1Password 8 for Mac With Improved Interface, Performance, and More Now Available in Early Access

[turbineseaplane]

A shameless plug — for those unfamiliar with how Strongbox, Keepassium, and other similar apps work as well as how they differ from the 1Password-/Bitwarden-type apps and providers, you might find https://www.brycewray.com/posts/2021/06/two-paths-password-management/ of use in understanding them.

"The non-KeePass way"

"This is the sector of password management apps about which you see and hear the most, because it’s where the serious money is being made. This involves the likes of 1Password, Bitwarden, Keeper, LastPass, NordPass, and RoboForm, among others."

 

[Idgit]

Hey sydneysider88.

I understand a number of apps that are out there have used Electron as a way to ship an app quickly and without focusing on performance, which has resulted in a bad name for it. That's not what we're doing here. We are indeed using Electron for some elements of the app, but we’re strongly focused on delivering performance as a feature. The bulk of the app is written in Rust, which enables us to be much more performant than other Electron-based apps you may have used. Additional details about the layers involved in our 1Password 8 apps can be found here:
https://dteare.medium.com/behind-the-scenes-of-1password-for-linux-d59b19143a23

One of the additional early concerns raised with Electron was that we might lose some of the tight integration with the OS that people have come to love and expect. We made sure that didn’t happen.

I'd suggest giving it a try. I think you'll be pleasantly surprised.

- Ben, 1Password

Or maybe 1Password can return to their roots as a first-class Mac dev and give us a native Mac app. God knows you're receiving enough venture capital money and subscription money to do that. With all that loot to hire talented Mac devs, why did 1Password settle for an inferior and bloated Electron app?

Gotta love coders on Twitter ridiculing 1Password for their marketing BS and denialism around Electron:

https://twitter.com/x/status/1425492714624278530

 

[dlondon]

I used to subscribe to 1Password when I had more cross-platform devices. When I switched my main phone back to iOS, I thought that Keychain would be sufficient. However, it bugs the hell out of my how Keychain suggests a strong password but often doesn't save it. So I'm probably going to go back to a cross platform option but not sure I will opt for 1Password again – especially now the there are so many options.

 

[FightTheFuture]

I used to subscribe to 1Password when I had more cross-platform devices. When I switched my main phone back to iOS, I thought that Keychain would be sufficient. However, it bugs the hell out of my how Keychain suggests a strong password but often doesn't save it. So I'm probably going to go back to a cross platform option but not sure I will opt for 1Password again – especially now the there are so many options.

That's the confusing part - it is saving the password when you think it isn't. Takes a long time to trust the system.

 

[ZZ9pluralZalpha]

I don't have a major problem with paying a subscription.



I DO have a problem with being forced to do the cloud version 1Password.com option.

I will continue using version 7 with wi-fi sync until it stops working.

I hope they reconsider forcing people to put their passwords in the cloud in order to use the latest version.

Using the iCloud-synced vault means my web logins, credit cards, server passwords, and whatever else I was dumb enough to trust 1Password with are only getting stolen through two consecutive breaches: the compromise of my iCloud account or one of my devices, AND my vault file or the app. Using the 1Password web interface means that‘s the only thing standing between this info and the blackhats of the world… and that website is a juicy target indeed.

AgileBits may swear up and down that they’re ever vigilant, but as the old saying goes, they have to succeed every time—attackers only have to get lucky once.

 

[msackey]

1Password is terrific app, and I'm delighted to see its continued development. I use it alongside iCloud Keychain, and it's very valuable to me to have something cross platform for occasions when I need to use Windows and Chrombooks.



The whole subscription vs perpetual licence thing seems a bit played out at this point.

To me, all paid software is a subscription, in the sense of being time-limited. I own a copy of Microsoft Office 4 (still got the discs somewhere!) but since I no longer use Windows 3.1 the fact that I hold permanent license is not dreadfully useful.

Ultimately, if we want software to be continually maintained and updated - and I most certainly want that from a password manager - there is going to be an ongoing cost one way or another. I prefer subscriptions because it makes that explicit - this much money for this much time - and I can make a purchasing decision accordingly.

