Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
That can be done with local databases too. For example, Keepass apps support key files in addition to the password, and some even authentication via Yubikey (challenge/response protocol).

Absolutely, I was commenting on people using 1P7 local vaults versus concerns about 1P cloud vaults.

If you do things like Yubikey, which 99% of people will not, then the other risks I raised around local storage on a general computing device become less of an issue too.
 
I'm confused, what does this extension do that I can't already do? I've been able to fill passwords for quite some time.

The system-wide autofill on iOS already works pretty well. Why use this over that?

1Password saves more than just passwords.

You can store pretty much anything. I keep my virtual cards saved in mine (like my virtual Apple Card) for quick and easy autofill. It can save other stuff to like product and licensing keys, and much more. It also is much faster to instantly create or save a new login, as you can type in your username and password into the login field, tap one button, and now it's saved in your vault.

There's benefits to using autofill password (for example, it'll work in third party apps), but there are advantages to using the extension (autofilling more than passwords, easier to save things to your vault). I have both enabled.
 
Does the macOS Safari extension get to see the webpage contents also?

The warning during the iOS Safari extension is jarring.
 
The iOS extension specifically does NOT work with local vaults. Thus, you must have a subscription AND store all your passwords on 1P’s servers. Thus, subscriptions + non-local vaults are nearly inseparable at this point.

Yes, 1Password subscription for the last 2 years. Like Lastpass, Bitwarden, iCloud Keychain all stores your private data on secure cloud servers.
 
  • Like
Reactions: Mr. Heckles
AgileBits' forced transition to subscriptions, their removal of the standalone vault from 1Password, their transition from native Mac to Electron, plus their glib defenses of these steps on social media, is appalling business behavior. Who removes features from a subscription service?

I purchased a gift card from them that had more than 2 years' worth of subscription balance. I've just now canceled my subscription with more than 1 year balance left over. Their move to cloud-only storage is less secure, period. I guess I'll be moving to KeePassXC and friends, or self-hosted (LAN-only, on-demand) Bitwarden.
 
Does the macOS Safari extension get to see the webpage contents also?
Yes of course.

Another issue with the new extension:
There is no TouchID / FaceID to authenticate during usage. Only a setting "required authentication after" 15 (or other minutes) or manually lock the device.

So if someone (kids, wife, friends you hand the device over for a short time) or even nows your device PIN they can access my vaults without any protection!

This even works after the device was locked as the new extension does not know If a device has been locked or not.

And I don't want to manually lock the extension all the time!

I will stay with the old version!
 
  • Wow
Reactions: nerdherdster
*warning* 7.8 is a subscription only app. If you use a standalone vault on icloud or dropbox you lose that functionality after updating to 7.8. FYI they didn't include a warning in the update log.

This is not accurate.

You don’t lose functionality when upgrading to 7.8 if you use an iCloud synched vault. It continues to work as normal without a subscription. You don’t get to use the new Safari extension, but you can password fill using the same method you did under iOS 14.
 
They just screwed thousands of users by removing the standalone feature in version 7.8 without warning. Glad I didn't hit the update button.

I did hit that update button.. my saving grace is that because my kids are still using the 6s, I'm using iTunes 12.6.5.3 (the last version with the App Store), so I was able to pull the old version out of the trash and restore it.

Can't do it. I'm happy to support them by buying a release every couple of years. But I rarely do subscriptions. I'm still on version 6 and it does all I need. Soon, iOS will natively do all I need. They could have gotten a good deal of $$ out of me if they had stayed away from subscriptions. That being said, I'm sure they have made plenty :)

I'm still on 6 as well.. my problem is that I'm on a 10 year old Mac, and while it's still solid (hasn't had a single bit of repair/service), I can't go any further on MacOS than Sierra (High Sierra crashes horribly on it), and since this year is the last year of Intel CPUs, I'll be going Silicon. Normally that wouldn't be a problem, but since 1Password 7 is available, but the ability to purchase standalone licenses is NOT available, I'm stuck for as long as Rosetta works when I get a new Mac.


Absolutely, I was commenting on people using 1P7 local vaults versus concerns about 1P cloud vaults.

If you do things like Yubikey, which 99% of people will not, then the other risks I raised around local storage on a general computing device become less of an issue too.

