1Password 8 for Mac Released With New Design and Features

[Paradoxally]

I still use apps that strip things down and put me in control. VIM over a larger GUI editor - and I can generally outperform most people on a GUI app. LaTeX was always preferred for documents which may come from my extended period in academia. It brings one benefit though - all the code, documents and data I generated even 40+ years ago is still readable and can still be accessed. Reports and documents at school and university even those in 8/16-bit word processors are still accessible as are all the LaTeX docs from university. I can't imagine that will be so easy to say in 30-40 years time for data in myriad modern apps.

LaTeX is great, I wrote all my university reports and thesis using that. Would never go back to a GUI word processor, they are unreliable pieces of junk (especially Word).

But VIM, that's just not for me. I hate its keyboard shortcuts, its lack of just "pick up and go". Someone new to VIM won't even know how to quit the damn thing. VS Code is easily approachable to anyone, and there's always Atom and some native text editors (Nova, BBEdit). Install a LaTeX extension and never look back.

 

[agregson]

I think this is the crux of the problem. Developers (including me) will use a library when they only need a small portion of that library's functionality. Library developers do the same when they use other libraries. Unless there is some tree shaking done, the delivered application, which is the transitive closure of the dependencies, has a lot of code that is never used.

But, building on the efforts of others is a massive advantage.

I think you are right.

I do appreciate the benefit of libraries. Frequently I make use of various libraries. I also think they can be overused. Many programs use a plethora of apps and often too many. Many of the libraries are also quite heavy and bloated with no way to modularise and import/link only what was/is needed.

In the past I mostly wrote all of my own code and libraries. I and a few others built up a library of code we used - often subroutine packages, module packages and so on. These were quite tightly controlled. When linked or imported they were very modular so only the parts used would be loaded. This was especially useful in days of 8-bit and early 16-bit and for a lot of the embedded code I worked on. Working in assembly language this was often essential. I still work in assembly language and revert to a lot of those methods out of necessity or preference (or a mix of both).

Recently I do use more and more libraries but am very strict and fussy. I also take time to read and look into the library code and assess the code quality, dependencies, risks and so on. It can and does make a huge difference to productivity.

I still also write a lot of my own code from scratch. I have a frame buffer library that is portable and works with a backend on macOS (Objective-C), SDL2 and Windows Win32. Same API is presented regardless of platform. It is basically just a pixel buffer and a way to get access to state of keys, text entered and pointer events. I have my own library of graphics primitives (some of which has evolved from code over 30 years ago) so I can draw on the canvas. Then there is a GUI library that is very minimal yet functional - it works as an immediate mode rather than retained state. For some of the apps I write it works very well. It does have advantage of being very light (especially in native macOS, Linux or Win32 backend).

For more serious I would use something like FLTK though I always tend to prefer C over C++. There are not as many options these days for basic C. When I look at some of the code irresponsible use of C++ can generate it horrifies me! The latest C++ standards and libraries are major monsters for bloated code if used with little understanding of how they work or are implemented.

Web apps terrify me with their dependence on libraries. Often these are pulled in dynamically from GitHub and others. All it takes is a library to disappear and a major issue can arise. Often there is a chain of library dependencies as one library pulls in numerous others and each of those load more. The issue with kik and left-pad shows what can happen. It is also no wonder web apps and code become so bloated and resource hungry.

Another issue that has affected programs is the desire to roll every conceivable feature into a single app. I much prefer the Unix ethos of small, modular tools and a common way to connect them. I suppose my preference for terminal makes that easier and I accept it is not a friendly environment. I just wish programs today would not feel a need to overwhelm users with every feature needed and add to the bloat with every release in an effort to justify progress or upgrade charges. At least some editors, word processors and others take a more minimal approach in pursuit of focus and removing distraction.

