So sorry we scared you away! Linux has been on our radar for a while but our biggest challenge was finding a way to share code between apps without writing everything in C++. Thankfully we found Rust, a systems language built around efficiency and safety. From there we were able to build the common core we've always dreamed of and were off to the races. Please give us another chance and let us know what you think. <3
That sounds interesting. Can you list the major technical reasons behind this decision? Also interesting will be if you could explain how Rust addressed those pain points (I have read about the general advantages that Rust has over C++, but interested in hearing how it plays out in the wild).
Don't they have browser plugins? That's how use Lastpass on Ubuntu. I mean, besides Electron apps, who actually makes native Linux apps? (joking, not joking)
Yes. Though it was slow (slower than other extension based password managers), but worse, it was missing some of the features. I can't remember exactly what it was, but at one point I tried to edit something, but there was no way for me to add something. Though I've forgotten now, it felt quite a critical think to have at the time.
Is this better than just using KeepPassXC with a simple kbdx file synced to an online drive? It's an honest question, I've never used 1Password before.
Yes as it isn’t subject to accidental overwrites of the data file It also has useful integrations like browser extensions so can autofill. Not sure if KeePass is capable of that. It’s a paid app though.
I’m a recent windows 10 convert from Mac and a 1password user for years, I have disagreements with my buddy who is a long time windows user along these lines _all_ the time. He thinks I’m insane for essentially paying for UI I prefer (I would disagree I think there’s some structural differences, but I’m okay with being reduced to that too). It’s like asking why someone buys anything, the products exist and sell and make some people happy while being absolutely insane to others. Such is life.
I'm also happy to pay for better UI alone but that does seem to offend some people. It's usually the same people who if they find out you take vitamins will start telling you what the placebo effect is.
The reason usually is that there are people with a lot of money to throw around and there are others with less money who instead invest time to research where they can save it on a product. If then they not only find a way to save money on a product but also one with more features (so more for less) than the one people throw money at, they are in disbelieve why somebody would throw that money on the worse alternative.
I see this as quite reasonable thinking for somebody who never had too much money.
Of course it might be that in this case the much more obvious is the case: throwing your most important data into a cloud on a close source system is kinda..."optimistic".
Ah sorry I missed it. My poor macbook pro of 8 years finally chimed it's last boot chime, so to speak. I have a windows PC that I had used mostly for games/web, so "convert" might be strong, I just haven't decided if its worth replacing :)
I used older version of 1Password on Mac and use KeePassXC on Ubuntu now. 1P is definitely slicker, and presumably the subscription comes with support. For me, not a worthwhile trade-off, but could be worth if for some people, especially those with many devices to keep in sync and business users.
I switched from KeePass to 1Password mainly to get my family on it. They really appreciated the clean workflow once they got used to it after a couple days. And the auto-sync feature combined with the mobile app has been useful for when they have to enter the Netflix password on various devices.
Sure you can use lots of other password managers, but if we are not talking about solo use case - it's practically impossible to beat 1Pass. You can set up your team and family in minutes, with granular controls. And people will understand how to use it in a few minutes.
With most other solutions you will have to spend hours here or there. Is that time worth a few bucks? For me I would gladly pay x2 so it just works and no one has to bother me with questions.
I switched from LastPass years ago, and 1Password is great. I use a family account, and it's been easy to get my wife to use randomly generated passwords.
The only missing piece for me is a native Linux app since I use Ubuntu for all my development environments. The web browser extension works, but it's a noticeable difference moving between it and the windows desktop app. I'm super excited to give this a try.
Unfortunately this only works with hosted 1Password (as far as I can tell), there doesn't seem to be any support for self hosted vaults. Can Roustem or anyone else from 1Password team clarify this?
This was the precise reason I switched to BitWarden 6 months ago, needed a solution where my passwords didn't leave my network.
I currently get by on Linux by syncing my 1Password vault and reimporting it to KeepassXC every time I need a newly added or updated entry. Annoying to have to create new entries on another devices and sync when I need an account on Linux but it works. Looks like this update provides me with nothing useful.
There’s no way I’m moving to a 1Password account, but I might just switch away entirely the next time I need to pay for an update or whatever, given the apparent lack of interest in serving my needs despite the amount of money I’ve paid for updates, etc. to date and the fact that it’s clearly technically possible.
Use local vaults and you can firewall the application. Sync a different way and somebody would have to compromise 1Password and the sync service to get your passwords. Use a 1Password account and you have to use your master password in a web browser to manage your account.
1. I don’t like or want subscription software. I shouldn’t have to pay continuously to retain access to features I’ve paid for for years and it’s not ok to potentially lose access to my main method of creating and accessing secure logins across devices if I stop paying (which could be by choice or, whether temporary or permanently, involuntarily/accidentally).
2. I don’t want to store my data on their servers. I have ways of securely syncing data that I trust and that use only devices I control. For reasons of trust, security, etc. I want control of where my vaults are stored and it not to be the same company as the one that provides the software (for some machines/vaults I can also prevent 1Password from accessing the internet at all, to ensure the vault can’t leave a secure network, for instance).
3. If everything I store in synced folders was a separately charged service I’d be paying thousands a month. This trend is unsustainable and unwanted. I see absolutely no incremental value in the hosting service so I don’t want to pay for it.
3. The whole sleazy business model that pushes users towards subscriptions and makes it harder and harder to stay on self hosted vaults and uses things like this, described by them as the most requested feature, as leverage to try and force more users to switch. When the subscription model was introduced there were assurances to concerned customers that we were valued and this self hosted sync method would be supported. I am fine not getting features that are and should be deeply integrated with and require their hosting service (I also have no interest in ever having access to my vault via a web browser, which has the potential for horrible enough security properties that I’m glad it’s not an option (and I don’t have the time or inclination to have a feature which I don’t require anyway audited)). But when an entire desktop client is put in that bucket, it is because someone decided to make it so to try and get us to fall in line, not because it needs to be. Not the action of a company that respects any the users who still want to self host like they say they did.
At this point, with what appears to be a company that’s hostile to my use case, it’s getting difficult to justify spending more money at the next upgrade just to avoid the one time pain of evaluating options and switching to something that’s potentially better for my needs (if it, say, has a full
Linux client I can use). If I move I’ll also likely plan to switch over the teams I manage that do use the subscription model. Subscription software makes far more sense in a corporate setting, and if the 1Password account fits the threat model then great, I use it, but if I am no longer using or evaluating 1Password (especially when the reason is partly trust in the company itself), that gets trickier, as does continuing to recommend it to others.
Appreciate your response. I'll reiterate what I've said past threads - I love 1Password a lot, and used it exclusively from 2012 to early 2020, in addition to using it personally I converted majority of my extended family to it as well. What irks me is that I paid for the desktop (macOS) app and iOS app once back in 2012 and once again for 1Password 7 (or 6?) upgrade, that is not enough to support the company and is primarily the reason why AgileBits went subscription route. Again - 100% understand and I'd like to support this business.
I really don't want to store my passwords on your "servers", and I'm sure there are few others like me - not a majority. In our case BitWarden's idea of paying for a subcription (happy to do it), and hosting BitWarden in my own network - pretty close to local vaults in terms of analogy.
I still like the UX of 1Password, if you ever allow local vaults and still charge subscription, I'll sign up on day 1 - I just don't want anything to do with my entire vault being hosted elsewhere, potentially irrational but when it comes to things we store in 1Password and the like - CC #, Passport number, decryption keys, licence codes, launch codes (jk) - I feel OK with my irrational paranoia.
> I really don't want to store my passwords on your "servers", and I'm sure there are few others like me - not a majority.
Businesswise, it makes sense as a first push: get a solid UX working for existing 1pass users who sync via the cloud better access on Linux. Then move on to the less glamarous parts like local vaults.
> I just don't want anything to do with my entire vault being hosted elsewhere, potentially irrational...
There is no logical mechanism that can tell you the correct amount of risk to take on, and yet you can't take actions without accepting some degree of risk. You can't justify your tolerance of risk, so it can't be rational, and yet you have to take an action, therefore you can't be fairly accused of being irrational. It's thus neither; I call it "arational" behavior.
You might think, hold on, there's a logical way: I'll look at what happens to a group of people pursuing different risk strategies, then model the expected risk vs return, and thus I can determine the optimal level of risk.
But I'd argue it's fallacious to apply that general claim to the individual. For one, you invariably have a set of outliers who were overly risky and beat the odds, were they all wrong? If not, what's the cutoff point, and why? (And likewise, a set of outliers who were unlucky despite being overly conservative, were they also wrong?)
Another reason is, as they say in finance, "past performance is no guarantee of future results." Any model you come up with to justify a risk strategy can and will be invalidated as history unfolds.
