I’ve coasted along using version 7, subscription. Should I switch to 8?
Much has been written about 1Password 8 in discussions here.
1Password 7 is no longer officially supported, though AgileBits has been helping people with a recent problem that may be related to macOS or the Mac App Store.
Personally, I have no issue with 1Password 8 other than, because it’s an Electron app, I can’t get a good screenshot of a dialog within the app, since Apple’s screenshot tool doesn’t see it as a standalone interface element. That’s completely irrelevant for anyone who doesn’t document the app for publication, however. Functionally speaking, however, it’s totally fine for the roughly 1000 logins I have in it.
I’m waiting until v7 quits working. When v8 shipped…(and I already have a subscription)…there were several things missing…DropBox support which isn’t coming and the inability to do your own backup of your data and in a last ditch scenario restore from backup. I don’t like the new interface or the lack of DropBox support…but I can live with those. But the no personal backup and restore was a nope, not happening for this former IT guy. However…they’ve since admitted…and I can provide the details if needed…that there is a copy on your computer that can be backed up and restored with TM or CCC or whatever. So…I’m now willing to use v8…but for me I would rather keep DropBox support for as long as possible…so for now I’m still using v7. If or when it breaks I will switch to v8. I did a pretty exhaustive survey of the other options…and for me Secure Notes with formatting are a need as well as dedicated field types for licenses, passports, credit cards and the like…and there are zero other options that offer both a built in or TM/CCC backup and restore as well as the features I require…so I really can’t switch to something else.
I still don’t like the loss of DB support…and their claims about their Secret Key being more secure…while technically accurate…are simply distractions because once my vault takes a trillion centuries to crack that’s plenty good enough and 5 trillion centuries isn’t really any better. Their statement is marketingspeak forced on them by their VC owners (or minority owners, but they’ve never admitted what proportion of the company they sold for the millions they received)…and is meaningless as far as actual security is concerned. I also don’t really like the forced subscription model but that’s software these days. What I dislike the most…is their new and improved business model where (because of VC demands) they’re transitioning to a business based customer base which is to my mind a detriment to their individual users…but as I said…they’re the best in the business and there is no other option if you need the features they provide.
I hesitated for quite a while over 1Password 8, for the usual reasons—having all my passwords in the cloud, and subscription pricing.
I finally did switch, though, and have had no problems at all. I’d had my passwords database in DropBox, but nowadays I’m trying to move away from DropBox, so this has actually been helpful for me.
I value your thought process. Thank you!
My wife and I share Dropbox and 1Password accounts, so moving to 8 seems complex.
We share DropBox but she refuses to move away from Password Wallet…and isn’t interested in autofill of passwords even after the certificate is verified like 1PW does. PW was a fine app for its time…but it’s supported by a one man shop who has essentially moved on to new endeavors so updates are extremely rare and he’s not interested in adding any new features or adding the things it doesn’t do 9r fixing the things it does poorly. I’m not really happy about the loss of DB support in v8…but I can live with that…but the no user backup and restore capability with the “just trust us” attitude made it a non starter for this retired IT security guy until they admitted there was a way to do it yourself. I’m actually pretty sure that they have plenty of redundant and multiple backup schemes and that their trust us is actually completely valid…but no one…ever…should simply trust the cloud backup schemes of anybody and should maintain their own personal backups as well. Moving to v8 actually isn’t too hard and I will do so when I have to.
I switched to version 8 in June. I’m not a fan; the electron app may be barely OK as a standalone app, but has lots of issues in the integration between browsers, the desktop app, and the menubar applet.
Don’t believe me? Look at this thread I created in the community site, which just focuses on integration issues.
Theoretically then, does that mean there’s no technical reason 1Password couldn’t provide a local vaults and sync option in 8 if it wanted to?
I can’t speak for them of course…and I’m quite sure that they’ll trumpet their Secret Key as the reason they can’t do that…but from a non coder perspective it seems to me that local vaults, DropBox sync, and all the now missing features were deliberately deleted to force users to use their and only their solution. As a long time IT security guy…their Secret Key is just a second password needed when you get down to reality…and the Master Password and DropBox password are also just a second password. From a strictly math standpoint…forcing one of those 2npasswords to be 30 or whatever it is random characters long is ‘better’ than a shorter DropBox password…but in reality the difference between 19,000 centuries to brute force crack and 1,900,000 centuries while mathematically it is more…from a practical standpoint it is essentially meaningless. But that’s the reason they claim forces them into their servers and no local or DropBox or whatever else storage…but meaningless numbers are still meaningless. Bottom line IMO is that the VCs they sold their soul to demand a decent ROI…and that’s driving the issue more than any other factor.
