1Password 8.0

Originally published at: 1Password 8.0 - TidBITS

Major new release for the password manager brings a modernized design, Quick Access floating panel, and Universal Autofill feature. ($35.88 annual subscription, free update, 2.9 MB, macOS 10.15+)

You canā€™t make a silk purse out of a sowā€™s ear. The CEO can wax poetically about the new interface. But even a casual glance at the preferences of 1Password (didnā€™t want to create a new account) shows me that Electron remains something foreign to macOS. I still wonder about the reasons for choosing Electron.

Edit: 320 MB is the size of the app now.

4 Likes

They mentioned this in their blogs. Originally, they were hoping Appleā€™s new Catalyst developer tools to build one app for MacOS, iOS, and iPadOS. Unfortunately, Catalyst still needs a lot of work.

1Password was originally a MacOS program, got ported to the iPhone, iPad, Windows, Linux, and Android. At the same time, they had the ability to use private storage, iCloud, Dropbox, and I believe Androidā€™s cloud services to store your password database. Itā€™s a lot of work for a one product company.

And, the competition is getting tough. Both Apple and Android have built in password managers. Both now offer 2FA management. Both offer connection to Have You Been Pwndā€™s database of password break ins letting you know of possible password security breaches.

Making development easier, so they can keep adding features is an important issue. The Electron platforms solves that. A single codebase for Windows, Android, Linux, and Mac reduces the work five platforms to just two. They have a code line for iOS/iPadOS and one for everything else.

Removing all the various storage options for the database helps. And a subscription based service means dealing with just a few releases. If a bug is found, you fix the most recent release and tell everyone to upgrade. Plus subscription services gives you a steady income stream to keep your application up to date.

My main job for the last four decades was getting development teams to simplify development because thatā€™s the best way to improve the program.

When youā€™re working on three different platforms and supporting four different releases and have customized customer code all over the place (ā€œItā€™s just some JavaScript.ā€), your development gets sloppy. Bugs fixed reappear. New bugs are found. Testing gets harder to do. (ā€œIt worked on my machine.ā€) Customers are complaining. And your reputation goes down the drain.

Telling the company to update all customers to the latest release, merging code and removing one off options is hard to do. Itā€™s expensive, but I tell development itā€™s way more expensive to continue down your current path.

I donā€™t like the fact MacOS is no longer a true Mac client, but I understand. Maybe if Apple gets its act together and finally unifies Mac and iOS development, 1Password will be able to return to a true Mac app.

We may not like the Electron underpinnings, but why 1Password did it is not that hard to understand.

6 Likes

I agree completely with Beatrixā€¦v8 is terrible. Loss of features, lousy UI, no user accessible backup and restore of data, forced subscription. The basic problem here is that they sold a big chunk of their company to the VC crowd and those people want ROIā€¦and 1PW the company quite obviously shifted their business model to corporate big $$ accounts and away from individual users. Everything theyā€™ve done with v8 smacks of lowering costs and making things better for enterprise users at the expense of individual users.

While David has some points about costs and code base complications and suchā€¦the basic problem is that they donā€™t care about individual users any longerā€¦and no matter how much the CEO claims they do when people tell you who they are you should believe them as they say on reddit. There are just way, way too many lost features and complete dependence on their cloud for your data in v8 to even consider using it for a lot of security conscious people.

4 Likes

As a longtime 1Password user, I will stay with 1Pwd7 until it no longer works, at which time I will go elsewhere. Agilebitsā€™s greed has lost me as a customer.

7 Likes

Interesting discussion. I see both sides. I do have the feeling that they are not concentrating enough on small macOS and iOS users.

The Apple competition is real. They do eventually make good enough products to kill off competitors in many areas. Evernote seems to have had a similar arc. Was much better than Notes, but Evernote added too many features and Notes got good enough. I changed over a year or so ago. I think I only missed one feature of Evernote.

Dropbox. Still using it, but iCloud is improving. But not quite yet for me. iCloud is much slower to sync. I can use Dropbox to transfer files from one computer to another. Itā€™s usually a minute or so, iCloud can be a long time. But Iā€™ll probably drop Dropbox at some point.

Weā€™ll see on 1Password. I had some recent problems on my M1 MBP. But they went away on their own.

I got into this thread to see if anyone was seeing 1P 8 in the App Store. Iā€™m not seeing it and that isnā€™t a good sign for 1P. Donā€™t announce the new product if itā€™s not available to significant number of your users. Thatā€™s were I most recently purchased it and donā€™t want to use the download. Neil Laubenthal What features went away in version 8? Staying with the old version probably wonā€™t be a good idea for too long.

I looked quickly at other managers. Nothing jumped out as better. I donā€™t want to use any of the ones that require lots of setup. And having sharing with my wife and our two iPhones and four computers is necessary.

