iCloud Keychain works great.
The problem is that it doesn’t have much of an interface as a separate program. Do it works well in the browser, but you aren’t going to store encrypted notes in it or anything.
And, yes, I believe it is stored locally.
1 Like
Here’s my solution to that. Wife uses Password Wallet on iPhone only, isn’t interested in auto fill or sync to devices, and emails a copy of her PW vault to herself and me (IMAP Mail) monthly. I use 1PW with local vault but currently have a family plan subject to seeing whether I stay with v7 or move or go with v8 if they fix issues with it and support local backup and restore. Each of us knows the others device codes and passwords, has a finger or face registered on the others devices, and has all the device codes, passwords, etc in our respective vault.
Family account has a vault I shared with our son/executor with sufficient passwords to get into DropBox, all of our devices, and our house. Also it has a secure note telling him how to get into PE and 1PW where everything else is. He’s a millennial…so I also gave him a hard copy of t(e instructions and master passwords that he keeps in his safe.
In addition…our house file server…which he can get to with the above…has a folder named 911 that has more notes and instructions that don’t need to be encrypted.
As far as I can tell…it’s got no fatal flaws but I’m not sure if it is E2EE or not…we’ve never really explored it although I have it on the list of alternatives to evaluate. It exists on all logged in devices…but I have no idea if there is a local copy that can be backed up…IIRC it does not show up as a choice in Keychain Manager…so I believe you’re relying on Apple’s backup only…which will be a non starter for the same reason relying only on 1PW’s server side backups is a non starter.
1 Like
I also use iCloud Keychain and am mostly happy with it. Here are my issues with it though:
-
As Joseph noted, only stores passwords for websites and iOS and IPadOS apps. No way to save notes or passwords or other passwords. Some of that can be done locally in Keychain Access, but it is local only and may disappear in future OS releases
-
Only works on Apple devices
-
No way to export the collection of passwords in case you wish to move to another manager
-
No flexibility in password generation (must use another app and then paste if different lengths of combinations of letters, numbers, symbols required)
-
Password generation only works on MacOS, not the mobile apps.
Some of this may change in the forthcoming OS upgrades.
2 Likes
I crunched the numbers and discovered that the subscription model would cost way MORE over the lifetime of a major version than would me just buy the upgrade outright. This confirmed for me that software subscriptions are designed to maximize profits for the vendor.
With no local access to your passwords, then when you lose your internet connection, you are SOL! Then add in that hackers that harvest millions of passwords and other personal info don’t do it one individual’s local computer at a time but by targeting those companies that already HAVE that info compiled in nice central storage on their servers. I don’t doubt we’ll see a major breach of the 1Password.com servers in the next couple of years. Even if they can’t immediately use the data, it won’t take them more than a few months to decrypt it.
Of course this is all moot for me since my iMac can’t go past MacOS 10.13.6 anyway. I’ll ether just have to print out my 1Password database or revert to the 3M password manager if I have to leave 1Pwd7.
1 Like
| Dennis Swaney romad
August 23 |
- | - |
I crunched the numbers and discovered that the subscription model would cost way MORE over the lifetime of a major version than would me just buy the upgrade outright. This confirmed for me that software subscriptions are designed to maximize profits for the vendor.
Yeah…that’s pretty obvious. OTOH…I understand that it sort of normalizes their revenue stream instead of big chunks at upgrade time and less when not…but OTOH it tends to cut down on major feature implementation and substitutes a larger number of minor updates with smaller new features sets. I can see both ways, especially as the vendor has ongoing cost streams and an ongoing revenue stream matches better…but it’s clear they make more profit that way.
With no local access to your passwords, then when you lose your internet connection, you are SOL!
Not entirely…both the older versions and the new v8 have a local copy…SQLite for v8 and who knows for the earlier cloud versions but a copy of t(e actual vault for local vault versions…and the sync process through 1PW server or DropBox/whatever syncs when access is restored.
I don’t doubt we’ll see a major breach of the 1Password.com servers in the next couple dot of years. Even if they can’t immediately use the data, it won’t take them more than a few months to decrypt it.
