It's good. You won't look back.
The beauty of open source is that not everyone has to read everything all of the time.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
1Password for Mac Updated With Apple Silicon Support
- Thread starter MacRumors
- Start date
- Sort by reaction score
I get that - it’s just I don’t know who contributed to the code that built it - I’m not saying it’s flawed currently, I’m just worried about risk. But I know that can exist everywhere.
I work as an applied cryptographer, `AES-GCM-256` isn't the "gold standard" of symmetric encryption.
When used properly with a per instance key, nonce tuple, its fine, but I would opt for XChaCha20-Poly1305 instead every time I reach for a stream cipher.
Their use of PBKDF2 instead of Argon2 as a password based key derivation mechanism is also questionable, lack of ASIC resistance etc.
Why do you think their choices are particularly good?
I can tell you I definitely wouldn't rely on 1Password.
There are other sub-optimal choices with regard to cryptographic primitives use by 1Password, like I said, it's fine (if you believe they implemented it all correctly), but it's not open-source.
Last edited:
I'm a long time user, but am finding 1P is becoming a bit annoying these days - their pop-up auto-complete boxes are often getting in the way, it often doesn't play nice with Keychain and for some reason it keeps asking me if I want to save new passwords that aren't new, they're already in 1P. I still find it useful for working between Mac and Windows, storing non-password related info and site that don't properly trigger Keychain, but Keychain now gives the better, more seamless experience in other circumstances IMHO.
A little disappointed to say I agree. I've regrettably turned off the Inline Menu option for Safari because it's too intrusive and because Keychain seems to be working better than ever. Still love 1P for its functionality and versatility, but this was a step backwards as far as I'm concerned.
No, I get that part, that the vaults are encrypted. It's just that since everyone knows 1password holds the vault I assume hacker will be more likely to attack it. I know that the chances of them cracking the encrypted vault is little to none, but its still a bit scary.
Sometime ago, communicated to 1PW support, I was experiencing memory release issue with v7.7. [After viewing saved docs within 1PW, Activity Monitor would report 1PW using 1GB + memory.] Albeit I've only been using v7.8 (on my iMac) for a short period, this issue appears to have been corrected. ...1PW continues great support and the app is a necessity on my iPhone 12 mini (& Watch 6 - opening 1PW), iPad Pro, iMac 27. I'm a subscriber and glad for it.
AgileBits today released a new version of popular password management app 1Password, with the updated Mac software now able to run natively on Apple's M1 Macs.
Version 7.8 of the 1Password app adds native support for Apple silicon, which is something AgileBits has been working on since Apple first debuted its newest machines. M1 support has previously been available in the beta version of 1Password.According to the release notes for the 7.8 update, the new software also includes multiple bug fixes and performance optimizations.
1Password 7.8 can be downloaded from the 1Password website at the current time, but it is not yet available in the Mac App Store.
Article Link: 1Password for Mac Updated With Apple Silicon Support
Our whole family switched to 1Password from Keychain. I continue to be amazed how much better 1Password is. One of the few apps I support a subscription model for.
Yeah, Logmein strikes again. I used LastPass forever. Dumped it over their new policy and went with Bitwarden. Bitwarden seems to work just fine and the transition was very easy. Just download a .csv from LastPass and import to Bitwarden. I'm baffled by Logmein's thought process. They would have been better off just limiting the number of devices of any stripe for the free program, rather than something as ridiculously silly as making it PC or Mobile. But Logmein has done silly stuff like this before. It's amazing they are still around, chasing away their customers as they do when open source is available these days...Since lastpass will soon require a subscription if you want to use on both mobile and desktop, I'll have to check this out
Or, maybe I'll just go with bitwarden:
Best LastPass Alternative in 2025
There are plenty of alternatives to LastPass, but one stands out. Manage your passwords for free with Bitwarden, the best LastPass alternative.www.cnet.com
Mac users can still buy a single license for the 1Password standalone application for a one-time fee of $64.99. To purchase this version, you have to download 1Password 7 from the AgileBits website, then click "Need a license? We have those too" when prompted after opening the app for the first time.
I could be wrong, but I don't think Keychain supports password generation -- which is a critical component of the others, especially with today's security vulnerabilities and having so many website logins to manage.
Any software that deals with security in this day and age can't possibly be a one-time fee. There have to be engineers that work on patches and updates, learn and build new tools, and assess and detect new risks. Hackers who create viruses, malware and ransomware don't rest, why do you expect your computer to be secure but only pay a one-time fee?
People are funny. They expect to get paid for their work but want other people's fruit of labour for free. If you can't shell out $3 per month for a password manager, you probably don't even care that much about your passwords to be needing a password manager in the first place. Most people have no idea how much goes into ensuring the security of a database, especially one that stores highly sensitive information. 
You are wrong. Browsers and apps that support Keychain functionality will offer randomly generated strong passwords which are subsequently stored in Keychain. If properly implemented, where an app and website share the same login credentials, Keychain can be made aware of this. This means that you can easily flip between app and website using the same credential, all securely managed by Keychain.
I don't believe 1Password can do that but, Strongbox can.
Support - Strongbox
Helpdesk Read our how-to guides or contact our support team. Contact Us Please search the help articles first, as this will likely allow you resolve your issue much more quickly. The following articles address common problems: My Database Isn’t Syncing I Can’t Unlock My Database Strongbox...strongboxsafe.com
Strongbox looks decent, however their lack of support for other than Safari browser plug ins and no windows support is a non starter for me.
This is why I’m more than happy to pay for the sub. My Muggle family needs 1P and they need me to be able to access their data if/when needed. We split the cost three ways. But even if it were just me I’d still pay. It’s more than worth it.
A one-time fee doesn't mean no updates. Strongbox is updated regularly. I am suppporting the developer. I paid what was asked. Why do you see that as a bad thing? Strongbox currently has over 100,000 users. They also offer a business option.
I can understand that. Have you emailed the developer about offering other browser support? I have found him to be very responsive.
As to Windows, that doesn't enter into my usage pattern.
It's not a matter of not being able to afford $3 a month, it's more so a matter of looking at the yearly subscription total being over $500 a year, and realizing that in some areas, I can reduce that total and still use quality software and support the developer at the same time.People are funny. They expect to get paid for their work but want other people's fruit of labour for free. If you can't shell out $3 per month for a password manager, you probably don't even care that much about your passwords to be needing a password manager in the first place. Most people have no idea how much goes into ensuring the security of a database, especially one that stores highly sensitive information.
Jut because a person stops using 1Password, that doesn't necessarily mean said person is cheap and doesn't believe in paying a developer for his or her work. There are other options besides 1Password that work very well.