If you can't trust them to host an encrypted blob, you can't trust them to run code on your local machine. I agree with you that the resistance isn't rational.
That isn’t logical at all. The two are completely different threat models.
I used to be a happy 1Password customer until they decided that they did not want people like me as customers. I trust the code, I don’t trust them to store my data, encrypted or not.
They've absolutely crippled 1password to make local vaults as difficult to buy and use as possible. They don't roll out updated versions as often, many versions don't get support for local vaults for years, they make it nearly impossible to buy the non-subscription version, and you can no longer upgrade older licenses to use new versions.
Their entire business model is really sleazy and they've gone out of their way to alienate people who don't want to pay for a subscription and hosting service for something as simple and secure as locally encrypting passwords. I was a loyal customer for a long time but after a few years of them jerking non-subscribers around, I got tired of it and tell any friends and family to stay away from it.
Every company that has moved to a subscription and cloud-based product has essentially traded a one time $30-50 license to getting that (or more) every year, and the product is usually inferior from my experience.
> Every company that has moved to a subscription and cloud-based product has essentially traded a one time $30-50 license to getting that (or more) every year, and the product is usually inferior from my experience.
Two mild counterpoints:
(1) While "from my experience" is always definitionally anecdotal, most applications that I'm aware of that have moved to (or started with) a subscription-based model have released new features on a rolling schedule that's at least as fast, if not faster, than the "one-time license" model. On the Mac/iOS, there's Ulysses, Fantastical, and Drafts off the top of my head; cross-platform, the JetBrains IDEs all come to mind. (They're not precisely the same model due to their "perpetual fallback license" approach, but they're definitely trying to drive you to subscribe.) And, for all the mostly-deserved hate Adobe gets, their release cycle appears to have picked up speed since they moved to a subscription model.
(2) The one-time license model works great for applications that don't need any updates in the future beyond perhaps bug fixes. If you want ongoing support and new features, where does the money to support that come from? In years past it would have come from upgrade pricing, but programs went years between new releases and there was nothing that compelled users to upgrade if the old program was still working on their hardware. I get that as a user that's great, but for developers, it's, well, rocky. It was livable a decade ago because those big application programs were way more expensive. At today's prices, where $39 seems kinda steep, that may not be a workable business model.
As for 1Password specifically, I run it on a work laptop, a personal laptop, an iPad Pro, an iPad Mini and an iMac, and keeping the various "local vaults" in sync was always a bit of a pain in the ass -- and of course there was no way to access that vault over the web on a different machine if I really, truly needed to. And I know more than a few people using 1Password for Families. I don't think it's a "really sleazy" business model at all. It may be a business model that you don't like, but that's not the same thing.
Maybe they weren't. 1Password used to support self hosting and third party sync services. Some versions still support some third party services but only subscriptions work everywhere.
Hosting my encrypted data means anyone with sufficient access at any single time can copy the encrypted data and attack it or me, then or later when eventually feasible.
Hosting only an executable I download and execute means the adversarial extraction of data must be contained within the executable and bypass all security from within my system. There is a window of opportunity for sending out a signal indicating the executable can not be trusted.
I do trust the team of 1Password to be competent and not evil, but there are many things that can go wrong anyway.
I remain disappointed that there is no way to set up nor configure a 1Password.com account without the web client.
> I do trust the team of 1Password to be competent and not evil, but there are many things that can go wrong anyway.
Very much this. I don't benefit in any way from having a copy of my sensitive data in their cloud, so as a very basic security principle, I don't want them to have it.
And that's just for my personal use. If they drop support for local vaults, I have to stop using it for work, too, because my employer prohibits password managers that store passwords in the cloud. My understanding is that these policies are specifically designed to keep us in compliance for government contracts, so I don't think they're changing.
I agree; and unfortunately I found self-hosted vaults to always be a bit challenging to get right, if I wanted to use my vault on multiple devices. The local-network only sync engine never worked for me, so I ended up using another third-party's servers to sync anyway. I signed up for 1password.com a couple months ago and it's been painless. To each their own!
> an executable I download and execute means the adversarial extraction of data must be contained within the executable and bypass all security from within my system
(emphasis mine)
Security is about having layers. I can't begrudge someone wanting to add layers to their security.
And I would bet that a team who's job for many years is to ensure the safety of your data will do a better job at it than 99.9% of users that host it themselves.
As somebody who uses exclusively local vaults and pays via subscription, that is totally possible. It’s not possible on Linux, as noted above, but the Mac/iOS apps have supported that for the full lifespan of the subscription model.
Some of them I sync via Dropbox’s native 1Password integration. Others are stored as raw files from 1Password’s perspective, and I sync them by either copying the files or storing the file vault in Google Drive.
If you don't mind sharing: what benefit do you get from this configuration vs using the features of 1Password.com that are included in membership? - Ben, 1Password
I hope Agilebits considers adding local vault support. I’m a long time user and even a subscriber, but I don’t actually use the account I pay for, for anything except license to use the software - I still use local vaults.
I’m happy with this arrangement - it’d be a shame if the Linux client never gets this functionality.
No, this has been available for YEARS on Mac/Win, so it's not a preview of anything. Self hosted vaults haven't been in the new apps for years either, although the last version to support local vaults is still available.
The latest versions of 1Password still support locally stored vaults. They only sell the cloud service subscription these days, but you can still use local/Dropbox vaults on every platform. (except for Linux it seems)
...why? Of all possible target audiences it would seem Linux users would be the least receptive to this kind of thing.
Forgive my bluntness, but to me this looks like you're just testing forced adoption of 1password.com hosted SaaS on a platform you don't really care about before rolling out the same to Mac & Windows. Which would be unfortunate.
I can't speak for them, but it's my impression from using 1Password for a good few years (both the local-vault product, and then the "account" subscription service) that local vaults are basically deprecated, even though they work fine. They're just not a good way for AgileBits to make money. So they'll keep them working in the software for existing customers who paid for them and expected them to work; but they won't add new features to them (except by coincidence as part of architecture-level updates) and won't bring them to new platforms where they weren't originally promised to work. They're a legacy feature, serving legacy customers.
For the same reason that they won't bring local vaults to Linux, I don't think they'll ever kill local vaults for macOS or Windows. There are customers who paid for that product, and expect it to still work. (And, unlike e.g. an old version of Photoshop, it's implicit in the USP of a "password manager" product that it'll continue to get updated so that it works on new OSes and so forth, so that you can still have access to your passwords. You can't just stop supporting it; that'd break the whole value-prop of the product, retroactively, and so break the trust of future customers in any "password manager" products you have today.)
This is what I like about HN, interesting people drop by from time to time to visit.
I have been a happy 1Password customer for years, but I am in the market for a change now. I really wish 1Password had an iOS client that didn't require 17+ permissions.
I'm in the same boat as the sibling: I'm about to move off of 1password because there's no Linux client. I'm a regular licence user, not a subscription user, and I will never buy a subscription from you but I've been happily paying to upgrade every time you release an upgrade to the regular software.
It seems that this is signalling your commitment to stop supporting users like me, and that's very disappointing.
A subscription implies you lose access to the software when you stop paying the subscription.
Buying a license implies you own it and are entitled to use it indefinitely. You might not get any updates but you also aren’t losing access to what you already paid for. Very, very big difference.
While I understand where you're coming from, I think "indefinitely" is a fairly impractical viewpoint in the sense of modern computing, particularly in the context of 1Password. Presumably you'll continue to update your web browser and your OS, which will at some point necessitate updates to the 1Password apps. For example, with Safari 13, which came baked in with macOS 10.15, Apple changed their entire extensions framework and retired the old one. 1Password 6 was built around the old one. So even if you have a license, and could theoretically install 1Password 6, if you're a Safari user it doesn't do you much good. Membership on the other hand would've included 1Password 7, where we implemented a Safari App Extension for Safari 13+ support. Just a counter-point for consideration. Also, for what it's worth, 1Password memberships become read-only when your subscription lapses, but you don't lose access. - Ben, 1Password
Please tell me local support is coming. I'm a longtime 1Password user who only uses local vaults and I feel like 1Password is increasingly showing me they aren't interested in me as a customer.
Depending on your use case, KeePassXC supports reading local vaults, but currently just reading them because I didn't have the need to try and round-trip the vaults for my on-call laptop.
I don't believe it would be an overwhelming amount of work to implement the write portion (err, aside from getting a security review) but I do seriously doubt that KeePassXC would accept the PR to change the backing store, meaning it would have to be a fork :-(
I assume the downvotes are for tone, but this is materially correct. It is proprietary, paid, and stores your data (encrypted, but that only solves some things) on remote servers, the last point being something that's associated more with newer apps.