With both the master password and the Secret key to be cracked…and 1PW has neither…and a decently complex and long master password…breaking both will take a long time. For example…see grc.com/haystacks.htm and put in a sample password…anything in 5he 20ish characters long range takes a really long time. The issue is that the new version v8…so far…eliminates local storage vaults, Any sync other than 1PW server, and provides no local backup and restore capability…although they claim the latter will be added before release. There’s also the issue of a non native macOS client in v8…and the current early release one isn’t very good…but it’s an early beta and will likely get better although still not macOS native.
I’ve had a pretty long back and forth with both tech support and one of their forum moderators who is on the security team in the last couple of days…and I’m a lot more optimistic than I was that v8 will be acceptable. It won’t allow DropBox or local storage or be a native client…none of which I like but they’re not complete show stoppers…and the local backup and recovery is…according to them…going to be there “in a future release” and depending on who’s wording you like on the forum the later release is either “the initial vi released or sometime afterward…and v7 will continue to work as it does now for an undetermined number of macOS upgrade cycles.
2 Likes
Since I am still using 1PW V6 on my Macs and syncing via Dropbox to 1PW V7.7.7 on my iPhone, I suppose that at some point, a future version of 1PW on my iPhone will stop syncing.
As a former software developer, we supported our software for years — even past the warranty. If there was a security issue or major bug, we did a free update. It also meant that we were supporting versions 1.0, 1.0.1, 1.0.2, 1.1, 1.1.1, 2.0, 2.1, 2.1.1. And many times with no revenue. A customer bought version 1.0 four years ago for $30, and insist it must work with their new computer. It was unsustainable.
Subscription saved us. We now support maybe one or two versions of the code. We do way more updates. We fix issues more quickly. We have the revenue to continuously improve and test. It’s one of the reasons subscriptions are more expensive.
Another is there’s just a lot more going on. Software is more sophisticated and it must work with various third party services and products. And there are now three desktop OSs to support, iOS, iPadOS, and Android.
Plus, you have to keep giving people a reason for using your software. KeyChain is built into Apple’s OSs. For years, it automatically handled passwords and suggested strong passwords. The most recent version checks for duplicate passwords and passwords found in hacked databases. Next version will handle one time passwords. If 1Password wants you to use their software, they have to stay a few steps ahead in the game. Vault sharing, more OSs supported. Licenses and notes. These are features 1Password has that keychain does not… yet.
Sometimes I hate the subscription model. I use PhotoShop two times per month. Paying $20 per month whether I use it or not isn’t worth it.
1Password is something you’re using every damn day. It keeps you secure and safe. It has saved me a couple of times against extremely sophisticated phishing attacks. To me that’s worth a subscription.
8 Likes
I’m not happy about 1PW8’s plans, either, though I’ll wait to see the results. That said:
“This confirmed for me that software subscriptions are designed to maximize profits for the vendor.”
Can you imagine any vendors not eager to do this?
“I don’t doubt we’ll see a major breach of the 1PW servers in the next couple of years.”
Of course, there’s no security, good security, Top Secret security, and Eyes-Only security, but this isn’t just servers or the internet altogether. Nothing you’ve ever shared with anybody under any circumstance, or even just written down and hidden, or even a secret you’ve always kept strictly to yourself, is absolutely 100% secure in perpetuity. If somebody is hell-bent on getting it, they’ll use whatever means they can to find out, and if they’re skilled enough they’ll be successful sooner or later.
One question: If I have an M1 Mac, can I use the iPad version rather than the Electron version? Would that be better or worse?
I’m not a 1PW user, but what I don’t understand here is why they are divorcing themselves from Mac when Mac sales have been going through the roof over the past year. I’m guessing that they don’t think this trend will continue and that the money and time spent on supporting the tiny Mac user base won’t be profitable enough. But they will continue development for iOS devices.
If I were Tim Cook I’d have Craig Federighi working to substantially upgrade Apple’s Passwords so their free app will be equal or better than the 1PW and its competitors. And they certainly have enough cash in the bank so that they could buy a competitor to give development a head start.
