1Password 8.0

Originally published at: 1Password 8.0 - TidBITS

Major new release for the password manager brings a modernized design, Quick Access floating panel, and Universal Autofill feature. ($35.88 annual subscription, free update, 2.9 MB, macOS 10.15+)

You can’t make a silk purse out of a sow’s ear. The CEO can wax poetically about the new interface. But even a casual glance at the preferences of 1Password (didn’t want to create a new account) shows me that Electron remains something foreign to macOS. I still wonder about the reasons for choosing Electron.

Edit: 320 MB is the size of the app now.

They mentioned this in their blogs. Originally, they were hoping Apple’s new Catalyst developer tools to build one app for MacOS, iOS, and iPadOS. Unfortunately, Catalyst still needs a lot of work.

1Password was originally a MacOS program, got ported to the iPhone, iPad, Windows, Linux, and Android. At the same time, they had the ability to use private storage, iCloud, Dropbox, and I believe Android’s cloud services to store your password database. It’s a lot of work for a one product company.

And, the competition is getting tough. Both Apple and Android have built in password managers. Both now offer 2FA management. Both offer connection to Have You Been Pwnd’s database of password break ins letting you know of possible password security breaches.

Making development easier, so they can keep adding features is an important issue. The Electron platforms solves that. A single codebase for Windows, Android, Linux, and Mac reduces the work five platforms to just two. They have a code line for iOS/iPadOS and one for everything else.

Removing all the various storage options for the database helps. And a subscription based service means dealing with just a few releases. If a bug is found, you fix the most recent release and tell everyone to upgrade. Plus subscription services gives you a steady income stream to keep your application up to date.

My main job for the last four decades was getting development teams to simplify development because that’s the best way to improve the program.

When you’re working on three different platforms and supporting four different releases and have customized customer code all over the place (“It’s just some JavaScript.”), your development gets sloppy. Bugs fixed reappear. New bugs are found. Testing gets harder to do. (“It worked on my machine.”) Customers are complaining. And your reputation goes down the drain.

Telling the company to update all customers to the latest release, merging code and removing one off options is hard to do. It’s expensive, but I tell development it’s way more expensive to continue down your current path.

I don’t like the fact MacOS is no longer a true Mac client, but I understand. Maybe if Apple gets its act together and finally unifies Mac and iOS development, 1Password will be able to return to a true Mac app.

We may not like the Electron underpinnings, but why 1Password did it is not that hard to understand.

I agree completely with Beatrix…v8 is terrible. Loss of features, lousy UI, no user accessible backup and restore of data, forced subscription. The basic problem here is that they sold a big chunk of their company to the VC crowd and those people want ROI…and 1PW the company quite obviously shifted their business model to corporate big $$ accounts and away from individual users. Everything they’ve done with v8 smacks of lowering costs and making things better for enterprise users at the expense of individual users.

While David has some points about costs and code base complications and such…the basic problem is that they don’t care about individual users any longer…and no matter how much the CEO claims they do when people tell you who they are you should believe them as they say on reddit. There are just way, way too many lost features and complete dependence on their cloud for your data in v8 to even consider using it for a lot of security conscious people.

As a longtime 1Password user, I will stay with 1Pwd7 until it no longer works, at which time I will go elsewhere. Agilebits’s greed has lost me as a customer.

Interesting discussion. I see both sides. I do have the feeling that they are not concentrating enough on small macOS and iOS users.

The Apple competition is real. They do eventually make good enough products to kill off competitors in many areas. Evernote seems to have had a similar arc. Was much better than Notes, but Evernote added too many features and Notes got good enough. I changed over a year or so ago. I think I only missed one feature of Evernote.

Dropbox. Still using it, but iCloud is improving. But not quite yet for me. iCloud is much slower to sync. I can use Dropbox to transfer files from one computer to another. It’s usually a minute or so, iCloud can be a long time. But I’ll probably drop Dropbox at some point.

We’ll see on 1Password. I had some recent problems on my M1 MBP. But they went away on their own.

I got into this thread to see if anyone was seeing 1P 8 in the App Store. I’m not seeing it and that isn’t a good sign for 1P. Don’t announce the new product if it’s not available to significant number of your users. That’s were I most recently purchased it and don’t want to use the download. Neil Laubenthal What features went away in version 8? Staying with the old version probably won’t be a good idea for too long.

I looked quickly at other managers. Nothing jumped out as better. I don’t want to use any of the ones that require lots of setup. And having sharing with my wife and our two iPhones and four computers is necessary.