1Password has probably been the single biggest productivity increase tool I've ever purchased. Worth every cent, and new Linux support news is fantastic.
>Our new app is built on great open source projects like the Rust programming language for the underlying logic, and React for a responsive component-based UI.
Is this using webview? On Mac I believe the app is completely native, so does this mean 1Password will be switching over to using webviews across platforms?
Nice to see progress here, though 1P continuing to move away from local control to force subscriptions is regrettable. Even so, the UI hasn't been matched yet IMO, which is important for getting the less technical to use it. We're sadly also still a ways away from passwords being eliminated entirely, so it's still very important to get everyone using one.
One thing still missing I really hope to see though is the local application (on all platforms) supporting hardware tokens for unlock (with a backup master option). That'd be a nice extra security+convenience option which would work across platforms.
For many/most types of software I am in the same camp of people who would prefer to pay more upfront for a license as long as the software continues working as is - I bought it because it worked and if I chose to pay more in the future for a better version, I will make that decision based on the new features added and not the old features being held hostage.
However, for something as high-value as a password manager, I think having a subscription model makes a lot of sense. I can't think of any other class of product where timely updates from the developers are so critical to the utility of the product. You could even argue that an unpatched, out of date password manager is worse than no password manager.
So to preface: I don't use any web functionality in password managers at all, only the client applications. But that's the context for my regret over the forced subs too.
>I can't think of any other class of product where timely updates from the developers are so critical to the utility of the product.
I can think of a ton actually, although I guess it depends on what you consider important functionality there. Now, there is ongoing maintenance needed for things like keeping up with browser integration, but I'm not sure exactly what security updates should ever be needed unless they really fucked something basic up. The only things that need constant attention are their own cloud service, but that's a function of it being their own cloud service vs someone running their own server or syncing via Dropbox.
>You could even argue that an unpatched, out of date password manager is worse than no password manager.
I don't think you could frankly. Like, what's the threat model here when we're talking data that lives on our own systems and is E2EE? Fundamentally, password managers do not defend against the trusted end point being pwned, for that you need an HSM of some sort (or at least some weaker but still somewhat functional kinda of 2FA). All data from the end system should be fully encrypted before leaving, and since the system is trusted by definition timing attacks shouldn't be a concern (or at least are trivial here to negate entirely), so the security should depend purely upon the PM's ability to perform basic at rest crypto, use a decent key stretching as needed, etc. Which is frankly a solved problem with well vetted free libraries, that's not the hard part of security.
Honestly, 1Password and the like aren't that different from the macOS Keychain Access I'd been using for many many years before hand. They've got better organization and UX flow these days, and browser integration is a genuinely big deal. But I never had any problems with Dropbox sync with pre-1P.com nor do I still have any problems with sync there. In principle, the 1P team could have made all the admittedly alright group stuff and so on available as a standalone server thing people could run along with their own cloud offering of the same, similar to the way Gitlab and many others do. Buy the server/client licenses standalone and run infra yourself, or not, your call. WiFi sync didn't have to be left as primitive as it has been either. Etc. It's a business decision for them to push subs because subs are very profitable. And I recognize yeah, it's a way to make lots more money in a reliable fashion which people like. But I still regret the sub trend and think it's usually a negative overall particularly for people trying to fill situations outside the norm. 1Password's sub thing for example doesn't scale with large families, there is a huge disconnect between a small family and an "organization" in their pricing and general structure which isn't due to cost basis, it's due to their perceived ability to pay.
I'm genuinely optimistic though that things like Webauthn represent real turning points, and we're finally (10-15 years late but better late then never) moving away from the madness of service passwords and managers "have i been pwned" and all the layers that essentially recreate PKI, very badly. As far as security goes, neither I nor anyone else should need to give a single shit or change anything at all if a website is completely utterly hacked, because the only authentication that should be there should be a public cert for me. Damn it, asymmetric credentials was solved forever ago!
I just moved from (paid) 1p to bitwarden at the weekend due to lack of proper Linux support. I was just testing bitwarden and found I couldn't easily get a good export of my passwords from 1p on Linux, because only their desktop apps support that. It won't run under wine and I ended up installing a Windows VM specifically to do the export.
Was so frustrated at this it pushed me to move to bitwarden. Good for them for sorting it though.
... I wish I'd thought of booting into my Windows partition and installing 1password there, instead of spending an evening writing up an extremely overwrought export script on top of the commandline client.
Would you mind sharing it, so that other people don't have to go through the same pain you did? Maybe even creating an issue and dropping the code there could be helpful. Then somebody could pick it up and reuse the algorithms you wrote.
Caveat that it doesn't emit a csv you can import elsewhere, it's not extremely polished, hasn't ever been run outside of my laptop, just does a bunch of unnecessarily clever things. Needs the 1password commandline utility `op` set up (ie you have to have told it your secret key already).
It'll create `items/` and `documents/` dirs with one file per, well, item or document, named after the uuid. It tries to make a symlink named after the metadata for each file in the hope that you'll have an ok time tabcompleting your way to the desired secret. There's some attempt to not redownload files that you already have, mostly because I re-ran this thing a million times trying to get it to work.
I wrote this to be able to zip all my secrets, `scrypt` the zip file with a strong password, and put the scrypted file on a usb drive that isn't particularly well hidden, just as another fallback/recovery option in case a meteor hits 1password HQ or my paper backups catch fire.
I started to write that exact script myself (go to the point of realising jq probably wasn't going to cut it :), motivated by the desire to help others escape too but I just ran out of steam.
Plus, there was something not right about the fact I was actually paying for these damn tools and still having to write my own code! Thought I'd just get out as quickly as I could and not go back.
But having seen others in these threads complain, I do now feel kind of bad!
If you used Firefox or Chrome, then you could use 1Password X for Linux systems. But I'm guessing from the (paid) part that you weren't using their sync?
I just did the same over the weekend. Really loving BitWarden, it works and it’s fast. It did take me a bit of time to export out, scrub & format CSV, then import to BitWarden.
I’ve been using 1Password every day for over 11 years now. The oldest passwords I’ve got stored are for Twitter and Dropbox (yes, the passwords have been changed but the records were first created in 2009).
It’s one of those apps which has been made with proper craftsmanship and care, so while I’m not a Linux user, I’d have no problem recommending based solely on Agilebit’s reputation.
I used KeePass, then LastPAss, then tried 1Password about 8 years ago. I haven't even considered changing. I joined when they were still mostly focused on MacOS and iOS, the Windows and Android apps were secondary. Since then they really shifted to a totally cross platform experience, and I'm incredibly happy with the app. I'm glad they're branching out to Linux.
Also a longtime user. Did you kick over to their subscription model or have you stuck with the old installs attached to the grandfathered permanent license?
I'm still using the permanent license...and syncing over iCloud, while using the latest versions of the 1Password app, on macOS & iOS.
As soon as this stops working and i'm forced to get a subscription i'm moving to another password manager though. So hopefully one time purchases will remain possible.
€36 a year, so for a period of 5 years that makes €180. For me and my partner that would be €360 for 5 years! For a password manager...
I also considered using KeepassXC and Strongbox on iOS, which is completely free (sync the database via iCloud.)
KeepassXC's browser extensions are pretty bad though, hopefully that will change sometime soon.
If you want to keep costs low, Bitwarden is currently your best option i think.
They’ve got a family-oriented subscription which is cheaper. Used it since it launched and it’s been transformative for both sharing credentials with my family and getting them into the habit of unique credentials on every site, and TOTP where possible as well.
I can’t recommend 1Password enough and I’ve been a customer for a very long time, predating the move to subscription pricing and cloud services.
It’s worlds improved over synchronizing with Dropbox. There’s definitely security tradeoffs but if it isn’t easy you’d lose a substantial number of people back to duplicating the same password across 370 sites.
> If Apple offered a more fully featured keychain I might just stay in their ecosystem.
Given Apple's track record, if you care about your passwords being portable, it's unlikely that you'll be able to use their keychain on Windows/Linux/Android even if they develop it further.
Why a whole GTK or Mono app just to store passwords?
Once you’ve decided that you want to make a GUI for something you’ve already made the choice to increase the weight considerably. Electron is still the best cross platform toolkit when you need browser support too.
More likely it is the overhead of multiplatform support that motivates them to use Electron. Their support matrix is pretty big now: iOS, Android, Web, Mac, Windows, browser extensions, Chrome OS, and Linux
"Engines" like common logic written in languages like C and C++, using in-house toolkits where RenderButton() or ShowDialog() would do the right thing on each platform.
Apparently a forgotten art.
As for VMs, I am all for stuff like React Native, not for packing Chrome with each application.
