Arguably Yahoo is the only one who drove themselves gleefully and deliberately into a hole. The others were victims of changing times, technologies or, in the case of quibi, just incomprehensible from day one and potentially a very successful scam!
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password 8 for iOS and Android Released With New Design and Features
- Thread starter MacRumors
- Start date
- Sort by reaction score
Thank goodness! Can you imagine if you woke up and your app had been updated to v8 and now your local vaults no longer work. 1password made that mistake in the past of updating people so glad it’s kept as a separate install. Especially since you cannot downgrade iOS apps.
It's not really multi-user (you get two with premium) for $10 which is the point I made above...everything else you have said bar open source applies to 1Password and the GUI is infinitely better and more useable.
Been using this app since it was Mac only.
Guess it is time to fine a new password app now the they have gone to subscriptions only.
I moved away from Adobe for the same reason.
Guess it is time to fine a new password app now the they have gone to subscriptions only.
I moved away from Adobe for the same reason.
If they get hacked, your point? The attackers still need to get though the “blob” of data to get passwords. They would have to get though your master password, the secret key, and the 2FA. Lastpass was hacked, but all the attackers got was blobs of useless data. Were peoples lives destroyed? No. Is Lastpass out of business and didn’t recover? Also, no.
Sadly after using iPassword for over 10 years I will need to find a replacement as I don’t do subscriptions.
Question for you since you mentioned 2FA. What do you use for your 1Password 2FA codes? I haven't ever turned it on for 1Password as I didn't want a separate app just for a single 2FA code. I figure my secret key is good enough and it's also accessible without a phone (printed copy).
Apple has yet to demonstrate they have any sort of clue with running services. You'd think the people responsible for MobileMe were still designing things. I don't keep my Calendar there, I *certainly* don't keep my Contacts there, I *without a doubt* would never keep anything as important as a password database there.
iCloud is just their latest incompetence.
Wow, so many opinions on the company and its financing, the business model, and your lives and your wives. While we're at it, does anyone have, I don't know, any insight or helpful info on the new software?
I don’t store passwords on the net
The new versions of 1password with subscription forces you to store your vaults onto their servers. That is what "centralized database" means. It means ALL the users of 1password must store their vaults onto 1 central point : Agile's servers only.
The point is that they don't allow local vaults anymore. The more data is centralised onto 1 node, the more it becomes a valuable target. It means an exponentially higher risk in case a point of failure is found.
1password 7 is already much less secure than previous versions :
"This was most evident in 1Password7 where secrets, including the master password and its associated secret key, were present in both a locked and unlocked state. This is in contrast to 1Password4, where at most, a single entry is exposed in a “running unlocked” state and the master password exists in memory in an obfuscated form, but is easily recoverable. If 1Password4 scrubbed the master password memory region upon successful unlocking, it would comply with all proposed security guarantees we outlined earlier."
On the Security of Password Managers - Schneier on Security
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory...
www.schneier.com
"The memory “hygiene” of 1Password7 is so lacking, that it is possible for it to leak passwords from memory without an intentional attack at all. During our evaluation of 1Password7, we encountered a system stop error (kernel mode exception) on our Windows 10 workstation, from an unrelated hardware issue, that created a full memory debug dump to disk. While examining this memory dump file, we came across our secrets that 1Password7 held cleartext, in memory, in a locked state when the stop error occurred"
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose...
www.ise.io
I’m pretty sure this issue was fixed already. When I have time to dig, I’ll look.The new versions of 1password with subscription forces you to store your vaults onto their servers. That is what "centralized database" means. It means ALL the users of 1password must store their vaults onto 1 central point : Agile's servers only.
The point is that they don't allow local vaults anymore. The more data is centralised onto 1 node, the more it becomes a valuable target. It means an exponentially higher risk in case a point of failure is found.
1password 7 is already much less secure than previous versions :
"This was most evident in 1Password7 where secrets, including the master password and its associated secret key, were present in both a locked and unlocked state. This is in contrast to 1Password4, where at most, a single entry is exposed in a “running unlocked” state and the master password exists in memory in an obfuscated form, but is easily recoverable. If 1Password4 scrubbed the master password memory region upon successful unlocking, it would comply with all proposed security guarantees we outlined earlier."
On the Security of Password Managers - Schneier on Security
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory...
"The memory “hygiene” of 1Password7 is so lacking, that it is possible for it to leak passwords from memory without an intentional attack at all. During our evaluation of 1Password7, we encountered a system stop error (kernel mode exception) on our Windows 10 workstation, from an unrelated hardware issue, that created a full memory debug dump to disk. While examining this memory dump file, we came across our secrets that 1Password7 held cleartext, in memory, in a locked state when the stop error occurred"
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose...www.ise.io
We can start with it being an Electron app. While it is a “good” Electron app, it is still fundamentally Electron with all of the downsides that entails (being a resource hog, an at times laggy interface, very much non-native look and feel, etc.)
