1Password 8 for iPhone and iPad is now in beta, so you can try it and decide for yourself.
Thanks for this coverage.
I donāt like paying subscription fees or trusting others with my data. But I have lost more data while ārolling my ownā than I ever did in the cloud.
But thereās another, key reason I finally moved my 1Password database from Dropbox to 1Password.com. It finally hit me after setting up some new devices that I was dealing with a chicken and egg problem. I couldnāt get 1Password running until I got Dropbox running. But my Dropbox password was in 1Password.
Normally I could fetch the Dropbox password from another device already using 1Password. But thatās not a good disaster recovery policy. What if I lose all my devices? What if Iām gone someday and my family has to figure out how to get into things? (See the āDigital Legacyā book). Try documenting the process for your loved ones. Youāll quickly pay the subscription fee.
By using their hosted product, I only need a web browser and my 1Password credentials to bootstrap.
Now, none of this implies that 1P couldnāt or shouldnāt use an open database format that could also be backed up locally. Thereās no reason we canāt have both cloud advantages and independence; but 1P would have to accommodate. I would like to see them provide some type of off-the-grid, break-glass functionality like this.
1 Like
Today my annual rent was due for 1Password7. I just cancelled my account. I started with 1Password4 in 2014 and never thought Iād change but now itās time to move away.
Reasons?
- Rentware = bad
- Cloud only storage with no local files = bad
- Java āappā written for platform universality vice Mac specific program = bad
- Ceaseless cutesy icons and breezy air = somewhat nauseating
- Family sharing = useless due to empty nest and impossibility of getting spouse to use a password manager (making slow progress with Safari passwords/keychain)
Enpass meets my needs and Iāve been surprised how good it is. Iām also happy for local storage and an outright purchase.
For my real bucket list (āHereās what to do if I dieā) Iām working, while consulting Kissellās book, of course, on a variety of methods to maintain a chain for recovery in the event of various disasters. Starts with shared files in iCloud, encrypted and password protected of course. Continues through schemes involving recovery with BackBlaze backups, etc. etc.
Best of luck to whoever owns 1Password now. I just donāt think that a large number of users even need a PW manager beyond what Safari provides (present company excluded, of course), and overall security that Apple continues to improve.
1 Like
Wondering if anyone has any thoughts about the soon-to-be-released DuckDuckGo Browser for the Mac? Any beta testers here? Itās supposed to include a password manager which will import from 1Password and LastPass. And they are working on syncing between the mobile app and the Mac app. Other than that, I know nothing about it.
Iāve been using the privacy-oriented iOS DuckDuckGo browser for some time and have been pleased with it.
Iām definitely intrigued by the idea, and will give it a tire-kick once itās out of beta.
Iām a bit skeptical of browsers released by companies that donāt specialize in browsers. As for password management, I want that to be standalone and not tied to a specific browser. Iāll have to play with the beta and see what format they use for the password database.
1 Like
I have a sub as wellā¦but my main vault is on DropBox and their copy is a backup. The chances of losing all devices, all my wifeās devices, and the paper copy our son has of the 5 of 6 passwords that get to the rest is pretty low. You still have a chicken and egg issue thoughā¦you need both your master password and the long and non-rememberable secret key to get in. At that pointā¦I would have to pullout my own piece of paper. Alternativelyā¦my DropBox folder gets backed up in several places so as long as one of those is available I can use my new iPhone to recover.
Even with the subā¦you still need to get something to your survivorsā¦in my case itās a hard copy of the recovery key and a hard copy of password manager, device, and computer passwords that he has in his safe.
They claim that their master password and Secret Key combo is more secure than DropBox and master passwordā¦and thatās why they canāt support non sub accounts. That sounds like BS to force you to subā¦the algorithm that uses both could easily run locallyā¦itās just computer code. Using DB means that 2 services have to be compromised instead of 1 which is more secure to meā¦and in any event better security is the enemy of good enough security. Once you choose a master password and DB password that give you security for centuries using a massive offline cracking scenario as illustrated by Steve Gibsonās Haystacks pageā¦the fact that you could do something to increase the time from 10,000 centuries to a million of them is completely irrelevant. It is mathematically true and correctā¦but who cares at that point.
As long as you still have your car or son or buried in the yard or wherever youāve hidden the paper copyā¦you can recover from this problemā¦and without paper someplace you canāt recover from the problem anyway if you lose all devicesā¦because nobody is remembering their secret key.