Not only it shows laziness where Web == ChromeOS, bloats the applications and is yet another way for turning everyone into Chrome developers, bye bye Web.
I understand the sentiment. But I think the best approach is a bespoke app for each platform in the own native toolkit.
I have rarely enjoyed using a Gtk or Qt app on macOS because they feel alien.
On windows for example there seems to be no rhyme or reason for widgets, mainly due to historical reasons.
Games don’t need to be consistent because they take up the whole screen and are immersive. Some very specific programs such as the Godot editor are a good example of a similar usage.
> Yes, it is very obvious from the screenshot that it’s built on top of Electron [1].
I love this. It was my first reaction when I used MS Teams ... shit, it's electron and the I got the horrible user experience as usual. And in MS Teams even the font and its rendering is hardcoded and the devs are refusing to do anything about this! So when I use MS Teams I need to look at blurry text.
EDIT: And they bundle libffmpeg.so too .... let's have a look at what version, though I guess 1password is not a good attack vendor as it'd be hard for the attacker to control input data, right.
OpenGL is included because the UI is hardware accelerated. ffmpeg comes from the toolchain (Electron, specifically). It looks like there is an open issue with Electron for that: https://github.com/electron/electron/issues/21967
Why shouldn't it be Electron? Should it be GTK? Why not QT?
Linux doesn't have a standard desktop environment or widget toolkit. Electron doesn't seem like a worse choice than the other options, and it's easy to find engineers who know how to work with it.
1Password doesn't just store passwords. It has a bunch of other features. It's a fairly complex app at this point. It also has fairly similar user experiences in Windows, macOS, Linux, iOS, and Android, and that's pretty hard to pull off. If Electron helps them accomplish that, that's fine.
Because Electron bundles (light) chrome and nodejs and all deps breaking desktop integration and security (the developers are now responsible for checking vulnerabilities in all bundled libraries and they are not doing it).
Those are pretty good reasons not to use electron.
Because every Electron app is inconsistent with the rest of the desktop. I use a dark theme system-wide but Electron won't care [edit: 1Password has custom integration for GTK theme]. Honestly, this isn't something the developer of the app have to put years of research in (Slack for example). The toolkit is supposed to do the integration (GTK, Qt, [Cocoa?]) and clearly Electron doesn't care.
> Why not QT?
You tell me (assuming you're talking about Qt, not QuickTime)
> Electron doesn't seem like a worse choice than the other options
Not really. Its just that its lazier/cheaper to just get your web development team pretend to write a desktop app. I get it, business decisions need to factor cost into account and hence the choice. I understand when a business says "we just don't have the funds to use a proper app framework, please do with what we have for now". But instead everyone goes to pretend like Electron apps are perfect even though the reason it was chosen was almost completely based on cost.
There are also advantages for the user. For example, new features arrive for all platforms at the same time; there is no prioritization of platforms or such. Same for bugs - apart from issues stemming from Electron itself, they're likely to appear on all platforms and therefore likelier to get fixed.
In essence, the old "only X% of our users use platform Y, it's not worth it to make this feature/fix this bug for them" does not exist anymore with something like Electron, and while this is ultimately also a cost consideration, it does come with benefits for me as a user, especially if I'm on a minority platform.
None of this is even relevant in this case, since they use (I hope) Cocoa/UIKit/whatever it's called on macOS, so there's anyways not _one_ framework used everywhere.
> It’s one of those apps which has been made with proper craftsmanship and care
Is it? I've been using it for sometime as well but it seems like there is a lot of room for improvement. E.g:
- Support for unlocking via Watch ID on the Mac.
- Currently on iOS when searching for a password within an app, if a site prefix is included that doesn't match what's in 1Password the list will just show no results, with no way to navigate manually to the login. Instead, you have to close the app, open 1Password, and copy/paste the credentials back in. Typically the master password will have to be re-entered as well, despite touch ID being adequate a moment prior. Since it's rare to sign up via the web now for mobile apps, this is the most common scenario for me when using 1Password for apps on my phone (and occasionally websites as well).
- Improved UI/UX on mobile. Dashlane is way better in this regard. 1Password overemphasizes features I don't need like tags and favorites and has a pretty cluttered look in general.
I like the native Mac app and open/local vault format. (Dashlane by contrast has a very buggy desktop app and requires storing everything on their servers.) But I would jump at the chance to use an alternative with a simpler UI and better experience on mobile.
We use Dashlane at work, and every day I want to switch to 1Password, which I use in my home life. Dashlane has weird permissions glitches, a really buggy and very non-intuitive desktop app, really terrible web browser extensions that makes me tear out my hair in frustration, and even the mobile app doesn’t feel like it has the features I want, like the ability to add more than one password field (useful for accounts that have PIN codes and such). Even performance-wise, Dashlane’s mobile app feels really sluggish doing things like adding 2FA via QR code’s, which 1Password seems to do instantly.
Agreed on all those points, especially the desktop app which was ultimately the breaking point for me. The only thing better about Dashlane right now is the UI on the iOS app IMO.
Just to clarify: the feature is currently in beta.
> Unlock 1Password using your Apple Watch on Macs with a Secure Enclave.
From the 1Password for Mac 7.7.BETA-0 release notes.
- Ben, 1Password
A login can have multiple URLs. For sites which don’t automatically load the right entry, you can add another URL to give 1pw a hint.
This won’t solve all your problems. It won’t even solve the problem you describe the first time you encounter it. Nor will it solve it for apps that fail to provide an INTENT URL. But hopefully it will make things a little easier.
That would improve the completion, but ideally 1Password should allow me to select the login myself within the app modal (by navigating to "all logins" with the filter deactivated), and then add the intent URL for me.
It's made with proper craftsmanship and care on the Mac (which is primarily where I've been using it for years).
The Windows client is much better after the last major release, but it's never been as slick as the Mac version (the biggest wart now is the system tray/browser extension popup).
1Password X looks nice until you try and use it, and all the company reps on the forums are very argumentative about any feature request (look for the pushback they give about resizing their super-cramped browser extension popup—and the issues with hires screens stemming from how they built it, which assumes a fixed size).
I've also got a chip on my shoulder about the "feature" they added that showed the most recently used websites in the iOS app with no way to disable it (they finally allowed setting the number to zero months later). The reps on their forums all come off with this attitude of "this is the best way, and you're wrong if you don't like it" for just about every issue that comes up.
I like the app and will continue to use it, but if my main platform wasn't macOS/iOS I would have bailed long ago.
They were also pretty dismissive of Linux for a long time, so it's kind of funny to hear it as one of their biggest requests. 1Password X narrowly prevented me from switching for a while, but I've come to see alternatives as generally better options. Yeah, they're not as flashy, but I think Bitwarden and Keepass XC do a great job.
Keepass XC may even be doing a better job at security. At least in some dimensions.
That’s where Agilebits has me; the UI on Mac and iOS is so much better than the alternatives. I do keep looking, Keepass XC looks really good since the last time I checked around.
KeepassXC is quite good if you mainly use it on your computer. I've been using Keepass(XC) for about 10 years, it's secure and reliable. But I'm looking to switch to 1password or Bitwarden as I'm increasingly using portable devices (phone, tablet…).
Seconded, Keepass2Android is great and has very good integration on Android. You can use the autofill feature to, well, autofill the credentials fields in any app.
Has merge functionality if you've edited the password file both on mobile and computer.
It even has an offline variant that keeps everything local. I'm using that with NextCloud.
FWIW cache side channel attacks are primarily a threat on (shared) cloud platforms, but not as much [1] on personal devices. Considering that 1password runs in its own process and that most personal devices should have Meltdown mitigations in place, it would be prohibitively difficult to successfully launch a cache side channel attack to extract the password from outside of your device, especially at scale. Attackers would attempt to find other software vulnerabilities instead.
I think it would indeed be nice if 1password scrubbed sensitive data from memory, but not a complete deal breaker if it didn't. I do wonder if this could be more of a problem on 1passwordX, though.
> all the company reps on the forums are very argumentative about any feature request
I've observed this as well and it's frustrating. Usability took a dive when the list view for entries was removed (in favor of the rich icon, column-based layout), having to manually check identically named entries to find one with the right username, but their support staff was seriously adamant about the feature not being worth the development effort because of how few people had used it. It got me looking for alternatives but I haven't switched away yet.
I apologize that we've come across that way. I'm one of the primary contributors on our forum and so I do appreciate the perspective here. The position I try to take, not being a developer or project manager myself, is that I have no power to make feature requests happen other than suggesting them to the team. As such I try to help people best use what is currently available while also passing suggestions along.