The one thing that people seem to forget about cloud vaults or having a 3rd party manage your vault is the legal liability aspect of it. People don't tend to realize that while they are given the feature of convenience by having your data available everywhere because of the cloud, the takeaway from that is that for the data you have in the cloud, you may not legally own it.

Now, speaking for the US here: if the authorities were hypothetically investigating you (generic) for any reason, if they needed something from you that is in your possession, they would require a warrant for them to obtain that information from you, n'est-ce pas?

Well, not so if that data belonging to you is in the hands of a 3rd party. Since they aren't directly involved with that investigation, a simple subpoena could be used to have that 3rd party hand over your data. That's a problem. And yes, while everyone can say "well, they don't have a way to get into my vault because they'd need my password!", the problem is that they have physical access to your vault: as in, they have their physical hands on it. It would be in their possession. All of this was brought to light by an investigation NPR did regarding a person's data, their digital trail, and their 4th Amendment Constitutional right:


If people are okay wth the potential of that happening, and not being secure in having their own data - and passwords to your sensitive data at that - then more power to them. However, when it comes to sensitive information like this, let alone any other sensitive info one may store in 1Password (I store my family's Social Security Numbers, Passports, Birth Certificates, etc.), I would not want to give up the security and being secure in that data (meaning, only I have physical possession of that data) for the sake of convenience.

BL.
 
  • Like
Reactions: canadianreader
This is not accurate.

You don’t lose functionality when upgrading to 7.8 if you use an iCloud synched vault. It continues to work as normal without a subscription. You don’t get to use the new Safari extension, but you can password fill using the same method you did under iOS 14.

So help me to understand this.

I use 1Password 6 on my Mac, and I'm at 1Password 7.7.8 on my iPhone and iPad. If I update to 7.8 on my iPhone and iPad, I should still be able to sync my data to the vault that is on my Mac? I do no synching to iCloud or any other cloud service.

BL.
 
Why on earth there isn’t immediate lock down for the extension? The default duration is one day which is just crazy. The minimum length is 15 minutes. After set period of time the extensions locks and allows you to use Touch ID to unlock it.
 
Last edited:
Do you think your computer is immune to security risks as your browse the web, open emails, attachments, documents and files? I would suggest the vault stored on your computer is at more risk stored on a computer used for general computing, than one stored in the cloud for one purpose only.

The 1Password cloud vault is also protected with FAR better encryption than the local vault you are using.
Of course my computer is not immune. The difference is two fold. One, I am in complete control of my data. If I want to be super paranoid and have my 1P vault stored on a computer that is always disconnected from the internet I can. Or I could run it in a fully isolated VM. Two, and this cannot be overstated, my computer has an infinitesimally smaller attack surface than 1Password's servers have.

The bottom line is this - by forcing its user to store their password vault on a cloud server, AgileBits is decreasing the security for its users. Full stop, end of story.
 
My pay-once option works perfectly for me. No subscription, no hassle. 1Password user for several years now.

Which version? I mean, I've been on a standalone license, going back to 1Password 3. The problem I'm going to have is the move to Apple Silicon. when I do, I'll lose 1Password 6; yes, I know I can use Rosetta 2 to keep using it, but at some point, that is going to end, so it will be either 1Password 8, or nothing at all (you can't buy standalone licenses for 1Password 7 anymore).

BL.
 
AgileBits' forced transition to subscriptions, their removal of the standalone vault from 1Password, their transition from native Mac to Electron, plus their glib defenses of these steps on social media, is appalling business behavior. Who removes features from a subscription service?

I purchased a gift card from them that had more than 2 years' worth of subscription balance. I've just now canceled my subscription with more than 1 year balance left over. Their move to cloud-only storage is less secure, period. I guess I'll be moving to KeePassXC and friends, or self-hosted (LAN-only, on-demand) Bitwarden.
I highly suggest checking out Minimalist Password manager - https://minimalistpassword.com.

The vault is local, with the option of syncing via iCloud. Plus, there is an option for a subscription, $20/year, or you can purchase it outright for $60. It's definitely lacking in some features at the moment (at least when compared to 1Password), but they have a good road map (https://minimalistpassword.com/news/road-map) and a very responsive dev team (every time I've emailed them with a suggestion or question, I've gotten a response within a couple of hours). I've imported all of my 1Password items into Minimalist, and while I need to spend more time really combing through everything, the import looks good so far.
 