Recently I was persuaded to have a look at Rust. A nice language on initial view and a lot to commend it. I wrote a few simple programs in Rust and C and was surprised. I triggered off a build (nice build system with TOML config files in Rust was a welcome break from makefiles). I was horrified to see the long list of libraries Rust was bringing in. The code for C was 36KB. The code for Rust to do the same thing was over 30 times the size. I did not have the heart to start disassembling to see what it had done. It sort of put me off. What seemed simple on the surface quickly opened up the horror of a long list of random libraries being downloaded and linked. Not really for me.

I suppose pragmatic reality takes over in a lot of cases and I can appreciate that. The need to deliver in a timely way can trump the desire to work on ultimate efficiency or size. At least programming like many other things has something for everyone and we can each choose how we practise our craft and which products we would like to support and endorse.

 

[svenmany]

I suppose pragmatic reality takes over in a lot of cases and I can appreciate that. The need to deliver in a timely way can trump the desire to work on ultimate efficiency or size. At least programming like many other things has something for everyone and we can each choose how we practise our craft and which products we would like to support and endorse.

My limited intellect and the need for a paycheck limit my access to choice. In the same way that 1Password is built on Electron, I chose to build my front-end work on top of Angular which, in turn, builds on the capabilities of the browser.

Were I to flex my intellect and attempt to eliminate that crutch, even if I succeeded, I would not be working to my clients' advantage. Putting cost aside, my code will someday pass to other developers; the more custom work, the more to learn beyond standard toolsets.

Humans build on the work of others. I guess a consequence is over consumption, whether it be of computing resources or of the earth's.

 

[agregson]

My limited intellect and the need for a paycheck limit my access to choice. In the same way that 1Password is built on Electron, I chose to build my front-end work on top of Angular which, in turn, builds on the capabilities of the browser.

Were I to flex my intellect and attempt to eliminate that crutch, even if I succeeded, I would not be working to my clients' advantage. Putting cost aside, my code will someday pass to other developers; the more custom work, the more to learn beyond standard toolsets.

Humans build on the work of others. I guess a consequence is over consumption, whether it be of computing resources or of the earth's.

I can fully appreciate the reasons and they are very valid, indeed sensible. We all have limited resources and it is important to deploy them where they can be most effective.

You have hit on something though. The consumption of resources in our wider society has incorrect priorities. It seems focused on producing more rather than consuming less. This is also driven by consumers who are ultimately driven by advertisers and very persusasive marketing to ensure we feel we need more, newer, faster and more features. Sadly responsible consumption and care to use resources sensibly seems to receive scant consideration.

This is all part of a wider economic cycle where the governments need to continue to drive up consumption as that drives demand which deploys more labour. The employment of labour and consumption of things generates taxation revenues. As long as they can keep us locked into debt and commitment they are assured their >=20% take (in UK on VAT sales tax, employee tax, employer tax, social tax and myriad other levies) in the great economic cycle. As long as the populous is enslaved they are assured a steady revenue stream.

I have always been intrigued by lightweight code and doing "more with less".

In 80s I had no choice as I was working in environments where I had neither memory, CPU or other resources so had to use each wisely. There was also little option to patch code so the quality of code was essential. In many cases the code went to ROM (as in case of the Z8 OTP) or EPROM and into customer sites where over air updates was not an option. The code had to work and work with the limited memory (one of the Z8s I programmed in an EPOS printer interface had 4K ROM and 236 bytes to RAM and a huge register memory model) often leaving little room for any excess let alone unused library code.

Towards end of 80s I worked a lot on the VAX 11/780 which supported hundreds of users. Maxed out our machine had 8MB of RAM. Oddly that never seemed an issue - but it quickly reigned in any plans for expansive memory use in programs! There was also the Meiko CS-1 Transputer system which even fully loaded with dozens of Transputer processors had limited memory. Code compactness was essential.

I suppose that has sort of stuck with me. When I write code now it is to work on embedded systems and increasingly porting older code from 80s and 90s to modern hardware as the hardware is no longer available. That demands and allows time to ensure the code is compact, efficient and elegant.