As a company we tend to keep future plans pretty close to the chest. There are sometimes things that we know we aren't going to do, and whenever possible I try to be up front about that rather than beating around the bush or giving false hope. List view is one example of this. The intention isn't to be argumentative, but rather to set expectations based on current plans.
I am a 1password user, and have bene for about the same amount of time, but I've been slowly looking for an alternative.
Unless I'm mistaken, 1Password no longer ephemerally decrypts passwords as needed and only while used and then scrubs the memory. [1, old but still] The excuse, if I remember it, was that garbage collected languages made this challenging. Even so, there is some irony in them moving away from the temporary, one-at-a-time, scrubbed approach just before all of the side channel attacks that allowed leaking memory across processes became widespread.
Thank you! This is correct. We understand there are concerns about Electron (some legitimate and some religious), and we've built this app with those concerns in mind. The backend is Rust, with the arguably most critical components (encryption) being open source libraries (ring). - Ben, 1Password
Why the hate for electron? I know that there are a bunch of shitty electron apps out there, but there are also great, fast and leightweight examples. Visual Studio Code is easily one of the best desktop apps I've used (on Windows) and Discord is also built on electron and works very well.
Electron isn't necessarily bad, its primarly a matter of how good your implementation is.
Yup. Password management is one of those things where I want to pick the best possible solution, over the 80% good for 20% of the cost. The risks of losing credentials are real, and terrible. Making shit easy for non-technical people is a real-world risk reduction. Making shit easy for technical people is also a real-world risk reduction, and letting me put 1P into automated workflows is great. If there's minor encroachment on territory currently held by Hashicorp Vault, then "Go 1P!" - I love competition between two genuinely good products.
I just checked my vault out of curiosity, and my first entry from 2009 is the credit card I used to purchase a 1Password licence shortly after!
It’s robust software that does was it says on the box. I was initially reluctant to move out of my local vault but the online service has been impeccable.
I use 1PW professionally, with our whole company having shared vaults for different departments and security levels, as well as at home, so my wife and I can share some credentials. Absolutely love it. I’m spending more and more time working from Ubuntu so I’m very happy to see this, it should make things just a bit easier.
Seriously, this is great to see. I've been using LastPass for a while but have been unhappy with it. If 1Password is taking Linux support seriously, I'll definitely switch.
I assure you, we are taking Linux support seriously. When I joined the team, we had almost no one using Linux in house. This has changed in a big way and is only part of why we are now investing in making the best darn app we can for Linux.
I switched to "pass" from 1p and it is a breeze because it just works without all the bullshit and I don't have to place any trust on a company saying they do things right (they will never tell otherwise).
And 1password never cared about Linux. I had to custom-script data export, they pretty much held data hostage by making it difficult to migrate from the platform, not to speak of the undocumented data formats. But at least we did not have to install some closed source propietary thing to do something as critical as password management (browser sandboxing seems slightly better). If they cared they would open up their client‘s code for everyone to peek.
They already participate, quite openly, in security audits[0], and while yes, I'd love it if it was OSS too, but the reality of making money on these services is that (especially I believe at the time 1Password was founded), is it wouldn't have likely done them any good, really. In fact it could hurt their business. I believe 1Password was one of (but not the only!) pioneers of this being a successful consumer business.
Notably, I don't think its worth detracting from a fantastic product based solely on the license of its underlying software. I'm also not aware of any 1Password data breaches.
As far as exporting goes, you can simply generate a CSV file (or plain txt)[1] as well. Not sure what the issue there was, I'd be curious to know.
While I like OSS too, and prefer it when able, I think its a stretch to say they're holding their users hostage if they want to migrate away, not to mention being OSS isn't really a predicate as to whether the software & user experience is actually any good.
disclaimer: I don't work for 1Password, but I've used it for over a decade.
>How can one be sure that the passwords are even encrypted, without having seen the program?
We have seen the program. We can have as many binary copies of it as we’d like.
> Audits don’t mean much for various reasons, including the conflict of interest.
[citation needed]
> Agencies such as NSA don’t have to say loudly that they have agreements with such and such companies through PRISM-like programs.
The product uses end to end encryption. The database is encrypted locally before being uploaded. They would have to be using bad encryption or stealing your password to get at it. It is understood how 1P works, they have written about it extensively.
But that's the point the OP is making, you have to trust what 1password is telling you. And they do have a very clear business interest in telling you that it uses best security practices even if they don't.
I'm doubtful that you are able to look at the binaries and extract the inner workings from that.
>But that's the point the OP is making, you have to trust what 1password is telling you.
Yeah, I have to trust a lot of software authors not to be actively malicious, because I don't have the time to audit literally everything I rely on. I have more reason to trust the authors of 1Password than those of almost any other package I use.
>And they do have a very clear business interest in telling you that it uses best security practices even if they don't.
It's been audited several times, and the authors are well known, respected, and vocal in the infosec community. And you think they have more of a business interest in hiring security professionals and lying about their practices than they do actually building a product that safeguards their users' data as they say it does? A backdoor in a product like that would be the end of their business, professional reputation, and career.
>I'm doubtful that you are able to look at the binaries and extract the inner workings from that.
Me personally? No, but there are absolutely people with that skillset, this sort of thing is perfectly doable. As far as "is this sending all my stuff to China in plaintext" goes, it's not even that hard to evaluate. You could do that without any reverse engineering at all.
Can't say I'd ever personally use 1Password over something open source like Bitwarden, however the intriguing thing about this post is that they're using Rust for their Linux client backend. If only this was open source; we could peek under the covers and see what technology they're using.
KeepassXC is the perfect solution in my opinion. It is open source, has a huge number of features (that don't get in the way of basic usage), and has mobile apps and desktop apps that work well on all platforms. Right now I am using it on Windows, Mac, AND Linux, as well as my Android phone. I have it syncing over Dropbox, but you can sync it however you like. The Android app automatically fetches the latest version, and supports auto-complete etc. I see no reason to pay for a password manager or use something that isn't open source.
I'm the same way. The most important parts of the KeePass ecosystem to me are:
1. It runs on every platform I currently use, as well as any platform I might care to use, whether or not that platform is sufficiently "popular" for a company to justify caring about it.
2. It isn't dependent on the continued healthy existence of a company to remain usable, as I could simply self-maintain in a worst case scenario.
These are very important things about a password manager to me, personally, which is why any of these more polished/popular options would be an extremely tough sell.
Yep, there is no way I am trusting a company with maintaining access to passwords on all my accounts and my clients accounts. Keep Pass uses a well documented XML file format that, if needed, I can manually decrypt and access if for some reason, every copy of KeePass is deleted.
Doing the same using Syncthing for syncing. For basic password management across devices without having to go to "cloud", I don't see a better alternative. The new polished UI for KeepassXC on Linux is a bonus.
Unsubscribed from LastPass and subscribed to a Family plan here. Hoping for updates to bring all the rest of the features. <3
EDIT: Took the opportunity to eval a couple of others. BitWarden stood out because it's open-source and cheaper for the family plan (the difference between 1Password individual and BitWarden family is not a big difference).
My thoughts:
* 1Password had a really cool app and very good import from LastPass
* Bitwarden's app is pretty good but the import breaks on Secure Notes that are a bit longer
Ultimately went with Bitwarden because it's cheap and I was able to migrate my big notes in approx 10 minutes manually.
1Password is pretty stable, I have not had any problems with applications freezing.
I was going to switch to LastPass since I have two younger children that I'd like to use a password manager, but LastPass has the same 17+ restriction so I'm looking for other options. But if you don't have the same issue, 1Password is a solid choice.
351 comments
[ 2.6 ms ] story [ 308 ms ] threadThat sounds interesting. Can you list the major technical reasons behind this decision? Also interesting will be if you could explain how Rust addressed those pain points (I have read about the general advantages that Rust has over C++, but interested in hearing how it plays out in the wild).
I can't imagine paying for an application when a better one is available for free.
I see this as quite reasonable thinking for somebody who never had too much money.
Of course it might be that in this case the much more obvious is the case: throwing your most important data into a cloud on a close source system is kinda..."optimistic".
What happened, if not too sensitive to share, of course.
Sure you can use lots of other password managers, but if we are not talking about solo use case - it's practically impossible to beat 1Pass. You can set up your team and family in minutes, with granular controls. And people will understand how to use it in a few minutes.
With most other solutions you will have to spend hours here or there. Is that time worth a few bucks? For me I would gladly pay x2 so it just works and no one has to bother me with questions.
The only missing piece for me is a native Linux app since I use Ubuntu for all my development environments. The web browser extension works, but it's a noticeable difference moving between it and the windows desktop app. I'm super excited to give this a try.
