1Password 8.7.1

Jumping ship to Enpass…which is where I would go if I was doing it today…is pretty straightforward from my testing and reports of others. However…I’m just sticking with v7 for now until it’s either cancelled or quits working under whatever comes after Ventura as I think that one will be fairly safe that v7 will still work. Assuming v7 is no longer an option then there might be something better than Enpass by then…like a keychain that provided sufficient features.

2 Likes

My problem is kind of resolved. I frequently clear Safari’s history. This apparently is a known bug in 1Password 8. The workaround is to quit Safari and then restart it. Which is not a big problem. The only thing is you get a " New sign-in" email from 1Password every time, which is not a problem at this time.

I still liked the way 7 worked. With 8 you have to work with the 1Password icon in the Safari toolbar to get it to autofill. It’s an extra step.

If you grant Accessibility access to 1P8, Cmd-\ autofills fields. See Use Universal Autofill in apps and browsers on your Mac | 1Password

1 Like

Having used 1P since v1, I have accumulated way too much crud in my vault. In spite of a valiant cleaning attempt 6 yrs ago I still have over 800 active items and 200 archived. Where are you Ms Kondo??
While I appreciate that getting a new manager would offer me an opportunity to thank many of the items for their service, I know that I will look the “Import All” in the menubar. So I intend to use v7.9.5 as long as possible.
I have looked at others. Bitwarden and Dashlane I disliked. My current front-runners for when 1P 7 dies are Enpass, Secrets, and Minimalist. Purchasing a manager is a $50 to $80 investment which offers another excuse for procrastination. As I very seldom find myself in front of a non-Apple device, Minimalist is my current favorite. It may not be widely used, so I have difficulty finding useful reviews, but in my several months of ( limited ) testing I have found it satisfying.
Really though, I am hoping Apple finally gets round to providing a decent password and secure file manager in the OS soon, i.e. before 1P 7 becomes unusable.

I did not find those before…will check them out. Like you…I have lots of old dead ones but…mostly…I’ve added do not use to their titles so would be relatively easy to archive those before moving. Maybe…although I’m not holding my breath…they will fix v8 with the addition of removed capabilities.

Here’s hoping Passkey comes to pass (bad pun acknowledged). 1Password does many things well, but it’s been getting more complicated. Probably mostly the fault many security measures being implemented by websites and Apple. Non-native app, not sure of the impact. 1P and KeyChain step on each other. That is to say, 1P is getting painful because it doesn’t work well on many sites, doesn’t open when it should.

1P was barely working on my M1 MBP until it updated to 12.4. Got better but still painful.

1 Like

I’m with you now, Neil. I’ve been with 1P since the beginning and I have accepted the subscription model as well worth the yearly cost but there is NO way I am going to trust AgileBits or any other co. with storing my entire database of passwords in one single storage place in cloud! Wouldn’t it be the height of irony if it showed up in their “WatchTower” one day! LOL not LOL.
I’ve downloaded Enpass and will be ready to export/import to it whenever 1P v.7 is nearing EOL. Unless/until you report finding a better new solution than Enpass.
I see the complaints about the upcoming cloud model are still raging on AgileBits own user forum.

The only issue I see with the cloud storage requirement of 1P is that we don’t know how resilient their cloud is. The ability to export would help mitigate resiliency but not including it is a head-shaking omission.

As far as data leakage, I’m not concerned with storing passwords in the cloud as long as it’s encrypted with a strong algorithm and a key that only I hold. I figure if that’s good enough for my customers in the financial services industry, that’s good enough for me.

AgileBits can’t see my data and it’s very very very unlikely that anyone will get access to my information should AgileBits somehow get hacked. The same applies if someone hacked my computer and exfiltrated my local password database.