There is a recently study that looked at subscription vs. paying for big ticket items. It wasn't related to software purchase but is analogous. As I recall, the study found that when it came to subscription (i.e., recurring expenses) consumers generally scrutinized whether they really needed that purchase. When it came to big purchase items (i.e., made one time) the scrutiny and "pain" felt was less.

That's exactly how I feel about it too. I don't like continual leeching via subscription model. I like to make singular event decisions for purchases such as "If I upgrade to the next version I have to pay $100. Am I willing to do that?" If yes, then good to go! If no, fine good to go and I don't even have to think about next month's budget and re-calculate if I can afford ongoing expense.

The big problem with continual leeching is either you have to keep looking at you budget every now and then to see if you can afford the subscription. Or, probably more often than not, it becomes an ongoing expense that you forget about not willfully but because you forget, but when you re-discover it you ask, "Why the hell did I pay so much to use this piece of crap?" It's like the ongoing subscription for cable TV.

I don't mind paying one time upgrade fees and in fact have done so from version 3 to version 7 of 1Password.

 

[msackey]

I'm indefinitely stuck on an old version due to the unfortunate choice to stop doing regular licenses and standalone vaults. Using 1Password these days is more like being in a hostage situation than a paying customer at a vault.

This made me lol. I can imagine it now: what we once thought was a safety deposit box (i.e., password vault) has very quickly morphed into a prison cell, imprisoning the person who thought they were just depositing things for safe keeping. Nope. You (we) became the prisoner!

LOL.

 

[msackey]

For those worried about their vaults being cloud-based, a good practice for a little extra security is to add a unique PIN or other sequence of characters to every password you create on a website that you memorize, but don't include that part in the password stored in 1Password (or whatever cloud-based pw manager you're using). That way, even if in the unlikely event that 1Password is hacked and all your passwords exposed, they still won't have your actual passwords because only you now the unique "key" that needs to be added to the passwords to make them work.

For example, let's say you choose "-6\WyD" as your unique key. Let's say you go to sign up for a Gmail account, and 1Password suggests the following random password:

7qW?z}ks(ZNE8fFxd7#U

So you save that to your vault, but THEN you go in and add -6\WyD to the end of it on Google's sign-up form, so Google has your password as 7qW?z}ks(ZNE8fFxd7#U-6\WyD, but 1Password has it as just 7qW?z}ks(ZNE8fFxd7#U

That's such a brilliant tip! Never thought of that before.

I don't intend to use it right now, but this is really invaluable. Maybe when I switch to another password manager. I have to figure out what password manager allows syncing through one's own Cloud account and is NOT a subscription service. Thanks!!

 

[macintoshmac]

I hate all of these apps.

I must be the only person on earth happy with iCloud keychain

I was the same as you. But, there are two things here that made me start paying for this app, both of the things are not any better even today, so far as I know.

1. If you remove keychain from all iCloud devices, the passwords are lost. Yes. Not making that one up. That is what happened with me, accidentally, and then I realised that this is as per design. My use is about testing software on devices and I can delete and install software at a moment's notice, so ... this won't fly with me.

2. Android in the mix. I have an Android device too, so need my passwords synced. If I had a few passwords, I could remember them. But now I have unmemorable passwords that are unique for every website and using the software allows me to go crazy with security. I now have unique passwords for everything, and TOTPs as well.

This is why I am paying for 1Password. Otherwise, iCloud Keychain in its current iteration with support for TOTPs is great.

 

[macintoshmac]

Can't find the Safari extension. All the links take me to the App Store.

But that App Store link [https://apps.apple.com/app/1password-for-safari/id1569813296] takes me to 1Password for Safari - different from 1Password for Mac.

This is a pure, standalone Safari extension.

It looks like this extension is required since 1Password 8 beta does not contain any Safari extension.

 

[X--X]

It looks like this extension is required since 1Password 8 beta does not contain any Safari extension.

It can't since it's not a native Mac app anymore.

 

[turbineseaplane]

It can't since it's not a native Mac app anymore.

I just can't believe this company and this software --- given its history and heritage...

Has bailed on being a native Mac app

It's just so disheartening

 

[PeteBurgh]

The big problem with continual leeching is either you have to keep looking at you budget every now and then to see if you can afford the subscription. Or, probably more often than not, it becomes an ongoing expense that you forget about

This is a really interesting reply, thanks!