Like you, I am not aware of an alternative password manager that is as full-featured as 1PW.

Catalyst is a bit of a red herring because it already is being superseded by SwiftUI.

Catalyst enables porting to Mac an iOS app built with the old UIKit framework for iOS that predated SwiftUI.

SwiftUI is a newer framework that is intended to be Mac/iOS agnostic. Although SwiftUI omits many user interface features that distinguish Mac from iOS, Apple is making a lot of progress and seems to be prioritizing SwiftUI rather than Catalyst.

Right, it wasn’t actually Catalyst that AgileBits was using, it was SwiftUI. The idea was to minimize the code bases among the many client OSes they support and they hoped to use a shared code base between iOS (developed with SwiftUI) and MacOS. But SwiftUI on MacOS would only work with Monterey (and maybe Big Sur), so they planned to use the Electron code used for Windows and Linux for users on older versions of MacOS. Unfortunately, late in the development cycle they discovered that SwiftUI was still requiring a lot of custom code on MacOS, so they decided it was too late to re-write in AppKit for MacOS and instead abandoned the SwiftUI MacOS port and just used the Electron code base for now.

I don’t think they’ve said if they will continue to use Electron on MacOS going forward or will wait for SwiftUI to be more dependably port between iOS and MacOS in a future release.

Subscription only and no vault location besides their servers…so no DropBox or local only vaults. But the biggest loss for any competent computer security user is the complete lack of a local backup and restore capability in the users control. They use a MySQL or some other database which…maybe…gets backed up by Time Machine but the daily backup to a location of the users choice of the complete vault is gone…as is restore from that backup. Vi is totally dependent on their servers for backup and restore. They haven’t provided any detailed info about what their backup strategy is beyond …trust us…and eliminated the ability to do your own. You can export an unencrypted file but that’s it.

I did a pretty complete survey of alternatives and when/if v7 dies I’m shifting to Enpass as the best alternative.

I could live with the subscription and lousy client…but relying solely on them for backup of the most important data you have is fundamentally stupid.

I was using the free version of Enpass and just recently upgraded to the Enpass Lifetime Premium.

1PW6 still works other than the browser plugin. This made it easy to migrate date from 1PW to Enpass. Between Enpass and macOS Keychain integration with Safari I don’t need to look any farther.

Neil Laubenthal Thank you for the run down. And david_blanchard saying that migration was easy.

The pricing page mentions a promo code. Anyone? Although the pricing is reasonable.

The pricing page also touts their Enpass for business. Are they going down the same path?

no vault location besides their servers…so no DropBox or local only vaults. But the biggest loss for any competent computer security user is the complete lack of a local backup and restore capability in the users control. They use a MySQL or some other database which…maybe…gets backed up by Time Machine but the daily backup to a location of the users choice of the complete vault is gone…as is restore from that backup. Vi is totally dependent on their servers for backup and restore.

I remained silent in these last months while reading rants against 1PW8.
But now I have it, and I’m very happy.
Yes, the look & feel of Electron is not as nice as it could be, but really…
So, you are happy to give your data to Dropbox but not to 1PW?
You don’t like TM backup strategy, like for any other app on the Mac?
–e.

I’ve been using 1PW8 for a few months. The program works well even if it looks a bit different. They seem keen to keep on refining the functionality and new look.

For those who want to back up their vaults: it’s easy to do. Go to File:Export. Or use a script to automatically back up via 1PW CLI. I trust 1PW to have better backups than me. (Anyone who relies solely on TimeMachine should review their backup process.) Password history is part of the app, so it’s easy to see previous values.

For people who share passwords (families etc.) there is nothing better. It’s easy to help kids and parents manage their accounts including resetting the master password. Of all the subscriptions I pay for 1Password is at or near the top of value.

For those who want to back up their vaults: it’s easy to do. Go to File:Export. Or use a script to automatically back up via 1PW CLI.

Well said. It is important also to re-encrypt the exported file as well.
–e.

I’ve switched to 1PW8 and it actually works pretty well. It’s fast and the password filling in apps works better than 1PW7. There was a lot of fear that this was an Electron version with shared code between platforms and these types of applications tend to look awful and are painfully slow. (I’m looking at you, Slack). However, the long beta process has allowed AgileBits to hone the application.

I’ve switched to subscription from buying and owning versions long ago simply because it keeps me up to date with the latest security fixes. When it comes to password storage, I want the latest security fixes. Plus, if I really like a piece of software, and depend upon it, I don’t mind paying for it.

