac developers to have their applications store sensitive data such as usernames and passwords. We don't want to replace this functionality. We want 1Password to be the lingua franca for how users interact with forms on the internet. You can store a record of your applications' usernames and passwords in 1Password, but you would need to copy and paste the passwords manually.

[/quote]



Would it ever be possible or even advisable to allow the User the ability to add something to the Services Menu (perhaps under Text) on their own that would enable 1Password to autofill user name and passwords into the login boxes on 3rd party applications on the Mac? Is there currently a way to create an Application Shortcut in the Keyboard Preferences to do something like this?



The reason I ask is that I consult with elderly clients who have a hard time remembering information. Normally, I create a locked spreadsheet for them in Numbers where they store all their account and login information. A few of them now have 1Password and I'm teaching them how to use it. I keep running into the trouble of having to explain to them the difference between things you fill out on the Internet vs things you fill out using the OS, like Applications. The difference is lost on them. I like using 1Password with my senior clients because many of them have fears of forgetting information. I'm teaching them to use 1Password to catalog all that information they're afraid of forgetting because they need only remember one thing to unlock it all. They love this idea but just get lost when it comes to learning the difference between online logins vs app and OS logins like the kind Keychain Access manages. In the end they end up just using the same user names and logins because they still need to remember more than one thing when it comes to logging into apps.



I was just wondering if there were a way I could somehow facilitate app logins from an accessibility perspective or is this just better left up to Keychain Access? I just wondered if there was anything I might be missing. Thanks!

RobYoder

[size="2"]Welcome to the forums, MacMommy! I think in order to fill authentication forms in an app, we have to integrate directly with that app. If so, we fall back to the posts above where Dave explains the potential difficulties of such an endeavor. I'd personally love to see this happen too, so that I can keep as much information as possible in 1Password instead of in the keychain.[/size]



[size="2"]I'm sorry we don't have a better answer for you yet.[/size]

stevenjklein

[quote name='dteare' timestamp='1292434060' post='17661']

… there are simply not enough hours in the day to implement all the cool features we can imagine… we need to be careful and pick the most important features to focus our time on.[/quote]



Indeed. I seem to recall some higher-up at Apple (not Jobs, but perhaps Tim Cook) saying something like, "We say ‘no’ to great ideas all the time."



I understand that you focus on those features that provide the greatest benefit to the greatest number of users. But you also want to maximize your customer base. If lots of third-party apps displayed a prominent "Supports 1Password" logo or marketing badge, I expect that might generate a lot of new sales.



(Of course, before you pursue this idea, It would be a good idea to contact 3rd-party developers first, and get buy-in from them.)



Of course, Knox is the obvious product to use as a testbed!



As a customer it's exciting to see a feature suggestion generate so much attention. Thank you for your consideration, excellent support, and wonderful product.

[Deleted User]

Hey Steven!



You are correct! It was Tim Cook: [url="http://smallbizlink.monster.com/news/articles/897-apple-we-say-no-to-good-ideas-every-day"]Apple: We Say No to Good Ideas Every Day[/url]



Thanks for understanding the reality of our current focus. There are so many great ideas, but so few hours in the day!



I concur with your assessment that it is exciting to see a feature request generate so many cool ideas. Like you, I can't wait to see what the future holds!



Thanks for the kind words regarding our product and support! We try our best to meet customer expectations, and I'm glad we've made the grade in your eyes!



Cheers!



Brandt