I personally think the leadership at AgileBits is using these changes and the latest investment round to "run up the score" and bail
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password 8 for Mac With Improved Interface, Performance, and More Now Available in Early Access
- Thread starter MacRumors
- Start date
- Sort by reaction score
I personally think the leadership at AgileBits is using these changes and the latest investment round to "run up the score" and bail
As the "admin" for a family, I beg to differ. Shared vaults that securely house all kinds of logins and documents, and a simple, easy to manage interface make it well worth the subscription to me. I've got stuff in my own vault, my wife has stuff in her vault, and we've got another for shared household stuff like utilities. And the interface is clean and usable enough that I know she'll use it every time.
If your needs are very simple then yeah, I'm sure iCloud Keychain is fine for saving your logins. But a more robust solution like 1Password sure makes life easier when things get more complex.
Bitwarden makes most of their money off their business products. Take a look at the website.
Any good alternative pw managers that support local vaults in iCloud? Found Enpass, Strongbox & Secrets but are these any good?
I wouldn't mind switching from a lifetime license to a subscription but at least give us multiple options as to where to store our data. I'd gladly pay a little extra for a higher tier subscription if that would enable a local vault option.
I wouldn't mind switching from a lifetime license to a subscription but at least give us multiple options as to where to store our data. I'd gladly pay a little extra for a higher tier subscription if that would enable a local vault option.
Last edited:
I tried Enpass on MacBook Air, Android and iPhone now. Subscription to Premium for a year was a big fat USD 1 as a promo, I took that. Even if I end up not using this, USD 1 is a fair price to pay for trying out the software.
What was the result of the trial? I will make a longer post later on, when I have also tried Bitwarden on all devices, so as to give members a good picture of my experiences with all 4 of these password managers - 1Password 7 (benchmark since 1Password is what I have been using for nearly 6 years on Android, iOS and macOS), 1Password 8, Enpass and Bitwarden.
What was the result of the trial? I will make a longer post later on, when I have also tried Bitwarden on all devices, so as to give members a good picture of my experiences with all 4 of these password managers - 1Password 7 (benchmark since 1Password is what I have been using for nearly 6 years on Android, iOS and macOS), 1Password 8, Enpass and Bitwarden.
Will those backups matter when your vault has already been locked down by a foreign party in that ransomware attack, let alone in their possession? This would then mean that every password you have could potentially be theirs, allowing them access to your sites and accounts at those sites.
You'd then have to go through the task of resetting all of those passwords not only at those sites, but in your local 1Password vault as well.
Again, with the Cloud being primarily used for convenience, you're letting the role of security be handled by others, whose idea of security may not match, or be mediocre to your idea of security. Are your passwords worth that risk?
BL.
*hopefully* nobody is storing those passwords in a cleartext format which would lead to such a vulnerability.
Or are you suggesting the third party is managing to decrypt the local vault?
Yes it will matter, because you can access your accounts via the backed up vault. And as explained to you previously, and really shouldn't have to be mentioned again, with proper encryption they won't be able to access your passwords whether they have the vault or not.
We’re considering changing the default back. Regardless of the default this will absolutely be customizable. My colleague Andrew is working on customization of keyboard shortcuts today.
I made the same error earlier in the thread. ☹️ You're right. Those other processes should be factored in. Here is what I'm currently sitting at:
That's just bs:
It doesn't look and feel like a native app at all. Modal windows, seriously?
Thanks for making Mission Control less useful. The whole point of it is to expose all your open windows, yet you've decided to switch to fake windows inside of windows instead.
The decision to go with a modal here was a design decision... we could make it a window. We opted for displaying preferences in a modal because it seemed to fit well with a modal paradigm. To quote one of my colleagues:
Could you please help me understand what the utility of having them in a separate window would be? As I say this is something that could potentially change depending on the feedback we get.
Thank you. We are tracking this sort of feedback. But specific examples (such as the modal preferences kristofferR mentioned) are even more valuable and more likely to be actionable.
Well I was answering the question what would I do if everything was "locked behind a ransomware demand". I wouldn't be locked out of seeing what my current passwords were. Plus BW works offline so I wouldn't be locked out there either.
This right here. Even if somehow they got their hands on my encrypted vault have fun brute forcing my very large password.
That's great to hear. That's built into muscle memory from so many years of using it!
No. What I am saying is this. Say that a person is being investigated for some felony activity, and has data relative to that activity stored in the cloud. That person also thinks that by having that data stored on someone else's servers, that since it is his data, it would be covered under the 4th amendment to the US Constitution, requiring LEOs to get a warrant to get to that data.
That person would be wrong. Since it has already been proven data in the possession of a third party (Facebook, Apple, Amazon, any company owning cloud-based services) is owned by that party, the LEOs would only need to subpoena that third party to have that third party give them that person's data. No warrant required.
Now.. replace that person with you, and that data with your vault. That would mean that if the LEOs were going after you for something, and see that your passwords are in a vault in the cloud, they won't need to go to you to get your passwords, as you could easily exert your 4A and 5A rights to defend yourself from such actions. Instead, they could go to that third party with a subpoena, get your vault, and try to get your passwords that way, without you ever having any say about it.