Besides, I have the family subscription plan. My wife and grown kids, my daughter-in-law, and my sister all use it. It makes it very easy to share my Netflix password with the shared vaults.

It was nice to be able to choose how you want to sync passwords, but it’s a feature few customers cared about. It added complexity to both support and programming. There were several projects that I worked on where I insisted on cutting back options like this. We had customers complains, tell us we destroyed the app, and they would take their money elsewhere. What few customers we did lose, was more than made up in the simplification of development and support. It allowed us to add more features that attracted new customers.

I’ve heard similar complaints before about how a company abandoned its users. When the Mac suddenly surged in popularity, many old Mac people were ups that Apple seemed to be catering to these new customers (ewww!) rather tha the ones that stuck with Apple through the bad times. And again when the iPhone became a bigger part of Apple than the Mac.

Maybe I’m an old dog and seen a lot of changes in computing. Long ago, we all use to argue about which programming language is the best meaning features and syntax. All information you needed was stored on your computer and you programmed to manipulate that information and display it for the user.

People ask me about the best language now and I tell them Python. It’s not because Python is great. I actually hate the syntax and the way it does things. However, all the third party APIs are for Python and if you have a question, you’re guaranteed you’ll get an answer on StackOverflow fast. That’s what’s important in a programming language today.

I really can’t see the reason for all the vitriol spewed at 1PW8. Yeah, it changed and I might have to adopt, but in many ways, it works better than 1PW7. AgileBits has a new set of important customers they cater to, and I might not get all the attention I believe I deserve. We saw this with the Mac too. I’ll stick with 1PW until I decide that I really don’t need a password manager anymore.

I could deal with using the 1PW servers instead of DropBox…but the latter let’s me backup my DB folder which contains a full encrypted copy of the vault. 1PW servers do not allow this and v8 has no backup and restore capability.

Of course I have TM…and presumably it backs up whatever database the local cached copy of the vault is in…unless the fact that the file is open deters TM from getting it. But there is no way any non technical user or most technical but not database guru users can easily backup and restore their own copy of their vault to a location of their choice. Leaving backup of the most important data solely to some black box in the cloud is foolhardy…snd @PW the company doesn’t care about that or bother to include that option in the v8 app…they simply say ‘trust us’ which is nuts.

They also claim that their super duper Secret Key…which is just a second password when you get down to it…is so much more secure than the Master Password nd your Dropbox password…which simply isn’t true. Assuming one uses sufficiently complex and (mostly) long passwords for both then either option is plenty secure…and the difference between a trillion centuries ans 2 trillion is simply meaningless.

I don’t like the Electron app…and don’t like the ‘their server only’ option… ut I could live with that. I already have a subscription but my main vault is on DB and the subscription is just one part of my backup scheme, not the main vault…so I can live with that too. Depending solely on some undefined backup scheme on their end with no bootstrap ability to have my own as well is a bridge too far…and their export an unencrypted file is not a backup and can’t be restored anyway.

I’m not willing to give my data solely to 1PW…obviously some cloud service is needed for sync but that should be under the users control…and their marketing BS doesn’t change that.

An unencrypted copy is not a backup…and you can’t restore it as the master copy if necessary. Their backup scheme might be just fine…in fact it almost surely is…but I’m pretty sure it isn’t any better than my personal scheme…and they provide zero info to users on what they do…which doesn’t engender a lot of trust on my end. The script access might work… ut if it just exports 5he same unencrypted file it is still useless…and the vast majority of people have no experience with either scripting or CLI interface.

I guess you mean automatic backup? Since there is a manual way of making backup according to other people in this thread.

Incorrect. There is an export function that makes an unencrypted copy of the data for transfer to another program…with no facility to authoritatively restore that data if necessary. There is no easily accessible to the user way to backup the local cached copy of the vault or to to restore your data. Unencrypted export files…are not a backup In V7, you can export a full, encrypted, and zipped copy of the vault which can be unzipped and used as the master copy if it becomes necessary…that is a backup.

TM…probably but nobody knows…will backup the whatever database is used files… ut where they are and how they can be restored is not something 99% of users can accomplish. Trusting 1PW servers as the only backup makes about as much sense as saying ‘I have BackBlaze so no other backup including TM or clones or whatever is necessary’.

Any competent sysadmin or user should realize that a cloud only backup system to something you have no control over is ridiculous.