I write code for fun now and for that I do like writing code to be as minimal, well structured and elegant as I can. I also like to ensure that even if I use a library for a data structure or other interface that I can code it myself if I need to. I feel that understanding also allows an appreciation of the impact of using things like associative arrays (or whatever novel term each language decides to apply to it ;-)). But then that could also be by theoretical and CS/AM background coming in where I like to understand and analyse things.

I do appreciate the points on maintainable code. Libraries can make that more approachable though I suppose they can also introduce dependencies and possible future liabilities. I have always worked on basis that if code is clean, efficient, minimal and very well structured it should be maintainable.

I am not against libraries at all. I just use them sparingly and with caution. I also try to find libraries that fit with my thinking and ideals and ideally those that are modular and I can compile/link/include just the parts I want. Not always possible but always fun looking!

One thing I would say, I rather suspect your productive output will be a lot higher than mine. I am just so glad the world of computers allows for us to each be individual, choose and ideally find a niche that fits and which allows us to be content and happy. If we can do that and cover the bills what more can we ask for?

 

[svenmany]

But then that could also be by theoretical and CS/AM background coming in where I like to understand and analyse things.

What's "CS/AM"? I'm know I'm going to feel like an idiot when you answer.

No matter that I excuse myself of building upon frameworks, I don't excuse 1Password. They simply made a cost-cutting move at the expense of their customers. They certainly have the competence to deliver a native application on various platforms, but they just didn't want to bother.

And, I can't yell it loud enough, but I'll try - THE BROWSER EXTENSION IS GARBAGE.

 

[NYCValkyrie]

I actually do not mind their subscription fee. Though I was an early adopter and paid the stand alone app price I did eventually move to the subs when I had to go cross-platform for work. Lifesaver. But not putting v8 on the App Store is a deal breaker for me. I won't be renewing when my current sub is up in July and currently in transition to use Keychain. I do use both but now it will be my sole password manager. And no, I don't trust any of the other password managers. i'll miss the credit card feature but perhaps I won't stress-shop as often. lol

Anyway, if it helps anyone, here's a good guide on migrating and how to fix any issues with importing.

 

[xyz01]

Running on it and compiled on it are two different things. While it is a universal binary, when Apple drops Intel support, that binary will have to be recompiled to support only M1 going forward, should AgileBits continue to support it. If they don't, you're stuck with either upgrading to 1Password 8, staying on 1Password 7 forever (unless AgileBits develops a way to prevent 1Password 7 users from accessing their vaults), or migrating off of 1Password.

Being a universal binary doesn't eliminate the issue of support for it on Intel Macs going away when Apple drops Intel support.

BL.

It should. Old universal binaries still work, you don't need to recompile it to support architectures you don't have support for. Some crazy people have even found that you can make universal binaries with PPC, 32 bit intel, 64 bit intel, and Apple silicon.

That said, my gaming library will look really sad when Apple drops Intel - they could really learn a couple of things from MS there.

 

[bradl]

It should. Old universal binaries still work, you don't need to recompile it to support architectures you don't have support for. Some crazy people have even found that you can make universal binaries with PPC, 32 bit intel, 64 bit intel, and Apple silicon.

That said, my gaming library will look really sad when Apple drops Intel - they could really learn a couple of things from MS there.

Again, if they are statically linked, you're good. But if the libraries are dynamically linked, then those libraries for that architecture will have to exist on the particular machine when the call to the functions in that library are made. If they don't exist, it will fail. Again, this is if the binary is compiled dynamically. In the case of 1Password, if the universal binary is compiled dynamically against x86_64 libraries and arm64 libraries, once Apple drops those x86_64 libraries, any call to those x86_64 libraries by a dynamically linked binary is going to fail, as those calls are made at the time of execution, not the time of compilation.

BL.

 

[WaltCD]

I’d be more scared of my 1Password account being hacked and all the passwords that go along with it than 1 password of 1 random page

People often use the same password on multiple sites. It's a real problem having to remember all the different passwords for all the different websites. With 1Password, it makes it easy to have a different password for each website. If that one website gets hacked, and the bad guys get your password, it's just bad for your information on that one website.
If 1Password was to ever get hacked, all your passwords are stored encrypted. 1Password doesn't even have the password. For people to get your one password to log into the 1Password app, they'd have to also get access to your device and the 1Password password. 1Password even has two-factor authorization, which provides for a third blockade to get to all your passwords.