1 Like

Like you, I am not aware of an alternative password manager that is as full-featured as 1PW.

Catalyst is a bit of a red herring because it already is being superseded by SwiftUI.

Catalyst enables porting to Mac an iOS app built with the old UIKit framework for iOS that predated SwiftUI.

SwiftUI is a newer framework that is intended to be Mac/iOS agnostic. Although SwiftUI omits many user interface features that distinguish Mac from iOS, Apple is making a lot of progress and seems to be prioritizing SwiftUI rather than Catalyst.

Right, it wasnā€™t actually Catalyst that AgileBits was using, it was SwiftUI. The idea was to minimize the code bases among the many client OSes they support and they hoped to use a shared code base between iOS (developed with SwiftUI) and MacOS. But SwiftUI on MacOS would only work with Monterey (and maybe Big Sur), so they planned to use the Electron code used for Windows and Linux for users on older versions of MacOS. Unfortunately, late in the development cycle they discovered that SwiftUI was still requiring a lot of custom code on MacOS, so they decided it was too late to re-write in AppKit for MacOS and instead abandoned the SwiftUI MacOS port and just used the Electron code base for now.

I donā€™t think theyā€™ve said if they will continue to use Electron on MacOS going forward or will wait for SwiftUI to be more dependably port between iOS and MacOS in a future release.

1 Like

Subscription only and no vault location besides their serversā€¦so no DropBox or local only vaults. But the biggest loss for any competent computer security user is the complete lack of a local backup and restore capability in the users control. They use a MySQL or some other database whichā€¦maybeā€¦gets backed up by Time Machine but the daily backup to a location of the users choice of the complete vault is goneā€¦as is restore from that backup. Vi is totally dependent on their servers for backup and restore. They havenā€™t provided any detailed info about what their backup strategy is beyond ā€¦trust usā€¦and eliminated the ability to do your own. You can export an unencrypted file but thatā€™s it.

I did a pretty complete survey of alternatives and when/if v7 dies Iā€™m shifting to Enpass as the best alternative.

I could live with the subscription and lousy clientā€¦but relying solely on them for backup of the most important data you have is fundamentally stupid.

3 Likes

I was using the free version of Enpass and just recently upgraded to the Enpass Lifetime Premium.

1PW6 still works other than the browser plugin. This made it easy to migrate date from 1PW to Enpass. Between Enpass and macOS Keychain integration with Safari I donā€™t need to look any farther.

2 Likes

Neil Laubenthal Thank you for the run down. And david_blanchard saying that migration was easy.

The pricing page mentions a promo code. Anyone? Although the pricing is reasonable.

The pricing page also touts their Enpass for business. Are they going down the same path?

no vault location besides their serversā€¦so no DropBox or local only vaults. But the biggest loss for any competent computer security user is the complete lack of a local backup and restore capability in the users control. They use a MySQL or some other database whichā€¦maybeā€¦gets backed up by Time Machine but the daily backup to a location of the users choice of the complete vault is goneā€¦as is restore from that backup. Vi is totally dependent on their servers for backup and restore.

I remained silent in these last months while reading rants against 1PW8.
But now I have it, and Iā€™m very happy.
Yes, the look & feel of Electron is not as nice as it could be, but reallyā€¦
So, you are happy to give your data to Dropbox but not to 1PW?
You donā€™t like TM backup strategy, like for any other app on the Mac?
ā€“e.

5 Likes

Iā€™ve been using 1PW8 for a few months. The program works well even if it looks a bit different. They seem keen to keep on refining the functionality and new look.

For those who want to back up their vaults: itā€™s easy to do. Go to File:Export. Or use a script to automatically back up via 1PW CLI. I trust 1PW to have better backups than me. (Anyone who relies solely on TimeMachine should review their backup process.) Password history is part of the app, so itā€™s easy to see previous values.

For people who share passwords (families etc.) there is nothing better. Itā€™s easy to help kids and parents manage their accounts including resetting the master password. Of all the subscriptions I pay for 1Password is at or near the top of value.

4 Likes

For those who want to back up their vaults: itā€™s easy to do. Go to File:Export. Or use a script to automatically back up via 1PW CLI.

Well said. It is important also to re-encrypt the exported file as well.
ā€“e.

1 Like

Iā€™ve switched to 1PW8 and it actually works pretty well. Itā€™s fast and the password filling in apps works better than 1PW7. There was a lot of fear that this was an Electron version with shared code between platforms and these types of applications tend to look awful and are painfully slow. (Iā€™m looking at you, Slack). However, the long beta process has allowed AgileBits to hone the application.

Iā€™ve switched to subscription from buying and owning versions long ago simply because it keeps me up to date with the latest security fixes. When it comes to password storage, I want the latest security fixes. Plus, if I really like a piece of software, and depend upon it, I donā€™t mind paying for it.