Yeah…it isn’t the storage in the cloud that bothers me…it’s the storage in the cloud that they’ve provided zero explanation as to how they handle redundancy, backups, restoration, multiple data centers and the like. I’m pretty sure that they actually have decent processes in place on their end…and that 1PW the company has sufficiently adequate backups for 1PW the company.

But as anybody who’s ever been in IT or who believes in the 3-2-1 theory of backups…relying solely on 1PW the company’s backup routines whatever they are is insane. If they provided the ability for an automatic daily backup to a place of the user’s choice…Dropbox or the user’s computer where it will get Time Machine backed up and whatever other backup routines the user has…then most of the griping would go away. The older v7 has this capability and IMO it was deliberately removed in v8 as part of their whole forced subscription plan driven by the make money attitude of their new VC masters…they have said that they retain control of the company…but if the VCs own 49% or even 20% then the VCs have seats on the board and the company isn’t going to go much against the wants of their partial owners. I’m actually just fine with that…their company they can sell if they want…but removing user used features in support of that goal just goes against all common sense backup and data recovery ideas.

They’ve said over on their forums that because of their secret key and your master password that only their cloud will work…and that just seems pretty ludicrous to me unless they deliberately designed the system that way…and that gets back to money and profit and all that.

Like you…I’m not concerned in the slightest about somebody getting ahold of my encrypted data from either 1PW’s servers or DropBoxes or iCloud’s or whatever…it’s encrypted so no big deal. They claim that their secret key and master password make it even better because there are two of them. But essentially…the secret key is just…another password and one requires both to get into the data. Because their secret key is 30 something characters long or something like that…although mine at least is missing one of the 4 basic password food groups so it isn’t as good as a more complex 30 something long string…then they can claim that along with your master password it’s more secure because most people don’t use passwords that long. That is technically correct…but in reality 100 trillion trillion centuries isn’t really any better than a plain old trillion centuries would be for cracking time…but they’re not lying. And their secret key/master password combo really isn’t any better than a dropbox password/master password combo would be from an actual practical standpoint,.

Agreed. It would be shocking to me if AgileBits has built their own cloud infrastructure. Actually it would be stupid if they did because operating a resilient, redundant, secure cloud infrastructure is not a trivial task. It would not surprise me if they used one of AWS, Azure or Google Cloud. However if they are going after the corporate market, they are going to have to provide information about how their cloud is housed and secured. No corporate security department will allow a cloud to be used unless that information is forthcoming and the data centers are audited.

I found their security white paper. https://1passwordstatic.com/files/security/1password-white-paper.pdf#page64

While it states that the relational databases backing 1PW are in AWS Aurora- which does have resiliency and redundancy built in, they do not provide info in the paper about the 1PW servers that access the database. It’s a safe bet IMO that these servers are located in AWS EC2 but that doesn’t answer questions about how they are achieving service resiliency and availability (relying on one region is resilient but not necessarily highly available).

And it certainly doesn’t answer questions about how the data is protected (e.g. backups). Simply replicating data is not sufficient as we all know that replicating garbage results in garbage all around.

1 Like

There is, indeed, File | Export in 1Password 8. It exports in either 1P’s format, or can create .csv files to import into other apps.

I believe that there was one time that there was a brief outage since I upgraded to version 8 last month, but vaults are synced to local devices, so you can still get data if you need it (just as you can look up data on the iOS version if you are disconnected from internet services.)

2 Likes

That certainly is a help that they have a local copy that they keep in sync with the cloud. And I had not heard that their export had a 1PW format option - only a csv format option. Hopefully they have an import option for that as well.

Head scratching is definitely reduced.

1 Like

I see your point, so the actual problem is not having an accessible backup available to the user.

Got it. In the meantime, I have played around with Enpass and it is looking good if and when needed. Almost looks like a 1P clone.

Just to follow up, even after installing 1Password 8 on my iMac, I’m still presented with the same confusing pair of Chrome Extensions to choose from. 1P makes no effort to link me directly to the “right” one or even explain which to pick, or why there are two…