This was the precise reason I switched to BitWarden 6 months ago, needed a solution where my passwords didn't leave my network.
You're right, 1Password for Linux integrates tightly with the 1password.com service and as such does not support local vaults.
There’s no way I’m moving to a 1Password account, but I might just switch away entirely the next time I need to pay for an update or whatever, given the apparent lack of interest in serving my needs despite the amount of money I’ve paid for updates, etc. to date and the fact that it’s clearly technically possible.
Why?
2. I don’t want to store my data on their servers. I have ways of securely syncing data that I trust and that use only devices I control. For reasons of trust, security, etc. I want control of where my vaults are stored and it not to be the same company as the one that provides the software (for some machines/vaults I can also prevent 1Password from accessing the internet at all, to ensure the vault can’t leave a secure network, for instance).
3. If everything I store in synced folders was a separately charged service I’d be paying thousands a month. This trend is unsustainable and unwanted. I see absolutely no incremental value in the hosting service so I don’t want to pay for it.
3. The whole sleazy business model that pushes users towards subscriptions and makes it harder and harder to stay on self hosted vaults and uses things like this, described by them as the most requested feature, as leverage to try and force more users to switch. When the subscription model was introduced there were assurances to concerned customers that we were valued and this self hosted sync method would be supported. I am fine not getting features that are and should be deeply integrated with and require their hosting service (I also have no interest in ever having access to my vault via a web browser, which has the potential for horrible enough security properties that I’m glad it’s not an option (and I don’t have the time or inclination to have a feature which I don’t require anyway audited)). But when an entire desktop client is put in that bucket, it is because someone decided to make it so to try and get us to fall in line, not because it needs to be. Not the action of a company that respects any the users who still want to self host like they say they did.
At this point, with what appears to be a company that’s hostile to my use case, it’s getting difficult to justify spending more money at the next upgrade just to avoid the one time pain of evaluating options and switching to something that’s potentially better for my needs (if it, say, has a full Linux client I can use). If I move I’ll also likely plan to switch over the teams I manage that do use the subscription model. Subscription software makes far more sense in a corporate setting, and if the 1Password account fits the threat model then great, I use it, but if I am no longer using or evaluating 1Password (especially when the reason is partly trust in the company itself), that gets trickier, as does continuing to recommend it to others.
I really don't want to store my passwords on your "servers", and I'm sure there are few others like me - not a majority. In our case BitWarden's idea of paying for a subcription (happy to do it), and hosting BitWarden in my own network - pretty close to local vaults in terms of analogy.
I still like the UX of 1Password, if you ever allow local vaults and still charge subscription, I'll sign up on day 1 - I just don't want anything to do with my entire vault being hosted elsewhere, potentially irrational but when it comes to things we store in 1Password and the like - CC #, Passport number, decryption keys, licence codes, launch codes (jk) - I feel OK with my irrational paranoia.
Thanks again for making 1Password!
Businesswise, it makes sense as a first push: get a solid UX working for existing 1pass users who sync via the cloud better access on Linux. Then move on to the less glamarous parts like local vaults.
> I just don't want anything to do with my entire vault being hosted elsewhere, potentially irrational...
There is no logical mechanism that can tell you the correct amount of risk to take on, and yet you can't take actions without accepting some degree of risk. You can't justify your tolerance of risk, so it can't be rational, and yet you have to take an action, therefore you can't be fairly accused of being irrational. It's thus neither; I call it "arational" behavior.
You might think, hold on, there's a logical way: I'll look at what happens to a group of people pursuing different risk strategies, then model the expected risk vs return, and thus I can determine the optimal level of risk.
But I'd argue it's fallacious to apply that general claim to the individual. For one, you invariably have a set of outliers who were overly risky and beat the odds, were they all wrong? If not, what's the cutoff point, and why? (And likewise, a set of outliers who were unlucky despite being overly conservative, were they also wrong?)
Another reason is, as they say in finance, "past performance is no guarantee of future results." Any model you come up with to justify a risk strategy can and will be invalidated as history unfolds.
I used to be a happy 1Password customer until they decided that they did not want people like me as customers. I trust the code, I don’t trust them to store my data, encrypted or not.
Their entire business model is really sleazy and they've gone out of their way to alienate people who don't want to pay for a subscription and hosting service for something as simple and secure as locally encrypting passwords. I was a loyal customer for a long time but after a few years of them jerking non-subscribers around, I got tired of it and tell any friends and family to stay away from it.
Every company that has moved to a subscription and cloud-based product has essentially traded a one time $30-50 license to getting that (or more) every year, and the product is usually inferior from my experience.
Two mild counterpoints:
(1) While "from my experience" is always definitionally anecdotal, most applications that I'm aware of that have moved to (or started with) a subscription-based model have released new features on a rolling schedule that's at least as fast, if not faster, than the "one-time license" model. On the Mac/iOS, there's Ulysses, Fantastical, and Drafts off the top of my head; cross-platform, the JetBrains IDEs all come to mind. (They're not precisely the same model due to their "perpetual fallback license" approach, but they're definitely trying to drive you to subscribe.) And, for all the mostly-deserved hate Adobe gets, their release cycle appears to have picked up speed since they moved to a subscription model.
(2) The one-time license model works great for applications that don't need any updates in the future beyond perhaps bug fixes. If you want ongoing support and new features, where does the money to support that come from? In years past it would have come from upgrade pricing, but programs went years between new releases and there was nothing that compelled users to upgrade if the old program was still working on their hardware. I get that as a user that's great, but for developers, it's, well, rocky. It was livable a decade ago because those big application programs were way more expensive. At today's prices, where $39 seems kinda steep, that may not be a workable business model.
As for 1Password specifically, I run it on a work laptop, a personal laptop, an iPad Pro, an iPad Mini and an iMac, and keeping the various "local vaults" in sync was always a bit of a pain in the ass -- and of course there was no way to access that vault over the web on a different machine if I really, truly needed to. And I know more than a few people using 1Password for Families. I don't think it's a "really sleazy" business model at all. It may be a business model that you don't like, but that's not the same thing.
Dropping local vaults in an iOS patch was kind of sleazy. So is downplaying the ways the new security model is worse.
Hosting only an executable I download and execute means the adversarial extraction of data must be contained within the executable and bypass all security from within my system. There is a window of opportunity for sending out a signal indicating the executable can not be trusted.
I do trust the team of 1Password to be competent and not evil, but there are many things that can go wrong anyway.
I remain disappointed that there is no way to set up nor configure a 1Password.com account without the web client.
Very much this. I don't benefit in any way from having a copy of my sensitive data in their cloud, so as a very basic security principle, I don't want them to have it.
And that's just for my personal use. If they drop support for local vaults, I have to stop using it for work, too, because my employer prohibits password managers that store passwords in the cloud. My understanding is that these policies are specifically designed to keep us in compliance for government contracts, so I don't think they're changing.
(emphasis mine)
Security is about having layers. I can't begrudge someone wanting to add layers to their security.
And I would bet that a team who's job for many years is to ensure the safety of your data will do a better job at it than 99.9% of users that host it themselves.
I’m happy with this arrangement - it’d be a shame if the Linux client never gets this functionality.
Forgive my bluntness, but to me this looks like you're just testing forced adoption of 1password.com hosted SaaS on a platform you don't really care about before rolling out the same to Mac & Windows. Which would be unfortunate.
For the same reason that they won't bring local vaults to Linux, I don't think they'll ever kill local vaults for macOS or Windows. There are customers who paid for that product, and expect it to still work. (And, unlike e.g. an old version of Photoshop, it's implicit in the USP of a "password manager" product that it'll continue to get updated so that it works on new OSes and so forth, so that you can still have access to your passwords. You can't just stop supporting it; that'd break the whole value-prop of the product, retroactively, and so break the trust of future customers in any "password manager" products you have today.)
I have been a happy 1Password customer for years, but I am in the market for a change now. I really wish 1Password had an iOS client that didn't require 17+ permissions.
It seems that this is signalling your commitment to stop supporting users like me, and that's very disappointing.
So you are a subscriber in reality, it's just your payments a slightly lumpy.
Buying a license implies you own it and are entitled to use it indefinitely. You might not get any updates but you also aren’t losing access to what you already paid for. Very, very big difference.
I don't believe it would be an overwhelming amount of work to implement the write portion (err, aside from getting a security review) but I do seriously doubt that KeePassXC would accept the PR to change the backing store, meaning it would have to be a fork :-(
Is this using webview? On Mac I believe the app is completely native, so does this mean 1Password will be switching over to using webviews across platforms?
One thing still missing I really hope to see though is the local application (on all platforms) supporting hardware tokens for unlock (with a backup master option). That'd be a nice extra security+convenience option which would work across platforms.
