1Password 7.9 Adds Secure Password Sharing

Originally published at: 1Password 7.9  Adds Secure Password Sharing - TidBITS

It’s a terrible idea to share passwords with colleagues in email, and the solution for years has been sites like One-Time Secret and 1ty.me that embed a password in a link that can be viewed only once. 1Password has finally gotten into the game, letting users securely share passwords from within the app.

1 Like

I share passwords with my family via shared vaults with 1Password. We all have our private vaults. However, I have a shared one with my wife and another shared one with my entire family.

For instance if I have a password from something that’s definitely not Netflix I want to share with my family, I can move it to my family shared vault.

(Sharing my Netflix password would be unthinkable)

1 Like

Speaking of 1PW…is anybody running the beta version of v8…and if so are they getting close to release…and have they added local backup and restore? I can live with the subscription and the non native macOS client…although perhaps running the iPadOS client which is native iOS on an M1 Mac is a better idea. However…I can’t live with no ability for local backup and restore. I know that the app keeps a local copy but it’s in SQLLite I believe…and unless you’re a database wiener or there’s an easy way to export and import your data there that’s not really a local backup and restore even though a full backup would have the database in it somewhere.

Love the idea. When I updated my standalone 1Password Mac client to 7.9, the What’s New screen popped up with the information about “psst”, but no actual functionality. And as usual, the blog entry about the feature on AgileBits presumes everyone is using the subscription version of 1Password. Any clues on whether this is a subscription-only feature?

I don’t know for sure, but it would make sense that password sharing would be a subscription-only feature because it requires a server-side component. With the subscription and 1Password.com, that’s built in in a secure fashion.

Obviously, AgileBits could make it work with the standalone version, but it seems clear that they have no interest in moving that version forward.

2 Likes

1Password says that sharing a copy requires a 1Password account. See Securely share 1Password items with anyone under the section “Get Help”.

2 Likes

I don’t think that’s correct, at least for me. I just followed the instructions on the webpage you referenced and I was able to share a password using version 7.9 on an iPad which is still using a Dropbox vault. I have no 1Password account as of yet.

1 Like

Well, cool—thanks for testing!

I’ll try it there. Cool!

Mmmm, might have to disagree. The page referenced (discussing share a link) does indicate an account is required. I also have the paid apps (no subscription account) and use Dropbox. My share button on MacOS and iOS does allow sharing via email, message, etc. but NOT the secure link sharing that was added in 7.9. I’d love to be proved wrong. :slight_smile:

I have the standalone version. I was presented with the splash screen announcing the new feature also when I updated, but I cannot access the functionality either.

Standalone licenses will be history when 1Password 8 drops. We can use v.7 until it is no longer compatible because of OS updates, web browser changes, etc. 1Password is going to offer a 50% discount for 3 years for standalone users who migrate to the subscription model and upgrade to v. 8.

I haven’t decided whether to move to another password manager or migrate and switch later. The options for transferring my 1Password data is part of the equation. I plan on reviewing other password managers before I make a choice.

I’ve been unhappy with the quality of 1Password customer support for years. They have even managed to mishandle things regarding the coming v. 8 upgrade.
So I’m not inclined to continue with them if I can find an alternative that actually cares about their customers, even if it turns out to use a subscription licensing model.

Forgive me for asking what may be an obvious question. What is the primary purpose for 1Password (and other password managers like LastPass)?

Years ago, there was a definite need for a password manager, since the built-in password management in browsers were completely unsecured and may not even sync across devices.

Today, however, browsers have what I think are pretty good built-in password management. Apple provides one via Safari. Firefox includes Lockwise. Both of these securely store passwords (in an encrypted database), offer password protection, and provide cloud-based synchronization with other instances of the same browser that logs into their respective cloud services).

I assume Chrome/Edge have this feature as well, but I haven’t looked close enough to be sure about that.

It seems to me that the big advantage of these third-party password managers is that they are cross-browser. Apple’s solution (Keychain in iCloud) only works with Safari browsers (across a variety of platforms) and the Firefox solution only works with Firefox browsers (on all supported platforms). So you will want a third-party solution if you use different browsers on different platforms or use multiple browsers on a single platform, but are there any other advantages to these packages?

if you primarily use only a single browser (whether on one or multiple devices), is there an advantage to using a third-party password manager over what your browser provides?