The psychology of sales and decision making in general are always useful to reflect on. Even the most careful and rational of us are capable of judging things incorrectly.

I have definitely been guilty of subscribing to services and then sort of forgetting about them, and I’m sure much money is made this way. I try to make time to carefully review everything I’m subscribed to several times a year, but I still forget the odd thing.

On the other hand, however, I have on occasional bought expensive perpetual licences, only to find that after a while my needs change, or a don’t use it as much as I’d thought, or something better comes along. (I’ve done this with a couple of photo editors, for example). On those occasions, a monthly subscription that could be cancelled would have been preferable.

 

[webbuzz]

Standalone vaults will not be available in 1Password 8. Additional details can be found here.

Guess I will be looking for a replacement solution.

 

[macintoshmac]

Hey sydneysider88.

I understand a number of apps that are out there have used Electron as a way to ship an app quickly and without focusing on performance, which has resulted in a bad name for it. That's not what we're doing here. We are indeed using Electron for some elements of the app, but we’re strongly focused on delivering performance as a feature. The bulk of the app is written in Rust, which enables us to be much more performant than other Electron-based apps you may have used. Additional details about the layers involved in our 1Password 8 apps can be found here:
https://dteare.medium.com/behind-the-scenes-of-1password-for-linux-d59b19143a23

One of the additional early concerns raised with Electron was that we might lose some of the tight integration with the OS that people have come to love and expect. We made sure that didn’t happen.

I'd suggest giving it a try. I think you'll be pleasantly surprised.

- Ben, 1Password

Ben, I have a quick question.

Seeing as there are standalone extensions for all browsers now, including Safari, what then is the purpose of having the desktop app? Previously, I used the desktop app that also gave the Safari integration, and then used browser extensions for other browsers.

 

[aajeevlin]

Text message or duo/microsoft authenticator - what is there to keep track of?

when you get a new device and such. text message 2fa is not recommdned.

But I'm not sure if you can backup say google authenicator or ms authenticator? If, I need that info on my computer, or if I lost/destroyed the phone.

with 1password you have access to that via your 1password (or any sort of password manager) on your pc/mac, sync and saved.

 

[usagora]

You do know that's a silly argument, right?

It's not about the cost relative to one's disposable income.

The objection I (and others) have with subscription software is that the consumer ends up paying for changes which we may not consider to be improvements worth buying. And sometimes the consumer ends up paying for the loss of a feature that's important to them.

For example - local vaults are important to some people. With v8 they're gone. If you're on subscription then you're screwed. Either keep paying for v7 without ever seeing any updates or suck it up and pay to lose a feature that's important to you.

Now if you do want to play the cost game, let's go back to when v7 was released in May 2018. $3/mo subscription or buy a license for $50. Let's also say you don't see any value in what they've done in v8.

1. If you'd bought a license, your out of pocket remains the $50 you paid three years ago and you're likely good another couple years.
2. With a subscription, you're already $117 out of pocket, and you keep on paying despite no returned value to you.

But hey, if you're gung ho on the v8 changes, go for it and enjoy the software. Just don't be so myopic as to be unable to understand why not everyone is on the subscription bandwagon.

No, it's not silly at all. I was replying to someone else who was indeed calling the actual cost "ridiculously expensive", and my argument is that's simply not true by any reasonable standard. YOU are making a completely different point here which IS reasonable, and then acting like what I said to someone else was a reply to you 🤦‍♂️

So, yes, I understand that based on specific things they personally want the software to do, $2.99/month may not be worth it to them because of the possibility an update might take away something they like, but that doesn't mean the cost in and of itself is "ridiculously expensive."

 

[Crazy Badger]

I owned 1password for years on Mac and PC. As soon as they moved to the expensive subscription model I bailed to Bitwarden. Couldn’t be happier. Gladly pay their premium fee since it’s reasonable ($10/yr), but their free tier is pretty darn robust. Bonus points: you can self-host.

I think I gave them a little longer and tried the subscription for 12 months, but I too made the jump to Bitwarden and have no regrets. I also love the fact it's open-source and I can host it myself, so it's all contained within my home micro-data center

 

[bwoodruff]

Ben, I have a quick question.