Again, the point is, remembering one password (plus the password/code to get into your device), is a lot easier than remembering hundreds of passwords, and having hundreds of passwords is more secure.

 

[WaltCD]

They’ve gone to subscription only to get new updates and features. Writing was on the wall, but very sad to see.

Time to start researching options to export to another utility.

I actually thought they went to subscription model about five years ago. It still works wonderfully and they continue to add new features.

 

[bradl]

I actually thought they went to subscription model about five years ago. It still works wonderfully and they continue to add new features.

They did, when 1P 7 came out. They stated back then that while they were going to the subscription model they would always keep the standalone model available and supported. With 1P 8, they reneged on that, among other things, which caused the uproar.

BL.

 

[Puonti]

They did, when 1P 7 came out. They stated back then that while they were going to the subscription model they would always keep the standalone model available and supported. With 1P 8, they reneged on that, among other things, which caused the uproar.

BL.

That's not how I remember their communications - can you please provide a quote?

What I remember is that they:

1) Indicated they were satisfied with their (then) current local vault support and were focusing on 1Password.com

2) Made it more difficult to locate the standalone license option than the subscription option

3) Indicated that they were monitoring subscription uptake to see if it became more popular than local vaults

4) Noted that the local vault version of 1Password would always be able to export your data

 

[agregson]

What's "CS/AM"? I'm know I'm going to feel like an idiot when you answer.

No matter that I excuse myself of building upon frameworks, I don't excuse 1Password. They simply made a cost-cutting move at the expense of their customers. They certainly have the competence to deliver a native application on various platforms, but they just didn't want to bother.

And, I can't yell it loud enough, but I'll try - THE BROWSER EXTENSION IS GARBAGE.

Sorry for the cryptic acronym - Computer Science and Applied Mathematics. My area of study and research was in computer science and applied mathematics. The mathematics was basically theoretical physics which linked nicely into computer science.

Back in late 80s and early 90s it was also a way to get access to the higher end computers, resources and methods. Hence I programmed higher end systems (though now an iPhone would emulate them!) - Meiko Compute Surface (hundreds of transputer processors in a communicating array), VAX, Cray etc using rather nice terminals - my NeXT cube was in my office (still have it), as was my DEC Station 3100, SG Iris and even the old VT terminal with amazing persistence and smooth scroll. I still have all of the terminals.

Programming in those days meant efficient code and fewer libraries combined with a lot more understanding. Code was still portable hence I spend time even now porting and moving around older code and projects from uni/research days and various embedded commercial projects I worked on.

The theoretical side probably reveals why I get annoyed with inefficient code. I tend to like to know how things work and also that it is implemented to relevant standards. I mentioned formal design, formal methods and similar to a young friend recently and he found the whole ideal not only a shock but "a waste of time!". Sigh. Suddenly I felt old ;-)

Anyway, agree. 1Password is a lazy effort. They can do better. As long as we accept compromise they will deliver compromise. We must demand better and to demand we must make he objections known.

I do rather like what Panic are doing and they show just how good native apps can be. I use VIM but I did buy Nova recently following a superb support exchange with the developers of Transmit when I reported and extensively defined a bug with file sync. They were so open, frank and helpful sharing details on how things worked and were implemented that I felt that was a company I had to support. I was not disappointed with Nova either. It shows clear focus on a native app that really shows it's pedigree.

 

[svenmany]

Sorry for the cryptic acronym - Computer Science and Applied Mathematics. My area of study and research was in computer science and applied mathematics. The mathematics was basically theoretical physics which linked nicely into computer science.

Ah, OK. I wrapped my pure math (Mathematical Logic / Recursion Theory) just about in 1990, when I finished my doctorate. Then I switched to computers. So our backgrounds are somewhat similar, but in pure math it doesn't have to be efficient, just correct. So, we ended up on different computer paths; I took the lazier road.