However, for something as high-value as a password manager, I think having a subscription model makes a lot of sense. I can't think of any other class of product where timely updates from the developers are so critical to the utility of the product. You could even argue that an unpatched, out of date password manager is worse than no password manager.
>I can't think of any other class of product where timely updates from the developers are so critical to the utility of the product.
I can think of a ton actually, although I guess it depends on what you consider important functionality there. Now, there is ongoing maintenance needed for things like keeping up with browser integration, but I'm not sure exactly what security updates should ever be needed unless they really fucked something basic up. The only things that need constant attention are their own cloud service, but that's a function of it being their own cloud service vs someone running their own server or syncing via Dropbox.
>You could even argue that an unpatched, out of date password manager is worse than no password manager.
I don't think you could frankly. Like, what's the threat model here when we're talking data that lives on our own systems and is E2EE? Fundamentally, password managers do not defend against the trusted end point being pwned, for that you need an HSM of some sort (or at least some weaker but still somewhat functional kinda of 2FA). All data from the end system should be fully encrypted before leaving, and since the system is trusted by definition timing attacks shouldn't be a concern (or at least are trivial here to negate entirely), so the security should depend purely upon the PM's ability to perform basic at rest crypto, use a decent key stretching as needed, etc. Which is frankly a solved problem with well vetted free libraries, that's not the hard part of security.
Honestly, 1Password and the like aren't that different from the macOS Keychain Access I'd been using for many many years before hand. They've got better organization and UX flow these days, and browser integration is a genuinely big deal. But I never had any problems with Dropbox sync with pre-1P.com nor do I still have any problems with sync there. In principle, the 1P team could have made all the admittedly alright group stuff and so on available as a standalone server thing people could run along with their own cloud offering of the same, similar to the way Gitlab and many others do. Buy the server/client licenses standalone and run infra yourself, or not, your call. WiFi sync didn't have to be left as primitive as it has been either. Etc. It's a business decision for them to push subs because subs are very profitable. And I recognize yeah, it's a way to make lots more money in a reliable fashion which people like. But I still regret the sub trend and think it's usually a negative overall particularly for people trying to fill situations outside the norm. 1Password's sub thing for example doesn't scale with large families, there is a huge disconnect between a small family and an "organization" in their pricing and general structure which isn't due to cost basis, it's due to their perceived ability to pay.
I'm genuinely optimistic though that things like Webauthn represent real turning points, and we're finally (10-15 years late but better late then never) moving away from the madness of service passwords and managers "have i been pwned" and all the layers that essentially recreate PKI, very badly. As far as security goes, neither I nor anyone else should need to give a single shit or change anything at all if a website is completely utterly hacked, because the only authentication that should be there should be a public cert for me. Damn it, asymmetric credentials was solved forever ago!
Was so frustrated at this it pushed me to move to bitwarden. Good for them for sorting it though.
That'd be pretty great.
Caveat that it doesn't emit a csv you can import elsewhere, it's not extremely polished, hasn't ever been run outside of my laptop, just does a bunch of unnecessarily clever things. Needs the 1password commandline utility `op` set up (ie you have to have told it your secret key already).
It'll create `items/` and `documents/` dirs with one file per, well, item or document, named after the uuid. It tries to make a symlink named after the metadata for each file in the hope that you'll have an ok time tabcompleting your way to the desired secret. There's some attempt to not redownload files that you already have, mostly because I re-ran this thing a million times trying to get it to work.
I wrote this to be able to zip all my secrets, `scrypt` the zip file with a strong password, and put the scrypted file on a usb drive that isn't particularly well hidden, just as another fallback/recovery option in case a meteor hits 1password HQ or my paper backups catch fire.
Plus, there was something not right about the fact I was actually paying for these damn tools and still having to write my own code! Thought I'd just get out as quickly as I could and not go back.
But having seen others in these threads complain, I do now feel kind of bad!
I'm loving bitwarden too. It's slightly not as good as 1p in some ways, but better in more than others. That's my review :)
It’s one of those apps which has been made with proper craftsmanship and care, so while I’m not a Linux user, I’d have no problem recommending based solely on Agilebit’s reputation.
As soon as this stops working and i'm forced to get a subscription i'm moving to another password manager though. So hopefully one time purchases will remain possible.
If Apple offered a more fully featured keychain I might just stay in their ecosystem.
I also considered using KeepassXC and Strongbox on iOS, which is completely free (sync the database via iCloud.) KeepassXC's browser extensions are pretty bad though, hopefully that will change sometime soon.
If you want to keep costs low, Bitwarden is currently your best option i think.
I do think it should cost less, but I also sort of am hoping a solid solution built directly into iOS/macOS will appear in the next few years.
It is a much harder sell to a family member that has never bothered with a secrets manager before.
They’ve got a family-oriented subscription which is cheaper. Used it since it launched and it’s been transformative for both sharing credentials with my family and getting them into the habit of unique credentials on every site, and TOTP where possible as well.
I can’t recommend 1Password enough and I’ve been a customer for a very long time, predating the move to subscription pricing and cloud services.
It’s worlds improved over synchronizing with Dropbox. There’s definitely security tradeoffs but if it isn’t easy you’d lose a substantial number of people back to duplicating the same password across 370 sites.
There's always 1 person (family organizer) who is in charge of everything, and can reset the other accounts...
Given Apple's track record, if you care about your passwords being portable, it's unlikely that you'll be able to use their keychain on Windows/Linux/Android even if they develop it further.
Once you’ve decided that you want to make a GUI for something you’ve already made the choice to increase the weight considerably. Electron is still the best cross platform toolkit when you need browser support too.
Agree, just though it was too much for something simple as displaying logins/pass but looks like it has lots of features?
How did we ever managed without Electron?!?
Man we were 1337!
Apparently a forgotten art.
As for VMs, I am all for stuff like React Native, not for packing Chrome with each application.
Not only it shows laziness where Web == ChromeOS, bloats the applications and is yet another way for turning everyone into Chrome developers, bye bye Web.
I have rarely enjoyed using a Gtk or Qt app on macOS because they feel alien.
On windows for example there seems to be no rhyme or reason for widgets, mainly due to historical reasons.
Games don’t need to be consistent because they take up the whole screen and are immersive. Some very specific programs such as the Godot editor are a good example of a similar usage.
Which is basically the first line of my comment and how we used to do back in the day, with common logic and those in-house "engines".
Yes, it is very obvious from the screenshot that it’s built on top of Electron [1].
GTK nor Qt have that type of UI elements, they are obviously HTML elements stylized with CSS.
Another hint is in the files contained inside the Debian package used during the Linux installation [2]:
You can use “npx asar extract /opt/1Password/resources/app.asar source” to access the JavaScript files [3].[1] https://i.imgur.com/pGJ4Wvd.png
[2] https://support.1password.com/cs/getting-started-linux/
[3] https://stackoverflow.com/a/38524534
Edit: Thanks for adding the package info.
I love this. It was my first reaction when I used MS Teams ... shit, it's electron and the I got the horrible user experience as usual. And in MS Teams even the font and its rendering is hardcoded and the devs are refusing to do anything about this! So when I use MS Teams I need to look at blurry text.
EDIT: And they bundle libffmpeg.so too .... let's have a look at what version, though I guess 1password is not a good attack vendor as it'd be hard for the attacker to control input data, right.
I want my security critical apps to be as small as possible, not a huge pile of everything and the kitchen sink.
Linux doesn't have a standard desktop environment or widget toolkit. Electron doesn't seem like a worse choice than the other options, and it's easy to find engineers who know how to work with it.
1Password doesn't just store passwords. It has a bunch of other features. It's a fairly complex app at this point. It also has fairly similar user experiences in Windows, macOS, Linux, iOS, and Android, and that's pretty hard to pull off. If Electron helps them accomplish that, that's fine.
Those are pretty good reasons not to use electron.
Because every Electron app is inconsistent with the rest of the desktop. I use a dark theme system-wide but Electron won't care [edit: 1Password has custom integration for GTK theme]. Honestly, this isn't something the developer of the app have to put years of research in (Slack for example). The toolkit is supposed to do the integration (GTK, Qt, [Cocoa?]) and clearly Electron doesn't care.
> Why not QT?
You tell me (assuming you're talking about Qt, not QuickTime)
> Electron doesn't seem like a worse choice than the other options
Not really. Its just that its lazier/cheaper to just get your web development team pretend to write a desktop app. I get it, business decisions need to factor cost into account and hence the choice. I understand when a business says "we just don't have the funds to use a proper app framework, please do with what we have for now". But instead everyone goes to pretend like Electron apps are perfect even though the reason it was chosen was almost completely based on cost.