All that said…there is still zero…as far as I’ve been able to find…other options that provide the capabilities I’ve become used to having in my password manager…which is why at this point I’m sticking with them. If they had not admitted that users can do their own independent backup and restore if necessary…despite my belief that their backup routines are probably actually perfectly adequate…then the chances I would have gone to v8 are just about zero.
I’m sure that …if we asked them…they would be able to provide a perfectly valid sounding justification for their choices…but the6 would be (IMO) splitting hairs and obfuscating reasonableness because “the math proves their solution is better”. But…better has always been the enemy of good enough…and for the vast, vast majority of users…good enough is…well…good enough, and the advantages provided by ‘better’ don’t outweigh the disadvantages of ‘better’.
Wondering if anyone has seen any comments/updates recently from 1Password re its survey and discussion:
Perhaps you might check this out:
I bailed out of 1Password after they got ‘bought’ by the VCs. This guy is a Canadian who’s responsive. He originally offered a non-subscription price, but then had to go with subscription when sales weren’t meeting expectations (I missed the one-time offer, dithering.) I wrote him and he promptly replied and described why he had to change to subscription (currently $20/year or $3/month for one person, or $30/year for family plan.) I was so impressed by his honest reply that I subscribed (first-ever subscription software for me.) You can try Minimalist for free (limited to 10 items) to see how it works. I use both iCloud and local backup for my encrypted Minimalist data, and can use Minimalist on all my devices (phone, iPad, 2 MB Airs, 2 MB Pros.) I’m not as savvy as most of you, but this works great for me. Note that it’s Apple-only at this time.
All the best, Gary
One of the alternatives I examined…but lacks features that I need compared to 1PW. As I said…I’m not happy with no DropBox but the only hard No for me was the lack of sufficient user level backup and restore. The other issues are minor compared to that and I’ve become used to having all the features 1PW has and there are zero alternatives that I’ve fop that both have all the features, DropBox, and adequate auto backup and restore routines.
I have been using 1Password for many years and loved it - until v8 came up. For the well known reasons (and upon review from Tidbits) I switched to KeepassXC (and its Strongbox companion) a year ago, using a Synology NAS as the sync hub. With some IT knowledge, this is not overly difficult to install, it works great, allows local backups and has none of the privacy worries.
Neil Laubenthal: However…they’ve since admitted…and I can provide the details if needed…that there is a copy on your computer that can be backed up and restored with TM or CCC or whatever.
Neil could you please provide these details.
Seconding for Neil to provide details.
I’ve been using 1Password since version 1. Like many of you I am not happy about version 8 which requires using their servers. I’m not sure what I’m going to do when the inevitable happens.
Seeing this discussion, I’ve been looking at their support pages and found a page explaining how to export everything from version 8 into either the “1Password Unencrypted Export (.1pux) format” or a comma-separated values (CSV) file. So it is possible to get everything out of 1Password8.
Ok, per their support folk, the vault is only decrypted in RAM, changes applied to the RAM copy when syncing, and it gets encrypted back to disk…stored at this location. This was confirmed by the head man there at 1PW….along with the IMO bogus statement that users had no need to do any sort of local backups because they had it under control, just trust them.
~/Library/Group Containers/2BUA8C4S2C.com.1password/Library/Application Support/1Password/Data
That gets backed up by Time Machine and whatever other method one chooses…and to restore just fully quit v8, restore that folder, and launch v8 again…it will get decrypted to RAM, synced, and encrypted back to disk with the changes. This provides user only backup and restore without depending on their servers. In the worst case where their server copy got replaced with an older backup (although TBH their backup routines re most likely more than adequate but they didn’t answer a specific question to please delineate their backup and second copy architecture) then the more current user level backup would get decrypted and synced to their servers and then down to other devices.
As I said before…there are other things about v8 that I and some other IT security used to be or current pros don’t like…but this is the sole hard no issue. And having done a pretty exhaustive examination of the alternatives…there isn’t anything I found that completely duplicates 1PW functionality and none that even came close and had any sort of automatic user level backup and restore abilities.
Unless they’ve fixed it…at my last look there were still issues with reimporting the export into something else…and whether that was a 1PW export issue or the other brand import issue was unclear. Most likely it’s the import side I would guess so some cleanup after import might be needed.
Still using 1PW 7. Any problems using 7 in OS14.2.1?