We can then move on to the dropping of standalone vaults and one-time license purchases. I am less upset about dropping the one-time license, as so much software is moving to a SaaS model (which I abhor, but I’ve begun to accept it as just the nature of reality at this point). The dropping of standalone vaults and forcing users to sync everything to the 1P cloud is inexcusable.
In addition, 1P8 just simply feels like an unfinished product. Go read the 1P Comunity forums or the numerous Reddit posts detailing all of the bugs, issues and missing features (some of which drastically break people’s workflow) that 1P8 has compared to 1P7. A (very) short list includes: the inability to turn off auto submit (not autofill, but auto submitting after you autofill something; the inability to set a default or primary vault; the completely broken search capabilities (or lack thereof); the inability to open all of your vaults at once, thus forcing you to put in your password for each vault separately (a giant pain when it comes to those with multiple vaults - worse off, AB solution is to set the same password for all of your vaults 🤦♂️; Quick Access being a poor replacement for 1Password Mini. There are more, but you get the idea.
Finally, the developers, and especially the two founders (Dave Teare and Roustem Karimov) have been incredibly dismissive of the above issues, to the point of being out right rude to long-term users. The developers' hubris (with many of them exclaiming 1Password 8 is the best version they've every created, while, again, actively ignoring the plethora of well documented issues) is a major turn-off. Why should I support a program and company that doesn't respect its users?
I'm not spreading any FUD at all. The issues with 1Password 8 are numerous and well documented.
This is true, it is indeed my opinion. Just as it is yours (and others) opinions when it comes to liking 1Password. I never once said my opinion is fact.
Last edited:
I felt the same but it turned out for the better now that I’ve dumped 1p. Strongbox is vastly superior and cheaper.
I would highly suggest either Minimalist Password Manager (http://minimalistpassword.com) or Enpass; both of which offer a lifetime license purchase. I really like the idea behind Minimalist, and the developer is incredibly friendly, open to suggestions, and very quick to resolve issues; but it isn't quite yet able to become my full time password manager. Its major downside is that it can't suggest new passwords directly from the browser and autofill/autosave them. This is due to it not having a browser extension and thus relying on Apple's password autofill feature. The developer is, however, actively working on creating a browser extension. Furthermore, it is Mac/iOS/iPadOS only - which can definitely be a deal breaker for those using both Macs and Windows PC.
I like Enpass (https://www.enpass.io) a decent amount. It is very similar to 1Password 7 in its feature-set, especially in its ability to have local vaults and WLAN sync. The interface isn't nearly as nice though, but it is quite functional.
I can see the code if I tap the account icon in the top left and then choose "Set Up Another Device..."
Snap! You are right. I was too fascinted by the new design. 🥹😇😂
Since I need Microsoft Authenticator anyway for Microsoft things, and you can do 2FA codes with it, I store the 2FA for 1Password there.
I too can Google things and be condescending if I like! But I don't like.The new versions of 1password with subscription forces you to store your vaults onto their servers. That is what "centralized database" means. It means ALL the users of 1password must store their vaults onto 1 central point : Agile's servers only.
The point is that they don't allow local vaults anymore. The more data is centralised onto 1 node, the more it becomes a valuable target. It means an exponentially higher risk in case a point of failure is found.
1password 7 is already much less secure than previous versions :
"This was most evident in 1Password7 where secrets, including the master password and its associated secret key, were present in both a locked and unlocked state. This is in contrast to 1Password4, where at most, a single entry is exposed in a “running unlocked” state and the master password exists in memory in an obfuscated form, but is easily recoverable. If 1Password4 scrubbed the master password memory region upon successful unlocking, it would comply with all proposed security guarantees we outlined earlier."
On the Security of Password Managers - Schneier on Security
There’s new research on the security of password managers, specifically 1Password, Dashlane, KeePass, and Lastpass. This work specifically looks at password leakage on the host computer. That is, does the password manager accidentally leave plaintext copies of the password lying around memory...
"The memory “hygiene” of 1Password7 is so lacking, that it is possible for it to leak passwords from memory without an intentional attack at all. During our evaluation of 1Password7, we encountered a system stop error (kernel mode exception) on our Windows 10 workstation, from an unrelated hardware issue, that created a full memory debug dump to disk. While examining this memory dump file, we came across our secrets that 1Password7 held cleartext, in memory, in a locked state when the stop error occurred"
Password Managers: Under the Hood of Secrets Management - Independent Security Evaluators
Password managers allow the storage and retrieval of sensitive information from an encrypted database. Users rely on them to provide better security guarantees against trivial exfiltration than alternative ways of storing passwords, such as an unsecured flat text file. In this paper we propose...www.ise.io
I'm trying the new version. One good new feature is the "pinned fields." A few individual items I check all the time (e.g., a credit card's security code) now appear on the home screen, without other info from that overall entry that I don't need handy. Nice touch from the developers (even though we HATE them).
I swear - 1Password generates some kind of collective hysteria. I'm out. Everyone stay happy, it's public beta day.