This is not accurate.

You don’t lose functionality when upgrading to 7.8 if you use an iCloud synched vault. It continues to work as normal without a subscription. You don’t get to use the new Safari extension, but you can password fill using the same method you did under iOS 14.
Not entirely true, 7.8 removes the 1Password share sheet. Not a huge deal, but if you're using local vaults, you're still losing a feature while gaining none.
 
Last edited:
Of course my computer is not immune. The difference is two fold. One, I am in complete control of my data. If I want to be super paranoid and have my 1P vault stored on a computer that is always disconnected from the internet I can. Or I could run it in a fully isolated VM. Two, and this cannot be overstated, my computer has an infinitesimally smaller attack surface than 1Password's servers have.

The bottom line is this - by forcing its user to store their password vault on a cloud server, AgileBits is decreasing the security for its users. Full stop, end of story.

The bottom line is this - 1Password has never been hacked. Users computers are being hacked, tracked and exploited every single day. Full stop, end of story.
 
The bottom line is this - 1Password has never been hacked. Users computers are being hacked, tracked and exploited every single day. Full stop, end of story.
*sigh* That's great that they've never been hacked, but they still have a massive attack surface and I'm sure there are hackers actively trying to breach their security. Bottom line, MY computer has never been hacked, and for me that's all that matters. Getting rid of user choice is NEVER a good option.
 
Last edited:
  • Like
Reactions: Alwis
So help me to understand this.

I use 1Password 6 on my Mac, and I'm at 1Password 7.7.8 on my iPhone and iPad. If I update to 7.8 on my iPhone and iPad, I should still be able to sync my data to the vault that is on my Mac? I do no synching to iCloud or any other cloud service.

BL.
That I don't know because I sync via iCloud. See if anybody else chimes in.
 
Not entirely true, 7.8 removes the 1Password share sheet. Not a huge deal, but if you're using local vaults, you're still losing a feature while gaining none.
I don't recall ever using the 1P share sheet. What do you use it for?
 
*sigh* That's great that they've never been hacked, but they still have a massive attack surface and I'm sure there hackers actively trying to breach their security. Bottom line, MY computer has never been hacked, and for me that's all that matters. Getting rid of user choice is NEVER a good option.

I do understand your concerns. I shared very similar thinking on this in the past. I'm comfortable with what 1Password are doing now, and I believe any risks are absolutely minuscule (even if a hacker got to all our cloud hosted vaults, retrieved copies of them, it would take so long to decrypt even one account that the data would be rendered useless).

That being said, I can appreciate why you and others think a local vault option should always be there. I believe AgileBits have even said they are looking into possibly offering local vaults eventually with 1Password 8.
 
  • Like
Reactions: nerdherdster
So help me to understand this.

I use 1Password 6 on my Mac, and I'm at 1Password 7.7.8 on my iPhone and iPad. If I update to 7.8 on my iPhone and iPad, I should still be able to sync my data to the vault that is on my Mac? I do no synching to iCloud or any other cloud service.

BL.
Are you talking about WLAN server sync? If so, that is still available in 7.8.
 
I do understand your concerns. I shared very similar thinking on this in the past. I'm comfortable with what 1Password are doing now, and I believe any risks are absolutely minuscule (even if a hacker got to all our cloud hosted vaults, retrieved copies of them, it would take so long to decrypt even one account that the data would be rendered useless).

That being said, I can appreciate why you and others think a local vault option should always be there. I believe AgileBits have even said they are looking into possibly offering local vaults eventually with 1Password 8.
The potential local vault option for 1Password 8 essentially requires you to run a full blown instance of 1Password.com on a dedicated computer. That adds an incredible amount of complication for the average user that doesn't want to store their password in 1P's cloud. Plus, there is no guarantee the team at Agile Bits will actually do this. At this point, and it pains me to say this, I don't trust a damn word that comes out of their mouth (or more accurately out of their fingers).
 
  • Like
Reactions: Alwis and seek3r
I don't recall ever using the 1P share sheet. What do you use it for?
Honestly, I rarely used it. It was good for sharing a password with another app - like Notes or Mail or something. The share sheet removal really isn't a big deal, but its removal is greatly compounded by Agile Bits more recent user-hostile decisions.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.