1Password Criticisms

I know that among the things that @neil1 doesn’t like about 1Password version 8 (“1PWv8”) are:

1. No option to host the encrypted vault anywhere besides their servers
2. lack of a local backup and restore capability in the users control
3. No non-subscription option

Others think that coding it in Electron is a problem.

@chirano posted this synopsis of (other) problems mentioned in the 1Password Mac forum, apparently during May of 2022:

1. no “never suggest in browser” — with 1PW 7, you could hide rarely used items. 1PW 8 shows every matching entry
2. no integration with 3rd party software like LaunchBar
3. can’t disable autosubmit – if you autofill the login info, it’s also submitted. This behavior causes a problem with pages with captchas, for example.
4. search behavior changed – the way you looked for items before may no longer work. For example, one user used to search for “vpn” to bring up the entry for “openvpn”. That no longer works in 1PW 8.
5. quick search is a poor replacement for mini — for example, you can’t fill CC or name info using quick search.

Does anyone have criticisms of 1PWv8 beyond these?

I don’t know of any other issues with the app…and the backup and restore one is the only hard no for me as a former sysadmin and IT security guy. I already have a subscription that is currently used for one backup of my vault and so that I can have a separate vault named 911 that our son has the password to with enough info in his safe that if we got hit by the bus on travel he can get to the rest of what he needs. I don’t particularly care for the Electron macOS app…but that and the they’re the only cloud sync option and subscription only since I understand the benefits to development of that are minor…since otherwise I’m happy as a clam with 1Password the product. I think that 1Password the company is shifting to a business/enterprise business model to the detriment of their individual users and to the benefit of their investors…and I’m not a particular fan of that since I’m an individual user and not an enterprise…but again I understand their profit motivation.

All that said…they’re still the best product today…if v7 dies then maybe they’re not the best any longer and it’s time to switch to something else.

On subject of local backup and restore capability I started this thread on the 1Passowrd community.

The thread evolved into a discussion about not being locked in to 1P. I haven’t done anything since my last post in May 2022 where I said:

“Anyway I just did a trial 1Pux export/import to a well known competitor and it worked, so I feel much more comfortable staying with 1Password 8 knowing this. My purpose in reporting this to reassure others who might feel like me, that we are not locked in, not to encourage a move, which I have no intention of doing.”

I think if you can export a 1Pux file which can be imported to another app, you could reimport to 1P.

Yeah…that would work…sorta…and their tech support suggested it…but it isn’t a viable solution for a number of reasons. The e ported file is unencrypted and tech support’s ‘solution’ was to encrypt it and store it elsewhere myself. That isn’t impossible…but there are some reported errors in importing this file into another app or back into 1PW…so apparently (at least anecdotally…I did not try it) it might not work as expected. Additionally…the encryption and storage is not automated at all or schedulable or to a specified destination. Older versions save a complete copy of your vault encrypted automatically to a location of your choice and that encrypted copy will get backed up by Time Machine, DropBox, BackBlaze or ehaterpver your normal backup routine is…and we all know that backups that don’t happen automatically are far less likely to actually get done. If they even offered an encrypted complete copy that they are willing to state and verify would import correctly…then even in the absence of scheduled backups one could use a calendar event or Keyboard Maestro or Applexcript or Automator or whatever to either automate the process best) or at least remind one to do it manually (less optimum).

I don’t see how their management can claim an unencrypted manual export file is a backup.

Bitwarden reports that LastPass’ export sometimes uses HTML entities in place of the characters they represent.

Perhaps you are referring to reports of the same problem with 1Password exports.

Over several years of providing feedback on 1Password 7 betas I read numerous justification by AgileBits personnel for NEVER allowing automatic submission. I agreed with them. Having transitioned to 1Password 8 very recently, I am at best surprised by automatic submission when all I want is autofill. And, at worst, how cumbersome the new appears to be.

So I am curious why automatic submission has become the mode. Examination of proposed credentials before submission is an essential feature to enable noticing pointing device errors.

I have been using the AgileBits cloud for years with version 7. I have no problem continuing this with version 8. It seems to do the job, but it did not take me more than a few days to discover how clumsy is the new UI.

1P8 lets you archive entries. Does that not stop autosuggest for those items? (Just tried it - yes, it does.)

Can’t rearrange the fields in an entry. Feature was available in older 1Password versions. FWIW, there’s a video of this working in an upcoming version:

My Face ID does not unlock 1Password on my iPhone. This is after the Apple Store changed my defective camera. The Apple Store said the screen was damaged during the camera repair, and also replaced the screen. This Face ID problem, AFAIK, has been unfixed for months. Reinstall on the iPhone hasn’t helped, which I thought is weird.

