1Password Can Now Show You Codes and Logins Based on Your Location

[Enlightened Doggo]

"They" don't encrypt anything. The user encrypts the vault with both the master password and secret key. Brute force cracking of the master password is a non-starter. The secret key is stored only on the user's device(s) and unknown to agilebits.

One can argue with the subscription model or the Electron app but it's really hard to fault 1Password on their security and privacy postures.

That's the obvious way to handle single-owner secrets. Any company can be forced to hook up uncle Sam to the data firehose via a FISA court order though. How close of attention are customers really paying? I can't speak for others here, but I'm old enough to remember why Snowden is on permanent vacation in Siberia. Maybe they are good as far as corporate standards go, but they are still a corporation, which makes them weak to the law. If you care about security on the level where you have opinions on specific encryptions schemes, then open source is the way to go IMO.

 

[4look4rd]

I loved it before and paid for a license. But I feel they became to greedy with the subscription. Im fine paying once, but not monthly. The only software I really can't replace is Adobes suit and Office.

Then use an offline password manager and store your own data.

 

[montuori]

Is it better than Passwords?

That really depends on what you mean by "better." 1Password is more flexible (I store notes and attachments) and offers more features (the SSH key agent is slick). I would argue that different passwords for your login and vault unlock is a solid security choice and one that Passwords does not offer. There's also the cross platform compatibility angle to consider if that's important to you or the people you might be sharing credentials with. 1P also gets a nod for the flexibility of their password generator; Apple is way behind the curve here.

On the other hand, 1P is not as tightly integrated with Apple's various OSs and requires some amount of setup. And, of course, it's not free.

A quick search doesn't reveal technical details of the security implementation, so it's hard to make any judgements there. Presumably Apple did their homework but we're taking that on faith. I like that 1P is transparent about their implementation and provides audit reports on their website.

As you say, "best" is subjective. The password manager you actually use is better than the one you don't no matter what the feature set.

And by adding location I'd be just a bit more concerned.

I don't see that 1P has anything to gain (but a lot to lose) by falsely claiming that location processing is done on device. Their business model is providing security not tracking your movements. Locations are stored with the item in the vault so all that's as safe as the passwords being stored.

 

[Chungry]

I don’t care about venture capital, and you haven’t really explained what are these compelling concepts that make Bitwarden supposedly more, um, compelling. Also, how exactly is Bitwarden better at autofilling?

I have no idea how good or bad Bitwarden is, but considering it has a free tier, I would say that’s the actual reason you claim it’s better. As for 1Password, it’s a well designed, reliable app. I like its interface, its quick search bar that you can bring up with a keyboard shortcut, its autofill works great, and the feature set is really good.

There's plenty of comparisons so there's an offering for everyone. I do pay for Bitwarden to support the development since it's OSS

 

[Chungry]

AgileBits saw the writing on the wall that told them consumers were not the future, but enterprise. Like firewalls, antivirus, etc. they knew password managers would soon be integrated in to the operating system.

Pretty much. They don't care about consumers, it's just something they do, the money is in the enterprise offering as you point out. Would not be surprised if they drop the consumer side in the future

 

[Chungry]

That's the obvious way to handle single-owner secrets. Any company can be forced to hook up uncle Sam to the data firehose via a FISA court order though. How close of attention are customers really paying? I can't speak for others here, but I'm old enough to remember why Snowden is on permanent vacation in Siberia. Maybe they are good as far as corporate standards go, but they are still a corporation, which makes them weak to the law. If you care about security on the level where you have opinions on specific encryptions schemes, then open source is the way to go IMO.

Powerful stuff right here, well said

 

[apples_arrogance]

Sharing location data with a venture capital driven company - what could possibly go wrong?

Glad KeePassXC exists. It certainly is not on par UI wise, but it gets the job done, has support for Passkeys, works very reliably, allows syncing via my own means if wanted and the absence of dark patterns and them not trying to sell me anything is very refreshing. Since I am thankful for the software I donated.

 

[bsmr]

Glad KeePassXC exists

Do you use KeePassXC on macOS, or strongboxsafe using keepass databases?

 

[Ad47uk]

Bitwarden is much better if you want a third party password manager.

That is what I use, as I can use it on the different platforms I use, Linux, Windows, Mac and Android.

 

[Big_D]

Bitwarden is much better if you want a third party password manager.

It is swings and roundabouts, both are very good. I've used both and the integration and ease of use was better with 1Password, for me.

We rolled it out at work, the people who evaluated it included BitWarden users, they had no problems with it, saying it was better in some ways, worse in others...

The real advantage of BitWarden is the ability to self-host it, and if you are really paranoid, to look at the source code and compile it yourself.

 

[Big_D]

Not interested in this product still with keychain and it works just fine

It depends on what you need. If you are purely in the Apple ecosystem, Keychain/Apple Passwords is perfectly fine and a free and secure way to keep yourself safe. Likewise, if everyone you need to share passwords with is Apple based, that can work well as well.