Anyway, agree. 1Password is a lazy effort. They can do better. As long as we accept compromise they will deliver compromise. We must demand better and to demand we must make he objections known.

I complain bitterly on their support forums. They think everything is fine. They always stay polite though; it's starting to get infuriating.

 

[bradl]

That's not how I remember their communications - can you please provide a quote?

What I remember is that they:

1) Indicated they were satisfied with their (then) current local vault support and were focusing on 1Password.com

This is correct and what I stated. They were satisfied with local vaults and supporting them and then focused more on 1password.com. But also at that time that meant that they were keeping support for local vaults.

2) Made it more difficult to locate the standalone license option than the subscription option

That is what started the issue, which was exacerbated by turning off the servers that provisioned standalone licenses. Now with 1Password 7, if you tried to purchase that license (the menu option is still available), it

1. redirects you to 1password.com or the ability to purchase a subscription, and
2. puts your local vault into read-only mode, leaving you no way to change or modify your existing local vault. Even uninstalling 1Password 7.x and reinstalling 1Password 6.x leaves your vault in a read-only state. The only way to get that back is from fully wiping all traces of 1Password from your Mac, and restoring it and your data through whichever backup solution you use (read: Time Machine).

3) Indicated that they were monitoring subscription uptake to see if it became more popular than local vaults

Which they did; however, when turning off the ability to purchase a standalone license, of course they are going to see subscription purchases overtake standalone licenses. That was the entire point.

4) Noted that the local vault version of 1Password would always be able to export your data

Exactly. Unless you opted to not upgrade to anything that didn't support a standalone vault. If you purchased the standalone license for 1Password 7, you don't need to upgrade anything at all. my mid-2011 MBA is still using 1Password 6.8.9 and continues to work flawlessly (with exception now to the browser plugin no longer working). It will stay on that until that Mac completely dies; however, their actions have basically shown that I have had to cut my losses, because their business model can no longer meet my requirements.

BL.

 

[Puonti]

however, their actions have basically shown that I have had to cut my losses, because their business model can no longer meet my requirements.

BL.

Which is as it should be of course.

I'm just not seeing / recalling anything that supports your previous claim that Agilebits promised to always keep the standalone model available and supported. I was curious to know where that was coming from, but perhaps you meant something else.

 

[agregson]

Ah, OK. I wrapped my pure math (Mathematical Logic / Recursion Theory) just about in 1990, when I finished my doctorate. Then I switched to computers. So our backgrounds are somewhat similar, but in pure math it doesn't have to be efficient, just correct. So, we ended up on different computer paths; I took the lazier road.

I left Pure Maths behind around level 2 undergrad. Rather enjoyed analysis and pure maths but had to make a decision. For me applied maths fitted what I enjoyed and worked well with computer science. In end I had major/minor in AM/CS and they did not offer an option for 3 way split!

The pure maths came in handy when working on formal methods in CS in level 2 and level 3 undergrad.

Even with applied maths and computer science I was always fascinated with minimising code and maximising efficiency. I find little more elegant than well written, efficient and minimal code. I always enjoyed reading Wirth’s code for that reason and his is not the best example. I don’t much like overly minimal code or code designed to be excessively minimal.

Working on embedded code meant an incredible focus. Less so now as resources are not so constrained. Though some of that is coming back with the semiconductor shortage and older, readily available options are being reconsidered.

I complain bitterly on their support forums. They think everything is fine. They always stay polite though; it's starting to get infuriating.

I have tried likewise and they reply as if I am somehow crazy. That annoys me. Folk like Panic show just how approachable developers can and should be.

I suspect they take the view that the majority of their users will not even know never mind care. The few of us that do are not worth the hassle.

To help with perspective I did have a proper look at electron and even tried a few coding exercises in it. I did not like it and was not impressed with code generated. Then again I do not like JavaScript overly - and detest Java and it‘s incredibly verbose nature (almost reminds me of Modula-2 which I was convinced was part programming language and part typing tutor!).