In essence, the old "only X% of our users use platform Y, it's not worth it to make this feature/fix this bug for them" does not exist anymore with something like Electron, and while this is ultimately also a cost consideration, it does come with benefits for me as a user, especially if I'm on a minority platform.
That (and everything else you said) is true for any cross-platform framework, not just Electron.
PWAs and Web Widgets I can stand behind, Electron is just laziness at the expense of the user.
There are plenty of Gtk and Qt based applications for Linux.
Is it? I've been using it for sometime as well but it seems like there is a lot of room for improvement. E.g:
- Support for unlocking via Watch ID on the Mac.
- Currently on iOS when searching for a password within an app, if a site prefix is included that doesn't match what's in 1Password the list will just show no results, with no way to navigate manually to the login. Instead, you have to close the app, open 1Password, and copy/paste the credentials back in. Typically the master password will have to be re-entered as well, despite touch ID being adequate a moment prior. Since it's rare to sign up via the web now for mobile apps, this is the most common scenario for me when using 1Password for apps on my phone (and occasionally websites as well).
- Improved UI/UX on mobile. Dashlane is way better in this regard. 1Password overemphasizes features I don't need like tags and favorites and has a pretty cluttered look in general.
I like the native Mac app and open/local vault format. (Dashlane by contrast has a very buggy desktop app and requires storing everything on their servers.) But I would jump at the chance to use an alternative with a simpler UI and better experience on mobile.
This won’t solve all your problems. It won’t even solve the problem you describe the first time you encounter it. Nor will it solve it for apps that fail to provide an INTENT URL. But hopefully it will make things a little easier.
The Windows client is much better after the last major release, but it's never been as slick as the Mac version (the biggest wart now is the system tray/browser extension popup).
1Password X looks nice until you try and use it, and all the company reps on the forums are very argumentative about any feature request (look for the pushback they give about resizing their super-cramped browser extension popup—and the issues with hires screens stemming from how they built it, which assumes a fixed size).
I've also got a chip on my shoulder about the "feature" they added that showed the most recently used websites in the iOS app with no way to disable it (they finally allowed setting the number to zero months later). The reps on their forums all come off with this attitude of "this is the best way, and you're wrong if you don't like it" for just about every issue that comes up.
I like the app and will continue to use it, but if my main platform wasn't macOS/iOS I would have bailed long ago.
Keepass XC may even be doing a better job at security. At least in some dimensions.
https://keepassxc.org/blog/2019-02-21-memory-security/
Has merge functionality if you've edited the password file both on mobile and computer.
It even has an offline variant that keeps everything local. I'm using that with NextCloud.
I think it would indeed be nice if 1password scrubbed sensitive data from memory, but not a complete deal breaker if it didn't. I do wonder if this could be more of a problem on 1passwordX, though.
[1]: not zero, but still
I've observed this as well and it's frustrating. Usability took a dive when the list view for entries was removed (in favor of the rich icon, column-based layout), having to manually check identically named entries to find one with the right username, but their support staff was seriously adamant about the feature not being worth the development effort because of how few people had used it. It got me looking for alternatives but I haven't switched away yet.
As a company we tend to keep future plans pretty close to the chest. There are sometimes things that we know we aren't going to do, and whenever possible I try to be up front about that rather than beating around the bush or giving false hope. List view is one example of this. The intention isn't to be argumentative, but rather to set expectations based on current plans.
- Ben, 1Password
Unless I'm mistaken, 1Password no longer ephemerally decrypts passwords as needed and only while used and then scrubs the memory. [1, old but still] The excuse, if I remember it, was that garbage collected languages made this challenging. Even so, there is some irony in them moving away from the temporary, one-at-a-time, scrubbed approach just before all of the side channel attacks that allowed leaking memory across processes became widespread.
[1] https://nakedsecurity.sophos.com/2019/02/21/password-manager...
This is one of the main reasons why the core of 1password was rewritten in Rust: https://support.1password.com/kb/201902a/
Electron isn't necessarily bad, its primarly a matter of how good your implementation is.
2. It encourages developers to ignore platform-specific design idioms and features.
I only use VSCode for workflows I am obliged to.
Microsoft's React Native team has benchmarks where Electron causes 300x performance drop versus React Native.
Speaking of it,
"Xbox app for PC gets speed boost, ditching Electron for React Native UWP"
https://www.windowscentral.com/xbox-app-pc-gets-speed-boost-...
I dream of the day that VSCode gets rebooted into React Native.
Because it's terrible. It's slow and ponderous. I have yet to use something built on it that wasn't awful, and that INCLUDES VSCode.
I'm also actively looking to move away from 1P period because I don't want or need a subscription for every little app.
It’s robust software that does was it says on the box. I was initially reluctant to move out of my local vault but the online service has been impeccable.
And 1password never cared about Linux. I had to custom-script data export, they pretty much held data hostage by making it difficult to migrate from the platform, not to speak of the undocumented data formats. But at least we did not have to install some closed source propietary thing to do something as critical as password management (browser sandboxing seems slightly better). If they cared they would open up their client‘s code for everyone to peek.
They already participate, quite openly, in security audits[0], and while yes, I'd love it if it was OSS too, but the reality of making money on these services is that (especially I believe at the time 1Password was founded), is it wouldn't have likely done them any good, really. In fact it could hurt their business. I believe 1Password was one of (but not the only!) pioneers of this being a successful consumer business.
Notably, I don't think its worth detracting from a fantastic product based solely on the license of its underlying software. I'm also not aware of any 1Password data breaches.
As far as exporting goes, you can simply generate a CSV file (or plain txt)[1] as well. Not sure what the issue there was, I'd be curious to know.
While I like OSS too, and prefer it when able, I think its a stretch to say they're holding their users hostage if they want to migrate away, not to mention being OSS isn't really a predicate as to whether the software & user experience is actually any good.
disclaimer: I don't work for 1Password, but I've used it for over a decade.
[0]https://support.1password.com/security-assessments/
[1]https://support.1password.com/export/
Audits don’t mean much for various reasons, including the conflict of interest.
Agencies such as NSA don’t have to say loudly that they have agreements with such and such companies through PRISM-like programs.
We have seen the program. We can have as many binary copies of it as we’d like.
> Audits don’t mean much for various reasons, including the conflict of interest.
[citation needed]
> Agencies such as NSA don’t have to say loudly that they have agreements with such and such companies through PRISM-like programs.
The product uses end to end encryption. The database is encrypted locally before being uploaded. They would have to be using bad encryption or stealing your password to get at it. It is understood how 1P works, they have written about it extensively.
I'm doubtful that you are able to look at the binaries and extract the inner workings from that.
Yeah, I have to trust a lot of software authors not to be actively malicious, because I don't have the time to audit literally everything I rely on. I have more reason to trust the authors of 1Password than those of almost any other package I use.
>And they do have a very clear business interest in telling you that it uses best security practices even if they don't.
It's been audited several times, and the authors are well known, respected, and vocal in the infosec community. And you think they have more of a business interest in hiring security professionals and lying about their practices than they do actually building a product that safeguards their users' data as they say it does? A backdoor in a product like that would be the end of their business, professional reputation, and career.
>I'm doubtful that you are able to look at the binaries and extract the inner workings from that.
Me personally? No, but there are absolutely people with that skillset, this sort of thing is perfectly doable. As far as "is this sending all my stuff to China in plaintext" goes, it's not even that hard to evaluate. You could do that without any reverse engineering at all.
There is (was?) no way to do that on Linux.
1. It runs on every platform I currently use, as well as any platform I might care to use, whether or not that platform is sufficiently "popular" for a company to justify caring about it.
2. It isn't dependent on the continued healthy existence of a company to remain usable, as I could simply self-maintain in a worst case scenario.
These are very important things about a password manager to me, personally, which is why any of these more polished/popular options would be an extremely tough sell.
Unsubscribed from LastPass and subscribed to a Family plan here. Hoping for updates to bring all the rest of the features. <3
EDIT: Took the opportunity to eval a couple of others. BitWarden stood out because it's open-source and cheaper for the family plan (the difference between 1Password individual and BitWarden family is not a big difference).
My thoughts:
* 1Password had a really cool app and very good import from LastPass
* Bitwarden's app is pretty good but the import breaks on Secure Notes that are a bit longer
Ultimately went with Bitwarden because it's cheap and I was able to migrate my big notes in approx 10 minutes manually.
For one, LastPass _always_ freezes Chrome on me a few times a day.
I was going to switch to LastPass since I have two younger children that I'd like to use a password manager, but LastPass has the same 17+ restriction so I'm looking for other options. But if you don't have the same issue, 1Password is a solid choice.
https://1password.com/families/