The problem here is that you're putting yourself in the position of having that data compromised: encrypted or otherwise, by merely putting the vault in the cloud to begin with. It's a major vulnerability in the fact that while you are mitigating the ability to get into the vault, you are leaving intact the vulnerability that your password vault is not in your control, and potentially able to be held ransom by a rogue party, or seized by any federal authority by subpoena. That is a HUGE liability that no person should risk.
You're arguing about accessing the vault because of mitigating that accessibility by passwords. You're not understanding the fact that the vault being in the cloud is the vulnerability.
BL.
My main complain is the removal of the local vault, I might swallow the subscriptio. Just might, because I do not see additional value in most of the changes since Version 6, some of them even made 1PW worse for me. So why should I pay for the changes when I do not like them?
And BTW for a premium price I expect a native macOS App, well designed and not some electron stuff which is a problem waiting to happen.
But there is no way I will store my passwords in some cloud, never ever. I would rather write them on paper. And do not forget, thar Canada is one of the Five Eyes state with a long history of spying on their allies. I do not know, what the local laws look like and what Agile Bits might be forced to do.
I just know, that having the PWs only locally is an added layer of security. Even if they are not forced to implement some backdoor, that could just make mistakes, as I do occasionally when developing software
I think you should be more clear and honest. If the answer is "We are making this Electron app and there is no room for negotiation," just say it.
Personally, I don't care about it being Electron. I don't care about losing local vaults of iCloud sync. All I care about is that it feels like it is native to MacOS and performs as such. I'd even be willing to pay more for that. I'm bothered by the cross-platform generic UI and how sluggish it feels.
Y'all may think you're about to ball out with your VC backing, but you're not going to become a dominant Enterprise player. All it's going to take is Microsoft to launch their own Electron password manager as a part of 365 and your Enterprise dreams are toast. Meanwhile you're ostracizing your longterm users who will not be waiting for you when you come calling again.
Lastly, just some personal advice from having been in a similar situation. You yourself are not going to get rich from this. Dave and Roustem will, but not you. Don't die on the sword for this greedy company.
Is there actually any hope of feedback leading to a reversion in the plan to not offer a macOS native app?
If not, please just be honest and say so.
I'm not going to flame you or anything.
I just want honesty please.
Ouch. Saying it right what it is. No words minced.
I'm a bit puzzled at how the above has anything to do with my reply to your prior comment:
Anyway, I'm pretty boring in real life (as I am here too). The probability is virtually nil that any agency would have sufficient interest in me to (a) subpoena access to a cloud account and then (b) devote the necessary resources to decrypt the password vault.
Plus I'm pretty sure if they really wanted to take a look at my Facebook or TD Ameritrade accounts they'd just go directly to those service providers and not take the long way round.
Should anyone ever feel they've become sufficiently interesting that such a probability becomes non-nil, then it's easily solved by keeping stuff within a local vault, and if there's need for any sync utilize a private cloud via locally hosted encrypted NAS. Depending on the potential of sufficient resources going into cracking two separate encryption layers, then it may be wise to exclude the vault from private-key-encrypted cloud backups.
Last edited:
Good luck with the forward momentum. These days seems like any action will result in unhappy people. As a manager of a large software project, I can appreciate that on a personal level. I also appreciate your willingness to communicate here on Macrumors - not often we see that from small apps, let alone larger companies like 1Password. Thank you and the managers/bosses above you that allowed it.
The option to purchase a stand-alone license (which was only available in the version downloaded from the AgileBits website, not the Apple Store, if I recall correctly) has been pulled some time ago. I think the last version which had this hidden link was 7.6.something.
Problem is: Even if you obtain that 7.6 version somehow, it can't connect to the server which sells the stand-alone licenses, as that server has been disconnected by AgileBits.
Bottom line: If you don't own a 1Pwd Stand-alone license already, you never will. That is until the guys at AgileBits suddenly change their minds, because there aren’t enough people falling into the subscription trap.
I really honestly don't know if there is room for reconsideration on Electron on Mac. I do know that the issues that have been filed that have specific and realistic feedback have largely been picked up quickly or at least discussed. I have no idea where the generic "consider building a SwiftUI front-end" issue I filed will end up.
I work in technical support. I have no delusions about getting rich. I just want to see the best possible outcome I can help toward here.
I think this is the best answer I can offer at the moment:
I'm wondering what everyone puts into this software? Yikes, most sound like they need vault space at fort know with six cameras on their vault. Other than a ransomware attack, is local storage the ultimate answer when your equipment can be stolen? Serious question. My passwords are in iCloud, is that as potentially dangerous as 1P having them? I'm more worried about any passwords on post it notes in my house rather than iCloud storage. Is that naïve?
iCloud and 1Password utilize cloud servers with encryption. The data is stored encrypted at rest so even if someone were to physically steal a server with the data on it, they couldn't do anything with it unless they had the encryption key to get access to it - and usually, there are many layers of encryption done.
This usually makes the weakest point of failure the customer and their access to the cloud servers (- you -) - because you've got the key and usually your computer isn't as secure as the servers that house and operate the cloud servers at Apple/Amazon/etc.
So, your question, is it safe to store data in these servers? Yes. I'd highly recommend taking some time to read up on computer security - even a basic understanding will make you far more of a force to be reckoned with when it comes to hackers, viruses, etc.