1 Like
I endorse your assessment wholeheartedly. 
They are not. Their blog post explains what’s going on, but they are attempting to reduce the number of UI front-end development platforms. The Mac is complicated, as Apple seems to be encouraging developers to move to newer platforms like SwiftUI rather than traditional AppKit, but for 1pw that would mean either using SwiftUI for newer MacOSes and use something like Electron for legacy older MacOS versions, and 1pw was hoping to use the same SwiftUI front-end for iOS, iPadOS, and MacOS. But then they found out after development started that SwiftUI is not ready for that yet, so they are temporarily using Electron on Mac until Apple has their next-gen Mac development APIs ready. They could have gone back to AppKit for MacOS, but by the time they discovered the issues with SwiftUI, it would have taken too long to go back to AppKit. It’s possible that a future version will just go with AppKit, but they haven’t really said that.
1 Like
Yet they’ve said they’re staying with the iOS and iPadOS native clients…so why not just Catalyst those for the macOS client. It’s closer to being native than Electron is and acts closer to a native app than Electron does. I’m not a developer through…so perhaps there’s some reason not to go that route.
They’re not divorcing themselves, they’re using Electron to build the user interface rather than Mac’s native software.
My understanding is they originally planned to use SwiftUI rather than the separate Mac and iOS interface kits. The idea is to reduce the amount of coding needed for six separate platforms. After substantial time and effort, it became obvious that SwiftUI wasn’t developed enough to make a single code base for both Mac and iOS. The switch to Electron for the Mac was a last minute decision.
If I were either Tim or Craig, I’d work on unifying Mac and iOS development rather than threatening software developers.
2 Likes
In addition to recently switching to a subscription model, they are doing a lot less for Mac users while raking in more revenue from them annually. With all the billions in cash Apple has sitting around, Tim and Craig could easily buy 1Password or a competitor and insure timely and updates for Mac products, and ensure better UI design and user friendly features. And they could kill development for Android and Windows products.
The subscription model goes pretty far back. It’s not all that recent, though for all 1pw says about people choosing subscriptions over stand-alone by huge margins, the biggest reason is probably because 1pw basically hid any information about getting a standalone license for many years now.
Again, I’d say you should read the blog post before you say they are doing less for Mac users, because it doesn’t appear that way to me. It seems the effort is equal for all platforms. They have redeveloped the app for all platforms, added a Linux client, and are trying to unify the front end across as many platforms as possible. The Mac is not being ignored. I know people don’t like Electron apps on the Mac - I don’t either - but I’ll reserve judgement until it ships, and it’s possible that the app will be perfectly usable, and that’s fine with me.
I’d have to say that the vast majority of my use on the Mac of 1pw is just to fill in passwords and I really don’t open the app all that often anyway. But, again, we’ll see.
3 Likes
Great decision by 1Password - NOT! Now users not only have to pay forever but are also forced to potentially expose all their passwords to hackers. I have never been interested in 1Password researching its cost and the App paradigm. I did a lot of research before I settled on a competitor. What I have been using for years without any significant issues is SafeInCloud. It is NOT a subscription, works on all major platforms, allows local storage and optional backups and sync to all the major cloud services, including iCloud, Dropbox, and OneDrive(microsoft) or a custom one and is under $10 for a family - a one-time fee. I might not include all the fancy features of 1Password but what it does it does well, is kept updated with MacOS and allows its users full control of how they save their passwords and where they are saved. After reading all of this I am not sorry I decided against 1Password.
2 Likes
Yes, perhaps that will be what 1pw does - but that still limits their app to newer MacOS versions (Catalina and newer, IIRC), and I’m not sure that Catalyst apps feel native, either. (Though that may be because I haven’t used many of them.)
The subscription model is not an incentive for developers. It is solely a guaranteed income stream for the company. I have had a stand-alone 1PW license since day 1 (when it was “1passwd”), but have purchased every paid update they have offered. That is their incentive to develop great software - provide improvements that make users want to pay for a new version. Not forcing users to pay if they want to keep “renting” the software, which only encourages ill will.
1 Like