I think the categories are arbitrary. As in: there’s passport, driver license, and then… memberships?

There seem to be a couple of ways to attach files. One way is to create a new “Document”, and upload one main file. The other way, is to create an entry e.g. new “Secure Note”, add a new field called “Attach a File”, and upload files. In the first way, each entry has one “main file”. While in the second way, each entry has multiple files. Just seems weird. Can also add multiple files to the “Document” entry, but they behave differently.

There’s a new front page on my 1Password 8 iOS, so if I’m quickly looking for a credit card details, I need to click on “All Items” first, then choose “Credit card” from a menu. In version 7, all the categories were listed right there in the front page.

Worse, in 1Password 7 iOS, I can tap on a password field to get a contextual menu including “Copy, Reveal, Show in Large Type”. I usually want “Reveal”, because iOS usually can “get” passwords from 1Password natively. So, I usually am trying to view the password/PIN/credit card CVC number to type it in on another machine. In version 8, I need to press-hold to get the menu. A simple tap causes a “Copy” instead. Sort of think that “View password history” shouldn’t be in the iOS 8 enlarged contextual menu.

I don’t know about picking Favourites for easy access on the main front page. Do people have favourite entries? All my passwords are my favourites.

At the bottom of the All Items tab in iOS (the second tab on my version, after the “Home” tab) there is a customize button at the bottom. You can add categories and drag that item to the top of the list (which is what I have done.)

There is a setting (Settings / Security / Concealed Fields) to always show the items.

I don’t think that’s changed at all from 1P7.

I still don’t think that I should click on a hidden PIN, and have 1Password copy it. Followed by me hold-clicking to get the Reveal menu. I don’t think there’s any reason to copy a PIN, because I’m not usually going to paste it on the phone.

I would imagine that some people always want fields hidden in case of shoulder-surfing. It’s an easy setting to change. I’m sure almost always people are copying and pasting info from 1P fields on the iPhone.

Also, you can edit the entry make your own PIN field that is text-only (as opposed to a password) and that will display, just as notes will, if you don’t want to change the default.

I’m still using 1Password 7 (on iOS and macOS) but the change to the iOS tap behavior doesn’t sound like a problem to me. They probably have app analytics that show that most use of the contextual menu was to use Copy so they made that the tap and changed opening the menu to press-and-hold.

I encounter credit card fields that can’t be automatically filled all the time, in desktop browsers and mobile Safari, and have to manually copy information from 1Password. It’s true that for the PIN specifically, I rarely copy it, I copy the CC number and view the PIN to remind me and type it manually. However, I don’t think it would be a good idea to change the tap behavior just for PIN fields, the actions for hidden fields should be consistent.

Re “3. can’t disable autosubmit – if you autofill the login info, it’s also submitted.”

I would dislike that too, if it happened. I’ve been using 1P8 for a long time and it never autofills for me in Firefox or Chrome on a Mac. Maybe it’s different in Safari (I don’t use it so 1P is not configured there) or on other platforms.

Same here. It’s iCloud Keychain that autosubmits for me when I use it. 1P8 never does.

I’m pretty sure 1PW 8 did autosubmit in Safari because I noticed the change in behavior immediately after upgrading from 1PW 7. It hasn’t auto-submitted lately. I don’t know if a subsequent update changed the behavior, or if a browser extension like StopTheMadness disabled it.

1Password suffers from feature creep. Computers should simplify our lives. Life is too short.

I’d like an API to copy links (cf. Manifesto for Ubiquitous Linking), but I have not pressed it with them because I assume for security reasons they minimize all integrations. So 1password gets a free pass from me on this. Maybe I’m missing something. (We need to keep in mind: every single little feature adds to the risk of bugs, which in 1p case can mean a security issue.)

With apologies for a reply that doesn’t actually reply to the topic (so kindly move on if that bothers you, thanks), but is related:

Does anyone here know if someone on the 1Password 8 development team reads threads like this?

This is a remarkably astute, intelligent and thoughtful group – there isn’t whining here, just considerate evaluation and a real tone of “we’d love to see this product improved (or returned to how it used to be great)”. I have had good experience with the 1Password customer support team over the years (with only one odd exception, a haughty fellow whose cold, dismissive and useless reply I disregarded and then I simply asked the question again and got someone helpful).

If we think no one from that team is seeing this and similar threads on TidBITS Talk, would you all mind if I invited them to have a look?

Please share your thoughts. Thanks.

Jeff