That's true. As I said above I don't keep my Apple, Google or bank passwords in a synced password app. Keep those in keepassXC, which is free, completely offline, and open source.
..and my emergency restore codes are printed and stored securely.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password Can Now Show You Codes and Logins Based on Your Location
- Thread starter MacRumors
- Start date
- Sort by reaction score
That's true. As I said above I don't keep my Apple, Google or bank passwords in a synced password app. Keep those in keepassXC, which is free, completely offline, and open source.
..and my emergency restore codes are printed and stored securely.
I dont trust modern Apple with MFA codes. Self-hosted Bitwarden on my private cloud for passwords/notes/etc. MFA app for codes- with all of those accounts backed up. I self host my photos on photoprism in my private cloud as well. I still use iCloud for email but have diversified so it's not my main account any longer
Isn't 1Password that password manager that leaked passwords?
Maybe you're thinking of LastPass?
It was LastPass 2x. 1 Password had someone inside of their Okta or something, but never collected any data.
1Password reports security incident after breach at Okta - ThreatDown by Malwarebytes
Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen.
www.threatdown.com
Having said that, I canceled my 1Pass earlier this year and migrated to Apple Passwords, took all of 10 minutes to do, there's a handful of stuff I don't like, however, it's free, vs the $40 I was paying with 1pass.
Nice thing is, I could never get the rest of the family to use 1Pass, so now we can easily share streaming/news logins/passwords in groups between all of our iOS devices.
Yea.
Ah! I never used 1Pass here, Bitwarden and before that Myki.It was LastPass 2x. 1 Password had someone inside of their Okta or something, but never collected any data.
1Password reports security incident after breach at Okta - ThreatDown by Malwarebytes
Password manager 1Password says it’s been affected by a breach at Okta, but it reports no user data has been stolen.
Having said that, I canceled my 1Pass earlier this year and migrated to Apple Passwords, took all of 10 minutes to do, there's a handful of stuff I don't like, however, it's free, vs the $40 I was paying with 1pass.
Nice thing is, I could never get the rest of the family to use 1Pass, so now we can easily share streaming/news logins/passwords in groups between all of our iOS devices.
Few years ago, 1Password has transitioned to the enterprise market. Features consumers value, such as native macOS client, reliable Safari extension, and iCloud syncing were sacrified to focus on features enterprise customers value.
Since then, I have transitioned to Apple's Passwords and Access apps.
Since then, I have transitioned to Apple's Passwords and Access apps.
Love 1Password, and the convenience and safety of it - with very frequent updates.
I am not so poor thankfully, that I can’t afford it and keep my passwords and other notes safe and synced on all my devices.
Integrity, is on top of my lists no matter in what context.
I am not so poor thankfully, that I can’t afford it and keep my passwords and other notes safe and synced on all my devices.
Integrity, is on top of my lists no matter in what context.
The question is whether it needs to be a cloud service. You can host password databases yourself, which is something 1P used to offer. I can see the convenience of having your passwords everywhere with a quasi-backup service in tandem. Perhaps that can be the paid portion while the main product remains free.
The fact that they did that means they don't care about non-enterprise users. I would expect they will prioritize accordingly
Yup … I use apple password manager for all my iApple devices … and everything outside that ecosystem, Bitwarden
Does anyone not use these apps and instead manually pick a password ?
Is it BS because they switched to the subscription model, or them becoming BS just coincided with switching to subscription?
I know this is an apple subjective forum, but I can't be bothered with apple passwords. It has less functionality, and while its very secure, it actually isn't as secure as 1password. Additionally, 1password being cross-platform is very beneficial.
You can self-host, it offers some compelling concepts for organizing as well as sharing- Apple is limited here and I don't expect passwords will get any better treatment than journal or clips. You can audit the code as well, which can't be said for 1Pass or Apple.
1Pass took a bunch of venture capital so there's pressure to grow but that may be at odds with user or security focus, will they do the right thing or chase the growth?
Bitwarden, notably, can be used via CLI. 1Pass regressed with regard to their autofill behavior as well.
So when they suffer the next breach, hackers will have location data tied to your login credentials so they know precisely where to go to to use them… what could go wrong?
They use some of the best security in the industry, and the data is not stored as open text anyway. So that's irrelevant.
Yes it was a cash grab. 1Password was redesigned specifically to require a subscription. We used to be able to pay for a major version once and sync to a directory, which could be dropbox or something else. We're talking about maybe a few MiB of data if someone has many logins. Easily stored just about anywhere. They even went back and nerfed the browser extensions to intentionally break compatibility with old versions. I used to recommend them to everyone but haven't in many years.
AES is not some top secret technology. And just because they encrypt your passwords doesn't mean they can't be compromised.
1Password's corporate priorities are highly suspect. I noted earlier in the thread they took a bunch of VC money and that has allowed/ shielded them to do all you've described. Individuals are not the users they want or court. In my estimation they tried to drop every single non-corporate user by being actively hostile in the moves they made but some folks stick by them because, Stockholm syndrome, which is sad. Outside of companies, no one should be using 1Password when so many options exist that respect their customers
Absolutely disagree. Getting users to pay full price for an app and then trying to change the format to subscription and get the same people to pay again is pure and utter greed. There is no other word for it. If it was subscription from the beginning I’d never download it as I can’t stand subscription apps. But it wasn’t, paid for apps should NOT be allowed to become subscription apps without having to release a new app. Same thing happened to me with WeatherPro. Paid €3.99 for full app. Changed to subscription model took away 90% of features I originally PAID FOR and I had to sign up to subscription to get them back. It should be illegal!
"They" don't encrypt anything. The user encrypts the vault with both the master password and secret key. Brute force cracking of the master password is a non-starter. The secret key is stored only on the user's device(s) and unknown to agilebits.
One can argue with the subscription model or the Electron app but it's really hard to fault 1Password on their security and privacy postures.