The sub isnāt the issue for meā¦I already have one as part of my recovery system. What is the issueā¦and it will be one for any security professionalā¦is complete reliance on a single entity for recoveryā¦single point of failure is nerves goodā¦especially as the company is clearly pivoting away from individual users in my view and towards business users as a business modelā¦thatās where the money is and their VCs want to make a profit. If they cared bout usersā¦and Mac users in particularā¦we would have a native appā¦and while Iām not all that hung up on a native app I would rather run the iOS one on macOS than a non native oneā¦the lack of one is another indication of their direction to meā¦and all of their denials and explanations and marketing speak rings hollow to me.
Am I the only dinosaur still using 1Password 6? Yes, its UI is gimmicky and outdated, but itās not rentware and it integrates seamlessly with my devices and browser of choice. Even in Safari, where its extension doesnāt work, the menubar dropdown is more efficient than any other password manager Iāve tried. I like Strongboxās UI far more, and exporting to it from 1PW was a breeze, but the absence of a browser extension is a deal breaker for me.
3 Likes
Enpass does all of that, with webdav as well.
I just purchased the āLifetimeā option so no monthly fees.
Now, I yet to set it up, but that is comingā¦
Rich
Still on 1Password 6.8.9. Working ok on new MacBook Pro 16 inch
with Monterey 12.3.1. About to start testing Buttercup and KeePassXC.
Buttercup has an extension for Google Chrome browser.
Strongbox looks nice ā weak point seems to be capturing new logins or password changes on macOS 
Also, though autofill works, what is annoying is that Safari always kicks in and offers to save the just filled in credentials (you need to click on not for this website). Seems to be a bug in macOS, but a browser extension would work better here. Sharing via iCloud drive appears to work.
Enpass initially looks nice: none of the issues Strongbox has with filling and capturing. My beef with it: while it does support multiple vaults, you cannot share with iOS via iCloud with a different account and the folder sync offered on macOS is not available in iOS (will it would probably be a files app sync).
So, Strongbox would be nice if it could capture logins/login changes or had a browser extension.
I have happily managed my passwords in Secure Safe for many years now. Secure Safe is from a Swiss company which came recommended by a security officer of a company I worked for in the past. You can access your securely stored passwords and documents via their website or an app (which also stores passwords locally) available for iOS, Android, Mac and Windows and you can choose from various pricing options, including a free one.
I suggest you take a look at SecureSafe | Pricing for more info. They often give discounts, so I recommend checking for discount codes before signing up for a paid account.
(I have no relation with the company other than being a very satisfied customer)
Yep. The main reason I want the extension is to capture new passwords and changes, which is why I use KeePassXCās browser extension. If Strongbox had an extension it would easily be the top pick for macOS.
1 Like
No votes for Bitwarden? I need a cross-platform solution which made 1Password too expensive, and have had good experiences with Bitwarden for several years. Iām not, however, a security expert, and it may not be that safe.
Fwiw, Bitwarden is the Wirecutterās free/budget password manager solution. It sounds like a good option. The 2 Best Password Managers for 2022 | Reviews by Wirecutter
I mentioned it in the article. I think itās a great option.
I also am on 1PW 6.8.9. I like having everything local, with local backups. I was wondering how that would work on the latest version of the OS. My āoldā Macbook Pro is only up to Mac OS 10.13 (canāt go beyond 10.15). Thanks for the confirmation. But I may take a look at some others. I just need to be able to coordinate between Macbook Pro, iPhone, and iPad.
Iām no dinosaur, but I am getting older, and Josh, your solution works for a young person with smarts, energy, and time. Thinking ahead to a slowing mind, failing memory, and diminished senses and mobility, I want a simple solution that requires as little maintenance as possible, at the lowest cost. Iāll stick with 1Password and see how 8 pans out, and if it is as ugly as Evernote (Electron version) Iāll consider a return to Keychain or one of the āfreeā or āpay onceā alternatives.
3 Likes
I use Appleās accessibility feature called Voice Control to operate my Mac. Iām trying to stay away from electron Apps because they do not appear be usable with Voice Controlās numbered overlay feature where every UI element is numbered so you can interact with the UI element by speaking the number. Because of this fact I will not be going to 1Password 8 from 1Password 7. Does anyone know of the different password managers discussed which ones use electron so I can make sure to avoid them?
I use it: the convenience is great, combined with the password generation, and as Josh says, now auto-populating 2FA as well. In a locked-down work setting on a PC, I donāt get to install a client anyway so being able to get to all my passwords securely on my phone and just enter them manually as and when is usually a one-time or at worst infrequent hassle, and having Chrome remember them in my Google account helps. With some Apple TV apps (but not all!) the password field will also populate when using an iPhone or iPad, or if not you can copy and paste it in: a bit of app-switching, but not more than that. As they are copied locally I am not worried about a cloud outage. If I were genuinely cross-platform and also had universal admin rights, I could see a use case, but in answer to Steve: yes, completely satisfied, to the point of proselytizing zeal!