Seeing as there are standalone extensions for all browsers now, including Safari, what then is the purpose of having the desktop app? Previously, I used the desktop app that also gave the Safari integration, and then used browser extensions for other browsers.

I suppose the utility will vary based on how you use 1Password, but one example of how the desktop app may still be useful to you specifically is the Shared Lock State feature. With this, the desktop app is responsible for holding the secret keeping 1Password unlocked instead of the browser extension. This means you can quit and relaunch your browser, switch browsers, etc, and they'll all have/maintain the same lock state.

 

[filchermcurr]

when you get a new device and such. text message 2fa is not recommdned.

But I'm not sure if you can backup say google authenicator or ms authenticator? If, I need that info on my computer, or if I lost/destroyed the phone.

with 1password you have access to that via your 1password (or any sort of password manager) on your pc/mac, sync and saved.

Weird. Isn't the point of second factor authentication... having a second external factor? What's the benefit if the password and the second factor exist in the same place together? (Not being snarky, genuinely curious.)

 

[BigMcGuire]

Weird. Isn't the point of second factor authentication... having a second external factor? What's the benefit if the password and the second factor exist in the same place together? (Not being snarky, genuinely curious.)

There's that. But it's so dang convenient. My thought process: to get into my 1Password, I have to provide Touch ID or a password so it's not always activated (locks after some time) - even in the browser. So I am ok with 1Password being my 2FA key in that aspect.

Now 2FA for 1Password? I have that set to 2FAS Auth app for obvious reasons. lol.

 

[deeddawg]

This is a really interesting reply, thanks!

The psychology of sales and decision making in general are always useful to reflect on. Even the most careful and rational of us are capable of judging things incorrectly.

I have definitely been guilty of subscribing to services and then sort of forgetting about them, and I’m sure much money is made this way. I try to make time to carefully review everything I’m subscribed to several times a year, but I still forget the odd thing.

This is how many gyms make a ton of money. They're counting on people forgetting about the ongoing cost or (perhaps more often) the psychology of people continuing to intend to go back yet they never do. The latter gets reinforced by up-front intiation fees. "I'll go back in October when it's cooler so it'll be cheaper to just keep paying instead of quitting and re-joining..." then in January they go for two weeks and drop off again. Meanwhile the gym continues its monthly revenue stream.

On the other hand, however, I have on occasional bought expensive perpetual licences, only to find that after a while my needs change, or a don’t use it as much as I’d thought, or something better comes along. (I’ve done this with a couple of photo editors, for example). On those occasions, a monthly subscription that could be cancelled would have been preferable.

Yep. Always a risk that you do your due diligence during the trial period, pay for the software, and then end up finding it isn't as useful as you thought it would be.

Counterpoint to that is that some subscriptions (looking at you, Adobe) are pitched in terms monthly costs ... but then the fine print says you're signing up for a one year committment. Folks are far more likely to sign up for "just $10 a month!" instead of "cost is $120 per year"...

 

[CmdrLaForge]

They killed standalone licenses: https://1password.community/discussion/comment/601917/#Comment_601917

Such a stupid move.

After all those years I will have to say good bye to 1Password then. We had a good time. I guess I will simply use iCloud Keychain instead. Anyone with a good migration strategy?

 

[deeddawg]

No, it's not silly at all. I was replying to someone else who was indeed calling the actual cost "ridiculously expensive", and my argument is that's simply not true by any reasonable standard.

You broadened your response to include most folks here when you wrote:

99% of the people on this forum have FAR more than $3/month of non-necessary items (think fast food, etc.) they could cut out of their budget to pay for that

... and thus I responded with my post.

As to the individual you replied to, perhaps they did the math and realized that $3/month ends up being ~$120 given the ~40 month major version release schedule between v7 & v8 as compared to a $50 standalone upgrade cost.

Paying 2.4 times more for the same thing does kinda seem expensive, no?

Cheers.

 

[macintoshmac]

They purchased Dark Sky, not Carrot Weather.

Thank you! I knew there was something off about that statement, but could not put a finger on what. You helped it!