I could chat forever on this … happy to stop hijacking the thread if you wish!

 

[bradl]

Which is as it should be of course.

I'm just not seeing / recalling anything that supports your previous claim that Agilebits promised to always keep the standalone model available and supported. I was curious to know where that was coming from, but perhaps you meant something else.

1Password 7 is that last standalone model that is available and still supported. To that extent, 1Password 6 is still supported, as it is still posted and available for download directly from their site. In fact, all 3 versions are still available on their site, with only 1Password 6 being able to handle standalone vaults.

BL.

 

[incoherent_1]

I actually thought they went to subscription model about five years ago. It still works wonderfully and they continue to add new features.

Nope, until 1PW7 you could continue to buy a license (at least for me — I’ve been using 1PW for many many years so maybe I was grandfathered in?).

Glad it works for you, but making a subscription for a utility app is not for me. I put it off for a few weeks but finally migrated to BitWarden last week. It was shockingly easy — took me all of 5 minutes. Not a single thing I miss from 1PW…

 

[xyz01]

1Password 7 is that last standalone model that is available and still supported. To that extent, 1Password 6 is still supported, as it is still posted and available for download directly from their site. In fact, all 3 versions are still available on their site, with only 1Password 6 being able to handle standalone vaults.

BL.

1Password 7 also handles standalone vaults? 1password 8 doesn't, though - which is why I'll be staying with 7 until it no longer works.

 

[kave]

It looks like an Electron app.

Sad.

They took $620 million dollars in series C funding and they gave their users an electron app.

1Password Closed a $620 Million Series C Funding

1Password, a password management platform, closed a $620 million Series C funding, raising the company's valuation to $6.8 billion.

thinkremote.com

So very sad.

I realized apple passwords and Secrets was enough to cover my needs.

Happy.

I don't have to deal with 1password ever again.

Priceless.

”Apple secrets”? I am done as well, i have no interest in be forced to sync with their servers.

 

[macsplusmacs]

Apple Password (app/pref pane)

and

Secrets – Password Manager for Mac

Securely store passwords and confidential information with Secrets, a password manager for Mac.

outercorner.com

 

[roger.c]

They went to subscription after I bought the app. I needed a multi-user solution, and their family plan was the price of Netflix, so now they're gone. I went to Bitwarden for free and I couldn't be happier to put 1password in my rear view mirror. I self host and I can give whoever I want access to whatever I want.

Netflix is way more expensive than my family plan; not sure what your paying. Just makes my non-tech savvy wife better at keeping things under control.

 

[bradl]

1Password 7 also handles standalone vaults? 1password 8 doesn't, though - which is why I'll be staying with 7 until it no longer works.

Yes. 1Password 7 handles standalone vaults. However, to use standalone vaults in 1Password 7, you have to purchase a standalone license for 1Password 7, in 1Password 7. That can no longer be done, as they have shut down the servers that provision those licenses. So even if you downloaded 1Password 7 to purchase that license, or are already using 1Password 7 with a subscription and want to move to standalone, you could not do that. They are pushing everyone to a subscription, regardless of situation.

So if you are already using 1Password 7 with a standalone vault and standalone license, you are in the sweet spot with being able to move from Intel to Apple Silicon. You can run 1Password 7 on any Silicon Mac and be good ad infinitum. I was in a bad spot because 1Password 6 was Intel only, so when Apple drops Intel support I would be screwed completely, as I'd have no viable upgrade path with a standalone vault.

BL.

 

[dogface1956]

I am fully aware of the encryption part. I am talking about the NSA, CIA etc. not some third-party black hat hacker. They copy and store everything you send over the Internet (Snowden said to assume 100% collection) and crack it open later if they want/choose to. People I personally know, in that world, send nothing over the Internet that they do not want public. Period.

This is about security. So, from a security standpoint, it is a very important part. People these days, even after Snowden, don't seem to care about it but it is very important to at least keep everything client side without sending everything in one nice package, over the internet. Like Snowden said, you make them work for it, as much as you can.

Yea I am going to go to Snowden for all my security needs.