I use Mac, iOS, iPadOS, so far, so good, plus Windows, Linux and Android. You can sort-of get it working on most of those, with some hoop jumping.

I have the 1Password family account, which works very nicely and we can share passwords for common accounts and services. We also use it at work, where 90% of the users are Windows and Android.

 

[So@So@So]

Safe+ supports geofencing for years and has also shows items nearby (like an atm) optionally in a widget.

 

[cyanite]

Ye I’m not trusting 1Password with my location constantly

While using would be plenty. Almost no app benifits from always access, which is why it's burried deep in privacy settings.

 

[Fatboy71]

I still have to move some passwords from 1Password to Apple Passwords, but I’m pretty close to getting rid of 1Password.

I done the same a few weeks ago. I know when my yearly subscription for 1Password is due at the beginning of July, that I won't be renewing it. For me personally, I see little point in paying a subscription when I get most of the functionality for free from Apple Passwords app that I do from 1Password.

I also find that Apple Passwords is a more seamless login process when compared to 1Password.
The only two things I missed initially from 1Password was the ability to be able to store Secure Notes and credit card information. But I done a bit of a workaround by copying all my Secure Notes into Apple Passwords and named them Secure Note and then the name of the note so that I could find them altogether in the app. I also done the same with my credit cards by naming the entry Credit Card and then the name of the credit card it was. Maybe not as polished or as many bells and whistles as 1Password, but its not much of a miss as I don't need access to Secure Notes or my credit card details every day.

 

[wanha]

Notes.app has encrypted notes.

Yes, but it's stupid to have to divide up your sensitive information between two apps rather than being able to have them in one

 

[wanha]

I see lots of people here saying it's a bad idea to trust a company with your location information.

I agree, but do we actually know how this is implemented?

In other words, are the locations stored on device and encrypted, or are they stored on 1password's servers?

Seems like quite a crucial difference between the two.

 

[Jay-Jacob]

I wouldn't give 1Password my location if I still use them (I haven't since they moved to subscription). I now use Bitwarden and Enpass (lifetime license). Both don't "look" as good as 1Password but they both work perfectly fine for me. I went Bitwarden first since I wanted to wait for Enpass lifetime license on discount (Black Friday). I really like Enpass wifi sync, nice and easy to update each devices. For some reason it just doesn't work on windows (for my Dad so he need use cloud sync instead). It works flawlessly on Apple devices.

 

[skiguy45]

In what way is it better?

* Open Source so the world can Security Audit.
* Free or 1/3 the price if you pay
* Autolock immediately
* UI is less bloated

 

[WarmWinterHat]

Is it better than Passwords? I loved it until they did subscription. And by adding location I'd be just a bit more concerned. And of course the "best" is an opinion.

It's better in the sense that it has a separate password from your iPhone lock screen password. That's the single reason I won't keep my most important passwords in the passwords app.

It's also fully cross-platform, including ChromeOS and linux.

 

[Chungry]

It's better in the sense that it has a separate password from your iPhone lock screen password. That's the single reason I won't keep my most important passwords in the passwords app.

It's also fully cross-platform, including ChromeOS and linux.

This is a crucial best practice

 

[TwoBytes]

The second you can attach things such as images of Id cards etc to the Apple passwords app, i'm out of 1password!

 

[parameter]

Apple passwords does have a notes field last I checked... maybe take another look!

I think the original post was asking for an actual main Notes storage type, like a login, etc. Not just to add notes onto a Login.
1P has a lot of other types of data that it can store, including attachments and more.

I used to love 1P. But when version 8 came out, built with Electron (not known for being secure for one thing, let alone a monstrosity of programming in general), that was it for me. I canceled and am using other solutions.

I would like to use Apple's Passwords app, but just like this reply is about, it is missing some (very) easy-to-add, but crucial features depending on what you need to store. I guess some of us just need or want to store more than mainly logins.

So those features in 1Password are very good and have been built out. As well as custom fields, much better OTP handling and so on. And again, I personally hate 1Password as a company. Some other company needs to just duplicate their version 7 and dominate the market, it would most likely easily work if done especially for the consumer market, with the focus staying there, like 1P used to.

 

[VertPin]

I know this is an apple subjective forum, but I can't be bothered with apple passwords. It has less functionality, and while its very secure, it actually isn't as secure as 1password. Additionally, 1password being cross-platform is very beneficial.

@fahlman genuinely curious why you disagree with the post I made. Why do you think apple passwords is more secure than 1password?

 

[aevan]

* Open Source so the world can Security Audit.
* Free or 1/3 the price if you pay
* Autolock immediately
* UI is less bloated

You can set 1Password to autolock immediately. And UI is very simple and clear (granted not sure how Bitwarden works, but I can’t imagine the UI being more simple). For the open source, no idea how important that is, but I’m pretty sure 1Password is safe enough for my needs.

The price thing I get. But I find 1Password prices reasonable.

 

[bsmr]

You can set 1Password to autolock immediately.

But not on iOS.