Besides, I have the family subscription plan. My wife and grown kids, my daughter-in-law, and my sister all use it. It makes it very easy to share my Netflix password with the shared vaults.

It was nice to be able to choose how you want to sync passwords, but itā€™s a feature few customers cared about. It added complexity to both support and programming. There were several projects that I worked on where I insisted on cutting back options like this. We had customers complains, tell us we destroyed the app, and they would take their money elsewhere. What few customers we did lose, was more than made up in the simplification of development and support. It allowed us to add more features that attracted new customers.

Iā€™ve heard similar complaints before about how a company abandoned its users. When the Mac suddenly surged in popularity, many old Mac people were ups that Apple seemed to be catering to these new customers (ewww!) rather tha the ones that stuck with Apple through the bad times. And again when the iPhone became a bigger part of Apple than the Mac.

Maybe Iā€™m an old dog and seen a lot of changes in computing. Long ago, we all use to argue about which programming language is the best meaning features and syntax. All information you needed was stored on your computer and you programmed to manipulate that information and display it for the user.

People ask me about the best language now and I tell them Python. Itā€™s not because Python is great. I actually hate the syntax and the way it does things. However, all the third party APIs are for Python and if you have a question, youā€™re guaranteed youā€™ll get an answer on StackOverflow fast. Thatā€™s whatā€™s important in a programming language today.

I really canā€™t see the reason for all the vitriol spewed at 1PW8. Yeah, it changed and I might have to adopt, but in many ways, it works better than 1PW7. AgileBits has a new set of important customers they cater to, and I might not get all the attention I believe I deserve. We saw this with the Mac too. Iā€™ll stick with 1PW until I decide that I really donā€™t need a password manager anymore.

7 Likes

I could deal with using the 1PW servers instead of DropBoxā€¦but the latter letā€™s me backup my DB folder which contains a full encrypted copy of the vault. 1PW servers do not allow this and v8 has no backup and restore capability.

Of course I have TMā€¦and presumably it backs up whatever database the local cached copy of the vault is inā€¦unless the fact that the file is open deters TM from getting it. But there is no way any non technical user or most technical but not database guru users can easily backup and restore their own copy of their vault to a location of their choice. Leaving backup of the most important data solely to some black box in the cloud is foolhardyā€¦snd @PW the company doesnā€™t care about that or bother to include that option in the v8 appā€¦they simply say ā€˜trust usā€™ which is nuts.

They also claim that their super duper Secret Keyā€¦which is just a second password when you get down to itā€¦is so much more secure than the Master Password nd your Dropbox passwordā€¦which simply isnā€™t true. Assuming one uses sufficiently complex and (mostly) long passwords for both then either option is plenty secureā€¦and the difference between a trillion centuries ans 2 trillion is simply meaningless.

I donā€™t like the Electron appā€¦and donā€™t like the ā€˜their server onlyā€™ optionā€¦ ut I could live with that. I already have a subscription but my main vault is on DB and the subscription is just one part of my backup scheme, not the main vaultā€¦so I can live with that too. Depending solely on some undefined backup scheme on their end with no bootstrap ability to have my own as well is a bridge too farā€¦and their export an unencrypted file is not a backup and canā€™t be restored anyway.

Iā€™m not willing to give my data solely to 1PWā€¦obviously some cloud service is needed for sync but that should be under the users controlā€¦and their marketing BS doesnā€™t change that.

3 Likes

An unencrypted copy is not a backupā€¦and you canā€™t restore it as the master copy if necessary. Their backup scheme might be just fineā€¦in fact it almost surely isā€¦but Iā€™m pretty sure it isnā€™t any better than my personal schemeā€¦and they provide zero info to users on what they doā€¦which doesnā€™t engender a lot of trust on my end. The script access might workā€¦ ut if it just exports 5he same unencrypted file it is still uselessā€¦and the vast majority of people have no experience with either scripting or CLI interface.

I guess you mean automatic backup? Since there is a manual way of making backup according to other people in this thread.

Incorrect. There is an export function that makes an unencrypted copy of the data for transfer to another programā€¦with no facility to authoritatively restore that data if necessary. There is no easily accessible to the user way to backup the local cached copy of the vault or to to restore your data. Unencrypted export filesā€¦are not a backup In V7, you can export a full, encrypted, and zipped copy of the vault which can be unzipped and used as the master copy if it becomes necessaryā€¦that is a backup.

TMā€¦probably but nobody knowsā€¦will backup the whatever database is used filesā€¦ ut where they are and how they can be restored is not something 99% of users can accomplish. Trusting 1PW servers as the only backup makes about as much sense as saying ā€˜I have BackBlaze so no other backup including TM or clones or whatever is necessaryā€™.

Any competent sysadmin or user should realize that a cloud only backup system to something you have no control over is ridiculous.

3 Likes