I use it: the convenience is great, combined with the password generation, and as Josh says, now auto-populating 2FA as well. In a locked-down work setting on a PC, I don’t get to install a client anyway so being able to get to all my passwords securely on my phone and just enter them manually as and when is usually a one-time or at worst infrequent hassle, and having Chrome remember them in my Google account helps. With some Apple TV apps (but not all!) the password field will also populate when using an iPhone or iPad, or if not you can copy and paste it in: a bit of app-switching, but not more than that. As they are copied locally I am not worried about a cloud outage. If I were genuinely cross-platform and also had universal admin rights, I could see a use case, but in answer to Steve: yes, completely satisfied, to the point of proselytizing zeal!
I’ve been in IT since punch cards, and I manage several Wordpress sites, etc. etc. Full techno geek. And what I see here is “all you have to do is [gobbledegook]” This is a solution for 1% of your readers. That said, I don’t like some of what you say about 1PW8.
Enpass works very well for me also. Has a totally local option which I find very important.
All these comments without a single mention of LastPass? I wonder why.
I don’t understand why nobody in this discussion has mentioned LastPass. It started as a Mac program and is available on all platforms. It seems to solve every issue that everyone has brought up like sharing passwords, family plan pricing, passing vault access to your survivors should you die, storing images (like your vaccination card),etc. As I understand the encryption, the vault resides with LastPass in a state where last pass does not have the encryption key. It also puts a local copy on every one of your devices that has LastPass on it. This allows you to not only access it from all of your devices but you can access it from any device in the world with Internet access. Over the last year it seems that LastPass has created different methods for automatically filling your username and password in all the sites no matter what their quirks are. It also does a great job of filling in personal information on forms.
Exactly why I brought it up. I can’t recall exactly when I started using it, but at least 12 years ago now and I’ve never seen any reason to switch.
LastPass was my first password manager, and I chose it at that time because, although my own computers have always been Macs, I often needed to login to one site or another from public computers in airports and hotels and e-cafes in Thailand, machines that were usually running Linux.
LastPass felt safe for that and for me always worked on every machine. It’s like Gmail in that respect, and the two of them together made traveling easy.
It has always worked very well on my iPhones too.
Also on 1PW 6.8.9 on MacBook Pro running Monterey 12.3.1. Was intending to stay on it until Rosetta goes away but may now make the move to KeePassXC sooner than that. Many thanks to Josh for this article, I didn’t realise there were feasible alternatives out there. The subscription model and being forced to live in their cloud are deal-breakers for me. Like sto I need a browser extension, great to know there are other systems out there with them.
I don’t know about 1Pwd6.8.9, but I’m running 1Pwd 7.9.4 Standalone on my MBP with macOS 15.4.1.
Aren’t you sacrificing a lot in security by using an open-source app? It seems to me, not knowing a lot about this side of the equation, that it can open up vulnerabilities by its nature. I’m not sure that moving from a password manager that stores your data on their servers to one that gives you the option to store locally but may be vulnerable is a good trade. After all, if you need to share data with other devices, you’re going to be storing you data on somebody’s servers, aren’t you?
Now, tell me how wrong I am.
All I can say is “me too.” I don’t know the advantages, if any, of changing from Password Wallet.
S U B S C R I P T I O N
I am looking forward to your TidBits book on Mac Users and Synology. On the advice of a friend, I moved from a Drobo to a Synology. Talk about un-Mac-like, I always feel like I’m trying to find a light switch in an unfamiliar room. I don’t know why when I added a 1GB file I had to replace 3 4TB drives with 8TB drives and I still have no space left.
So that’s why.
Have I understood correctly: 1PW8 only stores data in the cloud and therefore if you have no internet connection you can’t access your passwords? I suppose the argument might be that if you have no internet connection you don’t need passwords but, bearing in mind that vaults contain a lot more than just passwords, this sounds like a major step backwards.
Like some others here, I stayed on 1PW6 for a long time - it did all I needed it to do and did it well.
I’d welcome an expert (re)view on the Apple Keychain, it’s looking more and more attractive for my needs at the moment.
No, 1Password stores and syncs the data to each device and the passwords are accessible even without internet access. Obviously changes are not synced until internet access is restored.
That’s the great thing about encryption algorithms: knowing the method shouldn’t make it any easier to decrypt a blob of random data. This doesn’t mean that open source is more secure, but with open source an expert can audit the algorithms to ensure they are secure - something that can’t be done with proprietary methods. And proprietary algorithms that are trying to ensure security by obscurity can be weaker than known good open source algorithms for encryption.
Thank you for the confirmation about local storage. I was concerned by this:
Having done a pretty complete survey of the alternatives to 1PW myself…LastPass suffers from the same subscription and loss of features issues that is causing many 1PW users to seek alternatives. Moving to it doesn’t solve any of the issues. If those issues aren’t important to you…then there’s no real need to leave 1PW…but within those issues LP is a decent alternative.
It’s local storage on device only…unless something has changed recently in the v8 beta there is no ability to backup and/or restore a copy of your data to the location of your choice…and they’ve deliberately IMO designed their new encryption process to disallow use of any local storage (i.e., local SSD or network share or DropBox)…or perhaps that’s a deliberate decision rather than an algorithm forced decision. Whether their new encryption process is better or worse…or whether it is a case of better is the enemy of good enough…is a different discussion. Your devices will continue to operate and provide passwords with no internet connectivity…but won’t sync and in the admittedly low likelihood that the 1PW servers disappear the ‘master copy’ of the data disappears. I could live with sub and their servers and the funky app if I have to…but for me and numerous users who have said so over on their forums…the lack of backup and restore by the user to a location of the users choice outside of their servers and the lack of any sync without using their servers is a hard no. Their response has been essentially…we’ve made our decision, goodbye…but our way is sooooo much better and you just don’t understand how it is sooooo superior to the way you might want to do things.
I remember a similar set of arguments when they went to the subscription model.
If there is local storage, then would (one or more of) TM and a clone back this up?
No. In theory, open source is more secure since vulnerabilities are more quickly spotted.
Just my own. (Though I still have my 1Password vault in their cloud as well.)
I have considered pitching it to Joe, and it’s a book I would love to do, but I barely have time to keep up with the ones I’m already responsible for. My review is in the early stages, but the Synology is the easiest server I have ever set up or maintained. I guess a macOS server would be more “Mac like,” but you’ll be hard-pressed to find something more usuable than Synology.