1Password Will Support Passkeys Starting in Early 2023

[Lioness~]

Yeah, I absolutely hated their turn to subscription model. It was fine when they had both subscription and one-time purchase models. Currently, I'm stuck at the version 7 level of 1Password because anything above that is subscription based. Not going there. At some point, my household will need to find a replacement.

How was the transition from 1Password to StrongBox? A while back, I started researching what password management system to move to from 1Password (hate their subscription option). That research has since stalled since I don't have an immediate need to look for an alternative...

I have been waiting, and still am, to decide what to do.
1Password is good, but as mostly everyone else, I don't like the subscription.
So I am just stalling that decision……and continue to use 7.9.6 as long as that is ok.

Nice thread of suggestions here, will save that 😁

 

[NMBob]

Password protected Numbers spreadsheet here. 👍

 

[Maclver]

How was the transition from 1Password to StrongBox? A while back, I started researching what password management system to move to from 1Password (hate their subscription option). That research has since stalled since I don't have an immediate need to look for an alternative...

It wasn't bad, I was able to import directly from 1P to Strongbox. and when I switced to SB, I actually went in an changed every password using their auto generate feature. But it was seamless to transition.

 

[AbSoluTc]

I've used 1Password for many many years on MBP, iPhone, iPad and do NOT have a monthly fee. Originally purchased on Apple App Store. I suppose Im grandfathered in on version 6.8.9

View attachment 2114463

You're not "grandfathered" anything. You're stuck on the final paid version. Subs get continual updates.

 

[FyrStrike]

I’ve used Dashlane for this feature for some time now. It’s a great feature, you go to the site and it automatically logs you in. You can also switch it on/off for specific sites, apps or services. I also subscribed, was so worth it, makes password life a hell of a lot more secure and easier. 😆

 

[nickbatz]

Apparently the techbros who created that site think that reading is a legacy artifact performed by people who wear their caps with the bill facing forward.

I'd be interested in the service, but I have no intention of sitting through an ***** video just to find out HOW MUCH IT COSTS.

 

[AbSoluTc]

Been with 1Password for many years now. While it's use is minimal to me now with Keychain, I still require it for cross platform/browser use. Also use it at work. I will agree that the past year, the browser plugins have been buggy as hell. Sometimes they work just fine, other times you have to jump through hoops to make them work.

Bitwarden looks cool but so does Strongbox. However strongbox is Apple only.

 

[munpip214]

I think the most important thing with passwords is that you are using something to save them and securing websites by having unique passwords (and userid if possible). I've converted most of my extended family to 1password because it works and it keeps them safe. It is easier for me to "support" just one tool and I don't mind paying the subscription for most of them because I am keeping them much safer. Before, everyone had just a few passwords that they used everywhere and had them written down on five different stickies, but still managed to forget them and have to reset every time they logged in...

 

[Roller]

Some people have such a visceral adverse response to subscriptions. Admittedly, there are good and bad examples, but IMO, 1Password is well worth it at $5/month for a family plan. Being able to seamlessly share passwords with my wife has saved me hours. We also use it to store items like bank accounts, driver licenses, and other stuff.

 

[Lioness~]

It have came up an offer to get 50% off in 3 years if I upgrade to 1Password membership/subscription to get the 8. Not that bad. Have been there awhile.
You other guys who are in considering-mode for 1Password have that too?

 

[dypeterc]

And passed thru this "programming framework":

https://www.wordnik.com/words/electron

For no reason other than to "keep our VC investors happy".

Happily have ditched 1password for going on a year now.

Same here. Was an early adopter since day 1 but their move to Electron and subscription left a sour taste. Not sure why I’d need a password manager to manage my password-less passkey. Going to iCloud Keychain has been awesome and actually is more efficient when you’re just in the Apple ecosystem

 

[canadianpj]

Another subscription fee. No, thanks.

Apple implementation is more than enough for me, and I'm sure it's gonna be seamless.

I prefer not to put all my eggs in one basket when it comes to stuff like this. 1Password is what I use and as for the subscription I don't expect a cloud service to run for free.

 

[canadianpj]

Same here. Was an early adopter since day 1 but their move to Electron and subscription left a sour taste. Not sure why I’d need a password manager to manage my password-less passkey. Going to iCloud Keychain has been awesome and actually is more efficient when you’re just in the Apple ecosystem

Do people hate electron for a reason or just because that's what geeks are supposed to do?

The new version looks fine, works fine, does 100% of what I need it to do. It would have been rather, or greatly, foolish of me to ditch it because it's using an unpopular framework?

 

[tolsen718]

I don't quite understand why passkeys would require a password management system. But then again, I also don't fully get passkeys beyond that they are using biometrics and a validated (verified?) device (e.g., your phone) to authenticate into a website, right? What's the use of a password management system in that case?

Because there's a private key to synchronize. Passkey is built on top of public-key crypto. See slide below.

 

[macsplusmacs]

Do people hate electron for a reason or just because that's what geeks are supposed to do?

