Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password Extension to be Deprecated in July
- Thread starter countermoon
- Start date
- Sort by reaction score
Thank you for your response!It's not superior, it's on par. My point was that 1P8 is superior to competitive products, as many of those lack key features for usability or have sub-par encryption schemes (e.g. many simply encrypt with the password and no secret key/salt). BTW, I presume here we're talking about true local vaults (wifi sync) and not dropbox - because the latter is the worst of all worlds (dropbox has access to the files), and that icloud sync is disabled, there's no cloud backup, or any other cloud copies of the local vault itself), etc.
Is there a theoretical risk if someone compromises the 1P servers and extracts copies of all the vaults? Yes, absolutely. It's greatly mitigated by the secret key, and as long as you use a strong passphrase (not password!) then brute force attacks are highly unlikely to result in cracking the vault given the current state of the art. If nothing else, you'd have time to take action.
Now talk to me about 1P8 using Electron, I'm not happy at all.
Yes I am talking about true local vaults (WiFi sync) and no cloud backups of the local vault. I have been preaching this approach on various MacRumors threads, probably, I suspect, to mostly deaf ears. It feels good to be vindicated by someone who actually works in the cybersecurity field.
Although some people need features that 1Password offers, I don’t. Thus, I use Codebook which allows me to use a very secure solution, and doesn't cost me money every month. Oh, and I doubt that Codebook uses Electron.
I don't think that is correct. My understanding is that with the web interface your credentials are not transmitted to 1password servers.
The security white paper: 1Password Security Design
First, thanks for sharing the lists. I recall 1Password in its earliest days where they were asking people to vote the best app. That's how long ago I have engaged their app. I preferred its earlier incarnations than all the bells and whistles it has now.
I think for me, I would like perhaps my "vault" being in my cloud drive that could be shared between multiple devices whether computer, iphone or I guess the watch. Are there any of the first list apps that can do this? I like having the basics - passwords and if possible credit cards, useful ID info and last though far from needed - store for app serials.
Strongbox - Offers a one time fee or you can do yearly
Minimalist - subscription for those who didn't buy early on
Both offer the option you want and both are excellent. In my opinion, Minimalist is more straightforward whereas Strongbox is more robust.
Any of the managers in the first list will allow you to store your data in the cloud, although sometimes you will be restricted to their cloud. However, as has been discussed on this thread, you can keep your vault local and still use local WiFi to sync to all your devices. This is the safest, and thus recommended route, and I have listed the four programs that I know can do this in Post #82 of this thread: Codebook, eWallet, mSecure, and Sticky Password. Additionally, Strongbox can sync via SFTP, which also sounds like a good solution to me.
I use Codebook and am very happy with it. However, I recommend that you peruse the websites of the five programs I mentioned to see what appeals to you. Often, you will be able to demo the program before buying. Good luck!
Maybe he just have insanely good memory lol. Most other would either keep one, or devise a system to sort of relate those unique passwords together (character name from favourite movie/anime series for example).
I think I disagree that the built-in password manager (Keychain Access) is adequate. It doesn't offer storing two-factor authentication string and doesn't easily store other details associated with an account like the answers to security questions. It's a rather poor substitute and doesn't have great management and access features.
Exactly. I like to use the password manager (currently using 1Password 7) as a secured box to store passwords, identity documents, and the likes. This way, all of this stuff is in one place and I don't have to worry about where I put whatever it is.
I have no doubt that 1P8 is a good product. My institution subscribes to it and allows all its employees to use it, but I don't because I hate the subscription model. Yes, I wouldn't be paying for the subscription but if/when I leave my employer, I'd either have to pay for my own subscription or leave 1P8 and I'd rather not have to hassle with that kind of migration.
It's the subscription model of 1P8 that many of us, myself included, really hate. For such a long time they allowed a pay-one-time model with major upgrades requiring additional payment too. I like that model and wish it were offered as an option. Of course, I don't expect a cloud-only service to provide access via a one-time payment, and 1P8 is now cloud only.
That would be nice but I'm also not expecting that Apple would build that kind of integration for non-Apple platforms. iTunes is on multiple platforms because, I surmise, that they're really selling the music service so they want as many platforms as possible.
Anyhow, all this said, I recently found out that the latest 1P7 version does run natively on the latest Apple Silicon, at least that's what the 1Password website says. This has given me some relief because when I migrated to an Apple Silicon Mac, there's still some hope that my 1P7 would still work. I'm planning not to move to 1P8 and if I need to, I'll need to move to a non-subscription password manager.
The newest problem is they're deprecating the "classic" browser plugin soon (the point of this thread). They're making it harder and harder to stay on 7
Yeah, that's a common complaint and my perspective is kind of the same.
My 1Password subscription is for the service - their servers and such. These have ongoing costs and there aren't many cloud services that don't charge their users for that. If there were local vaults and that was all I was using, then I would resist the subscription. I don't like software subscriptions, but I don't mind service subscriptions. I pay for Dropbox in the same way.
One more thing about 1Password - they are constantly pushing out updates. Maybe once a month I get release notes of what's changed, added, and fixed. That kind of constant attention makes me very accepting of their annual charge.
I agree with your conclusion for most part. I get that some people want to have the option to pay once and just self-host their password vaults instead of paying for the subscription to have 1P host them in the cloud.
But when it comes to subscribing to software, a password manager is one particular software product where I'd rather pay an ongoing support cost versus foregoing updates and security patches to save a buck. There are better places to cut costs if subscriptions are taking up too much of one's budget.
Nothing, it is great.
The problem is it only works with Apple. If you want to use Chrome, for instance, it's a huge hassle.
Why is it that any thread about 1Password (the OP's issue was addressed long ago) always turns into long discussions about:
1) Alternatives to 1Password,
2) Hate for subscription apps, and
3) Fine details of 1Password security?
1) Alternatives to 1Password,
2) Hate for subscription apps, and
3) Fine details of 1Password security?
It’s legitimate that they charge for ongoing usage of their cloud service. No complaints about that.
My complaint is that some of us do not want to subscribe to a cloud service that way and would just want a one-time paid option that involves local vault or we choose our own cloud service.
a way to check. I might try this later.
How to know if a desktop app uses Electron - Cameron Nokes
Here's a way to check in macOS using Finder or bash
Regarding the subscription issue, it might be because old timers like me feel jilted and betrayed. We paid for multiple upgrades and relied on our own local vaults. Later, they offered subscription service alongside one-time license fee. That’s fine because we still have the option not to subscribe. Then later that was totally abandoned and that’s when we felt betrayed and lied to.
It’s very disruptive of one’s workflow and finance flow to move to subscription when that was not in the mix for years and years and years.
Yep, I'll be honest I was unaware of the controversy but as I read up on it in reddit. I was less then thrilled. That was until I saw a list of apps using it, and in all honesty I didn't know they were using it, nor was I having issues with those apps. Basically much ado about nothing.
I initially left 1PW mostly because I felt for a lot less money I'd have the same functionality - and I do for the most part. 1Password is a more polished product with more features. Also I was under the mistaken notion that open source = better security. That in of itself is false as there have been vulnerabilities in open source initiatives that have sat there missed and untouched for years. Basically no application is immune to possible invulnerabilities and open source is no safer then closed source imo
Currently I have Dropbox, Microsoft Teams, and 1Password all using Electron. Teams is moving away from Electron.
Proton just released their password manager, but I can't tell if the vault can be local or not. I contacted them. No response as of yet