If all I used 1P for was a few passwords, I’d probably switch to Apple’s solution.

But I’ve found 1P awesome for storing tons of other information: credit cards,
digital copy of my passport, insurance info, things like the license plates of vehicles and VIN numbers, serial numbers of software, bank safety deposit info, door codes, etc. I put in there anything I want secure and synced. I even have a document in there with instructions for my heirs if I should die (to link to the digital legacy thread) which basically tells them what is in my 1P and how to use it.

It’s really handy having all this info sync between all devices and be available at any time (i.e. while traveling or away from home). It’s saved my bacon and helped save me hassle numerous times (i.e. you’re at motel and they want the license plate of your car – I don’t have to run out to the parking lot to see it) and now I wouldn’t do without 1P’s secure notes and storage of other data.

I have also used it for temporary data: like a friend wanted me to buy something for him on his credit card, so I saved all the details in my 1P so it’s secure but handy. Or another person gave me the unlock code for their garage when I visit – saved in 1P. I put other people’s Wifi or other passwords in there, too. (Example: I helped an elderly relative set up and iPad and accounts and kept copies of her passwords in my 1P. When she died, it was really helpful as I had all her details.) Using 1P is much more secure than putting that stuff in Apple Notes, for example.

Also, while I don’t regularly use other computers, occasionally it happens and it is handy to have a license if I need to use a Windows machine or Chromebook.

In short, if your needs are basic, the built-in solutions are sufficient, but if you want to do more, you need a real password manager.

1 Like

I also use 1Password to store various kinds of data besides website logins.

But password managers also tend to me much more convenient particularly if you use them a lot like I do.

I wish that I could say that since password managers are “one trick ponies” that they are inherently more secure than web browsers and Apple’s iCloud keychain. But I can’t because some of them have been found to have security issues that could be exploited and those issues are public knowledge:

Now that article is from 2019 and 1Password may have addressed its issues by now. . . I have not done any further research since I read that article. But one of the things I will be doing is comparing the current security of various options while I am deciding what to do when 1Password 8 is introduced.

The new Apple OS Monterey features improved password manager functionality. So it may be a viable option for more people going forward. I’ve only read a summary of its new features and nothing about its security, so I can’t say any more about it right now.

But if a person is happy with the functionality and security of other options or you have cobbled together a system that meets your needs, more power to you. Especially now that more password managers are going with the subscription model and, particularly in the case of 1Password, it ain’t cheap. I’ve saved a fair amount of money sticking with a standalone license. But if I am going to be paying an annual subscription fee, any password manager I wind up using better have more going for it than the convenience factor i.e it better have excellent security to protect all of the sensitive data I have stored in its database.

I have used Apple’s password management at times, but mainly use 1P as I find it’s interface for actual password management, review, culling, etc to be much more intuitive than what Apple provides, which seems to be just a long list.

AgileBits has a page of security assessments, which includes a new assessment by ISE from June 2020.

https://support.1password.com/security-assessments/

1 Like

I started using 1Password back at version 2, and the cross-browser support was the killer feature for me. For a friend, the killer feature was not having to enter credit card info by hand every time she bought stuff online.

Since those early years, like Marc, I’ve come to store a bunch of other information, like software licenses, driver’s licenses, and social security cards, in 1Password. Plus the shared vaults makes it easier for me when I need to occasionally help my mother or my friend. I don’t think you can do that easily with the password management feature of the various browsers.

1 Like

Safari can save and enter credit card info. Enter the info in Preferences > AutoFill > Credit Cards.
Safari will (usually) recognize when you are being asked for a credit card and offer to fill it in. I have Touch ID, so it asks for authorization. I don’t know how it works on non-Touch ID machines.

(Unfortunately, it does not save the three-digit Security Code that you are sometimes asked for, so you might have to memorize that.)

1 Like

I’ve been looking at this myself and so far have not sound another option that offers both file attachments to items and a local backup and restore capability for vaults. I can live with the subscription model and non native macOS client if I have to…but those two features above are mandatory for my usage unless I go with some combination of another manager and a separate encrypted cloud storage like Sync for the attachments.