The new version looks fine, works fine, does 100% of what I need it to do. It would have been rather, or greatly, foolish of me to ditch it because it's using an unpopular framework?

Research Electron apps.

Plenty of reasons to dislike

 

[0924487]

So what happens if the devices that hold the biometric authentication break or you lose access to them? Do you have to reset all the services/websites by email?

There is always a recovery code block that you should duplicate and keep in different safes.

 

[0924487]

Platform agnostic. People (and businesses) need to be able to access passwords/keys across multiple OS's and devices.

I'm 100% all Apple...

For work computers, I use SSO, which is saved in Chrome and authenticated via smartcard hardware.

 

[msackey]

I prefer not to put all my eggs in one basket when it comes to stuff like this. 1Password is what I use and as for the subscription I don't expect a cloud service to run for free.

Perhaps you did not know (or perhaps you do?), that 1Password did not begin with their own cloud service at all. For a long time, it allowed syncing using various 3rd party cloud services (e.g., dropbox or iCloud). Basically, you were syncing a file across platforms. Or, it even allowed wifi sync meaning the file would exist on your Mac and your various iDevices would sync using local Wifi.

They've since sunset those services after version 7. I believe 1Password version 8 is the latest version and does not support local wifi sync or sync with 3rd party services.

 

[msackey]

Because there's a private key to synchronize. Passkey is built on top of public-key crypto. See slide below.

View attachment 2114529

Thanks!

Looks like then that the biometric authentication on the local device produces some kind of passkey which is then used to verify with whatever site you're logging into. So, in some kind of sense, a pass is still generated, just not password in the way we think about it.

For some reason, and unrelated to this, I keep thinking: when are they going to advance email so that end-to-end encryption is the standard? It's 2022 and aren't we still basically using email system designed for the early internet years? I know we used to use POP and somewhere I think in the early 2000s we started migrating to IMAP. No advancement in digital security; still can't send things securely via normal email. Ugh.

 

[msackey]

Password protected Numbers spreadsheet here. 👍

I hope the Numbers spreadsheet is also encrypted when it's password protected, but I suspect it isn't? I mean, does Numbers also encrypt the spreadsheet when it's password protected?

 

[Sweet_Caroline]

So cool! I’m looking forward to this. I would like to see how Passkey will work with work logins.

 

[TriBruin]

Research Electron apps.

Plenty of reasons to dislike

Like? Have you used 1Password 8? What specific issues do you have with the Electron version? I use it all day every day and, honestly have forgotten that it is Electron app. While I can argue with the GUI is a little cartoony, I have never said, man I wish 1Password was faster.

Electron is a tool and just like any other tool, it can be implemented poorly. Yes there are plenty of Electron Apps that are poorly implemented (Teams, looking at you!). But others, like VS Code, work just as good as a native app.

 

[drumcat]

Moved on to Minimalist. They crippled their software to a 5MB file limit for lifetime license holders, and the only "fix" was to pay their monthly ransom.

Hell of a thing for those of us who paid a significant amount for a lifetime license. They can get stuffed.

 

[GreyHairedPinkGlassesGuy]

I too (usually) abhor subscription based software, but in this case I make an exception. And here's why...

If the software I'm using is security based then yes, I'm okay with a small, steady and reliable source of income for the developers. Since security (of any kind) is a moving target, I'd prefer a funded team working on the remediation of emerging threats in the security theater. Simply put, if tomorrow some new manner of compromise were to arise, I'd prefer the team that has my back to be able to find a remediation solution to said new manner of compromise whilst their paycheck "clears the bank". But I'm somewhat biased as I too am a developer and I'd rather prefer to be paid for my services. <grin>

1Password offers a meager monthly charge for its product and services. I am a 5 year customer and plan on staying with 1P for the immediate future. And, I'm thrilled they will be adopting FIDO's standards for Passkeys and integrating that into their product. It's nice to be platform agnostic for my password/digital vault requirements. I live in the Apple ecosystem but don't want to lock into their keychain passkey solution. 1P offers a wider range of platforms that support their product.

For the concerns about having your data stored in the cloud, you have to trust the math. Using a 2 key derivation method to formulate the keys needed to unlock your secrets, the data is secure at rest and in transit. Even a total compromise of their servers would only show encrypted data and password hashes derived from two keys (a unique random 128 bit value assigned when you create an account and your master password). To break this level of encryption using 2 keys would require more time and effort left in the presumed lifespan of the universe (i.e. Heat Death) [There is a white-paper where they describe how they protect their cloud-based data. Sorry I'm at a loss to find the link.]

I store EVERYTHING in my 1P vault. Insurance papers, Car registration, Tax documents and yes password credentials.

As a 40 year veteran of software development I sleep very comfortably at night knowing that my secrets are safe as long a I follow good opsec IRL and don't reveal either of the 2 key secrets.

My $0.02 on the matter. YMMV.

Peace,
GHPGG

 

[dacreativeguy]

Another subscription fee. No, thanks.

Apple implementation is more than enough for me, and I'm sure it's gonna be seamless.

1password 6 still works in Ventura, so I'm good, thanks!